Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove the writable flag, don't set too many permission bits #718

Merged
merged 1 commit into from
Nov 14, 2023
Merged

Remove the writable flag, don't set too many permission bits #718

merged 1 commit into from
Nov 14, 2023

Conversation

grahamc
Copy link
Member

@grahamc grahamc commented Nov 12, 2023
edited

Description

Making everything 0o555 is too much, since many files in the store
are not supposed to be executable. Those should be 0o444. Instead
of splatting 0o555 out, take a more measured approach and remove
the writable flag from the on-disk mode.

Checklist
  • Formatted with cargo fmt
  • Built with nix build
  • Ran flake checks with nix flake check
  • Added or updated relevant tests (leave unchecked if not applicable)
  • Added or updated relevant documentation (leave unchecked if not applicable)
  • Linked to related issues (leave unchecked if not applicable)
Validating with install.determinate.systems

If a maintainer has added the upload to s3 label to this PR, it will become available for installation via install.determinate.systems:

curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix/pr/$PR_NUMBER | sh -s -- install

@grahamc grahamc added the upload to s3 The labeled PR is allowed to upload its artifacts to S3 for easy testing label Nov 12, 2023
@grahamc
Remove the writable flag, don't set too many permission bits
d17c1b4 
Making everything 0o555 is too much, since many files in the store
are not supposed to be executable. Those should be 0o444. Instead
of splatting 0o555 out, take a more measured approach and remove
the writable flag from the on-disk mode.
@grahamc grahamc changed the title don't set perms explicitly Remove the writable flag, don't set too many permission bits Nov 12, 2023
@grahamc grahamc marked this pull request as ready for review November 12, 2023 04:03
cole-h
cole-h approved these changes Nov 12, 2023
View reviewed changes
Copy link
Member

@cole-h cole-h left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Diff LGTM.

@Hoverbear Hoverbear added this to the 0.14.1 milestone Nov 14, 2023
@Hoverbear Hoverbear merged commit 01a3447 into main Nov 14, 2023
13 checks passed
@Hoverbear Hoverbear deleted the no-perms-explicit branch November 14, 2023 16:26
This was referenced May 23, 2024
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cole-h cole-h cole-h approved these changes

@Hoverbear Hoverbear Hoverbear approved these changes

Assignees

@grahamc grahamc

Labels
upload to s3 The labeled PR is allowed to upload its artifacts to S3 for easy testing
Projects
None yet
Milestone
0.15.1
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@grahamc @Hoverbear @cole-h