Don't reuse unprivileged cache when building as root

When using --incremental and first building an image unprivileged,
followed by building it as root, we can't reuse the cache as the
ownership will be wrong. So let's make sure we don't reuse the
cache when that's the case.

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 358ab51cae16c657428e01e87644917216ce769f..0213f43df45c7c5cd084300e0aeeddf00c53cd29 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -1753,6 +1753,13 @@ def reuse_cache(state: MkosiState) -> bool:
     else:
         return False
 
+    # Either we're running as root and the cache is owned by root or we're running unprivileged inside a user
+    # namespace and we'll think the cache is owned by root. However, if we're running as root and the cache was
+    # generated by an unprivileged build, the cache will not be owned by root and we should not use it.
+    for p in (final, build):
+        if p.exists() and p.stat().st_uid != 0:
+            return False
+
     with complete_step("Copying cached trees"):
         copy_tree(state.config, final, state.root)
         if need_build_packages(state.config):