microsandbox 0.4.4

`microsandbox` is the core library for the microsandbox project.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240

//! Thin shim that forwards all arguments to the installed `msb` binary.
//!
//! Self-heals on first run if `msb` isn't where we expect (e.g. `build.rs`
//! was skipped, shared install dir was wiped, or another install path ran).
//!
//! Stays deliberately std-only: no HTTP client, tar, or gzip crate is
//! linked into the shim. Shells out to `curl` and `tar` for the one-time
//! download — the same tools `scripts/install.sh` and
//! `sdk/node-ts/postinstall.js` already require.
//!
//! Resolution order:
//! 1. `MSB_PATH` environment variable
//! 2. `~/.microsandbox/bin/msb` (populated by `build.rs` at compile time or
//!    by on-demand self-heal below)

use std::env;
use std::fs;
use std::io::{IsTerminal, Write};
use std::path::{Path, PathBuf};
use std::process::{Command, ExitCode};

use microsandbox_utils::{
    LIBKRUNFW_ABI, MSB_BINARY, PREBUILT_VERSION, bundle_download_url, libkrunfw_filename,
};

//--------------------------------------------------------------------------------------------------
// Functions
//--------------------------------------------------------------------------------------------------

fn main() -> ExitCode {
    let msb = match resolve_or_install() {
        Ok(p) => p,
        Err(code) => return code,
    };

    let args: Vec<_> = env::args_os().skip(1).collect();

    #[cfg(unix)]
    {
        use std::os::unix::process::CommandExt;
        let err = Command::new(&msb).args(&args).exec();
        eprintln!("microsandbox: failed to exec {}: {err}", msb.display());
        ExitCode::from(127)
    }

    #[cfg(not(unix))]
    {
        match Command::new(&msb).args(&args).status() {
            Ok(status) => ExitCode::from(status.code().unwrap_or(1) as u8),
            Err(err) => {
                eprintln!("microsandbox: failed to run {}: {err}", msb.display());
                ExitCode::from(127)
            }
        }
    }
}

//--------------------------------------------------------------------------------------------------
// Functions: Helpers
//--------------------------------------------------------------------------------------------------

fn resolve_or_install() -> Result<PathBuf, ExitCode> {
    // MSB_PATH override: honor exactly what the user set; do not attempt to
    // create or download something at an arbitrary user-specified path.
    if let Ok(path) = env::var("MSB_PATH") {
        let p = PathBuf::from(&path);
        if p.is_file() {
            return Ok(p);
        }
        eprintln!("microsandbox: MSB_PATH points at nonexistent {path}");
        return Err(ExitCode::from(127));
    }

    let Some(home) = env::var("HOME").ok().map(PathBuf::from) else {
        eprintln!("microsandbox: HOME is not set; cannot locate msb");
        return Err(ExitCode::from(127));
    };

    let base_dir = home.join(".microsandbox");
    let bin_dir = base_dir.join("bin");
    let lib_dir = base_dir.join("lib");
    let msb_path = bin_dir.join(MSB_BINARY);

    if msb_path.is_file() {
        return Ok(msb_path);
    }

    // Save the cursor before the first status line so we can wipe all of
    // our own output (plus curl's progress bar) once the download succeeds.
    // Only on a TTY; otherwise leave stderr untouched so piped output stays
    // clean.
    let mut stderr = std::io::stderr();
    let ansi = stderr.is_terminal();
    if ansi {
        let _ = stderr.write_all(b"\x1b[s");
    }

    let _ = writeln!(
        stderr,
        "microsandbox: preparing runtime v{PREBUILT_VERSION} (first run only)..."
    );

    if let Err(err) = install_runtime(&bin_dir, &lib_dir) {
        let _ = writeln!(stderr, "microsandbox: failed to download runtime: {err}");
        let _ = writeln!(
            stderr,
            "microsandbox: retry, or set MSB_PATH to an existing msb binary, \
             or install manually: curl -fsSL https://install.microsandbox.dev | sh"
        );
        return Err(ExitCode::from(127));
    }

    if msb_path.is_file() {
        // Success: wipe our status + curl's final progress line. On
        // non-TTY we leave a single confirmation line so logs still record
        // what happened.
        if ansi {
            let _ = stderr.write_all(b"\x1b[u\x1b[J");
        } else {
            let _ = writeln!(stderr, "microsandbox: runtime ready.");
        }
        Ok(msb_path)
    } else {
        let _ = writeln!(
            stderr,
            "microsandbox: install reported success but {} is still missing",
            msb_path.display()
        );
        Err(ExitCode::from(127))
    }
}

fn install_runtime(bin_dir: &Path, lib_dir: &Path) -> Result<(), String> {
    fs::create_dir_all(bin_dir).map_err(|e| format!("mkdir {}: {e}", bin_dir.display()))?;
    fs::create_dir_all(lib_dir).map_err(|e| format!("mkdir {}: {e}", lib_dir.display()))?;

    let os = if cfg!(target_os = "macos") {
        "macos"
    } else if cfg!(target_os = "linux") {
        "linux"
    } else {
        return Err("unsupported operating system".into());
    };

    let arch = match env::consts::ARCH {
        "aarch64" => "aarch64",
        "x86_64" => "x86_64",
        other => return Err(format!("unsupported architecture: {other}")),
    };

    let libkrunfw_name = libkrunfw_filename(os);
    let url = bundle_download_url(PREBUILT_VERSION, arch, os);

    let tmp_dir = env::temp_dir().join(format!(
        "microsandbox-install-{}-{}",
        std::process::id(),
        PREBUILT_VERSION,
    ));
    // Best-effort cleanup of any prior attempt.
    let _ = fs::remove_dir_all(&tmp_dir);
    fs::create_dir_all(&tmp_dir).map_err(|e| format!("mkdir tmp: {e}"))?;
    let tarball = tmp_dir.join("bundle.tar.gz");

    // Download via curl — curl renders its own progress bar on the user's TTY.
    let curl_status = Command::new("curl")
        .args(["-fSL", "--progress-bar", "-o"])
        .arg(&tarball)
        .arg(&url)
        .status()
        .map_err(|e| format!("curl is required for runtime download but was not found: {e}"))?;
    if !curl_status.success() {
        return Err(format!("curl failed ({curl_status}) downloading {url}"));
    }

    // Extract with tar.
    let tar_status = Command::new("tar")
        .args(["xzf"])
        .arg(&tarball)
        .arg("-C")
        .arg(&tmp_dir)
        .status()
        .map_err(|e| format!("tar not found: {e}"))?;
    if !tar_status.success() {
        return Err(format!("tar failed ({tar_status})"));
    }

    // Route each extracted file to bin/ or lib/ with an atomic rename so a
    // concurrent shim can't observe a half-written binary.
    for entry in fs::read_dir(&tmp_dir).map_err(|e| format!("read {}: {e}", tmp_dir.display()))? {
        let entry = entry.map_err(|e| format!("read entry: {e}"))?;
        let src = entry.path();
        if !src.is_file() {
            continue;
        }
        let name = entry.file_name();
        let name_str = name.to_string_lossy();
        if name_str.ends_with(".tar.gz") {
            continue;
        }
        let dest = if name_str.starts_with("libkrunfw") {
            lib_dir.join(&*name_str)
        } else {
            bin_dir.join(&*name_str)
        };
        let tmp_dest = dest.with_extension(format!("tmp-{}", std::process::id()));
        fs::copy(&src, &tmp_dest).map_err(|e| format!("copy {}: {e}", src.display()))?;
        #[cfg(unix)]
        {
            use std::os::unix::fs::PermissionsExt;
            fs::set_permissions(&tmp_dest, fs::Permissions::from_mode(0o755))
                .map_err(|e| format!("chmod {}: {e}", tmp_dest.display()))?;
        }
        fs::rename(&tmp_dest, &dest).map_err(|e| format!("rename to {}: {e}", dest.display()))?;
    }

    // libkrunfw symlinks.
    #[cfg(unix)]
    {
        let symlinks: Vec<(String, String)> = if os == "macos" {
            vec![("libkrunfw.dylib".into(), libkrunfw_name.clone())]
        } else {
            let soname = format!("libkrunfw.so.{LIBKRUNFW_ABI}");
            vec![
                (soname.clone(), libkrunfw_name.clone()),
                ("libkrunfw.so".into(), soname),
            ]
        };
        for (link_name, target) in &symlinks {
            let link_path = lib_dir.join(link_name);
            if link_path.exists() || link_path.is_symlink() {
                let _ = fs::remove_file(&link_path);
            }
            std::os::unix::fs::symlink(target, &link_path)
                .map_err(|e| format!("symlink {link_name} -> {target}: {e}"))?;
        }
    }

    let _ = fs::remove_dir_all(&tmp_dir);
    Ok(())
}