Run scripts with ".chroot" extension inside the image

Our current approach to running scripts inside the image is only
really applicable to shell scripts. Let's make it easier to run
scripts written in arbitrary languages inside the image by running
scripts with the ".chroot" extension inside the image.

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 4474f8ed51c82309c373040d0df81c846f4502f5..09936308cb023f914f453760aab4bdedb1917c9f 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -312,6 +312,10 @@ def finalize_mounts(config: MkosiConfig) -> list[PathString]:
     return flatten(["--bind", src, target] for src, target in sorted(set(sources), key=lambda s: s[1]))
 
 
+def script_maybe_chroot(script: Path, mountpoint: str) -> list[str]:
+    return ["mkosi-chroot", mountpoint] if script.suffix == ".chroot" else [os.fspath(script)]
+
+
 def run_prepare_scripts(state: MkosiState, build: bool) -> None:
     if not state.config.prepare_scripts:
         return
@@ -354,7 +358,7 @@ def run_prepare_scripts(state: MkosiState, build: bool) -> None:
 
             with complete_step(step_msg.format(script)):
                 bwrap(
-                    [script, arg],
+                    script_maybe_chroot(script, "/work/prepare") + [arg],
                     network=True,
                     readonly=True,
                     options=finalize_mounts(state.config),
@@ -411,9 +415,11 @@ def run_build_scripts(state: MkosiState) -> None:
                 ],
             )
 
+            cmdline = state.args.cmdline if state.args.verb == Verb.build else []
+
             with complete_step(f"Running build script {script}…"):
                 bwrap(
-                    [script, *(state.args.cmdline if state.args.verb == Verb.build else [])],
+                    script_maybe_chroot(script, "/work/build-script") + cmdline,
                     network=state.config.with_network,
                     readonly=True,
                     options=finalize_mounts(state.config),
@@ -455,7 +461,7 @@ def run_postinst_scripts(state: MkosiState) -> None:
 
         with complete_step(f"Running postinstall script {script}…"):
             bwrap(
-                [script, "final"],
+                script_maybe_chroot(script, "/work/postinst") + ["final"],
                 network=state.config.with_network,
                 readonly=True,
                 options=finalize_mounts(state.config),
@@ -497,7 +503,7 @@ def run_finalize_scripts(state: MkosiState) -> None:
 
         with complete_step(f"Running finalize script {script}…"):
             bwrap(
-                [script],
+                script_maybe_chroot(script, "/work/finalize"),
                 network=state.config.with_network,
                 readonly=True,
                 options=finalize_mounts(state.config),

diff --git a/mkosi/config.py b/mkosi/config.py
index a8cc8396161c8a9c288e92ea422407ceab7196d7..c008c554520c4ef74abfa7c2fc9438b3c86d299b 100644 (file)
--- a/mkosi/config.py
+++ b/mkosi/config.py
@@ -1357,7 +1357,7 @@ SETTINGS = (
         metavar="PATH",
         section="Content",
         parse=config_make_list_parser(delimiter=",", parse=make_path_parser(executable=True)),
-        paths=("mkosi.prepare",),
+        paths=("mkosi.prepare", "mkosi.prepare.chroot"),
         path_default=False,
         help="Prepare script to run inside the image before it is cached",
         compat_names=("PrepareScript",),
@@ -1368,7 +1368,7 @@ SETTINGS = (
         metavar="PATH",
         section="Content",
         parse=config_make_list_parser(delimiter=",", parse=make_path_parser(executable=True)),
-        paths=("mkosi.build",),
+        paths=("mkosi.build", "mkosi.build.chroot"),
         path_default=False,
         help="Build script to run inside image",
         compat_names=("BuildScript",),
@@ -1380,7 +1380,7 @@ SETTINGS = (
         name="PostInstallationScripts",
         section="Content",
         parse=config_make_list_parser(delimiter=",", parse=make_path_parser(executable=True)),
-        paths=("mkosi.postinst",),
+        paths=("mkosi.postinst", "mkosi.postinst.chroot"),
         path_default=False,
         help="Postinstall script to run inside image",
         compat_names=("PostInstallationScript",),
@@ -1391,7 +1391,7 @@ SETTINGS = (
         metavar="PATH",
         section="Content",
         parse=config_make_list_parser(delimiter=",", parse=make_path_parser(executable=True)),
-        paths=("mkosi.finalize",),
+        paths=("mkosi.finalize", "mkosi.finalize.chroot"),
         path_default=False,
         help="Postinstall script to run outside image",
         compat_names=("FinalizeScript",),

diff --git a/mkosi/resources/mkosi.md b/mkosi/resources/mkosi.md
index 936140738f114fe98d1de940f31e3f9c3f799710..6e5e7f19c2eddca4465883186411c7bac656a4fa 100644 (file)
--- a/mkosi/resources/mkosi.md
+++ b/mkosi/resources/mkosi.md
@@ -1455,6 +1455,11 @@ following scripts are supported:
 * If **`mkosi.finalize`** (`FinalizeScripts=`) exists, it is executed as
   the last step of preparing an image.
 
+If a script uses the `.chroot` extension, mkosi will chroot into the
+image using `mkosi-chroot` (see below) before executing the script. For
+example, if `mkosi.postinst.chroot` exists, mkosi will chroot into the
+image and execute it as the post-installation script.
+
 Scripts executed by mkosi receive the following environment variables:
 
 * `$CHROOT_SCRIPT` contains the path to the running script relative to