Make runtime defaults portable

Stop assuming one workstation layout for runtime artifacts, mapdns, and host tooling. The daemon and shell helpers now use portable mapdns configuration, and runtime bundles can carry bundle.json metadata for their default kernel, initrd, modules, rootfs, and helper paths. Load bundle metadata through config with a legacy layout fallback, thread mapdns_bin/mapdns_data_file through the Go and shell paths, and add command-scoped preflight checks for VM start, NAT, image build, work-disk resize, and SSH so missing tools or artifacts fail with actionable errors. Update the runtime-bundle manifest, docs, and tests to match the new model. Verified with go test ./..., make build, and bash -n customize.sh interactive.sh dns.sh make-rootfs.sh verify.sh.
2026-03-16 15:30:08 -03:00 · 2026-03-16 15:30:08 -03:00 · fcedacba5c
commit fcedacba5c
parent 238bb8a020
23 changed files with 927 additions and 96 deletions
--- a/internal/runtimebundle/bundle.go
+++ b/internal/runtimebundle/bundle.go
@ -6,6 +6,8 @@ import (
 	"context"
 	"crypto/sha256"
 	"encoding/hex"
+	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@ -19,13 +21,29 @@ import (
 )

 type Manifest struct {
-	Version       string   `toml:"version"`
-	URL           string   `toml:"url"`
-	SHA256        string   `toml:"sha256"`
-	BundleRoot    string   `toml:"bundle_root"`
-	RequiredPaths []string `toml:"required_paths"`
+	Version       string         `toml:"version"`
+	URL           string         `toml:"url"`
+	SHA256        string         `toml:"sha256"`
+	BundleRoot    string         `toml:"bundle_root"`
+	RequiredPaths []string       `toml:"required_paths"`
+	BundleMeta    BundleMetadata `toml:"bundle_metadata"`
 }

+type BundleMetadata struct {
+	FirecrackerBin    string `json:"firecracker_bin" toml:"firecracker_bin"`
+	SSHKeyPath        string `json:"ssh_key_path" toml:"ssh_key_path"`
+	NamegenPath       string `json:"namegen_path" toml:"namegen_path"`
+	CustomizeScript   string `json:"customize_script" toml:"customize_script"`
+	DefaultPackages   string `json:"default_packages_file" toml:"default_packages_file"`
+	DefaultRootfs     string `json:"default_rootfs" toml:"default_rootfs"`
+	DefaultBaseRootfs string `json:"default_base_rootfs,omitempty" toml:"default_base_rootfs"`
+	DefaultKernel     string `json:"default_kernel" toml:"default_kernel"`
+	DefaultInitrd     string `json:"default_initrd,omitempty" toml:"default_initrd"`
+	DefaultModulesDir string `json:"default_modules_dir,omitempty" toml:"default_modules_dir"`
+}
+
+const BundleMetadataFile = "bundle.json"
+
 func LoadManifest(path string) (Manifest, error) {
 	data, err := os.ReadFile(path)
 	if err != nil {
@ -38,6 +56,7 @@ func LoadManifest(path string) (Manifest, error) {
 	manifest.BundleRoot = strings.TrimSpace(manifest.BundleRoot)
 	manifest.URL = strings.TrimSpace(manifest.URL)
 	manifest.SHA256 = strings.ToLower(strings.TrimSpace(manifest.SHA256))
+	manifest.BundleMeta = normalizeBundleMetadata(manifest.BundleMeta)
 	for i, required := range manifest.RequiredPaths {
 		manifest.RequiredPaths[i] = filepath.Clean(strings.TrimSpace(required))
 	}
@ -91,6 +110,9 @@ func Bootstrap(ctx context.Context, manifest Manifest, manifestPath, outDir stri
 	if err := ValidateBundle(bundleDir, manifest.RequiredPaths); err != nil {
 		return err
 	}
+	if _, err := LoadBundleMetadata(bundleDir); err != nil && !errors.Is(err, os.ErrNotExist) {
+		return err
+	}

 	stageDir := filepath.Join(workDir, "stage")
 	if err := os.Rename(bundleDir, stageDir); err != nil {
@ -122,6 +144,10 @@ func Package(runtimeDir, outArchive string, manifest Manifest) (string, error) {
 	if err := ValidateBundle(runtimeDir, manifest.RequiredPaths); err != nil {
 		return "", err
 	}
+	metadata, err := metadataArchiveBytes(runtimeDir, manifest.BundleMeta)
+	if err != nil {
+		return "", err
+	}
 	if err := os.MkdirAll(filepath.Dir(outArchive), 0o755); err != nil {
 		return "", err
 	}
@ -143,6 +169,11 @@ func Package(runtimeDir, outArchive string, manifest Manifest) (string, error) {
 			return "", err
 		}
 	}
+	if len(metadata) != 0 {
+		if err := addBytesToArchive(tw, manifest.BundleRoot, BundleMetadataFile, metadata, 0o644); err != nil {
+			return "", err
+		}
+	}
 	if err := tw.Close(); err != nil {
 		return "", err
 	}
@ -152,6 +183,115 @@ func Package(runtimeDir, outArchive string, manifest Manifest) (string, error) {
 	return hex.EncodeToString(hash.Sum(nil)), nil
 }

+func LoadBundleMetadata(runtimeDir string) (BundleMetadata, error) {
+	path := filepath.Join(runtimeDir, BundleMetadataFile)
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return BundleMetadata{}, err
+	}
+	var meta BundleMetadata
+	if err := json.Unmarshal(data, &meta); err != nil {
+		return BundleMetadata{}, fmt.Errorf("parse %s: %w", path, err)
+	}
+	meta = normalizeBundleMetadata(meta)
+	if err := validateBundleMetadata(runtimeDir, meta); err != nil {
+		return BundleMetadata{}, err
+	}
+	return meta, nil
+}
+
+func validateBundleMetadata(runtimeDir string, meta BundleMetadata) error {
+	required := []struct {
+		value string
+		label string
+	}{
+		{meta.FirecrackerBin, "firecracker_bin"},
+		{meta.SSHKeyPath, "ssh_key_path"},
+		{meta.NamegenPath, "namegen_path"},
+		{meta.CustomizeScript, "customize_script"},
+		{meta.DefaultPackages, "default_packages_file"},
+		{meta.DefaultRootfs, "default_rootfs"},
+		{meta.DefaultKernel, "default_kernel"},
+	}
+	for _, field := range required {
+		if strings.TrimSpace(field.value) == "" {
+			return fmt.Errorf("runtime bundle metadata missing %s", field.label)
+		}
+	}
+	for _, field := range []struct {
+		value    string
+		label    string
+		required bool
+	}{
+		{meta.FirecrackerBin, "firecracker_bin", true},
+		{meta.SSHKeyPath, "ssh_key_path", true},
+		{meta.NamegenPath, "namegen_path", true},
+		{meta.CustomizeScript, "customize_script", true},
+		{meta.DefaultPackages, "default_packages_file", true},
+		{meta.DefaultRootfs, "default_rootfs", true},
+		{meta.DefaultBaseRootfs, "default_base_rootfs", false},
+		{meta.DefaultKernel, "default_kernel", true},
+		{meta.DefaultInitrd, "default_initrd", false},
+		{meta.DefaultModulesDir, "default_modules_dir", false},
+	} {
+		if strings.TrimSpace(field.value) == "" {
+			continue
+		}
+		resolved, err := resolveMetadataPath(runtimeDir, field.value)
+		if err != nil {
+			return fmt.Errorf("runtime bundle metadata %s: %w", field.label, err)
+		}
+		if _, err := os.Stat(resolved); err != nil {
+			if field.required || !errors.Is(err, os.ErrNotExist) {
+				return fmt.Errorf("runtime bundle metadata %s points to missing path %s", field.label, resolved)
+			}
+		}
+	}
+	return nil
+}
+
+func resolveMetadataPath(runtimeDir, rel string) (string, error) {
+	rel = filepath.Clean(strings.TrimSpace(rel))
+	if rel == "." || rel == "" || filepath.IsAbs(rel) || strings.HasPrefix(rel, "..") {
+		return "", fmt.Errorf("invalid relative path %q", rel)
+	}
+	return filepath.Join(runtimeDir, rel), nil
+}
+
+func metadataArchiveBytes(runtimeDir string, meta BundleMetadata) ([]byte, error) {
+	meta = normalizeBundleMetadata(meta)
+	if strings.TrimSpace(meta.FirecrackerBin) == "" &&
+		strings.TrimSpace(meta.SSHKeyPath) == "" &&
+		strings.TrimSpace(meta.NamegenPath) == "" &&
+		strings.TrimSpace(meta.CustomizeScript) == "" &&
+		strings.TrimSpace(meta.DefaultPackages) == "" &&
+		strings.TrimSpace(meta.DefaultRootfs) == "" &&
+		strings.TrimSpace(meta.DefaultBaseRootfs) == "" &&
+		strings.TrimSpace(meta.DefaultKernel) == "" &&
+		strings.TrimSpace(meta.DefaultInitrd) == "" &&
+		strings.TrimSpace(meta.DefaultModulesDir) == "" {
+		return nil, nil
+	}
+	if err := validateBundleMetadata(runtimeDir, meta); err != nil {
+		return nil, err
+	}
+	return json.MarshalIndent(meta, "", "  ")
+}
+
+func normalizeBundleMetadata(meta BundleMetadata) BundleMetadata {
+	meta.FirecrackerBin = strings.TrimSpace(meta.FirecrackerBin)
+	meta.SSHKeyPath = strings.TrimSpace(meta.SSHKeyPath)
+	meta.NamegenPath = strings.TrimSpace(meta.NamegenPath)
+	meta.CustomizeScript = strings.TrimSpace(meta.CustomizeScript)
+	meta.DefaultPackages = strings.TrimSpace(meta.DefaultPackages)
+	meta.DefaultRootfs = strings.TrimSpace(meta.DefaultRootfs)
+	meta.DefaultBaseRootfs = strings.TrimSpace(meta.DefaultBaseRootfs)
+	meta.DefaultKernel = strings.TrimSpace(meta.DefaultKernel)
+	meta.DefaultInitrd = strings.TrimSpace(meta.DefaultInitrd)
+	meta.DefaultModulesDir = strings.TrimSpace(meta.DefaultModulesDir)
+	return meta
+}
+
 func addPathToArchive(tw *tar.Writer, runtimeDir, bundleRoot, rel string) error {
 	srcPath := filepath.Join(runtimeDir, rel)
 	info, err := os.Lstat(srcPath)
@ -201,6 +341,23 @@ func addPathToArchive(tw *tar.Writer, runtimeDir, bundleRoot, rel string) error
 	return err
 }

+func addBytesToArchive(tw *tar.Writer, bundleRoot, rel string, data []byte, mode int64) error {
+	name := rel
+	if bundleRoot != "" {
+		name = filepath.Join(bundleRoot, rel)
+	}
+	header := &tar.Header{
+		Name: filepath.ToSlash(name),
+		Mode: mode,
+		Size: int64(len(data)),
+	}
+	if err := tw.WriteHeader(header); err != nil {
+		return err
+	}
+	_, err := tw.Write(data)
+	return err
+}
+
 func resolveSource(manifestDir, source string) string {
 	parsed, err := url.Parse(source)
 	if err == nil && parsed.Scheme != "" {