Process all overlays before we do any bind mounts

Otherwise, later overlays will hide earlier bind mounts.

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 44cfe7d67b84cc3cfc4ad873d955c9e67800c350..4733d5ffdb15b5a777ab06895482b7e8c5994e8f 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -3030,22 +3030,31 @@ def mount_tools(tree: Optional[Path]) -> Iterator[None]:
         # without running into permission errors.
 
         overlays = set()
+        dirs = [
+            subdir
+            for subdir in (
+                Path("etc/pki"),
+                Path("etc/ssl"),
+                Path("etc/crypto-policies"),
+                Path("etc/ca-certificates"),
+                Path("etc/pacman.d"),
+                Path("var/lib/ca-certificates"),
+            )
+            if (tree / subdir).exists()
+        ]
 
-        for subdir in (Path("etc/pki"),
-                       Path("etc/ssl"),
-                       Path("etc/crypto-policies"),
-                       Path("etc/ca-certificates"),
-                       Path("etc/pacman.d"),
-                       Path("var/lib/ca-certificates")):
-            if not (tree / subdir).exists():
+        for subdir in dirs:
+            if (Path("/") / subdir).exists():
                 continue
 
-            if not (Path("/") / subdir).exists() and subdir.parent not in overlays:
+            if subdir.parent not in overlays:
                 tmp = stack.enter_context(tempfile.TemporaryDirectory(dir="/var/tmp"))
                 stack.enter_context(mount_overlay([Path("/") / subdir.parent], Path(tmp), Path("/") / subdir.parent))
                 overlays.add(subdir.parent)
-                (Path("/") / subdir).mkdir(parents=True, exist_ok=True)
 
+            (Path("/") / subdir).mkdir(parents=True, exist_ok=True)
+
+        for subdir in dirs:
             stack.enter_context(
                 mount(what=tree / subdir, where=Path("/") / subdir, operation="--bind", read_only=True)
             )