kas-container: fail if passed directory does not exist

The kas-container script handled variables that are used to control directories that are mounted into the container quite inconsistently: Some directories needed to be existing, others were created upon kas-container execution. This makes it hard to distinguish if a directory is managed by kas or not (especially as kas has no information who created the directory and if it can be removed). We now change this and require that all passed directories must exist. This requirement is added to the documentation and also checked upon kas-container execution. Signed-off-by: Felix Moessbauer <[email protected]>
fmoessbauer · Jan 22, 2025 · 40e8b24 · 40e8b24
1 parent b8960e7
commit 40e8b24
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 12 deletions.
diff --git a/docs/command-line/environment-variables.inc b/docs/command-line/environment-variables.inc
@@ -4,8 +4,8 @@ denotes the scope of the variable.
 
 All directories that are passed to kas by setting the corresponding
 environment variables (e.g. ``KAS_WORK_DIR``, ``KAS_BUILD_DIR``, ...) must
-not overlap. This limitation also applies if the directories are mountpoints
-(i.e. the overlapping paths cannot be detected by kas).
+exist and not overlap. This limitation also applies if the directories are
+mountpoints (i.e. the overlapping paths cannot be detected by kas).
 
 Variable Scope
 ~~~~~~~~~~~~~~

diff --git a/docs/userguide/kas-container-description.inc b/docs/userguide/kas-container-description.inc
@@ -1,7 +1,8 @@
 The ``kas-container`` script is a wrapper to run `kas` inside a build container.
 It gives fine grained control over the data that is mapped into the build and
-decouples the build environment from the host system. The wrapper also takes care of
-mounting the necessary directories and setting up the environment variables.
+decouples the build environment from the host system. For details, see
+:ref:`env-vars-label`. The wrapper also takes care of mounting the necessary
+directories and setting up the environment variables inside the container.
 
 .. note::
     The ``kas-container`` script has limited support for Git worktrees. Regular

diff --git a/kas-container b/kas-container
@@ -183,6 +183,14 @@ enable_docker_rootless()
 	KAS_RUNTIME_ARGS="${KAS_RUNTIME_ARGS} -e KAS_DOCKER_ROOTLESS=1"
 }
 
+check_dir_present_if_set()
+{
+	# Params: NAME VALUE (to avoid sh incompatible indirect expansion)
+	if [ -n "$2" ] && [ ! -d "$(readlink -f "$2")" ]; then
+		fatal_error "Variable $1 set, but \"$2\" is not a directory"
+	fi
+}
+
 KAS_GIT_OVERLAY_FILE=""
 kas_container_cleanup()
 {
@@ -201,9 +209,14 @@ set_container_image_var()
 	KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE:-${KAS_CONTAINER_IMAGE_DEFAULT}}"
 }
 
+# check if all specified directories exist
+check_dir_present_if_set "KAS_WORK_DIR"     "${KAS_WORK_DIR}"
+check_dir_present_if_set "KAS_BUILD_DIR"    "${KAS_BUILD_DIR}"
+check_dir_present_if_set "KAS_REPO_REF_DIR" "${KAS_REPO_REF_DIR}"
+check_dir_present_if_set "DL_DIR"           "${DL_DIR}"
+check_dir_present_if_set "SSTATE_DIR"       "${SSTATE_DIR}"
+
 KAS_WORK_DIR=$(readlink -fv "${KAS_WORK_DIR:-$(pwd)}")
-# KAS_WORK_DIR needs to exist for the subsequent code
-trace mkdir -p "${KAS_WORK_DIR}"
 
 KAS_CONTAINER_ENGINE="${KAS_CONTAINER_ENGINE:-${KAS_DOCKER_ENGINE}}"
 if [ -z "${KAS_CONTAINER_ENGINE}" ]; then
@@ -507,7 +520,6 @@ set -- "$@" -v "${KAS_REPO_DIR}:/repo:${KAS_REPO_MOUNT_OPT}" \
 	-e USER_ID="$(id -u)" -e GROUP_ID="$(id -g)" --rm --init
 
 if [ -n "${KAS_BUILD_DIR}" ]; then
-	trace mkdir -p "${KAS_BUILD_DIR}"
 	set -- "$@" \
 		-v "$(readlink -fv "${KAS_BUILD_DIR}")":/build:rw \
 		-e KAS_BUILD_DIR=/build
@@ -544,10 +556,8 @@ if [ -n "${KAS_SSH_AUTH_SOCK}" ]; then
 		-e SSH_AUTH_SOCK=/ssh-agent/ssh-auth-sock
 fi
 
+check_dir_present_if_set "KAS_AWS_DIR" "${KAS_AWS_DIR}"
 if [ -n "${KAS_AWS_DIR}" ] ; then
-	if [ ! -d "${KAS_AWS_DIR}" ]; then
-		fatal_error "passed KAS_AWS_DIR '${KAS_AWS_DIR}' is not a directory"
-	fi
 	set -- "$@" -v "$(readlink -fv "${KAS_AWS_DIR}")":/var/kas/userdata/.aws:ro \
 		-e AWS_CONFIG_FILE="${AWS_CONFIG_FILE:-/var/kas/userdata/.aws/config}" \
 		-e AWS_SHARED_CREDENTIALS_FILE="${AWS_SHARED_CREDENTIALS_FILE:-/var/kas/userdata/.aws/credentials}"
@@ -598,14 +608,12 @@ if [ -t 1 ]; then
 fi
 
 if [ -n "${DL_DIR}" ]; then
-	trace mkdir -p "${DL_DIR}"
 	set -- "$@" \
 		-v "$(readlink -fv "${DL_DIR}")":/downloads:rw \
 		-e DL_DIR=/downloads
 fi
 
 if [ -n "${SSTATE_DIR}" ]; then
-	trace mkdir -p "${SSTATE_DIR}"
 	set -- "$@" \
 		-v "$(readlink -fv "${SSTATE_DIR}")":/sstate:rw \
 		-e SSTATE_DIR=/sstate