banger internal make-bundle: build image bundles from flat rootfs tars

New hidden subcommand that turns a `docker export`-style rootfs tar into a banger bundle (`rootfs.ext4` + `manifest.json`, tar+zstd): 1. FlattenTar (new in imagepull) extracts the stream into a staging dir while capturing per-file uid/gid/mode into a Metadata record. 2. imagepull.BuildExt4 produces the ext4 via `mkfs.ext4 -d`. 3. imagepull.ApplyOwnership re-applies the captured metadata with `debugfs sif` so setuid/root-owned files keep their identity. 4. imagepull.InjectGuestAgents drops the vsock agent + network bootstrap + first-boot service into the ext4. 5. manifest.json is written with name/distro/arch/kernel_ref. 6. Both files are packaged as .tar.zst with max compression. Flags: --rootfs-tar (file or '-' for stdin), --name, --distro, --arch, --kernel-ref, --description, --size, --out. Stdout prints bundle path, sha256, and size so callers can patch the catalog. Unit tests cover flag registration, required-arg validation, the bundle tar round-trip, sha256HexFile, and dirSize. An end-to-end test runs the full pipeline against a synthesized tiny rootfs tar; skips gracefully when mkfs.ext4 / debugfs / companion binaries are missing. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-17 15:17:50 -03:00 · 2026-04-17 15:17:50 -03:00 · bb95a0a273
commit bb95a0a273
parent 3d9ae624b1
3 changed files with 623 additions and 0 deletions
--- a/internal/cli/banger.go
+++ b/internal/cli/banger.go
@ -1,12 +1,16 @@
 package cli

 import (
+	"archive/tar"
 	"bytes"
 	"context"
+	"crypto/sha256"
+	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
+	"io/fs"
 	"net"
 	"net/url"
 	"os"
@ -25,7 +29,9 @@ import (
 	"banger/internal/daemon"
 	"banger/internal/guest"
 	"banger/internal/hostnat"
+	"banger/internal/imagecat"
 	"banger/internal/imagepreset"
+	"banger/internal/imagepull"
 	"banger/internal/model"
 	"banger/internal/paths"
 	"banger/internal/rpc"
@ -35,6 +41,7 @@ import (
 	"banger/internal/vmdns"
 	"banger/internal/vsockagent"

+	"github.com/klauspost/compress/zstd"
 	"github.com/spf13/cobra"
 )

@ -213,6 +220,7 @@ func newInternalCommand() *cobra.Command {
 		newInternalFirecrackerPathCommand(),
 		newInternalVSockAgentPathCommand(),
 		newInternalPackagesCommand(),
+		newInternalMakeBundleCommand(),
 	)
 	return cmd
 }
@ -309,6 +317,265 @@ func newInternalPackagesCommand() *cobra.Command {
 	return cmd
 }

+func newInternalMakeBundleCommand() *cobra.Command {
+	var (
+		rootfsTarPath string
+		name          string
+		distro        string
+		arch          string
+		kernelRef     string
+		description   string
+		sizeSpec      string
+		outPath       string
+	)
+	cmd := &cobra.Command{
+		Use:    "make-bundle",
+		Hidden: true,
+		Short:  "Build a banger image bundle (.tar.zst) from a flat rootfs tar",
+		Args:   noArgsUsage("usage: banger internal make-bundle --rootfs-tar <file|-> --name <n> --out <bundle.tar.zst>"),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runInternalMakeBundle(cmd, internalMakeBundleOpts{
+				rootfsTarPath: rootfsTarPath,
+				name:          name,
+				distro:        distro,
+				arch:          arch,
+				kernelRef:     kernelRef,
+				description:   description,
+				sizeSpec:      sizeSpec,
+				outPath:       outPath,
+			})
+		},
+	}
+	cmd.Flags().StringVar(&rootfsTarPath, "rootfs-tar", "", "flat rootfs tar file, or '-' for stdin")
+	cmd.Flags().StringVar(&name, "name", "", "bundle name (filesystem-safe identifier)")
+	cmd.Flags().StringVar(&distro, "distro", "", "distro label (e.g. debian)")
+	cmd.Flags().StringVar(&arch, "arch", "x86_64", "architecture label")
+	cmd.Flags().StringVar(&kernelRef, "kernel-ref", "", "kernelcat entry name this image pairs with")
+	cmd.Flags().StringVar(&description, "description", "", "short description")
+	cmd.Flags().StringVar(&sizeSpec, "size", "", "rootfs ext4 size (e.g. 4G); defaults to tree size + 25%")
+	cmd.Flags().StringVar(&outPath, "out", "", "output bundle path (.tar.zst)")
+	return cmd
+}
+
+type internalMakeBundleOpts struct {
+	rootfsTarPath string
+	name          string
+	distro        string
+	arch          string
+	kernelRef     string
+	description   string
+	sizeSpec      string
+	outPath       string
+}
+
+func runInternalMakeBundle(cmd *cobra.Command, opts internalMakeBundleOpts) error {
+	if err := imagecat.ValidateName(opts.name); err != nil {
+		return err
+	}
+	if strings.TrimSpace(opts.rootfsTarPath) == "" {
+		return errors.New("--rootfs-tar is required")
+	}
+	if strings.TrimSpace(opts.outPath) == "" {
+		return errors.New("--out is required")
+	}
+	if strings.TrimSpace(opts.arch) == "" {
+		opts.arch = "x86_64"
+	}
+
+	var sizeBytes int64
+	if s := strings.TrimSpace(opts.sizeSpec); s != "" {
+		n, err := model.ParseSize(s)
+		if err != nil {
+			return fmt.Errorf("parse --size: %w", err)
+		}
+		sizeBytes = n
+	}
+
+	ctx := cmd.Context()
+	stagingRoot, err := os.MkdirTemp("", "banger-mkbundle-")
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(stagingRoot)
+	rootfsTree := filepath.Join(stagingRoot, "rootfs")
+	if err := os.MkdirAll(rootfsTree, 0o755); err != nil {
+		return err
+	}
+
+	// Open tar input (file or stdin).
+	var tarReader io.Reader
+	if opts.rootfsTarPath == "-" {
+		tarReader = cmd.InOrStdin()
+	} else {
+		f, err := os.Open(opts.rootfsTarPath)
+		if err != nil {
+			return fmt.Errorf("open rootfs tar: %w", err)
+		}
+		defer f.Close()
+		tarReader = f
+	}
+
+	fmt.Fprintln(cmd.ErrOrStderr(), "[make-bundle] extracting rootfs")
+	meta, err := imagepull.FlattenTar(ctx, tarReader, rootfsTree)
+	if err != nil {
+		return fmt.Errorf("flatten rootfs: %w", err)
+	}
+
+	if sizeBytes <= 0 {
+		treeSize, err := dirSize(rootfsTree)
+		if err != nil {
+			return fmt.Errorf("size rootfs tree: %w", err)
+		}
+		sizeBytes = treeSize + treeSize/4
+		if sizeBytes < imagepull.MinExt4Size {
+			sizeBytes = imagepull.MinExt4Size
+		}
+	}
+
+	ext4Path := filepath.Join(stagingRoot, imagecat.RootfsFilename)
+	runner := system.NewRunner()
+	fmt.Fprintf(cmd.ErrOrStderr(), "[make-bundle] building rootfs.ext4 (%d bytes)\n", sizeBytes)
+	if err := imagepull.BuildExt4(ctx, runner, rootfsTree, ext4Path, sizeBytes); err != nil {
+		return fmt.Errorf("build ext4: %w", err)
+	}
+	fmt.Fprintln(cmd.ErrOrStderr(), "[make-bundle] applying ownership fixup")
+	if err := imagepull.ApplyOwnership(ctx, runner, ext4Path, meta); err != nil {
+		return fmt.Errorf("apply ownership: %w", err)
+	}
+	fmt.Fprintln(cmd.ErrOrStderr(), "[make-bundle] injecting guest agents")
+	vsockBin, err := paths.CompanionBinaryPath("banger-vsock-agent")
+	if err != nil {
+		return fmt.Errorf("locate vsock agent: %w", err)
+	}
+	if err := imagepull.InjectGuestAgents(ctx, runner, ext4Path, imagepull.GuestAgentAssets{VsockAgentBin: vsockBin}); err != nil {
+		return fmt.Errorf("inject guest agents: %w", err)
+	}
+
+	// Write manifest.json.
+	manifest := imagecat.Manifest{
+		Name:        opts.name,
+		Distro:      strings.TrimSpace(opts.distro),
+		Arch:        opts.arch,
+		KernelRef:   strings.TrimSpace(opts.kernelRef),
+		Description: strings.TrimSpace(opts.description),
+	}
+	manifestPath := filepath.Join(stagingRoot, imagecat.ManifestFilename)
+	manifestData, err := json.MarshalIndent(manifest, "", "  ")
+	if err != nil {
+		return err
+	}
+	if err := os.WriteFile(manifestPath, append(manifestData, '\n'), 0o644); err != nil {
+		return err
+	}
+
+	fmt.Fprintln(cmd.ErrOrStderr(), "[make-bundle] packaging bundle")
+	if err := writeBundleTarZst(opts.outPath, ext4Path, manifestPath); err != nil {
+		return fmt.Errorf("write bundle: %w", err)
+	}
+
+	sum, err := sha256HexFile(opts.outPath)
+	if err != nil {
+		return err
+	}
+	stat, err := os.Stat(opts.outPath)
+	if err != nil {
+		return err
+	}
+	fmt.Fprintf(cmd.OutOrStdout(), "bundle: %s\nsha256: %s\nsize:   %d\n", opts.outPath, sum, stat.Size())
+	return nil
+}
+
+// dirSize returns the sum of regular-file sizes under root (no symlink follow).
+func dirSize(root string) (int64, error) {
+	var total int64
+	err := filepath.WalkDir(root, func(_ string, d fs.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+		if !d.Type().IsRegular() {
+			return nil
+		}
+		info, err := d.Info()
+		if err != nil {
+			return err
+		}
+		total += info.Size()
+		return nil
+	})
+	return total, err
+}
+
+// writeBundleTarZst packages rootfs.ext4 + manifest.json into outPath as tar+zstd.
+func writeBundleTarZst(outPath, rootfsPath, manifestPath string) error {
+	if err := os.MkdirAll(filepath.Dir(outPath), 0o755); err != nil {
+		return err
+	}
+	out, err := os.OpenFile(outPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o644)
+	if err != nil {
+		return err
+	}
+	defer out.Close()
+	zw, err := zstd.NewWriter(out, zstd.WithEncoderLevel(zstd.SpeedBestCompression))
+	if err != nil {
+		return err
+	}
+	tw := tar.NewWriter(zw)
+	for _, src := range []struct{ path, name string }{
+		{rootfsPath, imagecat.RootfsFilename},
+		{manifestPath, imagecat.ManifestFilename},
+	} {
+		if err := writeBundleFile(tw, src.path, src.name); err != nil {
+			_ = tw.Close()
+			_ = zw.Close()
+			return err
+		}
+	}
+	if err := tw.Close(); err != nil {
+		_ = zw.Close()
+		return err
+	}
+	if err := zw.Close(); err != nil {
+		return err
+	}
+	return out.Close()
+}
+
+func writeBundleFile(tw *tar.Writer, src, name string) error {
+	f, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	fi, err := f.Stat()
+	if err != nil {
+		return err
+	}
+	if err := tw.WriteHeader(&tar.Header{
+		Name:     name,
+		Size:     fi.Size(),
+		Mode:     0o644,
+		Typeflag: tar.TypeReg,
+		ModTime:  fi.ModTime(),
+	}); err != nil {
+		return err
+	}
+	_, err = io.Copy(tw, f)
+	return err
+}
+
+func sha256HexFile(path string) (string, error) {
+	f, err := os.Open(path)
+	if err != nil {
+		return "", err
+	}
+	defer f.Close()
+	h := sha256.New()
+	if _, err := io.Copy(h, f); err != nil {
+		return "", err
+	}
+	return hex.EncodeToString(h.Sum(nil)), nil
+}
+
 func newInternalWorkSeedCommand() *cobra.Command {
 	var rootfsPath string
 	var outPath string