[PATCH v2 1/2] vm/app/systemd-sysupdate: fix mounting overlay
This assumed it would be run as root, so has been broken since we stopped running application scripts as root inside img/app VMs. Reported-by: Johannes Süllner <johannes.suellner@mailbox.org> Link: https://matrix.to/#/!xSysqhzbOZImdvGpix:fairydust.space/$9psDI3BIP00EIzW-qOq... Fixes: 8bfcbf9 ("img/app: run applications as non-root") Signed-off-by: Alyssa Ross <hi@alyssa.is> --- v2: remove redundant -U flag v1: https://spectrum-os.org/lists/archives/spectrum-devel/20251208154738.300709-... vm/app/systemd-sysupdate/download-update | 1 + 1 file changed, 1 insertion(+) diff --git a/vm/app/systemd-sysupdate/download-update b/vm/app/systemd-sysupdate/download-update index eada41c..f8f5aed 100755 --- a/vm/app/systemd-sysupdate/download-update +++ b/vm/app/systemd-sysupdate/download-update @@ -3,6 +3,7 @@ # SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> export LC_ALL C export LANGUAGE C +unshare -mr if { mount -toverlay -olowerdir=/run/virtiofs/virtiofs0/etc:/etc -- overlay /etc } backtick tmpdir { mktemp -d /tmp/sysupdate-XXXXXX } # Not a useless use of cat: if there are NUL bytes in the URL base-commit: 5104fa720ce8b00612c5487fc47124fbf99e58c6 -- 2.51.0
It takes time for the network to come up, so it's likely that the download will fail immediately after the VM boots. Signed-off-by: Alyssa Ross <hi@alyssa.is> --- v2: unchanged v1: https://spectrum-os.org/lists/archives/spectrum-devel/20251208162526.319756-... vm/app/systemd-sysupdate/download-update | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/vm/app/systemd-sysupdate/download-update b/vm/app/systemd-sysupdate/download-update index f8f5aed..32a078f 100755 --- a/vm/app/systemd-sysupdate/download-update +++ b/vm/app/systemd-sysupdate/download-update @@ -1,5 +1,6 @@ #!/usr/bin/env -S execlineb -WS0 # SPDX-License-Identifier: EUPL-1.2+ +# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is> # SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> export LC_ALL C export LANGUAGE C @@ -59,7 +60,12 @@ multisubstitute { importas -iuS SYSTEMD_SYSUPDATE_PATH importas -iuS tmpdir } -if { $SYSTEMD_SYSUPDATE_PATH --definitions=${tmpdir} update } +if { + forx -x 0 _ { 1 2 3 4 5 } + if -nt { $SYSTEMD_SYSUPDATE_PATH --definitions=${tmpdir} update } + foreground { sleep 1 } + exit 1 +} # [ and ] are allowed in update URLs so that IPv6 addresses work, but # they cause globbing in the curl command-line tool by default. Use --globoff # to disable this feature. -- 2.51.0
This patch has been committed as 1077dd961b8986e3fd986c1a2beddeadf9cbf0d6, which can be viewed online at https://spectrum-os.org/git/spectrum/commit/?id=1077dd961b8986e3fd986c1a2bed.... This is an automated message. Send comments/questions/requests to: Alyssa Ross <hi@alyssa.is>
This patch has been committed as a25f18105759c39174ed7807b1101b90460de4ef, which can be viewed online at https://spectrum-os.org/git/spectrum/commit/?id=a25f18105759c39174ed7807b110.... This is an automated message. Send comments/questions/requests to: Alyssa Ross <hi@alyssa.is>
participants (2)
-
Alyssa Ross -
Alyssa Ross