Fix the issue that a dummy entry may cheat patch command (#1091)

Fix #846

Co-authored-by: Ti Chi Robot <[email protected]>

pkg/cluster/manager/patch.go

@@ -21,6 +21,7 @@ import (
 	"path"
 
 	"github.com/joomcode/errorx"
+	"github.com/pingcap/errors"
 	perrs "github.com/pingcap/errors"
 	"github.com/pingcap/tiup/pkg/cluster/clusterutil"
 	"github.com/pingcap/tiup/pkg/cluster/ctxt"
@@ -118,8 +119,18 @@ func checkPackage(bindVersion spec.BindVersion, specManager *spec.SpecManager, n
 		return err
 	}
 
-	if exists := utils.IsExist(path.Join(cacheDir, entry)); !exists {
-		return fmt.Errorf("entry %s not found in package %s", entry, packagePath)
+	fi, err := os.Stat(path.Join(cacheDir, entry))
+	if err != nil {
+		if os.IsNotExist(err) {
+			return errors.Errorf("entry %s not found in package %s", entry, packagePath)
+		}
+		return errors.AddStack(err)
+	}
+	if !fi.Mode().IsRegular() {
+		return errors.Errorf("entry %s in package %s is not a regular file", entry, packagePath)
+	}
+	if fi.Mode()&0500 != 0500 {
+		return errors.Errorf("entry %s in package %s is not executable", entry, packagePath)
 	}
 
 	return nil

tests/tiup-cluster/script/cmd_subtest.sh

@@ -74,6 +74,16 @@ function cmd_subtest() {
     tiup-cluster $client --yes patch $name ~/.tiup/storage/cluster/packages/tidb-v$version-linux-amd64.tar.gz -R tidb --overwrite
     # overwrite with the same tarball twice
     tiup-cluster $client --yes patch $name ~/.tiup/storage/cluster/packages/tidb-v$version-linux-amd64.tar.gz -R tidb --overwrite
+    # test patch with a non-executable entry
+    rm -rf tidb-server
+    touch tidb-server # this is a non-executable regular file
+    tar -czf tidb-non-executable.tar.gz tidb-server
+    ! tiup-cluster $client --yes patch $name ./tidb-non-executable.tar.gz -R tidb
+    # test patch with a dir entry
+    rm -rf tidb-server
+    mkdir tidb-server
+    tar -czf tidb-dir-entry.tar.gz tidb-server
+    ! tiup-cluster $client --yes patch $name ./tidb-dir-entry.tar.gz -R tidb
 
     tiup-cluster $client --yes stop $name