From 13d3ebcb8c3894483168b7f88f31db68ceea1419 Mon Sep 17 00:00:00 2001 From: Thomas Walker Lynch Date: Fri, 9 Jan 2026 09:27:11 +0000 Subject: [PATCH] tweaks to structure --- {tool => developer/tool}/release | 0 shared/authored/env | 2 +- shared/authored/sys | 0 shared/made/version | 1 + shared/made/walk | 1 - tool/Harmony_sync | 1 - tool/after_pull | 124 ------------------------------- 7 files changed, 2 insertions(+), 127 deletions(-) rename {tool => developer/tool}/release (100%) delete mode 100644 shared/authored/sys create mode 120000 shared/made/version delete mode 120000 shared/made/walk delete mode 120000 tool/Harmony_sync delete mode 100755 tool/after_pull diff --git a/tool/release b/developer/tool/release similarity index 100% rename from tool/release rename to developer/tool/release diff --git a/shared/authored/env b/shared/authored/env index 35e91e4..e23af25 100644 --- a/shared/authored/env +++ b/shared/authored/env @@ -20,7 +20,7 @@ umask 0077 dirname "$script_afp" } -# assume this script is located $REPO_HOME/tools_shared/authored and work backwards +# assume this script is located $REPO_HOME/shared/authored and work backwards # to get $REPO_HOME, etc. REPO_HOME=$(dirname "$(dirname "$(script_adp)")") diff --git a/shared/authored/sys b/shared/authored/sys deleted file mode 100644 index e69de29..0000000 diff --git a/shared/made/version b/shared/made/version new file mode 120000 index 0000000..90de461 --- /dev/null +++ b/shared/made/version @@ -0,0 +1 @@ +../authored/version \ No newline at end of file diff --git a/shared/made/walk b/shared/made/walk deleted file mode 120000 index 1325c19..0000000 --- a/shared/made/walk +++ /dev/null @@ -1 +0,0 @@ -../authored/gitignore_treewalk.py \ No newline at end of file diff --git a/tool/Harmony_sync b/tool/Harmony_sync deleted file mode 120000 index 22ddb4e..0000000 --- a/tool/Harmony_sync +++ /dev/null @@ -1 +0,0 @@ -../shared/authored/Harmony_sync/CLI.py \ No newline at end of file diff --git a/tool/after_pull b/tool/after_pull deleted file mode 100755 index 946d9ad..0000000 --- a/tool/after_pull +++ /dev/null @@ -1,124 +0,0 @@ -#!/usr/bin/env -S python3 -B -# -*- mode: python; coding: utf-8; python-indent-offset: 2; indent-tabs-mode: nil -*- - -""" -set_project_permissions — normalize a freshly cloned project to Harmony policies. - -usage: - set_project_permissions [default] - set_project_permissions help | --help | -h - -notes: - • Must be run from the toolsmith environment (ENV=tool/env, ROLE=toolsmith). - • Starts at $REPO_HOME. - • Baseline is umask-077 congruence: - - directories → 0700 - - files → 0600, but preserve owner-exec (→ 0700 for executables) - applied to the entire repo, including release/, EXCEPT: - - release/kmod/*.ko → 0440 - • Skips .git/ and symlinks. -""" - -import os, sys, stat - -# Must match shared/authored/env policy: -DEFAULT_UMASK = 0o077 # reminder only; effective modes below implement 077 congruence. - -DIR_MODE_077 = 0o700 - -def die(msg, code=1): - print(f"set_project_permissions: {msg}", file=sys.stderr) - sys.exit(code) - -def require_toolsmith_env(): - env = os.environ.get("ENV", "") - role = os.environ.get("ROLE", "") - if env != "tool/env" or role != "toolsmith": - hint = ( - "This script should be run from the toolsmith environment.\n" - "Try: source ./env_toolsmith (then re-run: set_project_permissions default)" - ) - die(f"bad environment: ENV='{env}' ROLE='{role}'.\n{hint}") - -def repo_home(): - rh = os.environ.get("REPO_HOME") - if not rh: - die("REPO_HOME is not set (did you source shared/authored/env?)") - return os.path.realpath(rh) - -def show_path(p, rh): - return p.replace(rh, "$REPO_HOME", 1) if p.startswith(rh) else p - -def is_git_dir(path): - return os.path.basename(path.rstrip(os.sep)) == ".git" - -def file_target_mode_077_preserve_exec(current_mode: int) -> int: - # Base 0600, add owner exec if currently set; drop all group/other. - target = 0o600 - if current_mode & stat.S_IXUSR: - target |= stat.S_IXUSR - return target - -def set_mode_if_needed(path, target, rh): - try: - st = os.lstat(path) - except FileNotFoundError: - return 0 - cur = stat.S_IMODE(st.st_mode) - if cur == target: - return 0 - os.chmod(path, target) - print(f"+ chmod {oct(target)[2:]} '{show_path(path, rh)}'") - return 1 - -def apply_policy(rh): - changed = 0 - release_root = os.path.join(rh, "release") - for dirpath, dirnames, filenames in os.walk(rh, topdown=True, followlinks=False): - # prune .git - dirnames[:] = [d for d in dirnames if d != ".git"] - - # directories: 0700 everywhere (incl. release/) - changed += set_mode_if_needed(dirpath, DIR_MODE_077, rh) - - # files: 0600 (+owner exec) everywhere, except release/kmod/*.ko → 0440 - rel_from_repo = os.path.relpath(dirpath, rh) - under_release = rel_from_repo == "release" or rel_from_repo.startswith("release"+os.sep) - top_under_release = "" - if under_release: - rel_from_release = os.path.relpath(dirpath, release_root) - top_under_release = (rel_from_release.split(os.sep, 1)[0] if rel_from_release != "." else "") - - for fn in filenames: - p = os.path.join(dirpath, fn) - if os.path.islink(p): - continue - try: - st = os.lstat(p) - except FileNotFoundError: - continue - - if under_release and top_under_release == "kmod" and fn.endswith(".ko"): - target = 0o440 - else: - target = file_target_mode_077_preserve_exec(stat.S_IMODE(st.st_mode)) - - changed += set_mode_if_needed(p, target, rh) - return changed - -def cmd_default(): - require_toolsmith_env() - rh = repo_home() - total = apply_policy(rh) - print(f"changes: {total}") - -def main(): - if len(sys.argv) == 1 or sys.argv[1] in ("default",): - return cmd_default() - if sys.argv[1] in ("help", "--help", "-h"): - print(__doc__.strip()); return 0 - # unknown command → help - print(__doc__.strip()); return 1 - -if __name__ == "__main__": - sys.exit(main()) -- 2.20.1