melange does not allow symlinks to files in workspaces

[a-crate]

Melange handles symlinks to directories in a pretty reasonable way, which is that when it calls fs.WalkDir in populateWorkspace, it will end up walking the contents of the symlink'd dir and copying them in. The only quirk is that the symlink is flattened, meaning in the build container it's just a regular directory.

Melange does not handle symlinks which don't point to a directory. Because they are not regular files they are skipped by populateWorkspace, and don't end up in the container.

Checking for fs.ModeSymlink works, and allows us to create a new symlink in the workspace directory with the correct target. This works fine for bubblewrap and docker runners, but not qemu.

The qemu runner uses 9p to pass the shared workspace directory to the guest, using security model mapped, because passthrough is generally discouraged in production. Unfortunately, symlinks in 9p with mapped security model are bugged.

We could switch to virtiofs, but that's been discussed before and not done because it requires the host to run a userspace daemon.

We could stop mounting the shared directory, tar the workspace dir inputs and send it over SSH. We don't use the shared mount anyway for performance reasons. However, archive/tar doesn't support symlinks either.

diff of my work so far.