Automatically derive permissions for exe

Kijewski · Sep 6, 2023 · debff22 · debff22
1 parent 7d7d9f8
commit debff22
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 10 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -9,6 +9,7 @@ license = "MIT OR Apache-2.0 WITH LLVM-exception"
 [dependencies]
 clap = { version = "4.4.2", features = ["derive"] }
 ed25519-dalek = { version = "2.0.0", features = ["serde", "rand_core"] }
+is_executable = "1.0.1"
 memmap2 = "0.7.1"
 num-traits = "0.2.16"
 parse_int = { version = "0.6.0", features = ["implicit-octal"] }

diff --git a/README.md b/README.md
@@ -39,7 +39,7 @@ Options:
 
 * `--method <METHOD>`: Compression method (stored | \*deflated | bzip2 | zstd, \*=default)
 * `--level <LEVEL>`: Compression level
-* `--permissions <PERMISSIONS>`: Unix-style permissions (default=0o644)
+* `--permissions <PERMISSIONS>`: Unix-style permissions, default: 0o755 if "FILE" is executable, otherwise 0o644
 
 ### Generate signature in new file
 

diff --git a/src/verify.rs b/src/verify.rs
@@ -46,7 +46,9 @@ pub fn main(args: Cli) -> Result<(), Error> {
     drop(f);
 
     // verify signature
-    key.verify_strict(&file, &sign).map_err(Error::Signature)
+    key.verify_strict(&file, &sign).map_err(Error::Signature)?;
+    println!("OK");
+    Ok(())
 }
 
 /// Verify a signature

diff --git a/src/zip.rs b/src/zip.rs
@@ -57,6 +57,15 @@ pub fn main(args: Cli) -> Result<(), Error> {
         return Err(Error::Write(err, args.zip));
     }
 
+    // get permissions
+    let permissions = match args.permissions {
+        Some(permissions) => permissions.0 as u32,
+        None => match is_executable::is_executable(&args.file) {
+            true => 0o755,
+            false => 0o644,
+        },
+    };
+
     // write ZIP content
     let mut zip_file = ZipWriter::new(zip_file);
     let method = match args.method.unwrap_or_default() {
@@ -68,7 +77,7 @@ pub fn main(args: Cli) -> Result<(), Error> {
     let options = FileOptions::default()
         .compression_method(method)
         .compression_level(args.level)
-        .unix_permissions(args.permissions.unwrap_or_default().0 as u32);
+        .unix_permissions(permissions);
     if let Err(err) = zip_file.start_file(name, options) {
         return Err(Error::Zip(err, args.zip));
     }
@@ -97,7 +106,7 @@ pub struct Cli {
     /// Compression level
     #[arg(short, long)]
     level: Option<i32>,
-    /// Unix-style permissions (default=0o644)
+    /// Unix-style permissions, default: 0o755 if "FILE" is executable, otherwise 0o644
     #[arg(short, long)]
     permissions: Option<Permissions>,
 }
@@ -115,12 +124,6 @@ enum NamedCompressionMethod {
 #[derive(Debug, Clone, Copy)]
 struct Permissions(u16);
 
-impl Default for Permissions {
-    fn default() -> Self {
-        Self(0o644)
-    }
-}
-
 impl FromStr for Permissions {
     type Err = <u16 as num_traits::Num>::FromStrRadixErr;