rc/vmz
1
0
Fork 0
Code Issues 33 Pull requests 3 Projects Releases Packages Wiki Activity Actions

Resolve latest-stable before caching downloaded assets #44

New issue
Open
opened 2026-05-22 13:05:09 +00:00 by rc · 0 comments
rc commented 2026-05-22 13:05:09 +00:00
Owner
Copy link

Finding:
The default download path caches assets under the moving Alpine alias latest-stable, and the run path later regenerates the kernel cmdline from that alias.

Problem:

  • src/utils.zig sets default_version = "latest-stable" and builds alpine_repo={base_url}/{version}/main.
  • src/cmd_download.zig writes the downloaded kernel/initrd into ~/Library/Application Support/vmz/<version>/.
  • If a user downloads while latest-stable points at one Alpine release and boots after the alias moves, the cached kernel/initrd can be paired with a newer repository URL.

Impact:
This can create hard-to-reproduce boot or package failures after Alpine releases, because the local cache name does not capture the concrete release it came from.

Suggested fix:
Resolve latest-stable to a concrete v3.x release at download time, store assets under that concrete release, and either keep alias metadata or refresh the alias explicitly. The run path should use the same resolved repo URL that matched the downloaded assets.

Relevant code:

  • src/utils.zig: default version and default command line.
  • src/cmd_download.zig: download URL and destination directory.
Finding: The default download path caches assets under the moving Alpine alias `latest-stable`, and the run path later regenerates the kernel cmdline from that alias. Problem: - `src/utils.zig` sets `default_version = "latest-stable"` and builds `alpine_repo={base_url}/{version}/main`. - `src/cmd_download.zig` writes the downloaded kernel/initrd into `~/Library/Application Support/vmz/<version>/`. - If a user downloads while `latest-stable` points at one Alpine release and boots after the alias moves, the cached kernel/initrd can be paired with a newer repository URL. Impact: This can create hard-to-reproduce boot or package failures after Alpine releases, because the local cache name does not capture the concrete release it came from. Suggested fix: Resolve `latest-stable` to a concrete `v3.x` release at download time, store assets under that concrete release, and either keep alias metadata or refresh the alias explicitly. The run path should use the same resolved repo URL that matched the downloaded assets. Relevant code: - `src/utils.zig`: default version and default command line. - `src/cmd_download.zig`: download URL and destination directory.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
codex/verbose-logging
codex-fix-run-without-initrd
codex-package-libvmz
swfit
output
No results found.
Labels
Clear labels   
highprio

   
lowprio
No labels
highprio
lowprio
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
rc/vmz#44
No description provided.