From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 20 Jan 2025 09:42:08 +0000 (+0100)
Subject: Enforce that images with Overlay=yes only add files
X-Git-Tag: v25~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd249c2047bfd688911239b588613b5b039459e4;p=thirdparty%2Fmkosi.git

Enforce that images with Overlay=yes only add files

Any extension images built with Overlay=yes should never override
files in the base image, so let's add some enforcement to make
sure that's the case by automatically removing files that already
exist in the base image.
---

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 7ed1eecf1..9f3d934ff 100644
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -175,9 +175,22 @@ def mount_base_trees(context: Context) -> Iterator[None]:
             else:
                 die(f"Unsupported base tree source {path}")
 
-        stack.enter_context(mount_overlay(bases, context.root, upperdir=context.root))
-
-        yield
+        with mount_overlay(bases, context.root, upperdir=context.root):
+            yield
+
+        stack.enter_context(mount_overlay(bases, context.workspace / "lower"))
+
+        for p in context.root.rglob("*"):
+            rel = p.relative_to(context.root)
+            q = context.workspace / "lower" / rel
+
+            if not q.is_symlink() and q.is_dir():
+                if p.is_symlink() or not p.is_dir():
+                    die(f"/{rel} is a directory in the base tree but not in the overlay")
+                shutil.copystat(q, p)
+            elif q.is_symlink() or q.exists():
+                logging.info(f"Removing duplicate path /{rel} from overlay")
+                p.unlink()
 
 
 def remove_files(context: Context) -> None: