Page MenuHomePhabricator

Reject non-executable files with execute bits with a build check
Closed, ResolvedPublic

Description

Sometimes files with bad chmod are committed to gerrit, see example at https://gerrit.wikimedia.org/r/#/c/360864/1.

Would be nice to have a way to check for these files and report it on build like phpcs or linter does.

I am not sure, if such a test would work on windows, but it should not fail.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 22 2017, 4:34 PM

Today @Anomie removed a bunch of executable bits from extensions.

[10:34:08] <anomie> legoktm: find . \( -name .git -o -name node_modules -o -name vendor \) -prune -o -type f -perm /ugo+x -exec sh -c 'for f do head -c5 "$f" | grep -q "^#!" || echo "$f"; done' sh {} +
[10:34:34] <anomie> Then ignore the few binaries, like the lua binaries in Scribunto for LuaStandalone

Legoktm added subscribers: Krinkle, MaxSem, Zppix.

@Legoktm Is this something we could do with codesniffer?

Theoretically yes, but this applies to *all* files, not just PHP ones...

Legoktm claimed this task.Sep 7 2017, 7:25 AM

I started working on a separate tool that will let us do automated checks as part of CI for this. It'll be a composer installed package, so it could be added to each repo's "composer test" command.

Change 376572 had a related patch set uploaded (by Legoktm; owner: Legoktm):
[mediawiki/tools/minus-x@master] Initial commit of tool to identify files that shouldn't be executable

https://gerrit.wikimedia.org/r/376572

Change 376572 merged by jenkins-bot:
[mediawiki/tools/minus-x@master] Initial commit of tool to identify files that shouldn't be executable

https://gerrit.wikimedia.org/r/376572