From 42368f6407d93ed475cb3130844be85e01e20c32 Mon Sep 17 00:00:00 2001 From: Bryce Boe Date: Fri, 1 Mar 2019 09:41:07 -0800 Subject: [PATCH 1/3] Consistently set archived file permissions to 0444 --- archive/zip_archiver.go | 1 + archive/zip_archiver_test.go | 47 ++++++++++++++++++++++++++++++++++-- 2 files changed, 46 insertions(+), 2 deletions(-) diff --git a/archive/zip_archiver.go b/archive/zip_archiver.go index 1ed341f9..43df215f 100644 --- a/archive/zip_archiver.go +++ b/archive/zip_archiver.go @@ -61,6 +61,7 @@ func (a *ZipArchiver) ArchiveFile(infilename string) error { fh.Method = zip.Deflate // fh.Modified alone isn't enough when using a zero value fh.SetModTime(time.Time{}) + fh.SetMode(0444) f, err := a.writer.CreateHeader(fh) if err != nil { diff --git a/archive/zip_archiver_test.go b/archive/zip_archiver_test.go index 5429096c..523c50ad 100644 --- a/archive/zip_archiver_test.go +++ b/archive/zip_archiver_test.go @@ -33,7 +33,50 @@ func TestZipArchiver_File(t *testing.T) { "test-file.txt": []byte("This is test content"), }) } -func TestZipArchiver_FileModified(t *testing.T) { + +func TestZipArchiver_FilePermissionsModified(t *testing.T) { + var ( + zipFilePath = filepath.FromSlash("archive-file.zip") + toZipPath = filepath.FromSlash("./test-fixtures/test-file.txt") + ) + + var zip = func() { + archiver := NewZipArchiver(zipFilePath) + if err := archiver.ArchiveFile(toZipPath); err != nil { + t.Fatalf("unexpected error: %s", err) + } + } + + //set initial file permissions + if err := os.Chmod(toZipPath, 0600); err != nil { + t.Fatalf("unexpected error: %s", err) + } + + zip() + + expectedContents, err := ioutil.ReadFile(zipFilePath) + if err != nil { + t.Fatalf("unexpected error: %s", err) + } + + //change file permissions + if err := os.Chmod(toZipPath, 0666); err != nil { + t.Fatalf("unexpected error: %s", err) + } + + zip() + + actualContents, err := ioutil.ReadFile(zipFilePath) + if err != nil { + t.Fatalf("unexpected error: %s", err) + } + + if !bytes.Equal(expectedContents, actualContents) { + t.Fatalf("zip contents do not match, potentially a permission issue") + } +} + +func TestZipArchiver_FileTimeModified(t *testing.T) { var ( zipFilePath = filepath.FromSlash("archive-file.zip") toZipPath = filepath.FromSlash("./test-fixtures/test-file.txt") @@ -63,7 +106,7 @@ func TestZipArchiver_FileModified(t *testing.T) { actualContents, err := ioutil.ReadFile(zipFilePath) if err != nil { - t.Fatalf("unexpecte error: %s", err) + t.Fatalf("unexpected error: %s", err) } if !bytes.Equal(expectedContents, actualContents) { From 005142a19cb00ad807f63ebb0afd3c0552a7618c Mon Sep 17 00:00:00 2001 From: Bryce Boe Date: Fri, 1 Mar 2019 10:08:57 -0800 Subject: [PATCH 2/3] Consitently set archived file permissions to 0555 when executable --- archive/zip_archiver.go | 13 ++++++++++- archive/zip_archiver_test.go | 42 ++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) diff --git a/archive/zip_archiver.go b/archive/zip_archiver.go index 43df215f..127f3a98 100644 --- a/archive/zip_archiver.go +++ b/archive/zip_archiver.go @@ -61,7 +61,18 @@ func (a *ZipArchiver) ArchiveFile(infilename string) error { fh.Method = zip.Deflate // fh.Modified alone isn't enough when using a zero value fh.SetModTime(time.Time{}) - fh.SetMode(0444) + + // check if file is executable + info, err := os.Stat(infilename) + if err != nil { + return err + } + mode := info.Mode().Perm() + if mode&0100 == 0100 { + fh.SetMode(0555) + } else { + fh.SetMode(0444) + } f, err := a.writer.CreateHeader(fh) if err != nil { diff --git a/archive/zip_archiver_test.go b/archive/zip_archiver_test.go index 523c50ad..e1ce8069 100644 --- a/archive/zip_archiver_test.go +++ b/archive/zip_archiver_test.go @@ -76,6 +76,48 @@ func TestZipArchiver_FilePermissionsModified(t *testing.T) { } } +func TestZipArchiver_FileExecutablePermissionsModified(t *testing.T) { + var ( + zipFilePath = filepath.FromSlash("archive-file.zip") + toZipPath = filepath.FromSlash("./test-fixtures/test-file.txt") + ) + + var zip = func() { + archiver := NewZipArchiver(zipFilePath) + if err := archiver.ArchiveFile(toZipPath); err != nil { + t.Fatalf("unexpected error: %s", err) + } + } + + //set initial file permissions + if err := os.Chmod(toZipPath, 0700); err != nil { + t.Fatalf("unexpected error: %s", err) + } + + zip() + + expectedContents, err := ioutil.ReadFile(zipFilePath) + if err != nil { + t.Fatalf("unexpected error: %s", err) + } + + //make file executable + if err := os.Chmod(toZipPath, 0644); err != nil { + t.Fatalf("unexpected error: %s", err) + } + + zip() + + actualContents, err := ioutil.ReadFile(zipFilePath) + if err != nil { + t.Fatalf("unexpected error: %s", err) + } + + if bytes.Equal(expectedContents, actualContents) { + t.Fatalf("zip contents match, potentially a permission issue") + } +} + func TestZipArchiver_FileTimeModified(t *testing.T) { var ( zipFilePath = filepath.FromSlash("archive-file.zip") From 70ab2251249e8943264a20ebc701a85901c09890 Mon Sep 17 00:00:00 2001 From: Bryce Boe Date: Fri, 1 Mar 2019 10:10:53 -0800 Subject: [PATCH 3/3] Update changelog with permission bugfix info --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6fa6015e..bd10cddf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ IMPROVEMENTS: * The provider is now compatible with Terraform v0.12, while retaining compatibility with prior versions. +BUG FIXES: + +* Fix file permissions affecting zip contents and causing spurious diffs ([#34](https://github.com/terraform-providers/terraform-provider-archive/issues/34)) + ## 1.1.0 (July 30, 2018) ENHANCEMENTS: