check_whence.py: check the permissions

A handful of in-tree scripts must have the execute bit, as well as all directories. Everything else should not. In the past we had multiple commits adding and removing execute bit(s), so instead we can check before things get in-tree. With all the firmware files updated to drop the bit (as of last commit), we can add some tests to enforce it going forward. Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
2025-02-15 19:07:10 +00:00 · 2024-10-15 18:38:26 +01:00 · 2024-10-15 18:38:26 +01:00 · 8c232721a5
commit 8c232721a5
parent 5ddb886bef
1 changed files with 35 additions and 1 deletions
--- a/check_whence.py
+++ b/check_whence.py
@ -1,6 +1,6 @@
 #!/usr/bin/python3

-import os, re, sys
+import os, re, stat, sys
 from io import open


@ -95,6 +95,17 @@ def main():
    )
    known_prefixes = set(name for name in whence_list if name.endswith("/"))
    git_files = set(list_git())
+    executable_files = set(
+        [
+            "build_packages.py",
+            "carl9170fw/genapi.sh",
+            "carl9170fw/autogen.sh",
+            "check_whence.py",
+            "contrib/process_linux_firmware.py",
+            "copy-firmware.sh",
+            "dedup-firmware.sh",
+        ]
+    )

    for name in set(name for name in whence_files if name.endswith("/")):
        sys.stderr.write("E: %s listed in WHENCE as File, but is directory\n" % name)
@ -161,6 +172,29 @@ def main():
        else:
            sys.stderr.write("E: %s not listed in WHENCE\n" % name)
            ret = 1
+
+    for name in sorted(list(executable_files)):
+        mode = os.stat(name).st_mode
+        if not (mode & stat.S_IXUSR and mode & stat.S_IXGRP and mode & stat.S_IXOTH):
+            sys.stderr.write("E: %s is missing execute bit\n" % name)
+            ret = 1
+
+    for name in sorted(list(git_files - executable_files)):
+        mode = os.stat(name).st_mode
+        if stat.S_ISDIR(mode):
+            if not (
+                mode & stat.S_IXUSR and mode & stat.S_IXGRP and mode & stat.S_IXOTH
+            ):
+                sys.stderr.write("E: %s is missing execute bit\n" % name)
+                ret = 1
+        elif stat.S_ISREG(mode):
+            if mode & stat.S_IXUSR or mode & stat.S_IXGRP or mode & stat.S_IXOTH:
+                sys.stderr.write("E: %s incorrectly has execute bit\n" % name)
+                ret = 1
+        else:
+            sys.stderr.write("E: %s is neither a directory nor regular file\n" % name)
+            ret = 1
+
    return ret