Make sure we always clean up /work

Currently we only clean up /work if the build script succeeds.
However, we have to always clean up /work since we don't make a
copy of the build overlay so let's make sure we do that by using
a trap instead of only cleaning up if a script succeeds.

Let's also make sure that we don't fail if /work already exists and
make sure that if gets the right permissions, even if it already
exists.

diff --git a/mkosi/run.py b/mkosi/run.py
index dd67c2d8e0fd882b9def07ecea6fb10989fc108b..327df6292b7094f2dcc6de2959bf0b90f1589799 100644 (file)
--- a/mkosi/run.py
+++ b/mkosi/run.py
@@ -406,8 +406,9 @@ def apivfs_cmd(root: Path) -> list[PathString]:
 
 def chroot_cmd(root: Path, *, options: Sequence[PathString] = ()) -> list[PathString]:
     cmdline: list[PathString] = [
+        "sh", "-c",
         # No exec here because we need to clean up the /work directory afterwards.
-        "sh", "-c", f"mkdir --mode=777 {root / 'work'} && $0 \"$@\" && rm -rf {root / 'work'}",
+        f"trap 'rm -rf {root / 'work'}' EXIT && mkdir -p {root / 'work'} && chown 777 {root / 'work'} && $0 \"$@\"",
         "bwrap",
         "--dev-bind", root, "/",
         "--setenv", "container", "mkosi",