bstein/metis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

service: tighten flash device safety

Browse Source
This commit is contained in:
Brad Stein 2026-03-31 20:49:34 -03:00
parent a148e77335
commit 1c9edb95f8
1 changed files with 42 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
cmd/metis/remote_cmd.go
View File

@ -195,14 +195,18 @@ func localFlashDevices(maxBytes int64, hostTmpDir string) ([]service.Device, err
} }
var payload struct { var payload struct {
Blockdevices []struct { Blockdevices []struct {
Name string `json:"name"` Name string `json:"name"`
Path string `json:"path"` Path string `json:"path"`
RM bool `json:"rm"` RM bool `json:"rm"`
Hotplug bool `json:"hotplug"` Hotplug bool `json:"hotplug"`
Size any `json:"size"` Size any `json:"size"`
Model string `json:"model"` Model string `json:"model"`
Tran string `json:"tran"` Tran string `json:"tran"`
Type string `json:"type"` Type string `json:"type"`
Mountpoint string `json:"mountpoint"`
Children []struct {
Mountpoint string `json:"mountpoint"`
} `json:"children"`
} `json:"blockdevices"` } `json:"blockdevices"`
} }
if err := json.Unmarshal(out, &payload); err != nil { if err := json.Unmarshal(out, &payload); err != nil {
@ -223,7 +227,13 @@ func localFlashDevices(maxBytes int64, hostTmpDir string) ([]service.Device, err
if size <= 0 || size > maxBytes { if size <= 0 || size > maxBytes {
continue continue
} }
if dev.Tran != "usb" && !dev.RM && !dev.Hotplug { if dev.Tran != "usb" && !dev.RM {
continue
}
if strings.TrimSpace(dev.Mountpoint) != "" {
continue
}
if hasMountedChildren(dev.Children) {
continue continue
} }
devices = append(devices, service.Device{ devices = append(devices, service.Device{
@ -243,7 +253,7 @@ func localFlashDevices(maxBytes int64, hostTmpDir string) ([]service.Device, err
Model: "Host /tmp", Model: "Host /tmp",
Transport: "test", Transport: "test",
Type: "file", Type: "file",
Note: fmt.Sprintf("Test-only host write target under %s", hostTmpDir), Note: fmt.Sprintf("Test-only host write target under %s", humanHostPath(hostTmpDir)),
Removable: false, Removable: false,
Hotplug: false, Hotplug: false,
SizeBytes: 1, SizeBytes: 1,
@ -340,6 +350,28 @@ func resolvePulledArtifact(dir string) (string, bool, error) {
return "", false, fmt.Errorf("no .img or .img.xz artifact found in %s", dir) return "", false, fmt.Errorf("no .img or .img.xz artifact found in %s", dir)
} }
func hasMountedChildren(children []struct {
Mountpoint string `json:"mountpoint"`
}) bool {
for _, child := range children {
if strings.TrimSpace(child.Mountpoint) != "" {
return true
}
}
return false
}
func humanHostPath(path string) string {
path = strings.TrimSpace(path)
if strings.HasPrefix(path, "/host-tmp/") {
return "/" + strings.TrimPrefix(path, "/host-tmp/")
}
if path == "/host-tmp" {
return "/tmp"
}
return path
}
func getenvOr(key, fallback string) string { func getenvOr(key, fallback string) string {
value := strings.TrimSpace(os.Getenv(key)) value := strings.TrimSpace(os.Getenv(key))
if value == "" { if value == "" {