From 49f731bfeb4f23d10284f7af93aa80cacfdc4332 Mon Sep 17 00:00:00 2001 From: Rashed Kamal Date: Thu, 11 May 2023 16:33:59 -0400 Subject: [PATCH] fix:Set default permission in artifact archive executable files Signed-off-by: Rashed Kamal --- internal/controller/storage.go | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/internal/controller/storage.go b/internal/controller/storage.go index ef1ac7978..ec0dab0d3 100644 --- a/internal/controller/storage.go +++ b/internal/controller/storage.go @@ -48,10 +48,12 @@ import ( const GarbageCountLimit = 1000 const ( - // defaultFileMode is the permission mode applied to all files inside an artifact archive. + // defaultFileMode is the permission mode applied to files inside an artifact archive. defaultFileMode int64 = 0o644 // defaultDirMode is the permission mode applied to all directories inside an artifact archive. defaultDirMode int64 = 0o755 + // defaultExeFileMode is the permission mode applied to executable files inside an artifact archive. + defaultExeFileMode int64 = 0o744 ) // Storage manages artifacts @@ -445,7 +447,15 @@ func (s Storage) Archive(artifact *v1.Artifact, dir string, filter ArchiveFileFi header.ModTime = time.Time{} header.AccessTime = time.Time{} header.ChangeTime = time.Time{} - header.Mode = defaultFileMode + + if fi.Mode().IsRegular() { + if isExecutableFile(relFilePath, header) { + header.Mode = defaultExeFileMode + } else { + header.Mode = defaultFileMode + } + } + if fi.Mode().IsDir() { header.Mode = defaultDirMode } @@ -689,3 +699,16 @@ func (wc *writeCounter) Write(p []byte) (int, error) { wc.written += int64(n) return n, nil } + +// checks if file is executable +func isExecutableFile(path string, header *tar.Header) bool { + if header.FileInfo().IsDir() { + return false + } + mode := header.FileInfo().Mode() + if mode&os.ModeType == 0 && mode&0o111 != 0 { + // Regular files with executable bit set + return true + } + return false +}