fix(linux/build): tolerate find perm-denied in chroot scan (M1.1 iter24)
🎉 Run #4271's Build A actually produced the ISO. derivative-maker ran clean for 15:24: INFO: Script ./derivative-maker completed. Exit Code: 0. Errors Detected: 0. Execution Time: 00:15:24 '/home/user/derivative-binary/.../Kicksecure-CLI-18.1.7.4-developers-only.Intel_AMD64.iso' -> '/workspace/SilverLABS/SilverMetal/build-a/Kicksecure-CLI-18.1.7.4-developers-only.Intel_AMD64.iso' …but build-inner.sh then died on its own post-build collection step: find: '.../live-build/chroot/usr/src': Permission denied find: '.../live-build/chroot/etc/sudoers.d': Permission denied find: '.../live-build/chroot/boot': Permission denied … The chroot's standard hardened subdirs (/usr/src, /etc/sudoers.d, /etc/cron.*, /boot, /root, /run/{sudo,lvm,cryptsetup,openvpn-{client, server}}, cache/bootstrap/root) are 0700 root-owned because the live-build chroot was assembled under sudo. As `user` (uid 1000) we can't descend them. find emits Permission denied on each, exits with status 1, and `set -euo pipefail` in build-inner.sh propagates that through `xargs cp` and aborts — even though the ISO copy itself had already succeeded a few lines earlier in the same xargs stream. Fix: redirect find's stderr to /dev/null and tolerate non-zero exit on both the *.iso and *.manifest scans. build.sh already verifies an ISO landed in BUILD_DIR (exit 4 with "no ISO produced" if not), so a real miss is still caught — we just stop killing the script for the benign unreadable-chroot-subdirs case. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -116,10 +116,24 @@ cd "${REPO_ROOT}/linux/build/derivative-maker"
|
||||
# (per help-steps/variables: binary_build_folder_dist=$HOMEVAR/derivative-binary),
|
||||
# *not* into the source tree. Collect from there into BUILD_DIR.
|
||||
# Exact upstream output paths can shift between tags — keep this tolerant.
|
||||
find "${HOME}/derivative-binary" -maxdepth 6 -type f -name "*.iso" -print0 \
|
||||
| xargs -0 -I{} cp -av "{}" "${BUILD_DIR}/"
|
||||
#
|
||||
# stderr+exit suppression is essential: $HOME/derivative-binary contains
|
||||
# the live-build chroot, and several of the chroot's own subdirs
|
||||
# (/usr/src, /etc/sudoers.d, /etc/cron.*, /boot, /root, /run/sudo,
|
||||
# cache/bootstrap/root, ...) are 0700 root-owned because the chroot
|
||||
# creation step ran under sudo. As `user` (uid 1000) we can't traverse
|
||||
# them. find emits "Permission denied" on each and exits non-zero;
|
||||
# pipefail then kills the entire build script *after* the ISO has
|
||||
# already been copied — exactly what happened on run #4271 (15:24
|
||||
# clean derivative-maker run, ISO produced, build-inner died on this
|
||||
# pipeline). Suppress and rely on build.sh's host-side
|
||||
# "no *.iso in BUILD_DIR" check (exit 4) to surface a real miss.
|
||||
find "${HOME}/derivative-binary" -maxdepth 6 -type f -name "*.iso" \
|
||||
-print0 2>/dev/null \
|
||||
| xargs -0 -I{} cp -av "{}" "${BUILD_DIR}/" || true
|
||||
|
||||
# Manifest of file metadata that lives inside the ISO. Useful when
|
||||
# diagnosing reproducibility regressions without re-extracting.
|
||||
find "${HOME}/derivative-binary" -maxdepth 6 -type f -name "*.manifest" -print0 \
|
||||
find "${HOME}/derivative-binary" -maxdepth 6 -type f -name "*.manifest" \
|
||||
-print0 2>/dev/null \
|
||||
| xargs -0 -I{} cp -av "{}" "${BUILD_DIR}/" 2>/dev/null || true
|
||||
|
||||
Reference in New Issue
Block a user