From: Daan De Meyer Date: Wed, 16 Apr 2025 08:16:40 +0000 (+0200) Subject: Only copy repository metadata from specific subdirs from /var X-Git-Tag: v26~241^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b859a7cf0a9797592f4699c7f60189dc4d620f93;p=thirdparty%2Fmkosi.git Only copy repository metadata from specific subdirs from /var /var usually contains state specific to the local system so it's more prudent to specify an allowlist of what should be copied rather than a denylist of what shouldn't be copied. This doesn't matter so much when using mkosi's own package cache directory since that is only used when syncing repository metadata and not when actually installing stuff, but it does matter when PackageCacheDirectory=/var is used since then we're copying from a state directory in /var that is also used when installing packages and as such will contain a lot of stuff that we don't want. --- diff --git a/mkosi/__init__.py b/mkosi/__init__.py index 5eda5fec1..dcffe6346 100644 --- a/mkosi/__init__.py +++ b/mkosi/__init__.py @@ -3869,30 +3869,22 @@ def copy_repository_metadata(config: Config, dst: Path) -> None: subdir = config.distribution.package_manager(config).subdir(config) with complete_step("Copying repository metadata"): - for d in ("cache", "lib"): - src = config.package_cache_dir_or_default() / d / subdir - if not src.exists(): - logging.debug(f"{src} does not exist, not copying repository metadata from it") - continue + cachedir = config.package_cache_dir_or_default() / "cache" / subdir + if cachedir.exists(): + with umask(~0o755): + (dst / "cache" / subdir).mkdir(parents=True, exist_ok=True) with tempfile.TemporaryDirectory() as tmp: os.chmod(tmp, 0o755) # cp doesn't support excluding directories but we can imitate it by bind mounting # an empty directory over the directories we want to exclude. - exclude: list[PathString] - if d == "cache": - exclude = flatten( - ("--ro-bind", tmp, workdir(p)) - for p in config.distribution.package_manager(config).package_subdirs(src) - ) - else: - exclude = flatten( - ("--ro-bind", tmp, workdir(p)) - for p in config.distribution.package_manager(config).state_subdirs(src) - ) + exclude = flatten( + ("--ro-bind", tmp, workdir(p)) + for p in config.distribution.package_manager(config).package_subdirs(cachedir) + ) - subdst = dst / d / subdir + subdst = dst / "cache" / subdir with umask(~0o755): subdst.mkdir(parents=True, exist_ok=True) @@ -3902,7 +3894,21 @@ def copy_repository_metadata(config: Config, dst: Path) -> None: ) -> AbstractContextManager[list[PathString]]: return config.sandbox(options=[*options, *exclude]) - copy_tree(src, subdst, sandbox=sandbox) + copy_tree(cachedir, subdst, sandbox=sandbox) + else: + logging.debug(f"{cachedir} does not exist, not copying repository metadata from it") + + statedir = config.package_cache_dir_or_default() / "lib" / subdir + for src in config.distribution.package_manager(config).state_subdirs(statedir): + if not src.exists(): + logging.debug(f"{src} does not exist, not copying repository metadata from it") + continue + + subdst = dst / "lib" / subdir / src.relative_to(statedir) + with umask(~0o755): + subdst.mkdir(parents=True, exist_ok=True) + + copy_tree(src, subdst, sandbox=config.sandbox) @contextlib.contextmanager diff --git a/mkosi/installer/apt.py b/mkosi/installer/apt.py index 4750f7145..12174b71d 100644 --- a/mkosi/installer/apt.py +++ b/mkosi/installer/apt.py @@ -57,6 +57,10 @@ class Apt(PackageManager): def package_subdirs(cls, cache: Path) -> list[Path]: return [cache / "archives"] + @classmethod + def state_subdirs(cls, state: Path) -> list[Path]: + return [state / "lists"] + @classmethod def dpkg_cmd(cls, command: str) -> list[PathString]: return [ diff --git a/mkosi/installer/pacman.py b/mkosi/installer/pacman.py index cc86de294..55b34f0f9 100644 --- a/mkosi/installer/pacman.py +++ b/mkosi/installer/pacman.py @@ -40,7 +40,7 @@ class Pacman(PackageManager): @classmethod def state_subdirs(cls, state: Path) -> list[Path]: - return [state / "local"] + return [state / "sync"] @classmethod def scripts(cls, context: Context) -> dict[str, list[PathString]]: