Skip to content

nginx/setup-odk.sh: make file executable#840

Merged
alxndrsn merged 1 commit intogetodk:nextfrom
alxndrsn:remove+x
Feb 13, 2025
Merged

nginx/setup-odk.sh: make file executable#840
alxndrsn merged 1 commit intogetodk:nextfrom
alxndrsn:remove+x

Conversation

@alxndrsn
Copy link
Contributor

@alxndrsn alxndrsn commented Dec 10, 2024
edited
Loading

This change brings consistency: all other executables in files/** are marked executable in git rather than chmod'd in .dockerfile files.

The chmod call was originally introduced in #676 without discussion.

There is a wider debate whether git can be trusted to manage file permissions, touched on at #830 (comment)

nginx/setup-odk.sh: make file executable
da3ca1b 
This change brings consistency: all other executables in files/** are marked executable in git rather than chmod'd in dockerfiles.
@alxndrsn alxndrsn mentioned this pull request Dec 10, 2024
Merged
2 tasks
@brontolosone
Copy link
Contributor

brontolosone commented Dec 10, 2024

I'm still of the opinion that it's better to define exactly the permissions you want and expect using mechanisms that are made for that exact purpose (eg chmod+chown, install, ...).

Git is unsuitable for that purpose; it only tracks executability, which is honored, or not, depending on the git client configuration and the OS, and the resulting user, group and others permissions are sensitive to the umask at clone time, which also makes for bugs such as this one.
Plus the recorded executability in git is not apparent if you don't happen to know where to look, contributing to a situation in which the resulting permissions become mystery meat sausage composed of interactions between several environmental factors.

I don't see any downsides to being explicit about intent and mechanism and desired outcome by putting a couple of install or chmod+chown calls in there. It closes the book on stated intent and on unexpected variance. And then if a file's permissions aren't exactly what you need or expect, then it's very easy to find the place where we define them.

@alxndrsn
Copy link
Contributor Author

alxndrsn commented Dec 10, 2024

I don't see any downsides to being explicit about intent and mechanism and desired outcome by putting a couple of install or chmod+chown calls in there.

I think the obvious downside is that it's more code to read, and could be considered noise if you weren't aware/concerned about environments with core.fileMode or less common umask values set. In addition to this, it's more code which is unlikely to be required most of the time, so unless there are explicit tests added for it, missing chmod calls are likely to be introduced in future, or existing ones likely to be removed when their intention can't be easily understood.

So I suggest merging this PR now to standardise executable flag handling across the repo. This could be followed up with another PR to add a test to CI which fails without chmod +x calls, and then add the required chmod calls.

@brontolosone brontolosone removed their request for review December 10, 2024 16:29
@lognaturel lognaturel self-requested a review January 9, 2025 16:49
@alxndrsn alxndrsn merged commit 7594c91 into getodk:next Feb 13, 2025
1 check passed
@alxndrsn alxndrsn deleted the remove+x branch February 13, 2025 06:29
yanokwa pushed a commit to yanokwa/odk-central that referenced this pull request Jun 11, 2025
@alxndrsn @yanokwa
nginx/setup-odk.sh: make file executable (getodk#840)
1fe957f 
This change brings consistency: all other executables in `files/**` are marked executable in git rather than `chmod`'d in `.dockerfile` files.

The `chmod` call was originally introduced in getodk#676 without discussion.

There is a wider debate whether git can be trusted to manage file permissions, touched on at getodk#830 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lognaturel lognaturel lognaturel approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alxndrsn @brontolosone @lognaturel