Possibly we need to copy the system.IsAbs here for cross platform; see

☝️ looks like I wrote that up earlier today, but didn't submit. Per discussion in the call; we may not need this, or indeed can create a local copy of it.

We shouldn't need it here since we are not running it on non-sanitized input

Looks like this implementation of set/get xattr didn't preserve the improvements that were made to provide more information about the name of the attribute that failed;

• Fail unpacking images with xattrs to filesystems without xattr support #45464
• pkg/system: return even richer xattr errors #47174

Should we preserve that?

I'll put the path error back and just wrap the error there. Introducing a new error type is not needed and creates another dependency.

Yeah, I don't think the error-type was matched anywhere, but it was purely for formatting (?)

This needs differentiation, because the new implementation doesn't support (Free)BSD; moby/buildkit#5602

49.21 # github.com/docker/docker/pkg/archive
49.21 vendor/github.com/docker/docker/pkg/archive/archive_unix.go:111:32: cannot use int(unix.Mkdev(uint32(hdr.Devmajor), uint32(hdr.Devminor))) (value of type int) as uint64 value in argument to unix.Mknod

Yes see also https://github.com/tonistiigi/fsutil/blob/bec5f0e1255330c04d8c05315b5a3cd3fa3e1590/diskwriter_freebsd.go#L12

Here as well; looks like this doesn't support (Free)BSD; moby/buildkit#5602

49.21 vendor/github.com/docker/docker/pkg/archive/path_unix.go:38:26: undefined: unix.ENODATA

Looks like FreeBSD has ENOATTR instead:

If the named attribute does not exist, or the process has no access to this attribute, errno is set to ENOATTR.

87 ENOATTR Attribute not found. The specified extended attribute does not exist.

More failures in the buildx repository, which also runs on OpenBSD (looks like xattrs are not supported there);

• vendor: docker, docker/cli v28.0.0-rc.1 docker/buildx#2868

#25 [linux/amd64->openbsd/amd64 buildx-build 1/1] RUN --mount=type=bind,target=.   --mount=type=cache,target=/root/.cache   --mount=type=cache,target=/go/pkg/mod   --mount=type=bind,from=buildx-version,source=/buildx-version,target=/buildx-version <<EOT (set -e...)
#25 0.070 + CGO_ENABLED=0 go build -mod vendor -trimpath -ldflags '-X github.com/docker/buildx/version.Version=53dca9a -X github.com/docker/buildx/version.Revision=53dca9a8946feca5ba7a63cb96140d94f2067656 -X github.com/docker/buildx/version.Package=github.com/docker/buildx -s -w' -o /usr/bin/docker-buildx ./cmd/buildx
#25 35.10 # github.com/docker/docker/pkg/archive
#25 35.10 vendor/github.com/docker/docker/pkg/archive/path_unix.go:25:18: undefined: unix.Lgetxattr
#25 35.10 vendor/github.com/docker/docker/pkg/archive/path_unix.go:29:18: undefined: unix.Lgetxattr
#25 35.10 vendor/github.com/docker/docker/pkg/archive/path_unix.go:34:18: undefined: unix.Lgetxattr
#25 35.10 vendor/github.com/docker/docker/pkg/archive/path_unix.go:38:26: undefined: unix.ENODATA
#25 35.10 vendor/github.com/docker/docker/pkg/archive/path_unix.go:50:53: undefined: unix.Lsetxattr

Previously this code was in _linux.go file, so the xattrs were not used on BSD before. I think we can leave making the BSD work for a follow up.

Updated, it should match what is defined in golang.org/x/sys/unix now

Just to make sure I blame myself not asking; I recall there was some special handling for 32-bit; is that no longer needed, or was that only needed for Windows situations?

I'm just going to pull in containerd's implementation for this, at some point we should have this unified

More a "comment" than "need to change". I took this approach as well in some cases, but found that sometimes it became confusing, because this will be listed under variables in GoDoc, not under functions. Less relevant for non-exported functions, but for that reason I sometimes started to lean towards adding a wrapper function instead, i.e..

func mknod(path string, mode uint32, dev uint64)) error {
	return unix.Mknod(path, mode, dev)
}

(no need to change, fine as-is IMO)