Add a new file as part of a commit and have System Patches set the +x flag on it?

luckman212

I have a patch for wireguard and part of it involves fetching a brand new file that needs to be executable. In my git tree I have marked it as such, and even run

$ git update-index --chmod=+x path/to/file

still, upon fetching the patch, even though it's "successful" the file permissions are 644. So my patch fails to actually do what it's supposed to do until the user manually runs chmod +x /path/to/file.

Am I doing this wrong? Is there a way to ensure the file permissions are preserved during the patch operation?

the patch in question is here luckman212/wgfix

luckman212

Even when downloading the patch manually, I can see the patch instructs the system to mark the file executable, so System Patches is either ignoring this or something else is going on... ?

luckman212

I think the problem may be that the FreeBSD patch(1) comand simply ignores the file mode bits. I looked at the source and it looks like this is the section that does most of the work, but I don't see any reason that would omit the mode-setting, unless the patch command itself was responsible.

I posted a question on the FreeBSD forum.

jimp

The patch command has behaved that way for as long as I can remember. When testing diffs that add files we usually have to fix the permissions by hand after if they have to be executable.

It could be a missing feature in patch or it could be for security reasons -- forcing people to make something executable is a safety belt against accidentally importing a malicious script via patch.

Still would be nice to have a command line option to optionally obey the file permissions specified in a diff.

luckman212

@jimp Ever considered adding one more field to System Patches called "Post processing command" where we could, for example type in chmod +x /etc/wgfix.sh and have it execute that after successfully applying the patch?

If you're too busy I am happy to try to put that together as a PR.

jimp

Might not be a bad idea but I am hesitant to add yet another way to run shell commands to the system. Have to think on that one a bit.

JeGr

@luckman212 Wouldn't that work by throwing the new file into the filer package? There you can add it with 0755 as mask so you get the correct x-bit?

luckman212

@jegr Maybe, but I didn't want the patch to also need to depend on having Filer installed, which most people don't (including myself...) That would require manually downloading the script and pasting it into Filer, setting the right bits, then installing System Patches, fetching the patch... lots of steps and more room for error.