fix(rootless): make daemonless build pipeline actually work

The rootless runtime could not complete a real prepare+build. Four
independent defects, fixed here:

- run.go: child args were NUL-separated and passed via os.Setenv, which
  rejects NUL bytes ("setenv: invalid argument") for any 2+ arg command.
  Switch the separator to ASCII Unit Separator (0x1f).
- runtime.go: the rootless backend has no OCI ENTRYPOINT, so dispatched
  bare sub-commands (["prepare", ...]) were exec'd directly and ENOENT'd.
  Prepend the /usr/bin/yap entrypoint in Runtime.Run.
- run.go: control env vars (_YAP_ROOTLESSKIT_*) were left set across the
  final syscall.Exec, so the real yap re-entered MaybeRunAsChild and ran
  execInRootfs a second time inside the pivoted rootfs — where the host
  workdir no longer exists — producing a spurious workspace-bind ENOENT.
  Unset them before exec.
- run.go: the builder rootfs ships an empty /etc/resolv.conf, so glibc
  fell back to ::1:53 and every apt/dnf lookup failed. Bind-mount the
  host resolv.conf (best-effort) since rootlesskit shares the host netns.

Also forward --repo / --allow-unverified-repos / --target-arch from the
CLI build invocation into the dispatched prepare+build steps
(container_run.go, build.go) so vendor repositories resolve inside the
builder instead of failing with "unresolvable packages".

Author: M0Rf30

cmd/yap/command/build.go

@@ -122,9 +122,19 @@ var buildCmd = &cobra.Command{
 			// when the user explicitly requested -s (skip-sync) or -d (no-makedeps),
 			// which implies they have already prepared the environment.
 			skipPrepare := buildOpts.SkipSyncDeps || buildOpts.NoMakeDeps
-			buildArgs := []string{buildCommand, distroTag, "/project"}
 
-			if RunPipelineInContainer(distroTag, fullJSONPath, buildArgs, skipPrepare) {
+			// Forward the flags that affect dependency resolution into the
+			// container. Without this, extra repos (--repo), the unverified
+			// trust opt-in (-U) and the cross arch (--target-arch) are lost on
+			// dispatch, so vendor packages fail to resolve inside the builder.
+			buildArgs := append([]string{buildCommand, distroTag, "/project"},
+				forwardedBuildFlags()...)
+
+			// prepare also needs --repo/--target-arch so the makedeps step can
+			// see vendor repositories and the correct toolchain.
+			prepareArgs := forwardedPrepareFlags()
+
+			if RunPipelineInContainer(distroTag, fullJSONPath, buildArgs, prepareArgs, skipPrepare) {
 				return nil
 			}
 		}
@@ -199,6 +209,44 @@ var buildCmd = &cobra.Command{
 	},
 }
 
+// forwardedBuildFlags returns the subset of build flags that must be replayed
+// inside the dispatched container so dependency resolution matches the host
+// invocation: extra repos, the unverified-trust opt-in, and the cross arch.
+func forwardedBuildFlags() []string {
+	var out []string
+
+	for _, r := range buildOpts.ExtraRepos {
+		out = append(out, "--repo", r)
+	}
+
+	if buildOpts.AllowUnverifiedRepos {
+		out = append(out, "--allow-unverified-repos")
+	}
+
+	if buildOpts.TargetArch != "" {
+		out = append(out, "--target-arch", buildOpts.TargetArch)
+	}
+
+	return out
+}
+
+// forwardedPrepareFlags returns the flags the chained `yap prepare` step needs
+// so makedeps resolution sees the same vendor repositories and toolchain as
+// the build step.
+func forwardedPrepareFlags() []string {
+	var out []string
+
+	for _, r := range buildOpts.ExtraRepos {
+		out = append(out, "--repo", r)
+	}
+
+	if buildOpts.TargetArch != "" {
+		out = append(out, "--target-arch", buildOpts.TargetArch)
+	}
+
+	return out
+}
+
 // validateCompression validates that the compression algorithm is supported,
 // using the canonical set in pkg/constants shared with the MCP server.
 func validateCompression(compression string) error {

cmd/yap/command/container_run.go

@@ -106,11 +106,16 @@ func RunCommandInContainer(distro, workDir string, subArgs []string) bool {
 //
 //   - distro: distribution tag, e.g. "ubuntu-noble"
 //   - workDir: host directory to mount as /project
-//   - buildArgs: arguments for the inner yap build command (distroTag + path)
+//   - buildArgs: arguments for the inner yap build command (distroTag + path
+//     plus any forwarded build flags such as --repo, -U, --target-arch)
+//   - prepareArgs: extra flags to forward to the chained `yap prepare` step
+//     (e.g. --repo, --target-arch) so the prepare environment matches the
+//     build — repos added on the build side are not visible to prepare unless
+//     forwarded here
 //   - skipPrepare: if true, skip the prepare step (user passed -s or -d)
 //
 // Returns true if dispatched, false if caller should proceed natively.
-func RunPipelineInContainer(distro, workDir string, buildArgs []string, skipPrepare bool) bool {
+func RunPipelineInContainer(distro, workDir string, buildArgs, prepareArgs []string, skipPrepare bool) bool {
 	if IsInsideContainer() {
 		return false
 	}
@@ -142,7 +147,12 @@ func RunPipelineInContainer(distro, workDir string, buildArgs []string, skipPrep
 	if skipPrepare {
 		shellCmd = buildCmd
 	} else {
-		shellCmd = "yap prepare " + distro + " && " + buildCmd
+		prepareCmd := "yap prepare " + distro
+		if len(prepareArgs) > 0 {
+			prepareCmd += " " + shellJoinArgs(prepareArgs)
+		}
+
+		shellCmd = prepareCmd + " && " + buildCmd
 	}
 
 	if err := rt.RunShell(distro, workDir, shellCmd); err != nil {

pkg/container/rootless/run.go

@@ -30,7 +30,7 @@ const (
 	envChildRootfs = "_YAP_ROOTLESSKIT_ROOTFS"
 	// envChildWorkDir is the workspace path passed to the child.
 	envChildWorkDir = "_YAP_ROOTLESSKIT_WORKDIR"
-	// envChildArgs is the serialised command args passed to the child (NUL-separated).
+	// envChildArgs is the serialised command args passed to the child (argSep-separated).
 	envChildArgs = "_YAP_ROOTLESSKIT_ARGS"
 )
 
@@ -184,14 +184,17 @@ func execInRootfs(rootfs, workDir string, args []string) error {
 
 	// Bind-mount workspace.
 	if workDir != "" && workDir != "." {
-		wsTarget := filepath.Join(rootfs, "workspace")
+		wsTarget := filepath.Join(rootfs, "project")
 
 		if err := bindMount(workDir, wsTarget); err != nil {
 			return errors.Wrap(err, errors.ErrTypeFileSystem, "failed to bind mount workspace").
 				WithOperation("execInRootfs")
 		}
 	}
 
+	// Provide working DNS inside the rootfs (best-effort).
+	setupResolvConf(rootfs)
+
 	if err := pivotOrChroot(rootfs); err != nil {
 		return errors.Wrap(err, errors.ErrTypeFileSystem, "failed to pivot root or chroot").
 			WithOperation("execInRootfs")
@@ -207,6 +210,17 @@ func execInRootfs(rootfs, workDir string, args []string) error {
 		bin = args[0]
 	}
 
+	// Clear the rootless control env vars before handing off to the real
+	// target. Otherwise the exec'd binary re-enters MaybeRunAsChild (called
+	// early in main, before cobra), sees envExecMode still set, and re-runs
+	// execInRootfs a SECOND time — now inside the already-pivoted rootfs,
+	// where the host-absolute workDir no longer exists, producing a spurious
+	// ENOENT on the workspace bind. YAP_IN_CONTAINER is intentionally kept so
+	// the inner process does not re-dispatch into a container.
+	for _, k := range []string{envExecMode, envChildRootfs, envChildWorkDir, envChildArgs} {
+		_ = os.Unsetenv(k)
+	}
+
 	return syscall.Exec(bin, args, os.Environ()) //nolint:gosec
 }
 
@@ -240,6 +254,39 @@ func pivotOrChroot(newRoot string) error {
 	return os.Chdir("/")
 }
 
+// setupResolvConf bind-mounts the host's /etc/resolv.conf into the rootfs so
+// name resolution works inside the pivoted environment. rootlesskit shares the
+// host network namespace, so the host resolver is reachable — but the builder
+// rootfs ships an empty /etc/resolv.conf, which makes glibc fall back to
+// localhost (::1:53) and every lookup fails. Best-effort: all failures are
+// logged and ignored so a missing resolv.conf never aborts the build.
+func setupResolvConf(rootfs string) {
+	hostResolv, err := filepath.EvalSymlinks("/etc/resolv.conf")
+	if err != nil {
+		return
+	}
+
+	if _, err := os.Stat(hostResolv); err != nil {
+		return
+	}
+
+	dst := filepath.Join(rootfs, "etc", "resolv.conf")
+
+	// Ensure a regular file exists at dst to bind onto.
+	if _, err := os.Stat(dst); os.IsNotExist(err) { //nolint:gosec // path from rootfsPath, not user input
+		_ = os.MkdirAll(filepath.Dir(dst), 0o755) //nolint:gosec // path from rootfsPath, not user input
+
+		f, cerr := os.OpenFile(dst, os.O_CREATE, 0o644) //nolint:gosec // path from rootfsPath, not user input
+		if cerr == nil {
+			_ = f.Close()
+		}
+	}
+
+	if err := syscall.Mount(hostResolv, dst, "", syscall.MS_BIND, ""); err != nil {
+		logger.Warn("failed to bind mount resolv.conf", "error", err)
+	}
+}
+
 // bindMount bind-mounts src to dest.
 func bindMount(src, dest string) error {
 	if err := os.MkdirAll(dest, 0o755); err != nil { //nolint:gosec // path from rootfsPath, not user input
@@ -251,13 +298,20 @@ func bindMount(src, dest string) error {
 	return syscall.Mount(src, dest, "", syscall.MS_BIND|syscall.MS_REC, "")
 }
 
-// joinNUL encodes a string slice as NUL-separated bytes.
+// argSep separates encoded child args. We use ASCII Unit Separator (0x1f)
+// rather than NUL: the encoded value is passed through os.Setenv, which
+// rejects any string containing a NUL byte ("setenv: invalid argument"), so a
+// NUL separator broke every command with 2+ args. 0x1f never appears in real
+// argv (paths, flags) yet is still a safe in-band delimiter.
+const argSep = '\x1f'
+
+// joinNUL encodes a string slice as argSep-separated bytes.
 func joinNUL(ss []string) string {
 	var b strings.Builder
 
 	for i, s := range ss {
 		if i > 0 {
-			b.WriteByte(0)
+			b.WriteByte(argSep)
 		}
 
 		b.WriteString(s)
@@ -266,14 +320,14 @@ func joinNUL(ss []string) string {
 	return b.String()
 }
 
-// splitNUL decodes a NUL-separated string into a slice.
+// splitNUL decodes an argSep-separated string into a slice.
 func splitNUL(s string) []string {
 	var result []string
 
 	cur := &strings.Builder{}
 
 	for _, c := range s {
-		if c == 0 {
+		if c == argSep {
 			result = append(result, cur.String())
 			cur.Reset()
 		} else {

pkg/container/rootless/runtime.go

@@ -27,9 +27,17 @@ func (r *Runtime) Pull(distro string) error {
 	return PullImage(distro)
 }
 
+// entrypoint is the builder image ENTRYPOINT. The CLI runtime relies on the
+// OCI ENTRYPOINT (["yap"]) and therefore dispatches bare sub-commands like
+// ["prepare", ...]. The rootless backend has no ENTRYPOINT and execs args[0]
+// directly, so we must prepend the yap binary path ourselves.
+const entrypoint = "/usr/bin/yap"
+
 // Run executes args inside the distro rootfs with workDir bind-mounted as /workspace.
+// args are the bare sub-command + flags (no binary name), matching the CLI
+// runtime contract; the image ENTRYPOINT (yap) is prepended here.
 func (r *Runtime) Run(distro, workDir string, args []string) error {
-	return RunInRootless(distro, workDir, args)
+	return RunInRootless(distro, workDir, append([]string{entrypoint}, args...))
 }
 
 // RunShell executes a shell command string inside the distro rootfs.