search

meteor / meteor

Meteor, the JavaScript App Platform
https://meteor.com
Other
44.41k stars 5.2k forks source link

Executable bit is not preserved on static assets #2595

Closed awatson1978 closed 7 years ago

awatson1978 commented 10 years ago

The old github-based package management system preserved chmod file permissions, whereas the Unipackage system doesn't. Bug reproduction as follows: 

# clone the selenium nightwatch package into a local directory
git clone http://github.com/awatson1978/clinical-nightwatch.git

# confirm that files are marked with +x
ls -la
-rwxr-xr-x   1 username  wheel   266 Sep 15 20:01 launch_nightwatch_from_app_root.sh
-rwxr-xr-x   1 username  wheel   601 Sep 15 20:01 launch_nightwatch_from_package.sh

# create a new application
cd ..
meteor create newapp
cd newapp

# install the clinical:nightwatch package
meteor add clinical:nightwatch

# launch the app to create .meteor/local/build directory
meteor

# open a second terminal, and confirm that files don't have +x executable flag set
ls -la .meteor/local/build/programs/server/assets/packages/clinical_nightwatch
-r--r--r--   1 root  wheel   266 Sep 15 19:59 launch_nightwatch_from_app_root.sh
-r--r--r--   1 root  wheel   601 Sep 15 19:59 launch_nightwatch_from_package.sh

# then run the launcher - it will fail
cd .meteor/local/build/programs/server/assets/packages/clinical_nightwatch
sudo launch_nightwatch_from_package.sh

# set the executable flag
sudo chmod +x launch_nightwatch_from_package.sh

# try running the file again
sudo launch_nightwatch_from_package.sh

# nightwatch should launch the selenium server (and fail to find tests, but that's a different issue...)

This is related to the Velocity project and relevant to any packages that launch external scripts, such as Selenium/Nightwatch, PhantomJS, etc.

n1mmy commented 10 years ago

Thanks, Abigail. @ekatek is looking into this.

glasser commented 9 years ago

I don't think that there is an intention to preserve permissions on server-side static assets. The only documented APIs for accessing them are Assets.getText and Assets.getBinary, for which permissions are irrelevant anyway.

A possible future improvement to the Assets API that provides supported filesystem access to assets might want to include this feature, though.

skosch commented 9 years ago

Any news on this? I'd like to call an executable via spawn from within a server-side method, and said executable is in the private folder, which means it ends up in assets/app/, but unfortunately it loses its +x which leads to EACCES errors. Alternatively, is there a better place to store executables alongside Meteor apps?

hwillson commented 7 years ago

Hi all - as mentioned in https://github.com/meteor/meteor/issues/2595#issuecomment-72788096, preserving permissions on server side static assets is not currently functionality that is provided by Meteor (the Assets API does not support this). If the Assets API is re-visited at some point in the future this functionality can be considered. If preserving/manipulating file permissions is something that is needed, then this would need to be handled outside of Meteor (via the Node API for example). As part of the on-going old issue cleanup process, I'll close this off. Thanks for reporting this originally!