fixup! feat(extensions): add netboot extension for full TFTP+NFS boot

Author: iav

extensions/netboot/netboot.sh

@@ -89,19 +89,27 @@ function extension_prepare_config__netboot_defaults_and_validate() {
 		exit_with_error "${EXTENSION}: ROOTFS_COMPRESSION=none requires ROOTFS_EXPORT_DIR (otherwise nothing is produced)"
 	fi
 
-	# Keep ROOTFS_EXPORT_DIR confined to a fixed base under ${SRC}/output, so a
-	# stray typo or accidental absolute path can never let rsync --delete touch
-	# the host filesystem outside that subtree. Any user value (relative or
-	# absolute) is treated as a sub-path of the base; an absolute `/srv/nfs`
-	# becomes `${SRC}/output/netboot-export//srv/nfs` (the ordinary path-join
-	# semantics make this a plain sub-directory). If a NFS server on the build
-	# host expects `/srv/...`, symlink `${SRC}/output/netboot-export` there.
-	if [[ -n "${ROOTFS_EXPORT_DIR}" ]]; then
-		case "${ROOTFS_EXPORT_DIR}" in
-			*..*) exit_with_error "${EXTENSION}: ROOTFS_EXPORT_DIR must not contain '..'" "${ROOTFS_EXPORT_DIR}" ;;
-		esac
-		declare -g ROOTFS_EXPORT_DIR="${SRC}/output/netboot-export/${ROOTFS_EXPORT_DIR}"
-	fi
+	_netboot_normalize_export_dir
+}
+
+# Confine ROOTFS_EXPORT_DIR to a fixed base under ${SRC}/output so rsync --delete
+# can never escape that subtree. Any user value (relative or absolute) becomes a
+# sub-path of the base: `/srv/nfs` turns into `${SRC}/output/netboot-export//srv/nfs`
+# (path-join semantics make it a plain sub-directory). If the build host also
+# serves NFS, symlink `${SRC}/output/netboot-export` to the export root.
+#
+# Called from both extension_prepare_config (covers no-docker builds and the
+# in-container phase of docker builds) and host_pre_docker_launch (covers the
+# on-host phase of docker builds, before the docker bind-mount).
+function _netboot_normalize_export_dir() {
+	[[ -z "${ROOTFS_EXPORT_DIR}" ]] && return 0
+	# Already normalized — extension_prepare_config may fire after host_pre_docker_launch
+	# has already run on the host side.
+	[[ "${ROOTFS_EXPORT_DIR}" == "${SRC}/output/netboot-export/"* ]] && return 0
+	case "${ROOTFS_EXPORT_DIR}" in
+		*..*) exit_with_error "${EXTENSION}: ROOTFS_EXPORT_DIR must not contain '..'" "${ROOTFS_EXPORT_DIR}" ;;
+	esac
+	declare -g ROOTFS_EXPORT_DIR="${SRC}/output/netboot-export/${ROOTFS_EXPORT_DIR}"
 }
 
 # Ensure NFS-root client support is built into the kernel.
@@ -144,6 +152,9 @@ function post_customize_image__netboot_skip_firstlogin_wizard() {
 # target and point ROOTFS_EXPORT_DIR at the container path for rsync.
 function host_pre_docker_launch__netboot_mount_export_dir() {
 	[[ -z "${ROOTFS_EXPORT_DIR}" ]] && return 0
+	# Host-phase normalization: extension_prepare_config runs inside the container,
+	# which is too late — docker needs an absolute source path for the bind-mount below.
+	_netboot_normalize_export_dir
 	declare container_export_dir="/armbian/netboot-export"
 	mkdir -p "${ROOTFS_EXPORT_DIR}"
 	display_alert "${EXTENSION}: bind-mounting ROOTFS_EXPORT_DIR into container" "${ROOTFS_EXPORT_DIR} -> ${container_export_dir}" "info"