Skip to content

Commit d611e91

Browse files
committed
fix: clean up chroot environment — locale, GPG, setfont, apt sandbox
Silences four categories of noisy but harmless warnings that appear on every image build: 1. bash: warning: setlocale: LC_ALL: cannot change locale Host's LC_ALL/LANG leak into the chroot. Fixed in both the chroot_sdcard/chroot_mount wrappers (LC_ALL=C LANG=C LANGUAGE="" SUDO_USER="") and two direct chroot calls in create_sources_list_and_deploy_repo_key. 2. gpg: WARNING: unsafe ownership on homedir gpg --dearmor under sudo uses the builder's ~/.gnupg. Fixed with a temporary --homedir for the single dearmor call. 3. setfont: ERROR kdfontop.c:29 is_kd_text: ioctl(KDGETMODE) setupcon --save --force triggers setfont in chroot (no tty). Config is saved correctly — stderr redirected to /dev/null. 4. W: Download is performed unsandboxed as root The _apt user may not exist in a fresh rootfs. Pre-create /etc/apt/apt.conf.d/99-armbian-sandbox with APT::Sandbox::User "root" before mmdebstrap runs; removed in the post-mmdebstrap cleanup so it doesn't ship in images.
1 parent 8fb6c51 commit d611e91

3 files changed

Lines changed: 32 additions & 6 deletions

File tree

lib/functions/logging/runners.sh

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -131,13 +131,20 @@ function chroot_sdcard_apt_get() {
131131

132132
# please, please, unify around this function.
133133
function chroot_sdcard() {
134-
raw_command="$*" raw_extra="chroot_sdcard" TMPDIR="" \
134+
# LC_ALL/LANG/LANGUAGE: clear the host's locale before entering the
135+
# chroot — the target rootfs usually hasn't generated the host's locale
136+
# yet, producing noisy "bash: warning: setlocale: LC_ALL: cannot change
137+
# locale" on every chroot_sdcard call. Individual commands that need a
138+
# specific locale (dpkg-divert, locale-gen) set LC_ALL=C explicitly.
139+
# SUDO_USER: clear so chroot commands don't try to look up the host
140+
# builder's username (which doesn't exist inside the rootfs).
141+
raw_command="$*" raw_extra="chroot_sdcard" TMPDIR="" LC_ALL="C" LANG="C" LANGUAGE="" SUDO_USER="" \
135142
run_host_command_logged_raw chroot "${SDCARD}" /usr/bin/env bash -e -o pipefail -c "$*"
136143
}
137144

138145
# please, please, unify around this function.
139146
function chroot_mount() {
140-
raw_command="$*" raw_extra="chroot_mount" TMPDIR="" \
147+
raw_command="$*" raw_extra="chroot_mount" TMPDIR="" LC_ALL="C" LANG="C" LANGUAGE="" SUDO_USER="" \
141148
run_host_command_logged_raw chroot "${MOUNT}" /usr/bin/env bash -e -o pipefail -c "$*"
142149
}
143150

lib/functions/rootfs/distro-specific.sh

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -266,19 +266,25 @@ function create_sources_list_and_deploy_repo_key() {
266266
mkdir -p "${basedir}"/usr/share/keyrings
267267
# change to binary form
268268
APT_SIGNING_KEY_FILE="/usr/share/keyrings/armbian-archive-keyring.gpg"
269-
gpg --batch --yes --dearmor < "${SRC}"/config/armbian.key > "${basedir}${APT_SIGNING_KEY_FILE}"
269+
# Use a temporary GPG homedir so we don't touch the builder's
270+
# ~/.gnupg (which may be owned by a different user when running
271+
# under sudo, producing "unsafe ownership on homedir" warnings).
272+
local gpg_tmp
273+
gpg_tmp=$(mktemp -d)
274+
gpg --homedir "${gpg_tmp}" --batch --yes --dearmor < "${SRC}"/config/armbian.key > "${basedir}${APT_SIGNING_KEY_FILE}"
275+
rm -rf "${gpg_tmp}"
270276

271277
# deploy the qemu binary, no matter where the rootfs came from (built or cached)
272278
deploy_qemu_binary_to_chroot "${basedir}" "${when}" # undeployed at end of this function
273279

274280
# lets link to the old file as armbian-config uses it and we can't set there to new file
275281
# we user force linking as some old caches still exists
276-
chroot "${basedir}" /bin/bash -c "ln -fs armbian-archive-keyring.gpg /usr/share/keyrings/armbian.gpg"
282+
LC_ALL=C LANG=C LANGUAGE= SUDO_USER= chroot "${basedir}" /bin/bash -c "ln -fs armbian-archive-keyring.gpg /usr/share/keyrings/armbian.gpg"
277283

278284
# lets keep old way for old distributions
279285
if [[ "${RELEASE}" =~ (focal|bullseye) ]]; then
280286
cp "${SRC}"/config/armbian.key "${basedir}"
281-
chroot "${basedir}" /bin/bash -c "cat armbian.key | apt-key add - > /dev/null 2>&1"
287+
LC_ALL=C LANG=C LANGUAGE= SUDO_USER= chroot "${basedir}" /bin/bash -c "cat armbian.key | apt-key add - > /dev/null 2>&1"
282288
fi
283289

284290
# undeploy the qemu binary from the image; we don't want to ship the host's qemu in the target image

lib/functions/rootfs/rootfs-create.sh

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -115,6 +115,15 @@ function create_new_rootfs_cache_via_debootstrap() {
115115
debootstrap_arguments+=("${RELEASE}" "${SDCARD}/" "${debootstrap_apt_mirror}") # release, path and mirror; always last, positional arguments.
116116

117117
mkdir -p "${SDCARD}/usr/bin"
118+
119+
# Suppress "Download is performed unsandboxed as root" — the _apt
120+
# user may not exist yet in a fresh rootfs. Pre-create an apt config
121+
# drop-in on the HOST side before mmdebstrap runs; --skip=check/empty
122+
# allows pre-populated rootfs dirs, and mmdebstrap preserves files
123+
# that don't belong to any extracted package.
124+
mkdir -p "${SDCARD}/etc/apt/apt.conf.d"
125+
echo 'APT::Sandbox::User "root";' > "${SDCARD}/etc/apt/apt.conf.d/99-armbian-sandbox"
126+
118127
deploy_qemu_binary_to_chroot "${SDCARD}" "rootfs" # undeployed near the end of this function
119128

120129
run_host_command_logged "${debootstrap_bin}" "${debootstrap_arguments[@]}" || {
@@ -129,6 +138,7 @@ function create_new_rootfs_cache_via_debootstrap() {
129138
# Done with mmdebstrap. Clean-up its litterbox.
130139
display_alert "Cleaning up after mmdebstrap" "mmdebstrap cleanup" "info"
131140
run_host_command_logged rm -rf "${SDCARD}/var/cache/apt" "${SDCARD}/var/lib/apt/lists"
141+
rm -f "${SDCARD}/etc/apt/apt.conf.d/99-armbian-sandbox" # build-time only; don't ship in the image
132142

133143
local_apt_deb_cache_prepare "after mmdebstrap cleanup" # just for size reference in logs
134144

@@ -158,7 +168,10 @@ function create_new_rootfs_cache_via_debootstrap() {
158168
# @TODO: Should be configurable.
159169
sed -e 's/CHARMAP=.*/CHARMAP="UTF-8"/' -e 's/FONTSIZE=.*/FONTSIZE="8x16"/' \
160170
-e 's/CODESET=.*/CODESET="guess"/' -i "$SDCARD/etc/default/console-setup"
161-
chroot_sdcard LC_ALL=C LANG=C setupcon --save --force
171+
# setupcon triggers setfont which fails with KDGETMODE errors
172+
# when there's no real console (chroot has no tty). The config
173+
# is saved correctly regardless — suppress the noise.
174+
chroot_sdcard "LC_ALL=C LANG=C setupcon --save --force 2>/dev/null || true"
162175
fi
163176

164177
# stage: create apt-get sources list (basic Debian/Ubuntu apt sources, no external nor PPAS).

0 commit comments

Comments
 (0)