fix: clean up chroot environment — locale, GPG, setfont, apt sandbox

Silences four categories of noisy but harmless warnings that
appear on every image build:

1. bash: warning: setlocale: LC_ALL: cannot change locale
   Host's LC_ALL/LANG leak into the chroot. Fixed in both the
   chroot_sdcard/chroot_mount wrappers (LC_ALL=C LANG=C
   LANGUAGE="" SUDO_USER="") and two direct chroot calls in
   create_sources_list_and_deploy_repo_key.

2. gpg: WARNING: unsafe ownership on homedir
   gpg --dearmor under sudo uses the builder's ~/.gnupg. Fixed
   with a temporary --homedir for the single dearmor call.

3. setfont: ERROR kdfontop.c:29 is_kd_text: ioctl(KDGETMODE)
   setupcon --save --force triggers setfont in chroot (no tty).
   Config is saved correctly — stderr redirected to /dev/null.

4. W: Download is performed unsandboxed as root
   The _apt user may not exist in a fresh rootfs. Pre-create
   /etc/apt/apt.conf.d/99-armbian-sandbox with
   APT::Sandbox::User "root" before mmdebstrap runs; removed
   in the post-mmdebstrap cleanup so it doesn't ship in images.

Author: igorpecovnik

lib/functions/logging/runners.sh

@@ -131,13 +131,20 @@ function chroot_sdcard_apt_get() {
 
 # please, please, unify around this function.
 function chroot_sdcard() {
-	raw_command="$*" raw_extra="chroot_sdcard" TMPDIR="" \
+	# LC_ALL/LANG/LANGUAGE: clear the host's locale before entering the
+	# chroot — the target rootfs usually hasn't generated the host's locale
+	# yet, producing noisy "bash: warning: setlocale: LC_ALL: cannot change
+	# locale" on every chroot_sdcard call. Individual commands that need a
+	# specific locale (dpkg-divert, locale-gen) set LC_ALL=C explicitly.
+	# SUDO_USER: clear so chroot commands don't try to look up the host
+	# builder's username (which doesn't exist inside the rootfs).
+	raw_command="$*" raw_extra="chroot_sdcard" TMPDIR="" LC_ALL="C" LANG="C" LANGUAGE="" SUDO_USER="" \
 		run_host_command_logged_raw chroot "${SDCARD}" /usr/bin/env bash -e -o pipefail -c "$*"
 }
 
 # please, please, unify around this function.
 function chroot_mount() {
-	raw_command="$*" raw_extra="chroot_mount" TMPDIR="" \
+	raw_command="$*" raw_extra="chroot_mount" TMPDIR="" LC_ALL="C" LANG="C" LANGUAGE="" SUDO_USER="" \
 		run_host_command_logged_raw chroot "${MOUNT}" /usr/bin/env bash -e -o pipefail -c "$*"
 }
 

lib/functions/rootfs/distro-specific.sh

@@ -266,19 +266,25 @@ function create_sources_list_and_deploy_repo_key() {
 	mkdir -p "${basedir}"/usr/share/keyrings
 	# change to binary form
 	APT_SIGNING_KEY_FILE="/usr/share/keyrings/armbian-archive-keyring.gpg"
-	gpg --batch --yes --dearmor < "${SRC}"/config/armbian.key > "${basedir}${APT_SIGNING_KEY_FILE}"
+	# Use a temporary GPG homedir so we don't touch the builder's
+	# ~/.gnupg (which may be owned by a different user when running
+	# under sudo, producing "unsafe ownership on homedir" warnings).
+	local gpg_tmp
+	gpg_tmp=$(mktemp -d)
+	gpg --homedir "${gpg_tmp}" --batch --yes --dearmor < "${SRC}"/config/armbian.key > "${basedir}${APT_SIGNING_KEY_FILE}"
+	rm -rf "${gpg_tmp}"
 
 	# deploy the qemu binary, no matter where the rootfs came from (built or cached)
 	deploy_qemu_binary_to_chroot "${basedir}" "${when}" # undeployed at end of this function
 
 	# lets link to the old file as armbian-config uses it and we can't set there to new file
 	# we user force linking as some old caches still exists
-	chroot "${basedir}" /bin/bash -c "ln -fs armbian-archive-keyring.gpg /usr/share/keyrings/armbian.gpg"
+	LC_ALL=C LANG=C LANGUAGE= SUDO_USER= chroot "${basedir}" /bin/bash -c "ln -fs armbian-archive-keyring.gpg /usr/share/keyrings/armbian.gpg"
 
 	# lets keep old way for old distributions
 	if [[ "${RELEASE}" =~ (focal|bullseye) ]]; then
 		cp "${SRC}"/config/armbian.key "${basedir}"
-		chroot "${basedir}" /bin/bash -c "cat armbian.key | apt-key add - > /dev/null 2>&1"
+		LC_ALL=C LANG=C LANGUAGE= SUDO_USER= chroot "${basedir}" /bin/bash -c "cat armbian.key | apt-key add - > /dev/null 2>&1"
 	fi
 
 	# undeploy the qemu binary from the image; we don't want to ship the host's qemu in the target image

lib/functions/rootfs/rootfs-create.sh

@@ -115,6 +115,15 @@ function create_new_rootfs_cache_via_debootstrap() {
 	debootstrap_arguments+=("${RELEASE}" "${SDCARD}/" "${debootstrap_apt_mirror}") # release, path and mirror; always last, positional arguments.
 
 	mkdir -p "${SDCARD}/usr/bin"
+
+	# Suppress "Download is performed unsandboxed as root" — the _apt
+	# user may not exist yet in a fresh rootfs. Pre-create an apt config
+	# drop-in on the HOST side before mmdebstrap runs; --skip=check/empty
+	# allows pre-populated rootfs dirs, and mmdebstrap preserves files
+	# that don't belong to any extracted package.
+	mkdir -p "${SDCARD}/etc/apt/apt.conf.d"
+	echo 'APT::Sandbox::User "root";' > "${SDCARD}/etc/apt/apt.conf.d/99-armbian-sandbox"
+
 	deploy_qemu_binary_to_chroot "${SDCARD}" "rootfs" # undeployed near the end of this function
 
 	run_host_command_logged "${debootstrap_bin}" "${debootstrap_arguments[@]}" || {
@@ -129,6 +138,7 @@ function create_new_rootfs_cache_via_debootstrap() {
 	# Done with mmdebstrap. Clean-up its litterbox.
 	display_alert "Cleaning up after mmdebstrap" "mmdebstrap cleanup" "info"
 	run_host_command_logged rm -rf "${SDCARD}/var/cache/apt" "${SDCARD}/var/lib/apt/lists"
+	rm -f "${SDCARD}/etc/apt/apt.conf.d/99-armbian-sandbox" # build-time only; don't ship in the image
 
 	local_apt_deb_cache_prepare "after mmdebstrap cleanup" # just for size reference in logs
 
@@ -158,7 +168,10 @@ function create_new_rootfs_cache_via_debootstrap() {
 		# @TODO: Should be configurable.
 		sed -e 's/CHARMAP=.*/CHARMAP="UTF-8"/' -e 's/FONTSIZE=.*/FONTSIZE="8x16"/' \
 			-e 's/CODESET=.*/CODESET="guess"/' -i "$SDCARD/etc/default/console-setup"
-		chroot_sdcard LC_ALL=C LANG=C setupcon --save --force
+		# setupcon triggers setfont which fails with KDGETMODE errors
+		# when there's no real console (chroot has no tty). The config
+		# is saved correctly regardless — suppress the noise.
+		chroot_sdcard "LC_ALL=C LANG=C setupcon --save --force 2>/dev/null || true"
 	fi
 
 	# stage: create apt-get sources list (basic Debian/Ubuntu apt sources, no external nor PPAS).