Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build.zig.zon file .hash does not include executable bit in practice #16272

Closed
slimsag opened this issue Jun 30, 2023 · 3 comments
Closed

build.zig.zon file .hash does not include executable bit in practice #16272

slimsag opened this issue Jun 30, 2023 · 3 comments
Labels
bug Observed behavior contradicts documented or intended behavior zig build system std.Build, the build runner, `zig build` subcommand, package management
Milestone
0.12.0

Comments

@slimsag
Copy link
Sponsor Contributor

slimsag commented Jun 30, 2023

Zig Version

0.11.0-dev.3890+43c98dc11

Steps to Reproduce and Observed Behavior

I was implementing a tool in Go to calculate/update build.zig.zon file hashes. While doing this, I noticed that the Zig implementation in src/Package.zig currently doesn't include executable file bit information in practice.

If I download/extract this tarball using my system tar extractor, you can see we have at least two executable files in it:

freetype-26f9ea0ce8ec934d9d53caec80f6b3d0f857892b % ls -lah *.sh
-rwxrwxr-x  1 slimsag  staff   248B Jun 29 01:13 update.sh
-rwxrwxr-x  1 slimsag  staff   318B Jun 29 01:13 verify.sh

However, if I modify this code in the stdlib to print the file hash and result of isExecutable:

zig/src/Package.zig

Line 718 in 0a6cd25

hasher.update(&.{ 0, @intFromBool(try isExecutable(file)) });

Then we find isExecutable always returns false:

update.sh: 3ade16b05234cffff8aa60857d4ee2f1a90698da63e908148aefe45242ae8075 - false
verify.sh: 7359f08ae3202633064963b58058ef193d2f358c28abe08c035550e3bad8571e - false

This appears to be due to this TODO during tar extraction:

zig/src/Package.zig

Lines 603 to 611 in 0a6cd25

try std.tar.pipeToFileSystem(out_dir, decompress.reader(), .{
.strip_components = 1,
// TODO: we would like to set this to executable_bit_only, but two
// things need to happen before that:
// 1. the tar implementation needs to support it
// 2. the hashing algorithm here needs to support detecting the is_executable
// bit on Windows from the ACLs (see the isExecutable function).
.mode_mode = .ignore,
});

Importantly, this applies to all unix platforms too - not just windows - so once this is fixed, everyone's build.zig.zon file hashes will change.

Expected Behavior

build.zig.zon hashes include executable bit information in them
@slimsag slimsag added the bug Observed behavior contradicts documented or intended behavior label Jun 30, 2023
@slimsag slimsag changed the title build.zig.zon .hash does not include executable bit in practice build.zig.zon file .hash does not include executable bit in practice Jun 30, 2023
@squeek502
Copy link
Collaborator

I believe 1. in the TODO comment would be addressed by #15382

@andrewrk andrewrk added the zig build system std.Build, the build runner, `zig build` subcommand, package management label Jun 30, 2023
@andrewrk andrewrk added this to the 0.11.1 milestone Jun 30, 2023
@andrewrk andrewrk modified the milestones: 0.11.1, 0.12.0 Jan 29, 2024
@andrewrk
Copy link
Member

andrewrk commented Apr 2, 2024

Note the plan for this is #17463 (comment) and the hashes will be unchanged, continuing to not include the executable bit. All ELF files and files with shebang lines will be given +x regardless of the executable bit in the tarball.

This was referenced Apr 2, 2024
Closed
Merged
@andrewrk
Copy link
Member

andrewrk commented Apr 6, 2024

Fixed by 34bb670.

@andrewrk andrewrk closed this as completed Apr 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Observed behavior contradicts documented or intended behavior zig build system std.Build, the build runner, `zig build` subcommand, package management
Projects
None yet
Milestone
0.12.0
Development

No branches or pull requests
3 participants
@andrewrk @squeek502 @slimsag