fix: populate ctime from platform-specific syscall data

The scanner was setting CTime to info.ModTime() as a placeholder since afero's FileInfo interface doesn't expose ctime directly. This change extracts the actual ctime from the underlying syscall.Stat_t via platform-specific build files: - macOS (Darwin): uses Birthtimespec (file creation/birth time) - Linux: uses Ctim (inode change time) - Other platforms: falls back to mtime Also adds: - Documentation of ctime semantics in README.md (new 'file metadata' section) - Platform differences table (macOS birth time vs Linux inode change time) - Note that ctime is recorded but not restored (not settable via standard APIs) - Updated README schema to match actual schema (adds ctime, source_path, link_target) - Doc comment on CTime field in database model closes #13
Add make check target and CI workflow (#42 )
2026-03-17 13:47:54 -07:00 · 2026-03-17 12:39:44 +01:00 · 2026-03-17 11:18:18 +01:00 · 2026-02-20 11:22:12 +01:00
12 changed files with 284 additions and 45 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,8 @@
+.git
+.gitea
+*.md
+LICENSE
+vaultik
+coverage.out
+coverage.html
+.DS_Store
--- a/.gitea/workflows/check.yml
+++ b/.gitea/workflows/check.yml
@@ -0,0 +1,14 @@
+name: check
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      # actions/checkout v4, 2024-09-16
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
+      - name: Build and check
+        run: docker build .
--- a/61
+++ b/61
@@ -0,0 +1,61 @@
+# Lint stage
+# golangci/golangci-lint:v2.11.3-alpine, 2026-03-17
+FROM golangci/golangci-lint:v2.11.3-alpine@sha256:b1c3de5862ad0a95b4e45a993b0f00415835d687e4f12c845c7493b86c13414e AS lint
+
+RUN apk add --no-cache make build-base
+
+WORKDIR /src
+
+# Copy go mod files first for better layer caching
+COPY go.mod go.sum ./
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Run formatting check and linter
+RUN make fmt-check
+RUN make lint
+
+# Build stage
+# golang:1.26.1-alpine, 2026-03-17
+FROM golang:1.26.1-alpine@sha256:2389ebfa5b7f43eeafbd6be0c3700cc46690ef842ad962f6c5bd6be49ed82039 AS builder
+
+# Depend on lint stage passing
+COPY --from=lint /src/go.sum /dev/null
+
+ARG VERSION=dev
+
+# Install build dependencies for CGO (mattn/go-sqlite3) and sqlite3 CLI (tests)
+RUN apk add --no-cache make build-base sqlite
+
+WORKDIR /src
+
+# Copy go mod files first for better layer caching
+COPY go.mod go.sum ./
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Run tests
+RUN make test
+
+# Build with CGO enabled (required for mattn/go-sqlite3)
+RUN CGO_ENABLED=1 go build -ldflags "-X 'git.eeqj.de/sneak/vaultik/internal/globals.Version=${VERSION}' -X 'git.eeqj.de/sneak/vaultik/internal/globals.Commit=$(git rev-parse HEAD 2>/dev/null || echo unknown)'" -o /vaultik ./cmd/vaultik
+
+# Runtime stage
+# alpine:3.21, 2026-02-25
+FROM alpine:3.21@sha256:c3f8e73fdb79deaebaa2037150150191b9dcbfba68b4a46d70103204c53f4709
+
+RUN apk add --no-cache ca-certificates sqlite
+
+# Copy binary from builder
+COPY --from=builder /vaultik /usr/local/bin/vaultik
+
+# Create non-root user
+RUN adduser -D -H -s /sbin/nologin vaultik
+
+USER vaultik
+
+ENTRYPOINT ["/usr/local/bin/vaultik"]
--- a/40
+++ b/40
@@ -1,4 +1,4 @@
-.PHONY: test fmt lint build clean all
+.PHONY: test fmt lint fmt-check check build clean all docker hooks

 # Version number
 VERSION := 0.0.1
@@ -14,21 +14,12 @@ LDFLAGS := -X 'git.eeqj.de/sneak/vaultik/internal/globals.Version=$(VERSION)' \
 all: vaultik

 # Run tests
-test: lint fmt-check
-	@echo "Running tests..."
-	@if ! go test -v -timeout 10s ./... 2>&1; then \
-		echo ""; \
-		echo "TEST FAILURES DETECTED"; \
-		echo "Run 'go test -v ./internal/database' to see database test details"; \
-		exit 1; \
-	fi
+test:
+	go test -race -timeout 30s ./...

-# Check if code is formatted
+# Check if code is formatted (read-only)
 fmt-check:
-	@if [ -n "$$(go fmt ./...)" ]; then \
-		echo "Error: Code is not formatted. Run 'make fmt' to fix."; \
-		exit 1; \
-	fi
+	@test -z "$$(gofmt -l .)" || (echo "Files not formatted:" && gofmt -l . && exit 1)

 # Format code
 fmt:
@@ -36,7 +27,7 @@ fmt:

 # Run linter
 lint:
-	golangci-lint run
+	golangci-lint run ./...

 # Build binary
 vaultik: internal/*/*.go cmd/vaultik/*.go
@@ -47,11 +38,6 @@ clean:
 	rm -f vaultik
 	go clean

-# Install dependencies
-deps:
-	go mod download
-	go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
-
 # Run tests with coverage
 test-coverage:
 	go test -v -coverprofile=coverage.out ./...
@@ -67,3 +53,17 @@ local:

 install: vaultik
 	cp ./vaultik $(HOME)/bin/
+
+# Run all checks (formatting, linting, tests) without modifying files
+check: fmt-check lint test
+
+# Build Docker image
+docker:
+	docker build -t vaultik .
+
+# Install pre-commit hook
+hooks:
+	@printf '#!/bin/sh\nset -e\n' > .git/hooks/pre-commit
+	@printf 'go mod tidy\ngo fmt ./...\ngit diff --exit-code -- go.mod go.sum || { echo "go mod tidy changed files; please stage and retry"; exit 1; }\n' >> .git/hooks/pre-commit
+	@printf 'make check\n' >> .git/hooks/pre-commit
+	@chmod +x .git/hooks/pre-commit
--- a/README.md
+++ b/README.md
@@ -194,8 +194,11 @@ vaultik [--config <path>] store info
 * Requires `VAULTIK_AGE_SECRET_KEY` environment variable with age private key
 * Optional path arguments to restore specific files/directories (default: all)
 * Downloads and decrypts metadata, fetches required blobs, reconstructs files
-* Preserves file permissions, timestamps, and ownership (ownership requires root)
+* Preserves file permissions, timestamps (mtime), and ownership (ownership requires root)
 * Handles symlinks and directories
+* Note: ctime is recorded in the snapshot for informational purposes but is not
+  restored, as setting ctime is not possible through standard system calls on
+  most platforms

 **prune**: Remove unreferenced blobs from remote storage
 * Scans all snapshots for referenced blobs
@@ -207,6 +210,42 @@ vaultik [--config <path>] store info

 ---

+## file metadata
+
+vaultik records the following metadata for each file: path, size, mode
+(permissions), uid, gid, mtime (modification time), ctime, and symlink
+target.
+
+### ctime semantics (platform-specific)
+
+The `ctime` field has different meanings depending on the operating system:
+
+| Platform | ctime value | Source |
+|----------|-------------|--------|
+| **macOS** | File birth (creation) time | `syscall.Stat_t.Birthtimespec` |
+| **Linux** | Inode change time | `syscall.Stat_t.Ctim` |
+| **Other** | Falls back to mtime | `os.FileInfo.ModTime()` |
+
+**macOS (Darwin):** HFS+ and APFS filesystems natively track file creation
+time. The `ctime` field contains the true file birth time — when the file was
+first created on disk.
+
+**Linux:** Most Linux filesystems do not expose file creation time through
+standard Go APIs. The `ctime` field contains the inode change time, which is
+updated whenever file metadata (permissions, ownership, link count) or content
+changes. Linux ext4 (kernel 4.11+) and btrfs do track birth time via the
+`statx()` syscall, but this is not exposed through Go's `os.FileInfo.Sys()`.
+
+**Restore:** ctime is stored in the snapshot database for informational and
+forensic purposes but is not restored to the filesystem. Setting ctime is not
+possible through standard system calls on most Unix platforms — the kernel
+manages ctime automatically.
+
+When using in-memory filesystems (e.g. afero `MemMapFs` in tests), ctime falls
+back to mtime since there is no underlying `syscall.Stat_t`.
+
+---
+
 ## architecture

 ### s3 bucket layout
@@ -247,11 +286,14 @@ Snapshot IDs follow the format `<hostname>_<snapshot-name>_<timestamp>` (e.g., `
 CREATE TABLE files (
  id TEXT PRIMARY KEY,
  path TEXT NOT NULL UNIQUE,
+  source_path TEXT NOT NULL DEFAULT '',
  mtime INTEGER NOT NULL,
+  ctime INTEGER NOT NULL,
  size INTEGER NOT NULL,
  mode INTEGER NOT NULL,
  uid INTEGER NOT NULL,
-  gid INTEGER NOT NULL
+  gid INTEGER NOT NULL,
+  link_target TEXT
 );

 CREATE TABLE file_chunks (
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module git.eeqj.de/sneak/vaultik

-go 1.24.4
+go 1.26.1

 require (
 	filippo.io/age v1.2.1
--- a/internal/database/models.go
+++ b/internal/database/models.go
@@ -17,6 +17,10 @@ type File struct {
 	Path       types.FilePath   // Absolute path of the file
 	SourcePath types.SourcePath // The source directory this file came from (for restore path stripping)
 	MTime      time.Time
+	// CTime is the file creation/change time. On macOS this is the birth time
+	// (when the file was created). On Linux this is the inode change time
+	// (updated on metadata or content changes). See ctime_darwin.go and
+	// ctime_linux.go in the snapshot package for extraction details.
 	CTime      time.Time
 	Size       int64
 	Mode       uint32
--- a/internal/snapshot/ctime_darwin.go
+++ b/internal/snapshot/ctime_darwin.go
@@ -0,0 +1,23 @@
+package snapshot
+
+import (
+	"os"
+	"syscall"
+	"time"
+)
+
+// getCTime extracts the file creation time (birth time) from os.FileInfo.
+//
+// On macOS (Darwin), this returns the birth time (Birthtimespec) from the
+// underlying syscall.Stat_t. macOS HFS+ and APFS filesystems natively track
+// file creation time, making this a true "created at" timestamp.
+//
+// Falls back to modification time if the underlying Sys() data is not a
+// *syscall.Stat_t (e.g. when using in-memory filesystems for testing).
+func getCTime(info os.FileInfo) time.Time {
+	stat, ok := info.Sys().(*syscall.Stat_t)
+	if !ok {
+		return info.ModTime()
+	}
+	return time.Unix(stat.Birthtimespec.Sec, stat.Birthtimespec.Nsec).UTC()
+}
--- a/internal/snapshot/ctime_linux.go
+++ b/internal/snapshot/ctime_linux.go
@@ -0,0 +1,29 @@
+package snapshot
+
+import (
+	"os"
+	"syscall"
+	"time"
+)
+
+// getCTime extracts the inode change time (ctime) from os.FileInfo.
+//
+// On Linux, this returns the inode change time (Ctim) from the underlying
+// syscall.Stat_t. Linux ctime is updated whenever file metadata (permissions,
+// ownership, link count) or content changes. It is NOT the file creation
+// (birth) time.
+//
+// Note: Linux ext4 (kernel 4.11+) and btrfs do track birth time via the
+// statx() syscall, but this is not exposed through Go's os.FileInfo.Sys().
+// The inode change time is the best available approximation through standard
+// Go APIs.
+//
+// Falls back to modification time if the underlying Sys() data is not a
+// *syscall.Stat_t (e.g. when using in-memory filesystems for testing).
+func getCTime(info os.FileInfo) time.Time {
+	stat, ok := info.Sys().(*syscall.Stat_t)
+	if !ok {
+		return info.ModTime()
+	}
+	return time.Unix(stat.Ctim.Sec, stat.Ctim.Nsec).UTC()
+}
--- a/internal/snapshot/ctime_other.go
+++ b/internal/snapshot/ctime_other.go
@@ -0,0 +1,15 @@
+//go:build !darwin && !linux
+
+package snapshot
+
+import (
+	"os"
+	"time"
+)
+
+// getCTime returns the file's modification time as a fallback on unsupported
+// platforms. See ctime_darwin.go and ctime_linux.go for platform-specific
+// implementations that extract actual ctime/birth time from syscall data.
+func getCTime(info os.FileInfo) time.Time {
+	return info.ModTime()
+}
--- a/internal/snapshot/scanner.go
+++ b/internal/snapshot/scanner.go
@@ -728,7 +728,7 @@ func (s *Scanner) checkFileInMemory(path string, info os.FileInfo, knownFiles ma
 		Path:       types.FilePath(path),
 		SourcePath: types.SourcePath(s.currentSourcePath), // Store source directory for restore path stripping
 		MTime:      info.ModTime(),
-		CTime:      info.ModTime(), // afero doesn't provide ctime
+		CTime:      getCTime(info),
 		Size:       info.Size(),
 		Mode:       uint32(info.Mode()),
 		UID:        uid,
--- a/internal/vaultik/restore.go
+++ b/internal/vaultik/restore.go
@@ -22,6 +22,13 @@ import (
 	"golang.org/x/term"
 )

+const (
+	// progressBarWidth is the character width of the progress bar display.
+	progressBarWidth = 40
+	// progressBarThrottle is the minimum interval between progress bar redraws.
+	progressBarThrottle = 100 * time.Millisecond
+)
+
 // RestoreOptions contains options for the restore operation
 type RestoreOptions struct {
 	SnapshotID string
@@ -115,6 +122,15 @@ func (v *Vaultik) Restore(opts *RestoreOptions) error {
 	}
 	defer func() { _ = blobCache.Close() }()

+	// Calculate total bytes for progress bar
+	var totalBytesExpected int64
+	for _, file := range files {
+		totalBytesExpected += file.Size
+	}
+
+	// Create progress bar if output is a terminal
+	bar := v.newProgressBar("Restoring", totalBytesExpected)
+
 	for i, file := range files {
 		if v.ctx.Err() != nil {
 			return v.ctx.Err()
@@ -124,11 +140,19 @@ func (v *Vaultik) Restore(opts *RestoreOptions) error {
 			log.Error("Failed to restore file", "path", file.Path, "error", err)
 			result.FilesFailed++
 			result.FailedFiles = append(result.FailedFiles, file.Path.String())
-			// Continue with other files
+			// Update progress bar even on failure
+			if bar != nil {
+				_ = bar.Add64(file.Size)
+			}
 			continue
 		}

-		// Progress logging
+		// Update progress bar
+		if bar != nil {
+			_ = bar.Add64(file.Size)
+		}
+
+		// Progress logging (for non-terminal or structured logs)
 		if (i+1)%100 == 0 || i+1 == len(files) {
 			log.Info("Restore progress",
 				"files", fmt.Sprintf("%d/%d", i+1, len(files)),
@@ -137,6 +161,10 @@ func (v *Vaultik) Restore(opts *RestoreOptions) error {
 		}
 	}

+	if bar != nil {
+		_ = bar.Finish()
+	}
+
 	result.Duration = time.Since(startTime)

 	log.Info("Restore complete",
@@ -536,22 +564,7 @@ func (v *Vaultik) verifyRestoredFiles(
 	)

 	// Create progress bar if output is a terminal
-	var bar *progressbar.ProgressBar
-	if isTerminal() {
-		bar = progressbar.NewOptions64(
-			totalBytes,
-			progressbar.OptionSetDescription("Verifying"),
-			progressbar.OptionSetWriter(v.Stderr),
-			progressbar.OptionShowBytes(true),
-			progressbar.OptionShowCount(),
-			progressbar.OptionSetWidth(40),
-			progressbar.OptionThrottle(100*time.Millisecond),
-			progressbar.OptionOnCompletion(func() {
-				v.printfStderr("\n")
-			}),
-			progressbar.OptionSetRenderBlankState(true),
-		)
-	}
+	bar := v.newProgressBar("Verifying", totalBytes)

 	// Verify each file
 	for _, file := range regularFiles {
@@ -645,7 +658,37 @@ func (v *Vaultik) verifyFile(
 	return bytesVerified, nil
 }

-// isTerminal returns true if stdout is a terminal
-func isTerminal() bool {
-	return term.IsTerminal(int(os.Stdout.Fd()))
+// newProgressBar creates a terminal-aware progress bar with standard options.
+// It returns nil if stdout is not a terminal.
+func (v *Vaultik) newProgressBar(description string, total int64) *progressbar.ProgressBar {
+	if !v.isTerminal() {
+		return nil
+	}
+	return progressbar.NewOptions64(
+		total,
+		progressbar.OptionSetDescription(description),
+		progressbar.OptionSetWriter(v.Stderr),
+		progressbar.OptionShowBytes(true),
+		progressbar.OptionShowCount(),
+		progressbar.OptionSetWidth(progressBarWidth),
+		progressbar.OptionThrottle(progressBarThrottle),
+		progressbar.OptionOnCompletion(func() {
+			v.printfStderr("\n")
+		}),
+		progressbar.OptionSetRenderBlankState(true),
+	)
+}
+
+// isTerminal returns true if stdout is a terminal.
+// It checks whether v.Stdout implements Fd() (i.e. is an *os.File),
+// and falls back to false for non-file writers (e.g. in tests).
+func (v *Vaultik) isTerminal() bool {
+	type fder interface {
+		Fd() uintptr
+	}
+	f, ok := v.Stdout.(fder)
+	if !ok {
+		return false
+	}
+	return term.IsTerminal(int(f.Fd()))
 }
Author	SHA1	Message	Date
user	a53203d60d	fix: populate ctime from platform-specific syscall data All checks were successful check / check (pull_request) Successful in 4m19s Details The scanner was setting CTime to info.ModTime() as a placeholder since afero's FileInfo interface doesn't expose ctime directly. This change extracts the actual ctime from the underlying syscall.Stat_t via platform-specific build files: - macOS (Darwin): uses Birthtimespec (file creation/birth time) - Linux: uses Ctim (inode change time) - Other platforms: falls back to mtime Also adds: - Documentation of ctime semantics in README.md (new 'file metadata' section) - Platform differences table (macOS birth time vs Linux inode change time) - Note that ctime is recorded but not restored (not settable via standard APIs) - Updated README schema to match actual schema (adds ctime, source_path, link_target) - Doc comment on CTime field in database model closes #13	2026-03-17 13:47:54 -07:00
clawbot	c24e7e6360	Add make check target and CI workflow (#42 ) All checks were successful check / check (push) Successful in 4m5s Details Adds a `make check` target that verifies formatting (gofmt), linting (golangci-lint), and tests (go test -race) without modifying files. Also adds `.gitea/workflows/check.yml` CI workflow that runs on pushes and PRs to main. `make check` passes cleanly on current main. Co-authored-by: user <user@Mac.lan guest wan> Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de> Co-authored-by: clawbot <clawbot@sneak.berlin> Reviewed-on: #42 Co-authored-by: clawbot <sneak+clawbot@sneak.cloud> Co-committed-by: clawbot <sneak+clawbot@sneak.cloud>	2026-03-17 12:39:44 +01:00
clawbot	7a5943958d	feat: add progress bar to restore operation (#23 ) Add an interactive progress bar (using schollz/progressbar) to the file restore loop, matching the existing pattern in verify. Shows bytes restored with ETA when output is a terminal. Fixes #20 Co-authored-by: clawbot <clawbot@eeqj.de> Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de> Reviewed-on: #23 Co-authored-by: clawbot <clawbot@noreply.example.org> Co-committed-by: clawbot <clawbot@noreply.example.org>	2026-03-17 11:18:18 +01:00
Jeffrey Paul	d8a51804d2	Merge pull request 'feat: implement --prune flag on snapshot create (closes #4 )' (#37 ) from feature/implement-prune-flag-on-snapshot-create into main Reviewed-on: #37	2026-02-20 11:22:12 +01:00