Skip to content

Commit c2a4aac

Browse files
committed
Make promoted files read-only
Signed-off-by: Antonin Décimo <antonin@tarides.com>
1 parent 89ac71b commit c2a4aac

9 files changed

Lines changed: 34 additions & 8 deletions

File tree

bin/subst.ml

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -153,7 +153,15 @@ let subst_file path ~map opam_package_files =
153153
| None, Some x -> Some x
154154
| Some x, Some y -> Some (x ^ "\n" ^ y)
155155
in
156-
Option.iter contents ~f:(Io.write_file path)
156+
(match contents with
157+
| None -> ()
158+
| Some contents ->
159+
(try Io.write_file path contents with
160+
| Unix.Unix_error (Unix.EACCES, _, _) ->
161+
let Unix.{ st_perm; _ } = Path.stat_exn path in
162+
Path.chmod path ~mode:(Path.Permissions.add Path.Permissions.write st_perm);
163+
Io.write_file path contents;
164+
Path.chmod path ~mode:st_perm))
157165
;;
158166

159167
(* Extending the Dune_project APIs, but adding capability to modify *)

doc/changes/12519.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
- Make promoted files read-only. (#12519, #12465, @MisterDA)

src/dune_engine/target_promotion.ml

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -82,9 +82,10 @@ let promote_target_if_not_up_to_date
8282
];
8383
if promote_until_clean then To_delete.add dst;
8484
(* The file in the build directory might be read-only if it comes from the
85-
shared cache. However, we want the file in the source tree to be
86-
writable by the user, so we explicitly set the user writable bit. *)
87-
let chmod = Path.Permissions.add Path.Permissions.write in
85+
shared cache. We don't want the file in the source tree to be writable
86+
by the user, since a new promotion will overwrite it, so we explicitly
87+
remove the write permission. *)
88+
let chmod = Path.Permissions.remove Path.Permissions.write in
8889
let+ () = promote_source ~chmod ~delete_dst_if_it_is_a_directory:true ~src ~dst in
8990
true
9091
in

test/blackbox-tests/test-cases/dune-cache/promotion-in-source-tree.t

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,9 +20,9 @@ Reproduction case for #3026
2020
Run Dune a first time to fill the cache, then delete the promoted file and run
2121
Dune again. At the end of the first run, the file [_build/default/file] should
2222
get deduplicated and so become read-only. As a result, on the second run the
23-
promoted file will be copied from a read-only file. However, we still want the
24-
user to be able to edit this file given that it is in the source tree, so Dune
25-
should change the permission of this file.
23+
promoted file will be copied from a read-only file. We don't want the user to be
24+
able to edit this file even if it is in the source tree, as Dune will always
25+
overwrite it, so Dune should ensure the file isn't writable.
2626

2727
We check that Dune does change the permission by echoing something into the file
2828
after the second run.
@@ -40,4 +40,5 @@ after the second run.
4040
$ cat file
4141
Hello, world!
4242

43-
$ echo plop > file
43+
$ dune_cmd stat permissions file
44+
444

test/blackbox-tests/test-cases/ignore-promoted-rules-internal-rules.t

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,9 @@ Reported in #8417
1111
> EOF
1212

1313
$ dune build foo.opam
14+
$ dune_cmd stat permissions foo.opam
15+
444
16+
$ chmod +w foo.opam
1417
$ echo foobar_extra >> foo.opam
1518
$ grep foobar_extra foo.opam
1619
foobar_extra

test/blackbox-tests/test-cases/promote/old-tests.t/run.t

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -125,6 +125,9 @@ Dune restores only1 if it's modified in the source tree
125125

126126
$ cat only1
127127
0
128+
$ dune_cmd stat permissions only1
129+
444
130+
$ chmod +w only1
128131
$ echo 1 > only1
129132
$ dune build only2
130133
$ cat only1

test/blackbox-tests/test-cases/promote/promote-only-when-needed.t

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,9 @@ Dune doesn't promote the file again if it's unchanged.
2222

2323
Dune does promotes the file again if it's changed.
2424

25+
$ dune_cmd stat permissions promoted
26+
444
27+
$ chmod +w promoted
2528
$ echo hi > promoted
2629
$ dune build promoted --verbose 2>&1 | grep "Promoting"
2730
Promoting "_build/default/promoted" to "promoted"

test/blackbox-tests/test-cases/watching/dir-target-promotion.t

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,9 @@ Remove a directory and rebuild.
5050

5151
Modify a file and rebuild.
5252

53+
$ dune_cmd stat permissions d1/b
54+
444
55+
$ chmod +w d1/b
5356
$ echo -n "*" > d1/b
5457
$ cat d1/a d1/b d1/d2/c
5558
+*+

test/blackbox-tests/test-cases/watching/target-promotion.t

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,9 @@ Now try deleting the promoted file.
5050

5151
Now try replacing its content.
5252

53+
$ dune_cmd stat permissions promoted
54+
444
55+
$ chmod +w promoted
5356
$ echo hi > promoted
5457
$ build result
5558
Success

0 commit comments

Comments
 (0)