fixup! feat(extensions): add netboot extension for full TFTP+NFS boot

Author: iav

extensions/netboot/netboot.sh

@@ -60,6 +60,11 @@ function extension_prepare_config__netboot_defaults_and_validate() {
 	# checks remain safe under `set -u` when no MAC is configured.
 	declare -g NETBOOT_CLIENT_MAC_NORMALIZED=""
 	declare -g NETBOOT_TFTP_PREFIX="${NETBOOT_TFTP_PREFIX:-armbian/${LINUXFAMILY}/${BOARD}/${BRANCH}-${RELEASE}}"
+	# TFTP_PREFIX is appended to the staging root with `mkdir -p`; a `..` segment would
+	# walk out of it and let an extension scribble onto arbitrary paths under FINALDEST.
+	case "${NETBOOT_TFTP_PREFIX}" in
+		*..*) exit_with_error "${EXTENSION}: NETBOOT_TFTP_PREFIX must not contain '..'" "${NETBOOT_TFTP_PREFIX}" ;;
+	esac
 
 	if [[ -n "${NETBOOT_HOSTNAME}" ]]; then
 		declare -g NETBOOT_NFS_PATH="${NETBOOT_NFS_PATH:-/srv/netboot/rootfs/hosts/${NETBOOT_HOSTNAME}}"
@@ -103,9 +108,10 @@ function extension_prepare_config__netboot_defaults_and_validate() {
 # on-host phase of docker builds, before the docker bind-mount).
 function _netboot_normalize_export_dir() {
 	[[ -z "${ROOTFS_EXPORT_DIR}" ]] && return 0
-	# Already normalized — extension_prepare_config may fire after host_pre_docker_launch
-	# has already run on the host side.
-	[[ "${ROOTFS_EXPORT_DIR}" == "${SRC}/output/netboot-export/"* ]] && return 0
+	# In a docker build host_pre_docker_launch has already normalized the host path
+	# and remapped ROOTFS_EXPORT_DIR to the container bind-mount target; skip so the
+	# in-container extension_prepare_config doesn't re-prepend the base and break it.
+	[[ "${ARMBIAN_RUNNING_IN_CONTAINER:-}" == "yes" ]] && return 0
 	case "${ROOTFS_EXPORT_DIR}" in
 		*..*) exit_with_error "${EXTENSION}: ROOTFS_EXPORT_DIR must not contain '..'" "${ROOTFS_EXPORT_DIR}" ;;
 	esac