actions/run: Check script exists during recipe verification

If a script doesn't exist or the permissions are wrong, the recipe exits during execution. Let's check early if the script exists on the host filesystem and that the file has executable permission bit set. Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>
go-debos · Jan 7, 2022 · f4d49c5 · f4d49c5
1 parent a95ed84
commit f4d49c5
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/actions/run_action.go b/actions/run_action.go
@@ -45,6 +45,8 @@ package actions
 import (
 	"errors"
 	"github.com/go-debos/fakemachine"
+	"fmt"
+	"os"
 	"path"
 	"strings"
 
@@ -68,6 +70,22 @@ func (run *RunAction) Verify(context *debos.DebosContext) error {
 	if run.Script == "" && run.Command == "" {
 		return errors.New("Script and Command both cannot be empty")
 	}
+
+	if run.Script != "" {
+		argv := strings.SplitN(run.Script, " ", 2)
+		script := debos.CleanPathAt(argv[0], context.RecipeDir)
+
+		stat, err := os.Stat(script)
+		if err != nil {
+			return err
+		}
+
+		/* check the script is executable */
+		if stat.IsDir() || stat.Mode()&0111 == 0 {
+			return fmt.Errorf("Script %s is not executable", script)
+		}
+	}
+
 	return nil
 }