From debff220ecbc9d6ca016b2cd06eaed8f98be9d75 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Kijewski?= <rene.kijewski@fu-berlin.de>
Date: Wed, 6 Sep 2023 22:10:53 +0200
Subject: [PATCH] Automatically derive permissions for exe

---
 Cargo.lock    | 32 ++++++++++++++++++++++++++++++++
 Cargo.toml    |  1 +
 README.md     |  2 +-
 src/verify.rs |  4 +++-
 src/zip.rs    | 19 +++++++++++--------
 5 files changed, 48 insertions(+), 10 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 2a96f0d..f37f118 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -399,6 +399,15 @@ dependencies = [
  "generic-array",
 ]
 
+[[package]]
+name = "is_executable"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fa9acdc6d67b75e626ad644734e8bc6df893d9cd2a834129065d3dd6158ea9c8"
+dependencies = [
+ "winapi",
+]
+
 [[package]]
 name = "jobserver"
 version = "0.1.26"
@@ -772,6 +781,28 @@ version = "0.11.0+wasi-snapshot-preview1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
 
+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+dependencies = [
+ "winapi-i686-pc-windows-gnu",
+ "winapi-x86_64-pc-windows-gnu",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+
+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+
 [[package]]
 name = "windows-sys"
 version = "0.48.0"
@@ -879,6 +910,7 @@ version = "0.1.0"
 dependencies = [
  "clap",
  "ed25519-dalek",
+ "is_executable",
  "memmap2",
  "num-traits",
  "parse_int",
diff --git a/Cargo.toml b/Cargo.toml
index 39025c2..9cb21a9 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -9,6 +9,7 @@ license = "MIT OR Apache-2.0 WITH LLVM-exception"
 [dependencies]
 clap = { version = "4.4.2", features = ["derive"] }
 ed25519-dalek = { version = "2.0.0", features = ["serde", "rand_core"] }
+is_executable = "1.0.1"
 memmap2 = "0.7.1"
 num-traits = "0.2.16"
 parse_int = { version = "0.6.0", features = ["implicit-octal"] }
diff --git a/README.md b/README.md
index c069fbb..e7deae3 100644
--- a/README.md
+++ b/README.md
@@ -39,7 +39,7 @@ Options:
 
 * `--method <METHOD>`: Compression method (stored | \*deflated | bzip2 | zstd, \*=default)
 * `--level <LEVEL>`: Compression level
-* `--permissions <PERMISSIONS>`: Unix-style permissions (default=0o644)
+* `--permissions <PERMISSIONS>`: Unix-style permissions, default: 0o755 if "FILE" is executable, otherwise 0o644
 
 ### Generate signature in new file
 
diff --git a/src/verify.rs b/src/verify.rs
index 8f2a7a7..df67e9d 100644
--- a/src/verify.rs
+++ b/src/verify.rs
@@ -46,7 +46,9 @@ pub fn main(args: Cli) -> Result<(), Error> {
     drop(f);
 
     // verify signature
-    key.verify_strict(&file, &sign).map_err(Error::Signature)
+    key.verify_strict(&file, &sign).map_err(Error::Signature)?;
+    println!("OK");
+    Ok(())
 }
 
 /// Verify a signature
diff --git a/src/zip.rs b/src/zip.rs
index 8a3feb9..54058c3 100644
--- a/src/zip.rs
+++ b/src/zip.rs
@@ -57,6 +57,15 @@ pub fn main(args: Cli) -> Result<(), Error> {
         return Err(Error::Write(err, args.zip));
     }
 
+    // get permissions
+    let permissions = match args.permissions {
+        Some(permissions) => permissions.0 as u32,
+        None => match is_executable::is_executable(&args.file) {
+            true => 0o755,
+            false => 0o644,
+        },
+    };
+
     // write ZIP content
     let mut zip_file = ZipWriter::new(zip_file);
     let method = match args.method.unwrap_or_default() {
@@ -68,7 +77,7 @@ pub fn main(args: Cli) -> Result<(), Error> {
     let options = FileOptions::default()
         .compression_method(method)
         .compression_level(args.level)
-        .unix_permissions(args.permissions.unwrap_or_default().0 as u32);
+        .unix_permissions(permissions);
     if let Err(err) = zip_file.start_file(name, options) {
         return Err(Error::Zip(err, args.zip));
     }
@@ -97,7 +106,7 @@ pub struct Cli {
     /// Compression level
     #[arg(short, long)]
     level: Option<i32>,
-    /// Unix-style permissions (default=0o644)
+    /// Unix-style permissions, default: 0o755 if "FILE" is executable, otherwise 0o644
     #[arg(short, long)]
     permissions: Option<Permissions>,
 }
@@ -115,12 +124,6 @@ enum NamedCompressionMethod {
 #[derive(Debug, Clone, Copy)]
 struct Permissions(u16);
 
-impl Default for Permissions {
-    fn default() -> Self {
-        Self(0o644)
-    }
-}
-
 impl FromStr for Permissions {
     type Err = <u16 as num_traits::Num>::FromStrRadixErr;