fix: one-shot-token.so fails to load on musl/Alpine hosts (ARC runners)

[Copilot]

one-shot-token.so compiled against glibc pulls in __fprintf_chk (a _FORTIFY_SOURCE artifact), causing LD_PRELOAD to fail with symbol not found: __fprintf_chk on musl-based hosts (Alpine DinD / ARC self-hosted runners).

Changes

• Dockerfile + build.sh: Add -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 to gcc flags — eliminates the __fprintf_chk dependency while preserving all other hardening:

  gcc -shared -fPIC -fvisibility=hidden -O2 -Wall -s \
      -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 \
      -o /usr/local/lib/one-shot-token.so one-shot-token.c -ldl -lpthread

• entrypoint.sh (chroot mode): Add a runtime compatibility probe before setting ONE_SHOT_TOKEN_LIB. Uses the host's own /bin/true to surface linker failures before committing to LD_PRELOAD; degrades gracefully with a warning rather than crashing on incompatible hosts:

  if LD_PRELOAD=/host/tmp/awf-lib/one-shot-token.so /host/bin/true 2>/dev/null; then
      ONE_SHOT_TOKEN_LIB="/tmp/awf-lib/one-shot-token.so"
  else
      echo "[entrypoint][WARN] one-shot-token.so failed to load on host libc (e.g. musl/Alpine)"
      # token protection disabled, tokens remain in env
  fi

• README.md: Update build snippet and limitations to reflect musl compatibility and graceful degradation.

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	86.45%	86.53%	📈 +0.08%
Statements	86.38%	86.46%	📈 +0.08%
Functions	90.61%	90.61%	➡️ +0.00%
Branches	79.23%	79.27%	📈 +0.04%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/container-lifecycle.ts	86.1% → 87.2% (+1.09%)	86.3% → 87.4% (+1.08%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[Copilot]

Pull request overview

This PR aims to improve reliability of the agent’s one-shot-token.so LD_PRELOAD library when running in chroot mode on musl/Alpine-based hosts (e.g., ARC runners), by adjusting compilation flags to avoid fortified glibc symbol dependencies and adding a runtime compatibility probe with graceful fallback.

Changes:

• Add -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 to the one-shot-token.so build in the agent Dockerfile and the local build.sh.
• Add a runtime probe in containers/agent/entrypoint.sh to avoid enabling LD_PRELOAD when the host loader/libc can’t load the library.
• Update one-shot-token README to document the build flag rationale and chroot limitations.

Show a summary per file

File	Description
containers/agent/one-shot-token/README.md	Documents the new build flags and updates limitations language for musl/glibc behavior.
containers/agent/one-shot-token/build.sh	Adds the same compile flags for local builds (but currently has a blocking script issue).
containers/agent/entrypoint.sh	Adds a host compatibility probe before setting LD_PRELOAD in chroot mode.
containers/agent/Dockerfile	Adds the compile flags during image build to reduce glibc fortified-symbol linkage.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 4/4 changed files
• Comments generated: 3

[lpcox]

@copilot address the review feedback

[Copilot]

@copilot address the review feedback

Done in 4114e61. Three issues addressed:

1. entrypoint.sh probe: Changed from LD_PRELOAD=/host/tmp/... /host/bin/true to chroot /host /bin/sh -c 'LD_PRELOAD=/tmp/awf-lib/one-shot-token.so /bin/true' — the probe now runs inside the chroot so the ELF interpreter (e.g. /lib/ld-musl-*.so.1 on Alpine) resolves against the host filesystem, not the container's. Also broadened the warning message to reflect general linker incompatibility rather than __fprintf_chk specifically.

2. build.sh variables: Added SOURCE_FILE="${SCRIPT_DIR}/one-shot-token.c" and OUTPUT_FILE="${SCRIPT_DIR}/one-shot-token.so" definitions (they were used throughout the script but never defined). Also fixed the stale "Rust/Cargo" comment.

[github-actions]

🔬 Smoke Test Results

Test	Status
GitHub MCP connectivity	✅
GitHub.com HTTP connectivity	✅ (pre-step)
File write/read	⚠️ path not expanded (template vars unresolved)

PR: fix: one-shot-token.so fails to load on musl/Alpine hosts (ARC runners)
Author: @Copilot | Assignees: @lpcox @Copilot

Overall: PASS (MCP and HTTP confirmed; file test skipped due to unexpanded template vars)

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

Smoke Test Results

✅ GitHub MCP: Last 2 merged PRs retrieved
✅ Playwright: Page navigation + title verification
✅ File Writing: Test file created with timestamp
✅ Bash: File content verified

Status: PASS

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

Chroot Version Comparison Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.13	Python 3.12.3	❌ NO
Node.js	v24.14.1	v20.20.2	❌ NO
Go	go1.22.12	go1.22.12	✅ YES

Result: ❌ Not all tests passed. Python and Node.js versions differ between host and chroot environments. The smoke-chroot label was not applied.

Tested by Smoke Chroot

[github-actions]

Smoke Test: Copilot BYOK (Offline) Mode

Test	Result
GitHub MCP (fix: unexport internal helpers from ssl-bump and host-iptables)	✅
GitHub.com connectivity	⚠️ pre-step data unavailable (template not substituted)
File write/read	⚠️ pre-step data unavailable (template not substituted)
BYOK inference (agent → api-proxy → api.githubcopilot.com)	✅

Running in BYOK offline mode (COPILOT_OFFLINE=true) via api-proxy → api.githubcopilot.com

PR by @Copilot, assignees: @lpcox, @Copilot

Overall: PARTIAL PASS (BYOK inference ✅; pre-step outputs not substituted)

🔑 BYOK report filed by Smoke Copilot BYOK

[github-actions]

Smoke Test

fix: unexport internal helpers from ssl-bump and host-iptables (#2532)
api-proxy: listen on all ports unconditionally, return clear errors for missing credentials (#2520)
GitHub MCP review ❌
Safeinputs GH CLI query ❌
Playwright title check ✅
Tavily search ❌
File write/read + bash verify ✅
Discussion comment ✅
Build (npm ci && npm run build) ✅
Overall status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex

[github-actions]

Smoke Test Results

• Redis PING: ❌ (connection timeout)
• PostgreSQL pg_isready: ❌ (no response on port 5432)
• PostgreSQL SELECT 1: ❌ (not attempted, pg_isready failed)

Overall: FAIL — host.docker.internal is not reachable from this environment. Service containers appear unavailable.

🔌 Service connectivity validated by Smoke Services

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	1/1 passed	✅ PASS
Go	env	✅	1/1 passed	✅ PASS
Go	uuid	✅	1/1 passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	All passed	✅ PASS
Node.js	execa	✅	All passed	✅ PASS
Node.js	p-limit	✅	All passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #2538 · ● 588.3K · ◷