Update ListXattrs to check for xattrs in memory and on disk

[egibs]

#1570 allowed xattrs to work in QEMU but subsequently broke xattrs for runners that use bind mounts (i.e., Bubblewrap and Docker).

This PR addresses this by checking for xattrs both in-memory and on-disk to ensure that we retrieve every possible xattr.

I built fping with Bubblewrap, Docker, and QEMU with this change and it seemed to work. I had some Melange changes but I don't think they're necessary and I ended up removing them.

Bubblewrap:

# rm -rf packages; make package/fping
@SOURCE_DATE_EPOCH= /home/user/.goenv/shims/melange build fping.yaml --runner bubblewrap --repository-append /home/user/repos/os/packages --keyring-append local-melange.rsa.pub --signing-key local-melange.rsa --arch x86_64 --env-file build-x86_64.env --namespace wolfi --license 'Apache-2.0' --git-repo-url 'https://github.com/wolfi-dev/os' --generate-index false  --pipeline-dir ./pipelines/  -k https://packages.wolfi.dev/os/wolfi-signing.rsa.pub -r https://packages.wolfi.dev/os --repository-append /home/user/repos/os/packages --keyring-append local-melange.rsa.pub --signing-key local-melange.rsa --arch x86_64 --env-file build-x86_64.env --namespace wolfi --license 'Apache-2.0' --git-repo-url 'https://github.com/wolfi-dev/os' --generate-index false  --pipeline-dir ./pipelines/  -k https://packages.wolfi.dev/os/wolfi-signing.rsa.pub -r https://packages.wolfi.dev/os --source-dir ./fping/
2025/03/24 17:27:12 WARN SOURCE_DATE_EPOCH is specified but empty, setting it to 1970-01-01 00:00:00 +0000 UTC
2025/03/24 17:27:12 INFO melange v0.23.1+dirty is building:
2025/03/24 17:27:12 INFO populating workspace /tmp/melange-workspace-1332706449 from ./fping/
...
2025/03/24 17:27:23 INFO generating package fping-5.3-r0
2025/03/24 17:27:23 INFO scanning for ld.so.conf.d files...
2025/03/24 17:27:23 INFO scanning for shared object dependencies...
2025/03/24 17:27:23 INFO interpreter for fping => /lib64/ld-linux-x86-64.so.2
2025/03/24 17:27:23 INFO   found lib libc.so.6 for usr/sbin/fping
2025/03/24 17:27:23 INFO scanning for commands...
2025/03/24 17:27:23 INFO   found command usr/sbin/fping
2025/03/24 17:27:23 INFO scanning for -doc package...
2025/03/24 17:27:23 INFO scanning for pkg-config data...
2025/03/24 17:27:23 INFO scanning for python modules...
2025/03/24 17:27:23 INFO scanning for ruby gems...
2025/03/24 17:27:23 INFO scanning for shbang deps...
2025/03/24 17:27:23 INFO   runtime:
2025/03/24 17:27:23 INFO     so:ld-linux-x86-64.so.2
2025/03/24 17:27:23 INFO     so:libc.so.6
2025/03/24 17:27:23 INFO   provides:
2025/03/24 17:27:23 INFO     cmd:fping=5.3-r0
2025/03/24 17:27:23 INFO   installed-size: 102185
security.capability [1 0 0 2 0 32 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
2025/03/24 17:27:23 INFO   data.tar.gz digest: 11ae9e3ea773a75e686aee4003f27e692e2005cf99b2f3825326182d79d1a494
2025/03/24 17:27:23 INFO wrote packages/x86_64/fping-5.3-r0.apk
2025/03/24 17:27:23 INFO generating package fping-doc-5.3-r0

# cd packages/x86_64/
# tar --xattrs --xattrs-include='*.*' -xvf fping-5.3-r0.apk
...
usr/sbin/fping
...

# echo $MELANGE_OPTS && getcap usr/sbin/fping
--runner bubblewrap
usr/sbin/fping cap_net_raw=ep

Docker:

# rm -rf packages; make package/fping
@SOURCE_DATE_EPOCH= /home/user/.goenv/shims/melange build fping.yaml --runner docker --repository-append /home/user/repos/os/packages --keyring-append local-melange.rsa.pub --signing-key local-melange.rsa --arch x86_64 --env-file build-x86_64.env --namespace wolfi --license 'Apache-2.0' --git-repo-url 'https://github.com/wolfi-dev/os' --generate-index false  --pipeline-dir ./pipelines/  -k https://packages.wolfi.dev/os/wolfi-signing.rsa.pub -r https://packages.wolfi.dev/os --repository-append /home/user/repos/os/packages --keyring-append local-melange.rsa.pub --signing-key local-melange.rsa --arch x86_64 --env-file build-x86_64.env --namespace wolfi --license 'Apache-2.0' --git-repo-url 'https://github.com/wolfi-dev/os' --generate-index false  --pipeline-dir ./pipelines/  -k https://packages.wolfi.dev/os/wolfi-signing.rsa.pub -r https://packages.wolfi.dev/os --source-dir ./fping/
2025/03/24 17:30:02 WARN SOURCE_DATE_EPOCH is specified but empty, setting it to 1970-01-01 00:00:00 +0000 UTC
2025/03/24 17:30:02 INFO melange v0.23.1+dirty is building:
2025/03/24 17:30:02 INFO populating workspace /tmp/melange-workspace-365751999 from ./fping/
...
2025/03/24 17:30:18 INFO generating package fping-5.3-r0
2025/03/24 17:30:18 INFO scanning for ld.so.conf.d files...
2025/03/24 17:30:18 INFO scanning for shared object dependencies...
2025/03/24 17:30:18 INFO interpreter for fping => /lib64/ld-linux-x86-64.so.2
2025/03/24 17:30:18 INFO   found lib libc.so.6 for usr/sbin/fping
2025/03/24 17:30:18 INFO scanning for commands...
2025/03/24 17:30:18 INFO   found command usr/sbin/fping
2025/03/24 17:30:18 INFO scanning for -doc package...
2025/03/24 17:30:18 INFO scanning for pkg-config data...
2025/03/24 17:30:18 INFO scanning for python modules...
2025/03/24 17:30:18 INFO scanning for ruby gems...
2025/03/24 17:30:18 INFO scanning for shbang deps...
2025/03/24 17:30:18 INFO   runtime:
2025/03/24 17:30:18 INFO     so:ld-linux-x86-64.so.2
2025/03/24 17:30:18 INFO     so:libc.so.6
2025/03/24 17:30:18 INFO   provides:
2025/03/24 17:30:18 INFO     cmd:fping=5.3-r0
2025/03/24 17:30:18 INFO   installed-size: 102185
security.capability [1 0 0 2 0 32 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
2025/03/24 17:30:18 INFO   data.tar.gz digest: 11ae9e3ea773a75e686aee4003f27e692e2005cf99b2f3825326182d79d1a494
2025/03/24 17:30:18 INFO wrote packages/x86_64/fping-5.3-r0.apk
# cd packages/x86_64/
# tar --xattrs --xattrs-include='*.*' -xvf fping-5.3-r0.apk
...
usr/sbin/fping
...

# echo $MELANGE_OPTS && getcap usr/sbin/fping
--runner docker
usr/sbin/fping cap_net_raw=ep

QEMU:

# rm -rf packages; make package/fping
Building package fping with version fping-5.3-r0 from file fping.yaml
/Library/Developer/CommandLineTools/usr/bin/make yamlfile=fping.yaml pkgname=fping packages/aarch64/fping-5.3-r0.apk
...
2025/03/24 12:32:37 INFO melange v0.0.0-20250321124929-eebaeaf3f5af+dirty is building:
2025/03/24 12:32:37 INFO populating workspace /var/folders/n6/xxn5d2zd3l1gghpx_7qppzs00000gn/T/melange-workspace-1852268724 from ./fping/
2025/03/24 12:33:14 INFO generating package fping-5.3-r0
2025/03/24 12:33:14 INFO scanning for ld.so.conf.d files...
2025/03/24 12:33:14 INFO scanning for shared object dependencies...
2025/03/24 12:33:14 INFO interpreter for fping => /lib/ld-linux-aarch64.so.1
2025/03/24 12:33:14 INFO   found lib libc.so.6 for usr/sbin/fping
2025/03/24 12:33:14 INFO   found lib ld-linux-aarch64.so.1 for usr/sbin/fping
2025/03/24 12:33:14 INFO scanning for commands...
2025/03/24 12:33:14 INFO   found command usr/sbin/fping
2025/03/24 12:33:14 INFO scanning for -doc package...
2025/03/24 12:33:14 INFO scanning for pkg-config data...
2025/03/24 12:33:14 INFO scanning for python modules...
2025/03/24 12:33:14 INFO scanning for ruby gems...
2025/03/24 12:33:14 INFO scanning for shbang deps...
2025/03/24 12:33:14 INFO   runtime:
2025/03/24 12:33:14 INFO     so:ld-linux-aarch64.so.1
2025/03/24 12:33:14 INFO     so:libc.so.6
2025/03/24 12:33:14 INFO   provides:
2025/03/24 12:33:14 INFO     cmd:fping=5.3-r0
2025/03/24 12:33:14 INFO   installed-size: 83773
com.apple.provenance [1 2 0 43 12 196 50 72 82 68 93]
...
security.capability [1 0 0 2 0 32 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
...
025/03/24 12:33:14 INFO   data.tar.gz digest: b0aff5531d6d17bcf7800fdbdea9dfd72372a5c3b5783ba29f429e33bb7672f6
2025/03/24 12:33:14 INFO wrote packages/aarch64/fping-5.3-r0.apk

# tar --xattrs --xattrs-include='*.*' -xvf fping-5.3-r0.apk
...
tar: setxattrat: Cannot set 'security.capability' extended attribute for file 'usr/sbin/fping': Operation not supported
...

I also checked one of the problematic builds we were seeing:

2025/03/24 17:41:21 INFO generating package emissary-3.9.1-r14
2025/03/24 17:41:21 INFO scanning for ld.so.conf.d files...
2025/03/24 17:41:21 INFO scanning for shared object dependencies...
2025/03/24 17:41:21 INFO interpreter for busyambassador => /lib64/ld-linux-x86-64.so.2
2025/03/24 17:41:21 INFO   found lib libc.so.6 for usr/bin/busyambassador
2025/03/24 17:41:21 INFO scanning for commands...
2025/03/24 17:41:21 INFO   found command usr/bin/busyambassador
2025/03/24 17:41:21 INFO   found command usr/bin/wrapper
2025/03/24 17:41:21 INFO scanning for -doc package...
2025/03/24 17:41:21 INFO scanning for pkg-config data...
2025/03/24 17:41:21 INFO scanning for python modules...
2025/03/24 17:41:21 INFO scanning for ruby gems...
2025/03/24 17:41:21 INFO scanning for shbang deps...
2025/03/24 17:41:21 INFO   runtime:
2025/03/24 17:41:21 INFO     datawire-envoy-privileged
2025/03/24 17:41:21 INFO     git
2025/03/24 17:41:21 INFO     py3-ambassador
2025/03/24 17:41:21 INFO     so:ld-linux-x86-64.so.2
2025/03/24 17:41:21 INFO     so:libc.so.6
2025/03/24 17:41:21 INFO   provides:
2025/03/24 17:41:21 INFO     cmd:busyambassador=3.9.1-r14
2025/03/24 17:41:21 INFO     cmd:wrapper=3.9.1-r14
2025/03/24 17:41:21 INFO   installed-size: 104874627
security.capability [0 0 0 2 0 4 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
2025/03/24 17:41:21 INFO   data.tar.gz digest: b3e8d6fef7a40c4e3efa85adf93785184f28a97d633c413b5b6d171461bc49c3
2025/03/24 17:41:21 INFO wrote packages/x86_64/emissary-3.9.1-r14.apk
...
# getcap usr/bin/wrapper
usr/bin/wrapper cap_net_bind_service=p