Enforce that images with Overlay=yes only add files

Any extension images built with Overlay=yes should never override
files in the base image, so let's add some enforcement to make
sure that's the case by automatically removing files that already
exist in the base image.

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 7ed1eecf1fe49a6320d6ddf0e443040121cb9413..9f3d934ff0c6bd9da999b8189e38203310468c66 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -175,9 +175,22 @@ def mount_base_trees(context: Context) -> Iterator[None]:
             else:
                 die(f"Unsupported base tree source {path}")
 
-        stack.enter_context(mount_overlay(bases, context.root, upperdir=context.root))
-
-        yield
+        with mount_overlay(bases, context.root, upperdir=context.root):
+            yield
+
+        stack.enter_context(mount_overlay(bases, context.workspace / "lower"))
+
+        for p in context.root.rglob("*"):
+            rel = p.relative_to(context.root)
+            q = context.workspace / "lower" / rel
+
+            if not q.is_symlink() and q.is_dir():
+                if p.is_symlink() or not p.is_dir():
+                    die(f"/{rel} is a directory in the base tree but not in the overlay")
+                shutil.copystat(q, p)
+            elif q.is_symlink() or q.exists():
+                logging.info(f"Removing duplicate path /{rel} from overlay")
+                p.unlink()
 
 
 def remove_files(context: Context) -> None: