LinksFS used for links resolution uses os.Root to avoid reading linked files out of the repository, what could have security concerns, apart from leading to reproducibility problems.

But this os.Root is also used when writing files. This prevents building packages out of the repository, what could be interesting to allow building in arbitrary target directories. For example for testing as in https://github.com/elastic/elastic-package/pull/2796/files#diff-9893fb7ef9add9fe9ae45e35be321782a328d3cace14010485b90b7ab6ade620R151.

We should use a different os.Root for built packages, or no os.Root.