Guard bbox-init embed behind bbox_full build tag#197
Merged
Conversation
The bbox-init guest binary is built by `task build-init` and is .gitignore'd, so the Go module proxy serves the initbin package without it. Embedding it unconditionally made brood-box uncompilable for any downstream consumer importing it as a library (pkg/runtime -> pkg/sandbox -> internal/infra/vm -> initbin): pattern bbox-init: no matching files found Split the embed behind a `bbox_full` build tag (Option A from the issue): embed_full.go carries the real //go:embed under the tag, embed_stub.go exports an empty Binary by default. The bbox CLI build and install targets now pass `bbox_full`; every other build (go test, golangci-lint, library consumers) uses the stub and compiles without the file present. The rootfs hook validates Binary is non-empty before use, so a stub build that attempts to boot a VM fails fast with an actionable error rather than writing a zero-byte init. Init-binary hook tests are split by build tag accordingly. Fixes #110 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01VP887qH8BMW4PMUXBuEqGc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #110 — embedding the
bbox-initguest binary unconditionally made brood-box uncompilable as a Go module dependency.internal/infra/vm/initbin/embed.goused//go:embed bbox-init, but that binary is built bytask build-initand is.gitignored. The module proxy serves the package without it, so any downstream consumer importing brood-box as a library hit a hard compile failure:The dependency chain that pulls this in for library consumers:
Approach (Option A from the issue — build-tag guard)
embed_full.go(//go:build bbox_full) — the real//go:embed bbox-initdirective.embed_stub.go(//go:build !bbox_full) — exports an emptyBinary []byte.task buildandtask installnow build the bbox CLI with-tags "embed_runtime bbox_full".go test,golangci-lint, and library consumers — uses the stub and compiles cleanly without thebbox-initfile present.Fail-fast safety
InjectInitBinarynow checkslen(initbin.Binary) == 0and returns an actionable error before writing, so a stub-built binary that tries to boot a VM fails clearly instead of writing a zero-byte init:The init-binary hook tests are split by build tag: content/permission assertions run under
bbox_full; a new stub test asserts the guard error and that no file is written.Verification
go build ./internal/... ./pkg/...with thebbox-initfile deleted (reproduces the original failure → now compiles).go build -tags bbox_fullwith the binary present.task buildproduces a workingbin/bbox(embedded runtime + init).task test(stub) andgo test -tags bbox_full ./internal/infra/vm/both pass.task lint— 0 issues.🤖 Generated with Claude Code