bazel: use patched RPATH in bootstrapper and disk-mapper binaries

.github/actions/build_bootstrapper/action.yml

@@ -18,7 +18,7 @@ runs:
       run: |
         echo "::group::Build the bootstrapper"
         mkdir -p "$(dirname "${OUTPUT_PATH}")"
-        label=//bootstrapper/cmd/bootstrapper:bootstrapper_linux_amd64
+        label=//bootstrapper/cmd/bootstrapper:bootstrapper_patched
         bazel build "${label}"
         repository_root=$(git rev-parse --show-toplevel)
         out_rel=$(bazel cquery --output=files "${label}")

bazel/devbuild/BUILD.bazel

@@ -6,7 +6,7 @@ sh_template(
     data = [
         ":devbuild_cli_edition",
         "//bazel/release:container_sums",
-        "//bootstrapper/cmd/bootstrapper:bootstrapper_linux_amd64",
+        "//bootstrapper/cmd/bootstrapper:bootstrapper_patched",
         "//cli:cli_edition_host",
         "//debugd/cmd/cdbg:cdbg_host",
         "//terraform-provider-constellation:terraform_rc",
@@ -15,7 +15,7 @@ sh_template(
         "@yq_toolchains//:resolved_toolchain",
     ],
     substitutions = {
-        "@@BOOTSTRAPPER@@": "$(rootpath //bootstrapper/cmd/bootstrapper:bootstrapper_linux_amd64)",
+        "@@BOOTSTRAPPER@@": "$(rootpath //bootstrapper/cmd/bootstrapper:bootstrapper_patched)",
         "@@CDBG@@": "$(rootpath //debugd/cmd/cdbg:cdbg_host)",
         "@@CLI@@": "$(rootpath //cli:cli_edition_host)",
         "@@CONTAINER_SUMS@@": "$(rootpath //bazel/release:container_sums)",

bootstrapper/cmd/bootstrapper/BUILD.bazel

@@ -1,6 +1,7 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
 load("@rules_pkg//:pkg.bzl", "pkg_tar")
 load("//bazel/go:platform.bzl", "platform_binary")
+load("//bazel/patchelf:patchelf.bzl", "patchelf")
 
 go_library(
     name = "bootstrapper_lib",
@@ -61,17 +62,25 @@ go_binary(
 
 platform_binary(
     name = "bootstrapper_linux_amd64",
-    platform = "@zig_sdk//libc_aware/platform:linux_amd64_gnu.2.23",
+    platform = "//bazel/platforms:constellation_os",
     target_file = ":bootstrapper",
+)
+
+patchelf(
+    name = "bootstrapper_patched",
+    src = ":bootstrapper_linux_amd64",
+    out = "bootstrapper_with_nix_rpath",
+    interpreter = "@cryptsetup_x86_64-linux//:dynamic-linker",
+    rpath = "@cryptsetup_x86_64-linux//:rpath",
     visibility = ["//visibility:public"],
 )
 
 pkg_tar(
     name = "bootstrapper-package",
     srcs = [
-        ":bootstrapper_linux_amd64",
+        ":bootstrapper_patched",
     ],
     mode = "0755",
-    remap_paths = {"/platform:linux_amd64_gnu.2.23": "/usr/bin/bootstrapper"},
+    remap_paths = {"/bootstrapper_with_nix_rpath": "/usr/bin/bootstrapper"},
     visibility = ["//visibility:public"],
 )

disk-mapper/cmd/BUILD.bazel

@@ -1,6 +1,7 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
 load("@rules_pkg//:pkg.bzl", "pkg_tar")
 load("//bazel/go:platform.bzl", "platform_binary")
+load("//bazel/patchelf:patchelf.bzl", "patchelf")
 
 go_library(
     name = "cmd_lib",
@@ -41,17 +42,25 @@ go_binary(
 
 platform_binary(
     name = "disk-mapper_linux_amd64",
-    platform = "@zig_sdk//libc_aware/platform:linux_amd64_gnu.2.23",
+    platform = "//bazel/platforms:constellation_os",
     target_file = ":cmd",
     visibility = ["//visibility:public"],
 )
 
+patchelf(
+    name = "disk-mapper_patched",
+    src = ":disk-mapper_linux_amd64",
+    out = "disk-mapper_with_nix_rpath",
+    interpreter = "@cryptsetup_x86_64-linux//:dynamic-linker",
+    rpath = "@cryptsetup_x86_64-linux//:rpath",
+)
+
 pkg_tar(
     name = "disk-mapper-package",
     srcs = [
-        ":disk-mapper_linux_amd64",
+        ":disk-mapper_patched",
     ],
     mode = "0755",
-    remap_paths = {"/platform:linux_amd64_gnu.2.23": "/usr/sbin/disk-mapper"},
+    remap_paths = {"/disk-mapper_with_nix_rpath": "/usr/sbin/disk-mapper"},
     visibility = ["//visibility:public"],
 )