containertool: Add basic ELF file type detection

Author: euanh

Sources/containertool/ELFDetect.swift

@@ -0,0 +1,162 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the SwiftContainerPlugin open source project
+//
+// Copyright (c) 2025 Apple Inc. and the SwiftContainerPlugin project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of SwiftContainerPlugin project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+func uint16(_ a: UInt8, _ b: UInt8, endianness: ELF.Endianness) -> UInt16 {
+    switch endianness {
+    case .littleEndian:
+        return UInt16(a) &<< 0 &+ UInt16(b) &<< 8
+    case .bigEndian:
+        return UInt16(a) &<< 8 &+ UInt16(b) &<< 0
+    }
+}
+
+struct ELF: Equatable {
+    enum Endianness: UInt8 {
+        case littleEndian = 0x01
+        case bigEndian = 0x02
+    }
+
+    enum Encoding: UInt8 {
+        case bits32 = 0x01
+        case bits64 = 0x02
+    }
+
+    enum ObjectType: Equatable {
+        case none
+        case relocatable
+        case executable
+        case shared
+        case core
+        case reservedOS(UInt16)
+        case reservedCPU(UInt16)
+        case unknown(UInt16)
+
+        init?(rawValue: UInt16) {
+            switch rawValue {
+            case 0x0000: self = .none
+            case 0x0001: self = .relocatable
+            case 0x0002: self = .executable
+            case 0x0003: self = .shared
+            case 0x0004: self = .core
+
+            // Reserved for OS-specific use
+            case 0xfe00...0xfeff: self = .reservedOS(rawValue)
+
+            // Reserved for CPU-specific use
+            case 0xff00...0xffff: self = .reservedCPU(rawValue)
+
+            default: return nil
+            }
+        }
+    }
+
+    enum ABI: Equatable {
+        case SysV
+        case Linux
+        case unknown(UInt8)
+
+        init(rawValue: UInt8) {
+            switch rawValue {
+            case 0x00: self = .SysV
+            case 0x03: self = .Linux
+            default: self = .unknown(rawValue)
+            }
+        }
+    }
+
+    enum ISA: Equatable {
+        case x86_64
+        case aarch64
+        case unknown(UInt16)
+
+        init(rawValue: UInt16) {
+            switch rawValue {
+            case 0x003e: self = .x86_64
+            case 0x00b7: self = .aarch64
+            default: self = .unknown(rawValue)
+            }
+        }
+    }
+
+    var encoding: Encoding
+    var endianness: Endianness
+    var ABI: ABI
+    var objectType: ObjectType
+    var ISA: ISA
+
+    static func read(_ bytes: [UInt8]) -> ELF? {
+        // ELF header field addresses
+        //
+        // The ELF format can store binaries for 32-bit and 64-bit systems,
+        // using little-endian and big-endian data encoding.
+        //
+        // All multibyte fields are stored using the endianness of the target
+        // system.  Read the EI_DATA field to find the endianness of the file.
+        //
+        // The ELF magic number is *not* a multibyte field.  It is defined as a
+        // string of 4 individual bytes and is the same for little-endian and
+        // big-endian systems.
+        //
+        // Some fields are different sizes in 32-bit and 64-bit ELF files, but
+        // these occur after all the fields we need to read for basic file type
+        // identification, so all our offsets are the same on 32-bit and 64-bit systems.
+
+        enum Field {
+            static let EI_MAGIC = 0x0...0x3  // ELF magic number: string of 4 bytes, not a UInt32; no endianness
+            static let EI_CLASS = 0x4  // ELF class (word size): 1 byte
+            static let EI_DATA = 0x5  // Data encoding (endianness): 1 byte
+            static let EI_VERSION = 0x6  // ELF version: 1 byte
+            static let EI_OSABI = 0x7  // Operating system/ABI identification: 1 byte
+
+            // These fields are multibyte, so endianness must be considered,
+            // but all the fields we need are the same length in 32-bit and 64-bit
+            // ELF files, so addresses do not change.
+            static let EI_TYPE = 0x10...0x11  // Object type: 2 bytes
+            static let EI_MACHINE = 0x12...0x13  // Machine ISA: 2 bytes
+        }
+
+        guard bytes.count > 0x13 else {
+            return nil
+        }
+
+        // An ELF file starts with a magic number which is the same in either endianness.
+        // The only defined ELF header version is 1.
+        guard Array(bytes[Field.EI_MAGIC]) == Array("\u{7f}ELF".utf8) && bytes[Field.EI_VERSION] == 1 else {
+            return nil
+        }
+
+        // Offsets in an ELF file may be either 32-bit or 64-bit.
+        // None of the fields we read are offsets, but we may still want to distinguish between 32-bit and 64-bit executables.
+        guard let encoding = ELF.Encoding(rawValue: bytes[Field.EI_CLASS]) else {
+            return nil
+        }
+
+        // Object type and machine ISA are multibyte fields, so we must be prepared to handle endianness.
+        guard let endianness = ELF.Endianness(rawValue: bytes[Field.EI_DATA]) else {
+            return nil
+        }
+
+        guard let objectType = ELF.ObjectType(rawValue: uint16(bytes[0x10], bytes[0x11], endianness: endianness)) else {
+            return nil
+        }
+
+        return ELF(
+            encoding: encoding,
+            endianness: endianness,
+            ABI: .init(rawValue: bytes[Field.EI_OSABI]),
+            objectType: objectType,
+            ISA: .init(rawValue: uint16(bytes[0x12], bytes[0x13], endianness: endianness))
+        )
+    }
+}

Sources/containertool/containertool.swift

@@ -51,7 +51,7 @@ enum AllowHTTP: String, ExpressibleByArgument, CaseIterable { case source, desti
     var allowInsecureHttp: AllowHTTP?
 
     @Option(help: "CPU architecture")
-    private var architecture: String = ProcessInfo.processInfo.environment["CONTAINERTOOL_ARCHITECTURE"] ?? "amd64"
+    private var architecture: String?
 
     @Option(help: "Base image reference")
     private var from: String = ProcessInfo.processInfo.environment["CONTAINERTOOL_BASE_IMAGE"] ?? "swift:slim"
@@ -72,6 +72,9 @@ enum AllowHTTP: String, ExpressibleByArgument, CaseIterable { case source, desti
         let baseimage = try ImageReference(fromString: from, defaultRegistry: defaultRegistry)
         var destination_image = try ImageReference(fromString: repository, defaultRegistry: defaultRegistry)
 
+        let executableURL = URL(fileURLWithPath: executable)
+        let payload = try Data(contentsOf: executableURL)
+
         let authProvider: AuthorizationProvider?
         if !netrc {
             authProvider = nil
@@ -110,6 +113,14 @@ enum AllowHTTP: String, ExpressibleByArgument, CaseIterable { case source, desti
 
         // MARK: Find the base image
 
+        let elfheader = ELF.read([UInt8](payload))
+        let architecture =
+            architecture
+            ?? ProcessInfo.processInfo.environment["CONTAINERTOOL_ARCHITECTURE"]
+            ?? elfheader?.ISA.containerArchitecture
+            ?? "amd64"
+        if verbose { log("Base image architecture: \(architecture)") }
+
         let baseimage_manifest: ImageManifest
         let baseimage_config: ImageConfiguration
         if let source {
@@ -137,8 +148,6 @@ enum AllowHTTP: String, ExpressibleByArgument, CaseIterable { case source, desti
 
         // MARK: Build the application layer
 
-        let executableURL = URL(fileURLWithPath: executable)
-        let payload = try Data(contentsOf: executableURL)
         let payload_name = executableURL.lastPathComponent
         let tardiff = tar(payload, filename: payload_name)
         log("Built application layer")
@@ -228,3 +237,13 @@ enum AllowHTTP: String, ExpressibleByArgument, CaseIterable { case source, desti
         print(destination_image)
     }
 }
+
+extension ELF.ISA {
+    var containerArchitecture: String? {
+        switch self {
+        case .x86_64: "amd64"
+        case .aarch64: "arm64"
+        default: nil
+        }
+    }
+}