Malte Poll

Yeah the musl platform and in theory also auto detection would work in cases where you have a dynamically linked musl libc and are on alpine or similar. My use...

Nobody has attempted to implement this yet. I don't have the capacity work on it at the moment. If anybody wants to try, I'd be super happy to see this...

Small update: [I wrote a rule](https://github.com/edgelesssys/constellation/blob/c23aef344db18454473b1aff668fadb530d4dc76/bazel/patchelf/patchelf.bzl) for automating the patchelf step. If you are interested, I could upstream this work to rules_nixpkgs.

> Your patchelf rule is an interesting approach, but it seems like it still requires the Nix store on the target machine to have all the necessary paths? Yes. That's...

I think I fully understand the problem now and can offer a solution. This behavior only occurs when the local Bazel is coming from nixpkgs. Bazel from nixpkgs has a...

Thank you for taking a look. While both issues are related to Go and mktemp, they have different root causes.

Tested the new API for my use-case. The new authenticode parsing API looks nice and seems to produce identical results.

@alexeagle @thesayyn gentle reminder. Could someone take a look at this?

Gentle ping: could you review either #706 or #720?

Happy to elaborate on this a bit. I'm talking about two different but related features: - per-action sandboxing - worker isolation > Do you mean action-specific sandboxes that are automatically...