2 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
3 # Use of this source code is governed by a BSD-style license that can be
4 # found in the LICENSE file.
6 """Makes sure files have the right permissions.
8 Some developers have broken SCM configurations that flip the svn:executable
9 permission on for no good reason. Unix developers who run ls --color will then
10 see .cc files in green and get confused.
12 - For file extensions that must be executable, add it to EXECUTABLE_EXTENSIONS.
13 - For file extensions that must not be executable, add it to
14 NOT_EXECUTABLE_EXTENSIONS.
15 - To ignore all the files inside a directory, add it to IGNORED_PATHS.
16 - For file base name with ambiguous state and that should not be checked for
17 shebang, add it to IGNORED_FILENAMES.
19 Any file not matching the above will be opened and looked if it has a shebang.
20 It this doesn't match the executable bit on the file, the file will be flagged.
22 Note that all directory separators must be slashes (Unix-style) and not
23 backslashes. All directories should be relative to the source root and all
24 file paths should be only lowercase.
34 #### USER EDITABLE SECTION STARTS HERE ####
36 # Files with these extensions must have executable bit set.
37 EXECUTABLE_EXTENSIONS
= (
44 # These files must have executable bit set.
46 # TODO(maruel): Detect ELF files.
47 'chrome/test/data/webrtc/linux/peerconnection_server',
48 'chrome/installer/mac/sign_app.sh.in',
49 'chrome/installer/mac/sign_versioned_dir.sh.in',
52 # These files must not have the executable bit set. This is mainly a performance
53 # optimization as these files are not checked for shebang. The list was
54 # partially generated from:
55 # git ls-files | grep "\\." | sed 's/.*\.//' | sort | uniq -c | sort -b -g
56 NON_EXECUTABLE_EXTENSIONS
= (
126 # File names that are always whitelisted. (These are all autoconf spew.)
127 IGNORED_FILENAMES
= (
139 # File paths starting with one of these will be ignored as well.
141 # TODO(maruel): Detect ELF files.
142 'chrome/test/data/extensions/uitest/plugins',
143 'chrome/test/data/extensions/uitest/plugins_private',
144 'chrome/test/data/webrtc/linux/peerconnection_server',
145 'chrome/installer/mac/sign_app.sh.in',
146 'chrome/installer/mac/sign_versioned_dir.sh.in',
147 'native_client_sdk/src/build_tools/sdk_tools/third_party/',
149 # TODO(maruel): Fix these.
150 'third_party/android_testrunner/',
151 'third_party/closure_linter/',
152 'third_party/devscripts/licensecheck.pl.vanilla',
153 'third_party/hyphen/',
154 'third_party/jemalloc/',
155 'third_party/lcov-1.9/contrib/galaxy/conglomerate_functions.pl',
156 'third_party/lcov-1.9/contrib/galaxy/gen_makefile.sh',
157 'third_party/lcov/contrib/galaxy/conglomerate_functions.pl',
158 'third_party/lcov/contrib/galaxy/gen_makefile.sh',
159 'third_party/libevent/autogen.sh',
160 'third_party/libevent/test/test.sh',
161 'third_party/libxml/linux/xml2-config',
162 'third_party/libxml/src/ltmain.sh',
164 'third_party/protobuf/',
165 'third_party/python_gflags/gflags.py',
166 'third_party/sqlite/',
167 'third_party/talloc/script/mksyms.sh',
168 'third_party/tcmalloc/',
169 'third_party/tlslite/setup.py',
172 #### USER EDITABLE SECTION ENDS HERE ####
174 assert set(EXECUTABLE_EXTENSIONS
) & set(NON_EXECUTABLE_EXTENSIONS
) == set()
177 def capture(cmd
, cwd
):
178 """Returns the output of a command.
180 Ignores the error code or stderr.
182 logging
.debug('%s; cwd=%s' % (' '.join(cmd
), cwd
))
183 env
= os
.environ
.copy()
184 env
['LANGUAGE'] = 'en_US.UTF-8'
185 p
= subprocess
.Popen(
186 cmd
, stdout
=subprocess
.PIPE
, stderr
=subprocess
.PIPE
, cwd
=cwd
, env
=env
)
187 return p
.communicate()[0]
190 def get_svn_info(dir_path
):
191 """Returns svn meta-data for a svn checkout."""
192 if not os
.path
.isdir(dir_path
):
194 out
= capture(['svn', 'info', '.', '--non-interactive'], dir_path
)
195 return dict(l
.split(': ', 1) for l
in out
.splitlines() if l
)
198 def get_svn_url(dir_path
):
199 return get_svn_info(dir_path
).get('URL')
202 def get_svn_root(dir_path
):
203 """Returns the svn checkout root or None."""
204 svn_url
= get_svn_url(dir_path
)
207 logging
.info('svn url: %s' % svn_url
)
209 parent
= os
.path
.dirname(dir_path
)
210 if parent
== dir_path
:
212 svn_url
= svn_url
.rsplit('/', 1)[0]
213 if svn_url
!= get_svn_url(parent
):
218 def get_git_root(dir_path
):
219 """Returns the git checkout root or None."""
220 root
= capture(['git', 'rev-parse', '--show-toplevel'], dir_path
).strip()
225 def is_ignored(rel_path
):
226 """Returns True if rel_path is in our whitelist of files to ignore."""
227 rel_path
= rel_path
.lower()
229 os
.path
.basename(rel_path
) in IGNORED_FILENAMES
or
230 rel_path
.startswith(IGNORED_PATHS
))
233 def must_be_executable(rel_path
):
234 """The file name represents a file type that must have the executable bit
238 os
.path
.splitext(rel_path
)[1][1:].lower() in EXECUTABLE_EXTENSIONS
or
239 rel_path
in EXECUTABLE_PATHS
)
242 def must_not_be_executable(rel_path
):
243 """The file name represents a file type that must not have the executable
246 return os
.path
.splitext(rel_path
)[1][1:].lower() in NON_EXECUTABLE_EXTENSIONS
249 def has_executable_bit(full_path
):
250 """Returns if any executable bit is set."""
251 permission
= stat
.S_IXUSR | stat
.S_IXGRP | stat
.S_IXOTH
252 return bool(permission
& os
.stat(full_path
).st_mode
)
255 def has_shebang(full_path
):
256 """Returns if the file starts with #!/.
258 file_path is the absolute path to the file.
260 with
open(full_path
, 'rb') as f
:
261 return f
.read(3) == '#!/'
264 class ApiBase(object):
265 def __init__(self
, root_dir
, bare_output
):
266 self
.root_dir
= root_dir
267 self
.bare_output
= bare_output
269 self
.count_shebang
= 0
271 def check_file(self
, rel_path
):
272 """Checks file_path's permissions and returns an error if it is
275 It is assumed that the file is not ignored by is_ignored().
277 If the file name is matched with must_be_executable() or
278 must_not_be_executable(), only its executable bit is checked.
279 Otherwise, the 3 first bytes of the file are read to verify if it has a
280 shebang and compares this with the executable bit on the file.
282 logging
.debug('check_file(%s)' % rel_path
)
285 full_path
= os
.path
.join(self
.root_dir
, rel_path
)
287 bit
= has_executable_bit(full_path
)
289 # It's faster to catch exception than call os.path.islink(). Chromium
290 # tree happens to have invalid symlinks under
291 # third_party/openssl/openssl/test/.
294 if must_be_executable(rel_path
):
298 return '%s: Must have executable bit set' % rel_path
300 if must_not_be_executable(rel_path
):
304 return '%s: Must not have executable bit set' % rel_path
307 # For the others, it depends on the shebang.
308 shebang
= has_shebang(full_path
)
309 self
.count_shebang
+= 1
314 return '%s: Has executable bit but not shebang' % rel_path
316 return '%s: Has shebang but not executable bit' % rel_path
318 def check_dir(self
, rel_path
):
319 return self
.check(rel_path
)
321 def check(self
, start_dir
):
322 """Check the files in start_dir, recursively check its subdirectories."""
324 items
= self
.list_dir(start_dir
)
325 logging
.info('check(%s) -> %d' % (start_dir
, len(items
)))
327 full_path
= os
.path
.join(self
.root_dir
, start_dir
, item
)
328 rel_path
= full_path
[len(self
.root_dir
) + 1:]
329 if is_ignored(rel_path
):
331 if os
.path
.isdir(full_path
):
333 errors
.extend(self
.check_dir(rel_path
))
335 error
= self
.check_file(rel_path
)
340 def list_dir(self
, start_dir
):
341 """Lists all the files and directory inside start_dir."""
343 x
for x
in os
.listdir(os
.path
.join(self
.root_dir
, start_dir
))
344 if not x
.startswith('.')
348 class ApiSvnQuick(ApiBase
):
349 """Returns all files in svn-versioned directories, independent of the fact if
352 Uses svn info in each directory to determine which directories should be
355 def __init__(self
, *args
):
356 super(ApiSvnQuick
, self
).__init
__(*args
)
357 self
.url
= get_svn_url(self
.root_dir
)
359 def check_dir(self
, rel_path
):
360 url
= self
.url
+ '/' + rel_path
361 if get_svn_url(os
.path
.join(self
.root_dir
, rel_path
)) != url
:
363 return super(ApiSvnQuick
, self
).check_dir(rel_path
)
366 class ApiAllFilesAtOnceBase(ApiBase
):
369 def list_dir(self
, start_dir
):
370 """Lists all the files and directory inside start_dir."""
371 if self
._files
is None:
372 self
._files
= sorted(self
._get
_all
_files
())
373 if not self
.bare_output
:
374 print 'Found %s files' % len(self
._files
)
375 start_dir
= start_dir
[len(self
.root_dir
) + 1:]
377 x
[len(start_dir
):] for x
in self
._files
if x
.startswith(start_dir
)
380 def _get_all_files(self
):
381 """Lists all the files and directory inside self._root_dir."""
382 raise NotImplementedError()
385 class ApiSvn(ApiAllFilesAtOnceBase
):
386 """Returns all the subversion controlled files.
388 Warning: svn ls is abnormally slow.
390 def _get_all_files(self
):
391 cmd
= ['svn', 'ls', '--non-interactive', '--recursive']
393 x
for x
in capture(cmd
, self
.root_dir
).splitlines()
394 if not x
.endswith(os
.path
.sep
))
397 class ApiGit(ApiAllFilesAtOnceBase
):
398 def _get_all_files(self
):
399 return capture(['git', 'ls-files'], cwd
=self
.root_dir
).splitlines()
402 def get_scm(dir_path
, bare
):
403 """Returns a properly configured ApiBase instance."""
405 root
= get_svn_root(dir_path
or cwd
)
408 print('Found subversion checkout at %s' % root
)
409 return ApiSvnQuick(dir_path
or root
, bare
)
410 root
= get_git_root(dir_path
or cwd
)
413 print('Found git repository at %s' % root
)
414 return ApiGit(dir_path
or root
, bare
)
416 # Returns a non-scm aware checker.
418 print('Failed to determine the SCM for %s' % dir_path
)
419 return ApiBase(dir_path
or cwd
, bare
)
423 usage
= """Usage: python %prog [--root <root>] [tocheck]
424 tocheck Specifies the directory, relative to root, to check. This defaults
425 to "." so it checks everything.
429 python %prog --root /path/to/source chrome"""
431 parser
= optparse
.OptionParser(usage
=usage
)
434 help='Specifies the repository root. This defaults '
435 'to the checkout repository root')
437 '-v', '--verbose', action
='count', default
=0, help='Print debug logging')
442 help='Prints the bare filename triggering the checks')
443 options
, args
= parser
.parse_args()
445 levels
= [logging
.ERROR
, logging
.INFO
, logging
.DEBUG
]
446 logging
.basicConfig(level
=levels
[min(len(levels
) - 1, options
.verbose
)])
449 parser
.error('Too many arguments used')
452 options
.root
= os
.path
.abspath(options
.root
)
454 api
= get_scm(options
.root
, options
.bare
)
458 start_dir
= api
.root_dir
460 errors
= api
.check(start_dir
)
463 print 'Processed %s files, %d files where tested for shebang' % (
464 api
.count
, api
.count_shebang
)
469 print '\n'.join(errors
)
476 if '__main__' == __name__
: