feat: relax extensions file structure validation

* allow empty directories (I see no harm in having them)
* allow symlinks

See also siderolabs/extensions#20

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
(cherry picked from commit cd4d4c6)

Author: smira

internal/pkg/extensions/extensions_test.go

@@ -76,10 +76,6 @@ func TestValidateFailures(t *testing.T) {
 			name:      "norootfs",
 			loadError: "extension rootfs is missing",
 		},
-		{
-			name:          "symlinks",
-			validateError: "symlinks are not allowed: \"/usr/local/b\"",
-		},
 		{
 			name:          "badpaths",
 			validateError: "path \"/boot/vmlinuz\" is not allowed in extensions",

internal/pkg/extensions/testdata/bad/symlinks/manifest.yaml

@@ -0,0 +1 @@
+a.so

internal/pkg/extensions/testdata/bad/symlinks/rootfs/usr/local/b

@@ -70,11 +70,6 @@ func (ext *Extension) validateContents() error {
 			return fmt.Errorf("world-writeable files are not allowed: %q", itemPath)
 		}
 
-		// no symlinks
-		if d.Type().Type() == os.ModeSymlink {
-			return fmt.Errorf("symlinks are not allowed: %q", itemPath)
-		}
-
 		var st fs.FileInfo
 
 		st, err = d.Info()
@@ -88,24 +83,10 @@ func (ext *Extension) validateContents() error {
 		}
 
 		// no special files
-		if !d.IsDir() && !d.Type().IsRegular() {
+		if !d.IsDir() && !d.Type().IsRegular() && d.Type().Type() != os.ModeSymlink {
 			return fmt.Errorf("special files are not allowed: %q", itemPath)
 		}
 
-		// directories should be non-empty
-		if d.IsDir() {
-			var contents []fs.DirEntry
-
-			contents, err = os.ReadDir(path)
-			if err != nil {
-				return err
-			}
-
-			if len(contents) == 0 {
-				return fmt.Errorf("empty directories are not allowed: %q", itemPath)
-			}
-		}
-
 		// regular file: check for file path being whitelisted
 		if !d.IsDir() {
 			dirPath := filepath.Dir(itemPath)