fix patchShebangs in the presence of readonly scripts#462319
fix patchShebangs in the presence of readonly scripts#462319bmillwood wants to merge 4 commits intoNixOS:stagingfrom
Conversation
bmillwood
changed the title
nixpkgs-ci
bot
added
10.rebuild-linux: 1-10
bmillwood
force-pushed
the
bmillwood/fix-patch-shebangs-chmod-w
branch
from
78288a2 to
38ed43c
Compare
nixpkgs-ci
bot
added
10.rebuild-linux: 501+
bmillwood
force-pushed
the
bmillwood/fix-patch-shebangs-chmod-w
branch
from
93afe11 to
b871d5c
Compare
bmillwood
force-pushed
the
bmillwood/fix-patch-shebangs-chmod-w
branch
from
b871d5c to
92fc366
Compare
bmillwood
changed the title
bmillwood
force-pushed
the
bmillwood/fix-patch-shebangs-chmod-w
branch
from
ba73e35 to
2a65f52
Compare
bmillwood
force-pushed
the
bmillwood/fix-patch-shebangs-chmod-w
branch
3 times, most recently
from
ed192a1 to
d1220da
Compare
bmillwood
force-pushed
the
bmillwood/fix-patch-shebangs-chmod-w
branch
from
d1220da to
4febaeb
Compare
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/prs-ready-for-review/3032/6107 |
pkgs/test/stdenv/patch-shebangs.nix
Outdated
There was a problem hiding this comment.
You can actually prevent the problem of too many rebuilds on each change by using bootstrapTools for the builder, as I did here: https://github.com/NixOS/nixpkgs/pull/411981/files#diff-d762697454f1be50b0e3ba17fe71962baef159923f79b79e2471b0060408fa08
bmillwood
force-pushed
the
bmillwood/fix-patch-shebangs-chmod-w
branch
from
9eef219 to
d61930c
Compare
doronbehar
left a comment
doronbehar
left a comment
There was a problem hiding this comment.
Changes look good to me in general, though I haven't tested or verified the modified test is fixed by the latter commits.
|
Hmm maybe GitHub is fooling me? |
|
It is not. Checked out locally the commits and saw the same issue. |
|
oh, but you are reviewing the individual commits, not just the PR diff? I'm not sure what the convention is here but I've been assuming that only the final state is important (e.g. if someone doesn't like something about my PR, it is sufficient to add a new commit addressing their comment, rather than rewriting old commits to do so) |
Correct.
This is under debate: And I should admit that I'm reviewing according to my own conventions which are a pretty similar to what's suggested there :).
I think that there is value to multiple commits in a PR, because often some commits are justified no matter what are the other commits. However sometimes the latter commits are the main goal of the PR. In this PR, the separation makes sense too because your are fixing multiple issues that are related. I just think that when doing that there's value in minimizing diff noise such as noted above. |
nixpkgs-ci
bot
added
the
2.status: merge conflict
doronbehar
force-pushed
the
bmillwood/fix-patch-shebangs-chmod-w
branch
from
d61930c to
a0d35ac
Compare
|
@bmillwood I fixed the merge conflicts and fixed the comments I had before. |
nixpkgs-ci
bot
removed
the
2.status: merge conflict
doronbehar
force-pushed
the
bmillwood/fix-patch-shebangs-chmod-w
branch
from
a0d35ac to
5a02951
Compare
| if [[ ! -w "$f" ]]; then | ||
| chmod u+w "$f" | ||
| restoreReadOnly=true | ||
| else | ||
| restoreReadOnly=false |
There was a problem hiding this comment.
This style fits the style used for other variables, that are not necessarily declared as local.
There was a problem hiding this comment.
This style fits the style used for other variables, that are not necessarily declared as
local.
@bmillwood what do you think about using explicit true & false strings for restoreReadOnly?
There was a problem hiding this comment.
I chose the fix that involved a smaller diff to the code I was modifying. The thing you propose would work too, but I don't see a strong enough reason to prefer it.
I didn't realise you were even able to push commits to my fork! Anyway, I appreciate you trying to be helpful but:
|
bmillwood
force-pushed
the
bmillwood/fix-patch-shebangs-chmod-w
branch
from
5a02951 to
d61930c
Compare
|
(I pushed back my own changes in the meantime, but possibly once I've seen yours I'll restore them) |
bmillwood
force-pushed
the
bmillwood/fix-patch-shebangs-chmod-w
branch
2 times, most recently
from
a8901c7 to
4cb4aed
Compare
|
I rebased my changes and applied one of your comments. The other one I don't think is an improvement. [edit: and you rightly pointed out you'd proposed a third one that I'd forgotten about; commented on that one as well.] (To be honest, I think the other one was also probably too minor to be spending either of our time on, but I did it anyway to avoid spending any more time on it.) |
Resolves NixOS#462298. chmod -w can report exit status 1 if it removes user write but not group write permissions (as it does if the umask contains group write). Specifically targeting user write avoids this issue and is what we want anyway.
Also the test now uses a single patchShebangs invocation for all the files, since I just found a bug that only arises when processing multiple files.
bmillwood
force-pushed
the
bmillwood/fix-patch-shebangs-chmod-w
branch
from
4cb4aed to
4097204
Compare
`local` means function-local, not loop-local, so `restoreReadOnly` was staying true forever after being set true the first time.
bmillwood
force-pushed
the
bmillwood/fix-patch-shebangs-chmod-w
branch
from
4097204 to
560f431
Compare
| echo "Permissions changed from $original_perms to $new_perms" | ||
| exit 1 | ||
| fi | ||
| modes=(555 575 755 775 777) |
There was a problem hiding this comment.
@bmillwood Reading this again, I was thinking maybe the test should be renamed to preserve-permissions to reflect it doesn't only test read-only scripts?
5 participants
chmod -wwithchmod u-w(and likewise+w) inpatch-shebangs.sh, so that the only permission we touch is the one that we tested (and the one that we need). Restoring the mode just wasn't working correctly before, because-wisn't an inverse of+w(except in special cases). As documented in the issue, this is necessary to fix working on scripts with mode 575 (though who uses those?)restoreReadOnlystale value by resetting it to an empty string on every loop iteration. This was a much more serious problem, leading the hook to break on scripts with mode 777 as long as you'd already seen a readonly script earlier this invocation.patchShebangsthat visits a readonly file before a read-write one. In general the order ofpatchShebangsis the order of the embeddedfindoperation, which is nondeterministic, but I thinkfindprocesses its command line arguments in order, so you could do something likepatchShebangs test-555 test-777and I think that would do it. This would feel very specific to this one bug, though, and unlikely to be useful in future.Testing this comprehensively is made more tricky by the fact that modifying this script forces a rebuild of everything. I worked around this by copying the fixed script to another location and replacing the line in the test that sources the real script with one that sources my fixed script (and cherry-picking all my test changes). The test passes in this setup (and fails on the original script).
Things done
passthru.tests.nixpkgs-reviewon this PR. See nixpkgs-review usage../result/bin/.Add a 👍 reaction to pull requests you find important.