johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cda4c42e116a09c368070f6c55add143a9c4e96b
beads/cmd/bd/doctor/fix/symlink_test.go
Darin e0734e230f fix: NixOS symlink compatibility for mtime and permission checks (#459) 
* fix: use os.Lstat for symlink-safe mtime and permission checks

On NixOS and other systems using symlinks heavily (e.g., home-manager),
os.Stat follows symlinks and returns the target's metadata. This causes:

1. False staleness detection when JSONL is symlinked - mtime of target
   changes unpredictably when symlinks are recreated
2. os.Chmod failing or changing wrong file's permissions when target
   is in read-only location (e.g., /nix/store)
3. os.Chtimes modifying target's times instead of the symlink itself

Changes:
- autoimport.go: Use Lstat for JSONL mtime in CheckStaleness()
- import.go: Use Lstat in TouchDatabaseFile() for JSONL mtime
- export.go: Skip chmod for symlinked files
- multirepo.go: Use Lstat for JSONL mtime cache
- multirepo_export.go: Use Lstat for mtime, skip chmod for symlinks
- doctor/fix/permissions.go: Skip permission fixes for symlinked paths

These changes are safe cross-platform:
- On systems without symlinks, Lstat behaves identically to Stat
- Symlink permission bits are ignored on Unix anyway
- The extra Lstat syscall overhead is negligible

Fixes symlink-related data loss on NixOS. See GitHub issue #379.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* test: add symlink behavior tests for NixOS compatibility

Add tests that verify symlink handling behavior:
- TestCheckStaleness_SymlinkedJSONL: verifies mtime detection uses
  symlink's own mtime (os.Lstat), not target's mtime (os.Stat)
- TestPermissions_SkipsSymlinkedBeadsDir: verifies chmod is skipped
  for symlinked .beads directories
- TestPermissions_SkipsSymlinkedDatabase: verifies chmod is skipped
  for symlinked database files while still fixing .beads dir perms

Also adds devShell to flake.nix for local development with go, gopls,
golangci-lint, and sqlite tools.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

---------

Co-authored-by: Claude <noreply@anthropic.com>
2025-12-05 13:22:09 -08:00

166 lines
4.9 KiB
Go
Raw Blame History

package fix
import (
"os"
"path/filepath"
"testing"
)
// TestPermissions_SkipsSymlinkedBeadsDir verifies that permission fixes are skipped
// when .beads directory is a symlink (common on NixOS with home-manager).
//
// Behavior being tested:
// - When .beads is a symlink, Permissions() should return nil without changing anything
// - This prevents attempts to chmod symlink targets (which may be read-only like /nix/store)
func TestPermissions_SkipsSymlinkedBeadsDir(t *testing.T) {
tmpDir := t.TempDir()
// Create target .beads directory with wrong permissions
targetDir := filepath.Join(tmpDir, "target-beads")
if err := os.MkdirAll(targetDir, 0777); err != nil { // intentionally wrong permissions
t.Fatal(err)
}
// Create workspace with symlinked .beads
workspaceDir := filepath.Join(tmpDir, "workspace")
if err := os.MkdirAll(workspaceDir, 0755); err != nil {
t.Fatal(err)
}
symlinkPath := filepath.Join(workspaceDir, ".beads")
if err := os.Symlink(targetDir, symlinkPath); err != nil {
t.Fatal(err)
}
// Get target's permissions before fix
targetInfoBefore, err := os.Stat(targetDir)
if err != nil {
t.Fatal(err)
}
permsBefore := targetInfoBefore.Mode().Perm()
// Run Permissions fix
err = Permissions(workspaceDir)
if err != nil {
t.Fatalf("Permissions() returned error for symlinked .beads: %v", err)
}
// Verify target's permissions were NOT changed
targetInfoAfter, err := os.Stat(targetDir)
if err != nil {
t.Fatal(err)
}
permsAfter := targetInfoAfter.Mode().Perm()
if permsAfter != permsBefore {
t.Errorf("Target directory permissions were changed through symlink!")
t.Errorf("Before: %o, After: %o", permsBefore, permsAfter)
t.Error("This could cause issues on NixOS where target may be in /nix/store (read-only)")
}
}
// TestPermissions_SkipsSymlinkedDatabase verifies that chmod is skipped for
// symlinked database files, but .beads directory permissions are still fixed.
func TestPermissions_SkipsSymlinkedDatabase(t *testing.T) {
tmpDir := t.TempDir()
// Create real .beads directory with wrong permissions
beadsDir := filepath.Join(tmpDir, ".beads")
if err := os.MkdirAll(beadsDir, 0777); err != nil { // intentionally wrong
t.Fatal(err)
}
// Create target database file with wrong permissions
targetDir := filepath.Join(tmpDir, "target")
if err := os.MkdirAll(targetDir, 0755); err != nil {
t.Fatal(err)
}
targetDB := filepath.Join(targetDir, "beads.db")
if err := os.WriteFile(targetDB, []byte("test"), 0644); err != nil { // intentionally world-readable
t.Fatal(err)
}
// Create symlink to database
symlinkPath := filepath.Join(beadsDir, "beads.db")
if err := os.Symlink(targetDB, symlinkPath); err != nil {
t.Fatal(err)
}
// Get target's permissions before fix
targetInfoBefore, err := os.Stat(targetDB)
if err != nil {
t.Fatal(err)
}
permsBefore := targetInfoBefore.Mode().Perm()
// Run Permissions fix
err = Permissions(tmpDir)
if err != nil {
t.Fatalf("Permissions() returned error for symlinked database: %v", err)
}
// Verify .beads directory permissions WERE fixed (not a symlink)
beadsInfo, err := os.Stat(beadsDir)
if err != nil {
t.Fatal(err)
}
if beadsInfo.Mode().Perm() != 0700 {
t.Errorf("Expected .beads to have 0700 permissions, got %o", beadsInfo.Mode().Perm())
}
// Verify target database permissions were NOT changed (it's a symlink)
targetInfoAfter, err := os.Stat(targetDB)
if err != nil {
t.Fatal(err)
}
permsAfter := targetInfoAfter.Mode().Perm()
if permsAfter != permsBefore {
t.Errorf("Target database permissions were changed through symlink!")
t.Errorf("Before: %o, After: %o", permsBefore, permsAfter)
t.Error("chmod should not be called on symlinked files")
}
}
// TestPermissions_FixesRegularFiles verifies that permissions ARE fixed for
// regular (non-symlinked) files.
func TestPermissions_FixesRegularFiles(t *testing.T) {
tmpDir := t.TempDir()
// Create .beads directory with wrong permissions
beadsDir := filepath.Join(tmpDir, ".beads")
if err := os.MkdirAll(beadsDir, 0777); err != nil { // intentionally wrong
t.Fatal(err)
}
// Create database with wrong permissions
dbPath := filepath.Join(beadsDir, "beads.db")
if err := os.WriteFile(dbPath, []byte("test"), 0644); err != nil { // intentionally world-readable
t.Fatal(err)
}
// Run Permissions fix
err := Permissions(tmpDir)
if err != nil {
t.Fatalf("Permissions() failed: %v", err)
}
// Verify .beads directory now has 0700
beadsInfo, err := os.Stat(beadsDir)
if err != nil {
t.Fatal(err)
}
if beadsInfo.Mode().Perm() != 0700 {
t.Errorf("Expected .beads to have 0700 permissions, got %o", beadsInfo.Mode().Perm())
}
// Verify database now has at least 0600 (read/write for owner)
dbInfo, err := os.Stat(dbPath)
if err != nil {
t.Fatal(err)
}
if dbInfo.Mode().Perm()&0600 != 0600 {
t.Errorf("Expected database to have at least 0600 permissions, got %o", dbInfo.Mode().Perm())
}
}
Reference in New Issue View Git Blame Copy Permalink