dotm-rs 2.1.1

Dotfile manager with composable roles, templates, and host-specific overrides
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177

use crate::config::PackageConfig;
use anyhow::{Context, Result};
use std::os::unix::fs::MetadataExt;
use std::path::Path;

/// Resolved metadata for a single file.
#[derive(Debug, Clone)]
pub struct ResolvedMetadata {
    pub owner: Option<String>,
    pub group: Option<String>,
    pub mode: Option<String>,
}

/// Resolve what metadata to apply for a file, following the resolution order:
/// 1. Per-file preserve -> keep existing (overrides package-level)
/// 2. Per-file ownership/permissions -> explicit override
/// 3. Package-level owner/group -> default for all files
/// 4. Nothing -> preserve existing (None)
pub fn resolve_metadata(pkg_config: &PackageConfig, rel_path: &str) -> ResolvedMetadata {
    let preserve_fields: Vec<&str> = pkg_config
        .preserve
        .get(rel_path)
        .map(|v| v.iter().map(|s| s.as_str()).collect())
        .unwrap_or_default();

    let owner = if preserve_fields.contains(&"owner") {
        None
    } else if let Some(ownership) = pkg_config.ownership.get(rel_path) {
        ownership.split(':').next().map(|s| s.to_string())
    } else {
        pkg_config.owner.clone()
    };

    let group = if preserve_fields.contains(&"group") {
        None
    } else if let Some(ownership) = pkg_config.ownership.get(rel_path) {
        ownership.split(':').nth(1).map(|s| s.to_string())
    } else {
        pkg_config.group.clone()
    };

    let mode = if preserve_fields.contains(&"mode") {
        None
    } else {
        pkg_config.permissions.get(rel_path).cloned()
    };

    ResolvedMetadata { owner, group, mode }
}

/// Read the current metadata of a file on disk. Returns (owner_name, group_name, octal_mode).
pub fn read_file_metadata(path: &Path) -> Result<(String, String, String)> {
    let meta = std::fs::metadata(path)
        .with_context(|| format!("failed to read metadata for {}", path.display()))?;

    let uid = meta.uid();
    let gid = meta.gid();

    let owner = nix::unistd::User::from_uid(nix::unistd::Uid::from_raw(uid))
        .ok()
        .flatten()
        .map(|u| u.name)
        .unwrap_or_else(|| uid.to_string());

    let group = nix::unistd::Group::from_gid(nix::unistd::Gid::from_raw(gid))
        .ok()
        .flatten()
        .map(|g| g.name)
        .unwrap_or_else(|| gid.to_string());

    let mode = format!("{:o}", meta.mode() & 0o7777);

    Ok((owner, group, mode))
}

/// Apply ownership (chown) to a file. Only applies fields that are Some.
pub fn apply_ownership(path: &Path, owner: Option<&str>, group: Option<&str>) -> Result<()> {
    let uid = match owner {
        Some(name) => {
            let user = nix::unistd::User::from_name(name)
                .with_context(|| format!("failed to look up user '{name}'"))?
                .with_context(|| format!("user '{name}' not found"))?;
            Some(user.uid)
        }
        None => None,
    };

    let gid = match group {
        Some(name) => {
            let grp = nix::unistd::Group::from_name(name)
                .with_context(|| format!("failed to look up group '{name}'"))?
                .with_context(|| format!("group '{name}' not found"))?;
            Some(grp.gid)
        }
        None => None,
    };

    nix::unistd::chown(path, uid, gid)
        .with_context(|| format!("failed to chown {}", path.display()))?;

    Ok(())
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::config::PackageConfig;

    fn make_pkg_config() -> PackageConfig {
        PackageConfig {
            target: Some("/etc/foo".into()),
            strategy: Some(crate::config::DeployStrategy::Copy),
            system: true,
            owner: Some("root".into()),
            group: Some("root".into()),
            ..Default::default()
        }
    }

    #[test]
    fn resolve_uses_package_level_defaults() {
        let pkg = make_pkg_config();
        let meta = resolve_metadata(&pkg, "some/file.conf");
        assert_eq!(meta.owner.as_deref(), Some("root"));
        assert_eq!(meta.group.as_deref(), Some("root"));
        assert!(meta.mode.is_none());
    }

    #[test]
    fn resolve_per_file_ownership_overrides_package() {
        let mut pkg = make_pkg_config();
        pkg.ownership
            .insert("file.conf".into(), "www:webgroup".into());
        let meta = resolve_metadata(&pkg, "file.conf");
        assert_eq!(meta.owner.as_deref(), Some("www"));
        assert_eq!(meta.group.as_deref(), Some("webgroup"));
    }

    #[test]
    fn resolve_preserve_overrides_package_level() {
        let mut pkg = make_pkg_config();
        pkg.preserve
            .insert("file.conf".into(), vec!["owner".into()]);
        let meta = resolve_metadata(&pkg, "file.conf");
        assert!(meta.owner.is_none());
        assert_eq!(meta.group.as_deref(), Some("root"));
    }

    #[test]
    fn resolve_preserve_mode_blocks_permission_override() {
        let mut pkg = make_pkg_config();
        pkg.permissions.insert("file.conf".into(), "640".into());
        pkg.preserve
            .insert("file.conf".into(), vec!["mode".into()]);
        let meta = resolve_metadata(&pkg, "file.conf");
        assert!(meta.mode.is_none());
    }

    #[test]
    fn resolve_no_config_preserves_everything() {
        let mut pkg = make_pkg_config();
        pkg.owner = None;
        pkg.group = None;
        let meta = resolve_metadata(&pkg, "file.conf");
        assert!(meta.owner.is_none());
        assert!(meta.group.is_none());
        assert!(meta.mode.is_none());
    }

    #[test]
    fn resolve_permissions_from_config() {
        let mut pkg = make_pkg_config();
        pkg.permissions.insert("file.conf".into(), "755".into());
        let meta = resolve_metadata(&pkg, "file.conf");
        assert_eq!(meta.mode.as_deref(), Some("755"));
    }
}