Objective
Implement a shell script that dynamically detects library dependencies for mounted binaries and generates appropriate Docker mount arguments.
Context
Mounting entire library directories (/usr/lib, /lib, /lib64) increases the container size and security surface. A smarter approach is to:
- Detect what libraries the mounted binaries actually need
- Generate minimal mount commands for only those libraries
- Cache results for performance
Approach
- Create
scripts/detect-library-deps.sh that:
- Takes a list of binaries as input
- Uses
ldd to find library dependencies
- Outputs Docker mount arguments (e.g.,
-v /lib/x86_64-linux-gnu/libc.so.6:/lib/x86_64-linux-gnu/libc.so.6:ro)
- Handles symlinks and library versioning
- Add caching mechanism to avoid repeated
ldd calls
- Integrate into engine execution code paths
- Add tests to verify library detection accuracy
Files to Create/Modify
- Create:
scripts/detect-library-deps.sh (library detection script)
- Create:
scripts/detect-library-deps_test.sh (test script)
- Modify:
pkg/workflow/copilot_engine_execution.go (use script output)
- Modify:
pkg/workflow/claude_engine.go (use script output)
- Modify:
pkg/workflow/codex_engine.go (use script output)
Acceptance Criteria
Related
Implements dynamic solution proposed in #11972
Related to #11970
AI generated by Plan Command for #11970
Objective
Implement a shell script that dynamically detects library dependencies for mounted binaries and generates appropriate Docker mount arguments.
Context
Mounting entire library directories (
/usr/lib,/lib,/lib64) increases the container size and security surface. A smarter approach is to:Approach
scripts/detect-library-deps.shthat:lddto find library dependencies-v /lib/x86_64-linux-gnu/libc.so.6:/lib/x86_64-linux-gnu/libc.so.6:ro)lddcallsFiles to Create/Modify
scripts/detect-library-deps.sh(library detection script)scripts/detect-library-deps_test.sh(test script)pkg/workflow/copilot_engine_execution.go(use script output)pkg/workflow/claude_engine.go(use script output)pkg/workflow/codex_engine.go(use script output)Acceptance Criteria
Related
Implements dynamic solution proposed in #11972
Related to #11970