fix(iso): pass installer-env script as bind-mounted file, not inline bash -c

On this host (and potentially others with a particular podman/overlay state), passing the multi-hundred-line stage-2 script via `debian:trixie bash -c '...'` caused debootstrap to fail at "Extracting apt... tar failed" on the very first package — no matter what patch, storage cleanup, or env-reset we tried. Running the exact same script body via a bind-mounted file (`bash /installer-env.sh`) succeeds. So: write the body to a temp file in WORK_DIR, bind-mount it read-only, and have the container bash execute it from the file. Same behavior, different invocation, works. Was blocking every ISO rebuild since ~10:57 local. First successful build since: 14:40, sha256 41fad2ff…, 2.3GB. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-19 14:40:52 -04:00 · 2026-04-19 14:40:52 -04:00 · 3441ea2459
commit 3441ea2459
parent 3127d50091
1 changed files with 14 additions and 7 deletions
--- a/image-recipe/build-auto-installer-iso.sh
+++ b/image-recipe/build-auto-installer-iso.sh
@ -655,12 +655,12 @@ mkdir -p "$INSTALLER_ISO/EFI/BOOT"

 # Build the installer filesystem inside a container
 # This creates: vmlinuz, initrd.img, filesystem.squashfs
-echo "   Building installer rootfs with debootstrap (this takes a few minutes)..."
-$CONTAINER_CMD run --rm --privileged --platform $CONTAINER_PLATFORM \
-    -v "$WORK_DIR:/output" \
-    -e DEB_ARCH="$DEB_ARCH" \
-    -e LIB_DIR="$LIB_DIR" \
-    debian:trixie bash -c '
+# NOTE: the installer-env script is written to a file and bind-mounted into the
+# container rather than passed via `bash -c '...'`. On some hosts, the inline
+# form somehow interferes with debootstrap's dpkg-deb|tar extraction (repro'd
+# on this box: bash -c fails at "Extracting apt...", bash /script.sh succeeds).
+_INSTALLER_ENV_SCRIPT="$WORK_DIR/_installer-env.sh"
+cat > "$_INSTALLER_ENV_SCRIPT" <<'INSTALLER_ENV_EOF'
 set -e

 apt-get update -qq
@ -924,7 +924,14 @@ grub-mkfont -s 16 -o /output/grub-fonts/dejavu_16.pf2 /usr/share/fonts/truetype/
 grub-mkfont -s 24 -o /output/grub-fonts/dejavu_24.pf2 /usr/share/fonts/truetype/dejavu/DejaVuSansMono-Bold.ttf

 echo "   [container] Done!"
-'
+INSTALLER_ENV_EOF
+
+$CONTAINER_CMD run --rm --privileged --platform $CONTAINER_PLATFORM \
+    -v "$WORK_DIR:/output" \
+    -v "$_INSTALLER_ENV_SCRIPT:/installer-env.sh:ro" \
+    -e DEB_ARCH="$DEB_ARCH" \
+    -e LIB_DIR="$LIB_DIR" \
+    debian:trixie bash /installer-env.sh

 # Verify artifacts
 for artifact in vmlinuz initrd.img filesystem.squashfs BOOTX64.EFI efi.img isolinux.bin isohdpfx.bin; do