debug

Author: ptrus

cmd/rofl/build/artifacts.go

@@ -14,6 +14,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"sort"
 	"strings"
 	"time"
 
@@ -316,6 +317,12 @@ func createSquashFs(buildEnv env.ExecEnv, fn, dir string) (int64, error) {
 	}
 
 	// Create reproducible tar archive.
+	if os.Getenv("ROFL_DEBUG_ROOTFS_HASH") != "" {
+		if err := debugRootfsHashes(dir); err != nil {
+			return 0, fmt.Errorf("failed to compute rootfs debug hashes: %w", err)
+		}
+	}
+
 	tarPath := fn + ".tar"
 	tarPathEnv, err := buildEnv.PathToEnv(tarPath)
 	if err != nil {
@@ -417,6 +424,69 @@ func createSquashFs(buildEnv env.ExecEnv, fn, dir string) (int64, error) {
 	return fi.Size(), nil
 }
 
+// debugRootfsHashes prints deterministic SHA256 hashes for all files in dir to help diagnose
+// cross-host differences. Controlled via ROFL_DEBUG_ROOTFS_HASH env var.
+func debugRootfsHashes(dir string) error {
+	type entry struct {
+		path string
+		hash string
+	}
+	var entries []entry
+
+	err := filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+		if d.IsDir() {
+			return nil
+		}
+		rel, err := filepath.Rel(dir, path)
+		if err != nil {
+			return err
+		}
+
+		fi, err := os.Lstat(path)
+		if err != nil {
+			return err
+		}
+
+		switch {
+		case fi.Mode()&os.ModeSymlink != 0:
+			target, err := os.Readlink(path)
+			if err != nil {
+				return err
+			}
+			entries = append(entries, entry{path: rel, hash: "symlink->" + target})
+		default:
+			f, err := os.Open(path)
+			if err != nil {
+				return err
+			}
+			h := sha256.New()
+			if _, err = io.Copy(h, f); err != nil {
+				f.Close()
+				return err
+			}
+			f.Close()
+			entries = append(entries, entry{path: rel, hash: fmt.Sprintf("%x", h.Sum(nil))})
+		}
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+
+	sort.Slice(entries, func(i, j int) bool {
+		return entries[i].path < entries[j].path
+	})
+
+	fmt.Println("Rootfs file hashes (debug):")
+	for _, e := range entries {
+		fmt.Printf("  %s %s\n", e.hash, e.path)
+	}
+	return nil
+}
+
 // sha256File computes a SHA-256 digest of the file with the given filename and returns a
 // hex-encoded hash.
 func sha256File(fn string) (string, error) {

cmd/rofl/build/build.go

@@ -1,6 +1,7 @@
 package build
 
 import (
+	"bytes"
 	"context"
 	"encoding/base64"
 	"fmt"
@@ -59,6 +60,7 @@ var (
 					fmt.Println("App validation passed.")
 					return nil
 				}
+
 				return err
 			}
 
@@ -130,9 +132,13 @@ var (
 
 			// Prepare temporary build directory.
 			tmpBase := ""
+			var cleanupTmp func()
 			if usingContainer && runtime.GOOS == "darwin" {
-				// On macOS, /tmp is not reliably shared with Docker Desktop; keep temp files inside
-				// the workspace bind mount so the container can see them.
+				tmpBase, cleanupTmp, err = makeCaseSensitiveTmp()
+				if err != nil {
+					return err
+				}
+			} else if usingContainer {
 				tmpBase, err = env.GetBasedir()
 				if err != nil {
 					return fmt.Errorf("failed to determine base directory: %w", err)
@@ -148,6 +154,9 @@ var (
 				return fmt.Errorf("failed to create temporary build directory: %w", err)
 			}
 			defer os.RemoveAll(tmpDir)
+			if cleanupTmp != nil {
+				defer cleanupTmp()
+			}
 
 			if !buildEnv.IsAvailable() {
 				return fmt.Errorf("build environment '%s' is not available", buildEnv)
@@ -438,6 +447,83 @@ func fetchTrustRoot(npa *common.NPASelection, cfg *buildRofl.TrustRootConfig) (s
 	return base64.StdEncoding.EncodeToString(encRoot), nil
 }
 
+// makeCaseSensitiveTmp creates a case-sensitive temporary directory on macOS using a sparse image.
+// Falls back to an error if hdiutil is unavailable or the image cannot be mounted.
+func makeCaseSensitiveTmp() (string, func(), error) {
+	base := filepath.Join(os.TempDir(), "oasis-case-tmp")
+	image := base + ".sparseimage"
+	mountPoint := base + "-mnt"
+	size := os.Getenv("ROFL_CASE_TMP_SIZE")
+	if size == "" {
+		size = "10g"
+	}
+	// Best-effort cleanup from previous runs in case of crashes.
+	_ = exec.Command("hdiutil", "detach", "-force", mountPoint).Run() //nolint: errcheck,gosec
+	_ = os.Remove(image)
+	_ = os.RemoveAll(mountPoint)
+
+	if err := os.MkdirAll(filepath.Dir(image), 0o755); err != nil {
+		return "", nil, fmt.Errorf("failed to prepare case-sensitive tmp: %w", err)
+	}
+
+	create := exec.Command(
+		"hdiutil", "create",
+		"-size", size,
+		"-type", "SPARSE",
+		"-fs", "APFSX",
+		"-volname", "oasis-tmp",
+		"-quiet",
+		image,
+	)
+	if err := create.Run(); err != nil {
+		return "", nil, fmt.Errorf("failed to create case-sensitive sparse image: %w", err)
+	}
+
+	if err := os.MkdirAll(mountPoint, 0o755); err != nil {
+		os.Remove(image)
+		return "", nil, fmt.Errorf("failed to create mount point: %w", err)
+	}
+
+	attach := exec.Command(
+		"hdiutil", "attach",
+		"-nobrowse",
+		"-mountpoint", mountPoint,
+		image,
+	)
+	var out bytes.Buffer
+	attach.Stdout = &out
+	attach.Stderr = &out
+	if err := attach.Run(); err != nil {
+		os.Remove(image)
+		os.RemoveAll(mountPoint)
+		return "", nil, fmt.Errorf("failed to attach case-sensitive image: %w\n%s", err, out.String())
+	}
+
+	device := ""
+	for _, line := range strings.Split(out.String(), "\n") {
+		fields := strings.Fields(line)
+		if len(fields) >= 3 && strings.HasPrefix(fields[0], "/dev/disk") {
+			device = fields[0]
+			break
+		}
+	}
+	if device == "" {
+		// Best effort cleanup.
+		exec.Command("hdiutil", "detach", "-force", mountPoint).Run() //nolint: errcheck
+		os.Remove(image)
+		os.RemoveAll(mountPoint)
+		return "", nil, fmt.Errorf("failed to parse attached device from hdiutil output:\n%s", out.String())
+	}
+
+	cleanup := func() {
+		exec.Command("hdiutil", "detach", "-force", device).Run() //nolint: errcheck,gosec
+		os.Remove(image)
+		os.RemoveAll(mountPoint)
+	}
+
+	return mountPoint, cleanup, nil
+}
+
 func init() {
 	buildFlags := flag.NewFlagSet("", flag.ContinueOnError)
 	buildFlags.BoolVar(&offline, "offline", false, "do not perform any operations requiring network access")