Merge pull request #2554 from DaanDeMeyer/fix

Make sure we create parent directories as well

.github/workflows/ci.yml

@@ -120,6 +120,9 @@ jobs:
           # TODO: Try again once Arch gets a new rpm release.
           - distro: centos
             tools: arch
+          # TODO: Re-enable once pacman-package-manager is back in testing
+          - distro: arch
+            tools: debian
 
     steps:
     - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
@@ -181,7 +184,5 @@ jobs:
             --verbose \
             -m integration \
             --distribution ${{ matrix.distro }} \
-            $([ "${{ matrix.distro }}" = "debian" ] && echo --release=unstable) \
-            $([ "${{ matrix.tools }}" = "debian" ] && echo --tools-tree-release=unstable) \
             --tools-tree-distribution ${{ matrix.tools }} \
             tests/

mkosi.conf.d/20-debian/mkosi.conf

@@ -4,7 +4,7 @@
 Distribution=debian
 
 [Distribution]
-@Release=unstable
+@Release=testing
 Repositories=non-free-firmware
 
 [Content]

mkosi.conf.d/30-debian-ubuntu/mkosi.conf.d/20-not-focal.conf

@@ -9,6 +9,8 @@ Packages=
         archlinux-keyring
         dbus-broker
         dnf
-        makepkg
-        pacman-package-manager
+        # TODO: Add back again once makepkg is back in testing.
+        # makepkg
+        # TODO: Add back again once pacman-package-manager is back in testing.
+        # pacman-package-manager
         swtpm

mkosi/__init__.py

@@ -77,6 +77,7 @@
     format_rlimit,
     make_executable,
     one_zero,
+    parents_below,
     read_env_file,
     read_os_release,
     round_up,
@@ -2604,6 +2605,7 @@ def check_inputs(config: Config) -> None:
                 die(f"Initrd {p} is not a file")
 
     for script in itertools.chain(
+        config.sync_scripts,
         config.prepare_scripts,
         config.build_scripts,
         config.postinst_scripts,
@@ -4124,10 +4126,6 @@ def run_sync(args: Args, config: Config, *, resources: Path) -> None:
         os.setgid(INVOKING_USER.gid)
         os.setuid(INVOKING_USER.uid)
 
-    for script in config.sync_scripts:
-        if not os.access(script, os.X_OK):
-            die(f"{script} is not executable")
-
     if not (p := config.package_cache_dir_or_default()).exists():
         p.mkdir(parents=True, exist_ok=True)
 
@@ -4161,8 +4159,6 @@ def run_sync(args: Args, config: Config, *, resources: Path) -> None:
 
 
 def run_build(args: Args, config: Config, *, resources: Path) -> None:
-    check_inputs(config)
-
     for p in (
         config.output_dir,
         config.cache_dir,
@@ -4173,12 +4169,16 @@ def run_build(args: Args, config: Config, *, resources: Path) -> None:
         if not p or p.exists():
             continue
 
-        p.mkdir()
+        p.mkdir(parents=True, exist_ok=True)
 
-        # If we created the directory in a parent directory owned by the invoking user, make sure the directory itself
-        # is owned by the invoking user as well.
-        if INVOKING_USER.is_regular_user() and p.parent.stat().st_uid == INVOKING_USER.uid:
-            os.chown(p, INVOKING_USER.uid, INVOKING_USER.gid)
+        # If we created the directory in a parent directory owned by the invoking user, make sure the directories we
+        # just created are owned by the invoking user as well.
+        if (
+            INVOKING_USER.is_regular_user() and
+            (q := next((parent for parent in p.parents if parent.stat().st_uid == INVOKING_USER.uid), None))
+        ):
+            for parent in parents_below(p, q):
+                os.chown(parent, INVOKING_USER.uid, INVOKING_USER.gid)
 
     # Discard setuid/setgid bits as these are inherited and can leak into the image.
     if config.build_dir:
@@ -4312,6 +4312,7 @@ def run_verb(args: Args, images: Sequence[Config], *, resources: Path) -> None:
         if (config.output_dir_or_cwd() / config.output_with_compression).exists():
             continue
 
+        check_inputs(config)
         fork_and_wait(run_sync, args, config, resources=resources)
         fork_and_wait(run_build, args, config, resources=resources)
 

mkosi/kmod.py

@@ -11,6 +11,7 @@
 from mkosi.log import complete_step, log_step
 from mkosi.run import run
 from mkosi.sandbox import Mount, SandboxProtocol, nosandbox
+from mkosi.util import parents_below
 
 
 def loaded_modules() -> list[str]:
@@ -150,11 +151,6 @@ def resolve_module_dependencies(
     return set(nametofile[m] for m in mods if m in nametofile), set(firmware)
 
 
-def parents_below(path: Path, below: Path) -> list[Path]:
-    parents = list(path.parents)
-    return parents[:parents.index(below)]
-
-
 def gen_required_kernel_modules(
     root: Path,
     kver: str,

mkosi/resources/mkosi-tools/mkosi.conf.d/10-debian-ubuntu.conf

@@ -18,10 +18,8 @@ Packages=
         grub2
         libarchive-tools
         libtss2-dev
-        makepkg
         openssh-client
         ovmf
-        pacman-package-manager
         pesign
         policycoreutils
         python3-cryptography

mkosi/resources/mkosi-tools/mkosi.conf.d/10-ubuntu.conf

@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=ubuntu
+
+[Content]
+Packages=
+        pacman-package-manager
+        makepkg

mkosi/util.py

@@ -197,6 +197,11 @@ def umask(mask: int) -> Iterator[None]:
         os.umask(old)
 
 
+def parents_below(path: Path, below: Path) -> list[Path]:
+    parents = list(path.parents)
+    return parents[:parents.index(below)]
+
+
 @contextlib.contextmanager
 def resource_path(mod: ModuleType) -> Iterator[Path]: