fix: don't re-download busybox in Docker, restore version tracking for local dev

tomassrnka · claude · e2b · commit 2a51117cb4da · 2026-04-01T17:00:36.000+02:00
- Dockerfile: build go directly instead of make build-local, so
  fetch-busybox doesn't overwrite the SHA256-verified binary
- Makefile: restore stamp file for version tracking in local dev,
  only used by build-local/build-debug (not Docker)

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/packages/orchestrator/.gitignore b/packages/orchestrator/.gitignore
@@ -11,4 +11,4 @@ bin
 
 # Downloaded at build time from fc-busybox release
 pkg/template/build/core/systeminit/busybox
-pkg/template/build/core/systeminit/busybox.version
+pkg/template/build/core/systeminit/busybox.stamp
diff --git a/packages/orchestrator/Dockerfile b/packages/orchestrator/Dockerfile
@@ -48,7 +48,10 @@ COPY ./orchestrator/Makefile ./orchestrator/Makefile
 WORKDIR /build/orchestrator
 
 ARG COMMIT_SHA
-RUN --mount=type=cache,target=/root/.cache/go-build make build-local COMMIT_SHA=${COMMIT_SHA}
+# Build directly (not via make build-local) to skip fetch-busybox — binary is already downloaded above.
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    CGO_ENABLED=1 GOOS=linux go build -o bin/orchestrator -ldflags "-X=main.commitSHA=${COMMIT_SHA}" . \
+    && CGO_ENABLED=1 GOOS=linux go build -o bin/clean-nfs-cache -ldflags "-X=main.commitSHA=${COMMIT_SHA}" ./cmd/clean-nfs-cache
 
 FROM scratch
 
diff --git a/packages/orchestrator/Makefile b/packages/orchestrator/Makefile
@@ -29,17 +29,19 @@ build:
 
 BUSYBOX_VERSION ?= 1.36.1
 BUSYBOX_EMBED := pkg/template/build/core/systeminit/busybox
-BUSYBOX_VERSION_FILE := $(BUSYBOX_EMBED).version
+BUSYBOX_STAMP := $(BUSYBOX_EMBED).stamp
 
+# Download busybox if missing or version/arch changed. For Docker builds,
+# the Dockerfile downloads and verifies the binary separately — this target
+# is only used by build-local and build-debug (local dev / CI).
 .PHONY: fetch-busybox
 fetch-busybox:
-	@CURRENT=$$(cat $(BUSYBOX_VERSION_FILE) 2>/dev/null || echo ""); \
-	if [ ! -f $(BUSYBOX_EMBED) ] || [ "$$CURRENT" != "$(BUSYBOX_VERSION)-$(BUILD_ARCH)" ]; then \
+	@if [ ! -f $(BUSYBOX_EMBED) ] || [ "$$(cat $(BUSYBOX_STAMP) 2>/dev/null)" != "$(BUSYBOX_VERSION)-$(BUILD_ARCH)" ]; then \
 		echo "Downloading busybox v$(BUSYBOX_VERSION) ($(BUILD_ARCH))..."; \
 		curl -sfL -o $(BUSYBOX_EMBED).tmp "https://github.com/e2b-dev/fc-busybox/releases/download/v$(BUSYBOX_VERSION)/busybox_v$(BUSYBOX_VERSION)_$(BUILD_ARCH)" \
 			&& mv $(BUSYBOX_EMBED).tmp $(BUSYBOX_EMBED) \
 			&& chmod +x $(BUSYBOX_EMBED) \
-			&& echo "$(BUSYBOX_VERSION)-$(BUILD_ARCH)" > $(BUSYBOX_VERSION_FILE) \
+			&& echo "$(BUSYBOX_VERSION)-$(BUILD_ARCH)" > $(BUSYBOX_STAMP) \
 			|| { rm -f $(BUSYBOX_EMBED).tmp; echo "ERROR: failed to download busybox"; exit 1; }; \
 	fi
 
