Skip to content

Archiver: preserve symlinks and explicit build-context entries#1391

Open
mazdak wants to merge 1 commit intoapple:mainfrom
mazdak:mazdak/archiver-buildfs-fixes
Open

Archiver: preserve symlinks and explicit build-context entries#1391
mazdak wants to merge 1 commit intoapple:mainfrom
mazdak:mazdak/archiver-buildfs-fixes

Conversation

@mazdak
Copy link
Copy Markdown
Contributor

@mazdak mazdak commented Apr 5, 2026
edited
Loading

Type of Change

  • Bug fix

Motivation and Context

While building out a Docker Compose-style plugin and validating it against our own real development stack, we ran into two classes of problems in the build-context path:

  • Correctness issues in archive generation, especially around symlinks
  • Very high client-side overhead while preparing and streaming build contexts.

Original Issue

  • while validating container against our real workload, build-context loading was wildly slower than Docker
  • the recorded apples-to-apples probe was roughly Docker: 0.78s vs container: 109.04s
  • the recorded context-size mismatch was roughly Docker: 1.60MB vs container: 149.21MB
  • while digging into that path, we found the archive/symlink correctness bugs and split them from the performance work

So the original problem was: our repo/docker-compose made the build-context path look both too slow and not fully trustworthy.

This PR fixes build-context archiving in container so symlinks are preserved correctly, digest calculation reflects symlink target changes, and fssync archives the exact selected file set in the already-computed order.

Before this change, build-context archiving could mis-handle symlinks, archive a broader tree walk than necessary, and produce a digest that did not change when symlink targets changed.

Part of the fix was also more generally related to the Containerization framework. This PR intentionally stays independently mergeable against the current released containerization dependency, so it keeps the local archiver implementation needed for these fixes today. The Containerization PR is: apple/containerization#652

Testing

  • Tested locally
  • Added/updated tests

This was referenced Apr 5, 2026
Open
Open
jglogan
jglogan reviewed Apr 5, 2026
View reviewed changes
Sources/Services/ContainerAPIService/Client/Archiver.swift
return hasher.finalize()
}

public static func uncompress(source: URL, destination: URL) throws {
Copy link
Copy Markdown
Contributor

@jglogan jglogan Apr 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed this in #1372 because it's insecure and should not be used. See ArchiveReader.extractContents() in containerization in this commit: apple/containerization@3e93416

@jglogan
Copy link
Copy Markdown
Contributor

jglogan commented Apr 5, 2026

Can you provide a simple container build command, Dockerfile and build context that fails and is addressed by the fix(es) you propose? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jglogan jglogan jglogan left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mazdak @jglogan