armbian-next: introduce internal base tmp dir; check it early for sanity ref noexec and nodev mount options

2025-09-24 19:47:06 +07:00 · 2022-12-17 13:32:52 +01:00
parent 0c5b10a77b
commit c251073b78
3 changed files with 34 additions and 6 deletions
--- a/lib/functions/cli/entrypoint.sh
+++ b/lib/functions/cli/entrypoint.sh
@@ -93,13 +93,14 @@ function cli_entrypoint() {
 	display_alert "Build UUID:" "${ARMBIAN_BUILD_UUID}" "debug"

 	# Super-global variables, used everywhere. The directories are NOT _created_ here, since this very early stage.
-	export WORKDIR="${SRC}/.tmp/work-${ARMBIAN_BUILD_UUID}" # WORKDIR at this stage. It will become TMPDIR later. It has special significance to `mktemp` and others!
-	export LOGDIR="${SRC}/.tmp/logs-${ARMBIAN_BUILD_UUID}"  # Will be initialized very soon, literally, below.
+	declare -g WORKDIR_BASE_TMP="${SRC}/.tmp"                       # a.k.a. ".tmp" dir.
+	export WORKDIR="${WORKDIR_BASE_TMP}/work-${ARMBIAN_BUILD_UUID}" # WORKDIR at this stage. It will become TMPDIR later. It has special significance to `mktemp` and others!
+	export LOGDIR="${WORKDIR_BASE_TMP}/logs-${ARMBIAN_BUILD_UUID}"  # Will be initialized very soon, literally, below.
 	# @TODO: These are used by actual build, move to its cli handler.
-	export SDCARD="${SRC}/.tmp/rootfs-${ARMBIAN_BUILD_UUID}"                        # SDCARD (which is NOT an sdcard, but will be, maybe, one day) is where we work the rootfs before final imaging. "rootfs" stage.
-	export MOUNT="${SRC}/.tmp/mount-${ARMBIAN_BUILD_UUID}"                          # MOUNT ("mounted on the loop") is the mounted root on final image (via loop). "image" stage
-	export EXTENSION_MANAGER_TMP_DIR="${SRC}/.tmp/extensions-${ARMBIAN_BUILD_UUID}" # EXTENSION_MANAGER_TMP_DIR used to store extension-composed functions
-	export DESTIMG="${SRC}/.tmp/image-${ARMBIAN_BUILD_UUID}"                        # DESTIMG is where the backing image (raw, huge, sparse file) is kept (not the final destination)
+	export SDCARD="${WORKDIR_BASE_TMP}/rootfs-${ARMBIAN_BUILD_UUID}"                        # SDCARD (which is NOT an sdcard, but will be, maybe, one day) is where we work the rootfs before final imaging. "rootfs" stage.
+	export MOUNT="${WORKDIR_BASE_TMP}/mount-${ARMBIAN_BUILD_UUID}"                          # MOUNT ("mounted on the loop") is the mounted root on final image (via loop). "image" stage
+	export EXTENSION_MANAGER_TMP_DIR="${WORKDIR_BASE_TMP}/extensions-${ARMBIAN_BUILD_UUID}" # EXTENSION_MANAGER_TMP_DIR used to store extension-composed functions
+	export DESTIMG="${WORKDIR_BASE_TMP}/image-${ARMBIAN_BUILD_UUID}"                        # DESTIMG is where the backing image (raw, huge, sparse file) is kept (not the final destination)

 	# Make sure ARMBIAN_LOG_CLI_ID is set, and unique.
 	# Pre-runs might change it, but if not set, default to ARMBIAN_COMMAND.
--- a/lib/functions/host/host-utils.sh
+++ b/lib/functions/host/host-utils.sh
@@ -210,3 +210,23 @@ function reset_uid_owner() {
 		fi
 	done
 }
+
+# call: check_dir_for_mount_options "/path/to/dir" "main build dir description"
+function check_dir_for_mount_options() {
+	declare -r dir="${1}"
+	declare -r description="${2}"
+
+	declare src_mount_source="" src_mount_opts=""
+	src_mount_opts="$(findmnt -T "${dir}" --output OPTIONS --raw --notruncate --noheadings)"
+
+	# make sure $src_mount_opts does not contain noexec
+	if [[ "${src_mount_opts}" == *"noexec"* || "${src_mount_opts}" == *"nodev"* ]]; then
+		src_mount_source="$(findmnt -T "${dir}" --output SOURCE --raw --notruncate --noheadings)"
+		display_alert "Directory ${dir} (${description}) is mounted" "from '${src_mount_source}' with options '${src_mount_opts}'" "warn"
+		exit_with_error "Directory ${dir} (${description}) is mounted with the 'noexec' and/or 'nodev' options; this will cause rootfs build failures. Please correct this before trying again."
+	fi
+
+	display_alert "Checked directory OK for mount options" "${dir} ('${description}')" "info"
+
+	return 0
+}
--- a/lib/functions/main/default-build.sh
+++ b/lib/functions/main/default-build.sh
@@ -1,6 +1,13 @@
 # This does NOT run under the logging manager. We should invoke the do_with_logging wrapper for
 # strategic parts of this. Attention: rootfs does it's own logging, so just let that be.
 function main_default_build_single() {
+	# Check that WORKDIR_BASE_TMP exists; if not, create it.
+	if [[ ! -d "${WORKDIR_BASE_TMP}" ]]; then
+		mkdir -p "${WORKDIR_BASE_TMP}"
+	fi
+
+	# Check the sanity of WORKDIR_BASE_TMP regarding mount options.
+	check_dir_for_mount_options "${WORKDIR_BASE_TMP}" "main temporary dir"

 	# Starting work. Export TMPDIR, which will be picked up by all `mktemp` invocations hopefully.
 	# Runner functions in logging/runners.sh will explicitly unset TMPDIR before invoking chroot.