[PATCH] vm/app/systemd-sysupdate: fix mounting overlay
This assumed it would be run as root, so has been broken since we stopped running application scripts as root inside img/app VMs. Reported-by: Johannes Süllner <johannes.suellner@mailbox.org> Link: https://matrix.to/#/!xSysqhzbOZImdvGpix:fairydust.space/$9psDI3BIP00EIzW-qOq... Fixes: 8bfcbf9 ("img/app: run applications as non-root") Signed-off-by: Alyssa Ross <hi@alyssa.is> --- vm/app/systemd-sysupdate/download-update | 1 + 1 file changed, 1 insertion(+) diff --git a/vm/app/systemd-sysupdate/download-update b/vm/app/systemd-sysupdate/download-update index eada41c..335e389 100755 --- a/vm/app/systemd-sysupdate/download-update +++ b/vm/app/systemd-sysupdate/download-update @@ -3,6 +3,7 @@ # SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> export LC_ALL C export LANGUAGE C +unshare -rUm if { mount -toverlay -olowerdir=/run/virtiofs/virtiofs0/etc:/etc -- overlay /etc } backtick tmpdir { mktemp -d /tmp/sysupdate-XXXXXX } # Not a useless use of cat: if there are NUL bytes in the URL base-commit: 9f33ec29d39df59589ed7c1b85d54e116e135df8 -- 2.51.0
It takes time for the network to come up, so it's likely that the download will fail immediately after the VM boots. Signed-off-by: Alyssa Ross <hi@alyssa.is> --- vm/app/systemd-sysupdate/download-update | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/vm/app/systemd-sysupdate/download-update b/vm/app/systemd-sysupdate/download-update index 335e389..c462d65 100755 --- a/vm/app/systemd-sysupdate/download-update +++ b/vm/app/systemd-sysupdate/download-update @@ -1,5 +1,6 @@ #!/usr/bin/env -S execlineb -WS0 # SPDX-License-Identifier: EUPL-1.2+ +# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is> # SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> export LC_ALL C export LANGUAGE C @@ -59,7 +60,12 @@ multisubstitute { importas -iuS SYSTEMD_SYSUPDATE_PATH importas -iuS tmpdir } -if { $SYSTEMD_SYSUPDATE_PATH --definitions=${tmpdir} update } +if { + forx -x 0 _ { 1 2 3 4 5 } + if -nt { $SYSTEMD_SYSUPDATE_PATH --definitions=${tmpdir} update } + foreground { sleep 1 } + exit 1 +} # [ and ] are allowed in update URLs so that IPv6 addresses work, but # they cause globbing in the curl command-line tool by default. Use --globoff # to disable this feature. -- 2.51.0
On 12/8/25 10:47, Alyssa Ross wrote:
This assumed it would be run as root, so has been broken since we stopped running application scripts as root inside img/app VMs.
Reported-by: Johannes Süllner <johannes.suellner@mailbox.org> Link: https://matrix.to/#/!xSysqhzbOZImdvGpix:fairydust.space/$9psDI3BIP00EIzW-qOq... Fixes: 8bfcbf9 ("img/app: run applications as non-root") Signed-off-by: Alyssa Ross <hi@alyssa.is> --- vm/app/systemd-sysupdate/download-update | 1 + 1 file changed, 1 insertion(+)
diff --git a/vm/app/systemd-sysupdate/download-update b/vm/app/systemd-sysupdate/download-update index eada41c..335e389 100755 --- a/vm/app/systemd-sysupdate/download-update +++ b/vm/app/systemd-sysupdate/download-update @@ -3,6 +3,7 @@ # SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> export LC_ALL C export LANGUAGE C +unshare -rUm
-r implies -U, and it would be more readable to use the long forms of these options.
if { mount -toverlay -olowerdir=/run/virtiofs/virtiofs0/etc:/etc -- overlay /etc } backtick tmpdir { mktemp -d /tmp/sysupdate-XXXXXX } # Not a useless use of cat: if there are NUL bytes in the URL
base-commit: 9f33ec29d39df59589ed7c1b85d54e116e135df8 -- Sincerely, Demi Marie Obenour (she/her/hers)
Demi Marie Obenour <demiobenour@gmail.com> writes:
On 12/8/25 10:47, Alyssa Ross wrote:
This assumed it would be run as root, so has been broken since we stopped running application scripts as root inside img/app VMs.
Reported-by: Johannes Süllner <johannes.suellner@mailbox.org> Link: https://matrix.to/#/!xSysqhzbOZImdvGpix:fairydust.space/$9psDI3BIP00EIzW-qOq... Fixes: 8bfcbf9 ("img/app: run applications as non-root") Signed-off-by: Alyssa Ross <hi@alyssa.is> --- vm/app/systemd-sysupdate/download-update | 1 + 1 file changed, 1 insertion(+)
diff --git a/vm/app/systemd-sysupdate/download-update b/vm/app/systemd-sysupdate/download-update index eada41c..335e389 100755 --- a/vm/app/systemd-sysupdate/download-update +++ b/vm/app/systemd-sysupdate/download-update @@ -3,6 +3,7 @@ # SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> export LC_ALL C export LANGUAGE C +unshare -rUm
-r implies -U, and it would be more readable to use the long forms of these options.
And yet mount -o and -t, and mktemp -d? (I can change it, but I have a general preference for short options to stop lines getting too long, and for portability when necessary.)
if { mount -toverlay -olowerdir=/run/virtiofs/virtiofs0/etc:/etc -- overlay /etc } backtick tmpdir { mktemp -d /tmp/sysupdate-XXXXXX } # Not a useless use of cat: if there are NUL bytes in the URL
On 12/8/25 12:28, Alyssa Ross wrote:
Demi Marie Obenour <demiobenour@gmail.com> writes:
On 12/8/25 10:47, Alyssa Ross wrote:
This assumed it would be run as root, so has been broken since we stopped running application scripts as root inside img/app VMs.
Reported-by: Johannes Süllner <johannes.suellner@mailbox.org> Link: https://matrix.to/#/!xSysqhzbOZImdvGpix:fairydust.space/$9psDI3BIP00EIzW-qOq... Fixes: 8bfcbf9 ("img/app: run applications as non-root") Signed-off-by: Alyssa Ross <hi@alyssa.is> --- vm/app/systemd-sysupdate/download-update | 1 + 1 file changed, 1 insertion(+)
diff --git a/vm/app/systemd-sysupdate/download-update b/vm/app/systemd-sysupdate/download-update index eada41c..335e389 100755 --- a/vm/app/systemd-sysupdate/download-update +++ b/vm/app/systemd-sysupdate/download-update @@ -3,6 +3,7 @@ # SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> export LC_ALL C export LANGUAGE C +unshare -rUm
-r implies -U, and it would be more readable to use the long forms of these options.
And yet mount -o and -t, and mktemp -d? (I can change it, but I have a general preference for short options to stop lines getting too long, and for portability when necessary.)
I use mount and mktemp often enough that I have these options memorized. I had to look up the options to unshare. -- Sincerely, Demi Marie Obenour (she/her/hers)
Demi Marie Obenour <demiobenour@gmail.com> writes:
On 12/8/25 12:28, Alyssa Ross wrote:
Demi Marie Obenour <demiobenour@gmail.com> writes:
On 12/8/25 10:47, Alyssa Ross wrote:
This assumed it would be run as root, so has been broken since we stopped running application scripts as root inside img/app VMs.
Reported-by: Johannes Süllner <johannes.suellner@mailbox.org> Link: https://matrix.to/#/!xSysqhzbOZImdvGpix:fairydust.space/$9psDI3BIP00EIzW-qOq... Fixes: 8bfcbf9 ("img/app: run applications as non-root") Signed-off-by: Alyssa Ross <hi@alyssa.is> --- vm/app/systemd-sysupdate/download-update | 1 + 1 file changed, 1 insertion(+)
diff --git a/vm/app/systemd-sysupdate/download-update b/vm/app/systemd-sysupdate/download-update index eada41c..335e389 100755 --- a/vm/app/systemd-sysupdate/download-update +++ b/vm/app/systemd-sysupdate/download-update @@ -3,6 +3,7 @@ # SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> export LC_ALL C export LANGUAGE C +unshare -rUm
-r implies -U, and it would be more readable to use the long forms of these options.
And yet mount -o and -t, and mktemp -d? (I can change it, but I have a general preference for short options to stop lines getting too long, and for portability when necessary.)
I use mount and mktemp often enough that I have these options memorized. I had to look up the options to unshare.
Not a very objective standard! (I use unshare enough that I had these options memorized.) We should possibly come up with some well-reasoned guidelines for this, but until then I'd like to continue using short options for consistency, so that it's at least not up for debate every time.
On 12/8/25 12:49, Alyssa Ross wrote:
Demi Marie Obenour <demiobenour@gmail.com> writes:
On 12/8/25 12:28, Alyssa Ross wrote:
Demi Marie Obenour <demiobenour@gmail.com> writes:
On 12/8/25 10:47, Alyssa Ross wrote:
This assumed it would be run as root, so has been broken since we stopped running application scripts as root inside img/app VMs.
Reported-by: Johannes Süllner <johannes.suellner@mailbox.org> Link: https://matrix.to/#/!xSysqhzbOZImdvGpix:fairydust.space/$9psDI3BIP00EIzW-qOq... Fixes: 8bfcbf9 ("img/app: run applications as non-root") Signed-off-by: Alyssa Ross <hi@alyssa.is> --- vm/app/systemd-sysupdate/download-update | 1 + 1 file changed, 1 insertion(+)
diff --git a/vm/app/systemd-sysupdate/download-update b/vm/app/systemd-sysupdate/download-update index eada41c..335e389 100755 --- a/vm/app/systemd-sysupdate/download-update +++ b/vm/app/systemd-sysupdate/download-update @@ -3,6 +3,7 @@ # SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> export LC_ALL C export LANGUAGE C +unshare -rUm
-r implies -U, and it would be more readable to use the long forms of these options.
And yet mount -o and -t, and mktemp -d? (I can change it, but I have a general preference for short options to stop lines getting too long, and for portability when necessary.)
I use mount and mktemp often enough that I have these options memorized. I had to look up the options to unshare.
Not a very objective standard! (I use unshare enough that I had these options memorized.)
Coding style is pretty much always subjective 🙂.
We should possibly come up with some well-reasoned guidelines for this, but until then I'd like to continue using short options for consistency, so that it's at least not up for debate every time.
Fair! -- Sincerely, Demi Marie Obenour (she/her/hers)
participants (2)
-
Alyssa Ross -
Demi Marie Obenour