fix: tailscale container hook supports xbps, arch detection, and static binary fallback

[medzin]

Fixes #2650.

• Add xbps-install detection for Void Linux.
• Add static binary fallback when no package manager is available: fetch static jq from jqlang/jq releases (the Tailscale tarball is already static, so jq was the only remaining dependency). Exit-node mode still errors clearly under the fallback since it needs iptables.
• Detect host arch (uname -m) and pick the matching Tailscale tarball + jq binary; was hardcoded amd64.
• mkdir -p /var/log before redirecting tailscaled output, so the daemon starts on images that don't ship the directory.

Verified end-to-end against searxng/searxng:latest (exercises the static fallback + arch detection + /var/log fix) and ghcr.io/void-linux/void-glibc-full:latest (exercises the xbps path). In both, tailscaled boots and tailscale up reaches controlplane.tailscale.com, failing only at fake auth key validation.

Summary by CodeRabbit

• Bug Fixes
  • Enhanced multi-architecture CPU detection with automatic selection of architecture-specific binaries
  • Extended Linux distribution compatibility by supporting additional package managers
  • Implemented static binary fallback mechanism for systems without standard package managers
  • Improved logging system initialization and reliability

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 8f49df24-d2d6-45a0-a55c-2a1e7a839813

📥 Commits

Reviewing files that changed from the base of the PR and between 982b3c2 and d7d2a35.

📒 Files selected for processing (1)

• share/docker/tailscale_container_hook

---

Walkthrough

The Tailscale container hook script now detects host CPU architecture and adapts binary selection, adds support for xbps-install package manager, implements a static-binary fallback mode for unsupported environments, and ensures correct log directory setup. Architecture-specific Tailscale tarballs are downloaded based on detected CPU type.

Changes

Tailscale Container Hook Multi-Architecture Support

Layer / File(s)	Summary
Architecture Detection and Binary Mapping share/docker/tailscale_container_hook	Host CPU architecture is detected using uname -m and mapped to both Tailscale binary (TS_ARCH) and static jq download (JQ_ARCH) identifiers.
Package Manager Detection and Static Fallback Strategy share/docker/tailscale_container_hook	Package manager detection extends to xbps-install; when no supported manager is found, a fallback mode conditionally blocks iptables and installs jq from a static architecture-specific binary download instead of failing.
Architecture-specific Tailscale Installation share/docker/tailscale_container_hook	Tailscale tgz download and extraction now use the detected TS_ARCH to select the correct tarball, with architecture-aware extraction and copy paths.
Log Directory Creation share/docker/tailscale_container_hook	/var/log directory is created before log redirection configuration is applied for tailscaled.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A rabbit hops through architectures wide,
Where Tailscale dances, arm and x86 side by side.
When apt goes missing, the static fallback thrives—
No package manager? No problem—the script survives! 🎉

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main changes: xbps support, architecture detection, and static binary fallback for the Tailscale container hook.
Linked Issues check	✅ Passed	All objectives from issue #2650 are addressed: xbps-install detection added, static binary fallback implemented, architecture detection via uname implemented, and /var/log directory creation added.
Out of Scope Changes check	✅ Passed	All changes are directly related to the objectives specified in issue #2650; no unrelated modifications are present in the hook script.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}