Cross-platform packager: OCI symlink resolution, rewrite-include, rtld_audit removal#741
Open
wdcui wants to merge 4 commits intowdcui/stacked/pr1b-trampoline-formatfrom
Open
Conversation
…olution, rewrite-include flag Make litebox_packager compile and work on non-Linux hosts (primarily Windows) by: - Remove #![cfg(target_os = "linux")] crate-level gate and the dual-main pattern; gate only the host-mode code path behind cfg(target_os) - Add file_mode() helper with unix/non-unix variants to replace MetadataExt::mode() calls - Extract run_host_mode() behind #[cfg(target_os = "linux")] - Track OCI layer symlinks in-memory instead of creating OS symlinks (Windows requires special privileges for symlinks); materialize them after all layers are extracted via resolve_symlink_in_rootfs() - Add is_unix_absolute(), strip_unix_root(), normalize_path() helpers for cross-platform path handling - Force linux/amd64 platform when pulling OCI images - Normalize path separators to Unix-style in tar entries - Add --rewrite-include CLI flag for dlopen'd libraries - Change Bun executable detection from warning to hard error - Switch tar headers from GNU to UStar format
…tion
Two bugs found during review:
1. Opaque whiteouts (.wh..wh..opq) and regular whiteouts (.wh.<name>)
removed files from disk but did not prune corresponding entries from
the in-memory symlinks vec. This caused materialize_symlinks() to
resurrect deleted symlinks that a later layer intended to remove.
2. resolve_symlink_in_rootfs() could return Some(rootfs) when a
degenerate symlink target with excess .. segments normalized to an
empty path via normalize_path(). rootfs.join("") == rootfs, which
exists as a directory, causing the entire rootfs to be treated as
a resolution target. Guard against empty rel_path at function entry.
This was referenced Apr 3, 2026
- Store Unix permission modes from tar headers in a HashMap during extraction, so permission bits are accurate on non-Unix hosts (Windows) instead of relying on the file_mode() heuristic which returns wrong answers (0o755 for most files). - Build symlink_map once in pull_and_extract and pass through to materialize_symlinks and scan_rootfs (was duplicated in both). - Add lookup_mode() helper that prefers tar header permissions, falls back to file_mode(), defaults to 0o644. - Add existence check for --rewrite-include in finalize_tar (was missing). - Remove redundant --include/--rewrite-include parsing from run_host_mode. - Replace Bun test with rewrite_elf_skips_non_elf_files test. - Add 22 unit tests for normalize_path, is_unix_absolute, strip_unix_root, resolve_symlink_in_rootfs, and lookup_mode. - Add litebox_packager to build_and_test_windows CI job.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Make
litebox_packagercompile and work on non-Linux hosts (primarily Windows) for the OCI image packaging path.#![cfg(target_os = "linux")]gate; gate only ldd-based host mode behind#[cfg(target_os = "linux")]file_mode()helper (MetadataExt::mode()on Unix, permission-based heuristic elsewhere)DeferredSymlink) instead of creating OS symlinks (which require special privileges on Windows). Resolve symlink chains through an in-memory map and materialize as file copies or directory placeholders--rewrite-includeCLI flag for dlopen'd libraries (e.g., NSS modules) that aren't discovered by the automatic dependency scanlinux/amd64images regardless of host platform\to/in tar entry paths for Windows compatibilitybuild.rs(rtld_audit fully removed from packager)Bug fixes (not in feature branch)
.wh..wh..opq) and regular whiteouts (.wh.<name>) removed files from disk but didn't prune corresponding entries from the in-memorysymlinksvec, causingmaterialize_symlinks()to resurrect deleted symlinksnormalize_path()could return an emptyPathBuffor targets with excess..segments, causingresolve_symlink_in_rootfs()to match the rootfs directory itselfStack
Test results