Skip to content

Fix subshell variable bugs and optimize build performance #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Copilot wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Fix subshell variable bugs and optimize build performance #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
02aa981
Initial plan
Copilot Dec 29, 2025
30fefda
Optimize build scripts for performance and reliability
Copilot Dec 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions 04-customize-desktop.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,8 @@ export DEBIAN_FRONTEND=noninteractive

echo "--> Removing unwanted packages..."
PACKAGES_TO_REMOVE="kmahjongg kmines kpat ksnake kmail kontact akregator"
for pkg in $PACKAGES_TO_REMOVE; do
apt-get purge -y "$pkg" || true
done
# Batch removal is more efficient than sequential
apt-get purge -y $PACKAGES_TO_REMOVE || true
Copy link

Copilot AI Dec 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The variable PACKAGES_TO_REMOVE should be quoted when used in apt-get purge to handle potential edge cases properly. While the current package names don't contain special characters, proper quoting is a shell scripting best practice that prevents word splitting issues.

Change to: apt-get purge -y "$PACKAGES_TO_REMOVE" || true

Suggested change
apt-get purge -y $PACKAGES_TO_REMOVE || true
apt-get purge -y "$PACKAGES_TO_REMOVE" || true

Copilot uses AI. Check for mistakes.
apt-get autoremove -y

echo "--> Setting up global assets..."
Expand Down
4 changes: 2 additions & 2 deletions 05-install-ai.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,15 +17,15 @@ chmod 444 "${MODELFILE}"
cat > /usr/local/bin/luminos-reassemble.sh << "EOF"
#!/bin/bash
# Find files marked as split
find /usr/share/ollama/.ollama -name "*.is_split" | while read marker; do
while IFS= read -r -d '' marker; do
ORIG_FILE="${marker%.is_split}"
if [ ! -f "$ORIG_FILE" ]; then
echo "Reassembling $ORIG_FILE..."
# Combine parts .partaa, .partab...
cat "${ORIG_FILE}.part"* > "$ORIG_FILE"
chown ollama:ollama "$ORIG_FILE"
fi
done
done < <(find /usr/share/ollama/.ollama -name "*.is_split" -print0)
Comment on lines +20 to +28
Copy link

Copilot AI Dec 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reassembly logic in luminos-reassemble.sh runs as root via lumin-reassemble.service but processes files under /usr/share/ollama/.ollama, which is owned and writable by the ollama user. An attacker who can write to that directory can create *.is_split markers and make ORIG_FILE a symlink to a path outside the models tree, so that cat "${ORIG_FILE}.part"* > "$ORIG_FILE" will follow the symlink and create or overwrite arbitrary files as root (e.g., under /etc), enabling privilege escalation on reboot. To mitigate this, run the reassembly service as the non-privileged ollama user and/or defensively reject or avoid following symlinks and constrain reassembly strictly to trusted model paths.

Copilot uses AI. Check for mistakes.
EOF
chmod +x /usr/local/bin/luminos-reassemble.sh

Expand Down
24 changes: 12 additions & 12 deletions build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,10 @@ AI_BUILD_DIR="${WORK_DIR}/ai_build"
ISO_NAME="LuminOS-0.2.1-amd64.iso"

# Cleanup
sudo umount "${CHROOT_DIR}/sys" &>/dev/null || true
sudo umount "${CHROOT_DIR}/proc" &>/dev/null || true
sudo umount "${CHROOT_DIR}/dev/pts" &>/dev/null || true
sudo umount "${CHROOT_DIR}/dev" &>/dev/null || true
# Unmount in reverse order if they exist
for mount_point in "${CHROOT_DIR}/sys" "${CHROOT_DIR}/proc" "${CHROOT_DIR}/dev/pts" "${CHROOT_DIR}/dev"; do
mountpoint -q "$mount_point" 2>/dev/null && sudo umount "$mount_point" || true
done
pkill -f "ollama serve" || true
sudo rm -rf "${WORK_DIR}"
sudo rm -f "${BASE_DIR}/${ISO_NAME}"
Expand Down Expand Up @@ -69,15 +69,15 @@ fi
# 3b. CUT LARGE FILES (The Key Fix)
echo "--> Cutting large AI files into 1GB chunks..."
# Find files > 900MB (safety margin) inside the models directory
find "${TARGET_MODEL_DIR}" -type f -size +900M | while read file; do
while IFS= read -r -d '' file; do
echo "Splitting $file ..."
# Split into chunks named .partaa, .partab, etc.
split -b 900M "$file" "$file.part"
# Create a marker file to tell the OS this file needs reassembly
touch "$file.is_split"
# Remove the original giant file so it doesn't get into the ISO
rm "$file"
done
done < <(find "${TARGET_MODEL_DIR}" -type f -size +900M -print0)

# --- 4. Bootstrap System ---
echo "--> Bootstrapping Debian..."
Expand Down Expand Up @@ -131,7 +131,7 @@ echo "--> Creating Layers..."

# Layer 1: OS (Excluding models path)
echo " Layer 1 (OS)..."
mksquashfs "${CHROOT_DIR}" "${ISO_DIR}/live/01-filesystem.squashfs" -e boot -e usr/share/ollama/.ollama -comp zstd
mksquashfs "${CHROOT_DIR}" "${ISO_DIR}/live/01-filesystem.squashfs" -e boot -e usr/share/ollama/.ollama -comp zstd -processors "$(nproc)"

# Prepare distribution directories
L2="${WORK_DIR}/layer2"
Expand All @@ -152,7 +152,7 @@ mkdir -p "$L3/usr/share/ollama/.ollama/blobs"
mkdir -p "$L4/usr/share/ollama/.ollama/blobs"

COUNT=0
find "${TARGET_MODEL_DIR}/blobs" -type f | while read file; do
while IFS= read -r -d '' file; do
MOD=$((COUNT % 3))
if [ $MOD -eq 0 ]; then
cp "$file" "$L2/usr/share/ollama/.ollama/blobs/"
Expand All @@ -162,14 +162,14 @@ find "${TARGET_MODEL_DIR}/blobs" -type f | while read file; do
cp "$file" "$L4/usr/share/ollama/.ollama/blobs/"
fi
COUNT=$((COUNT + 1))
done
done < <(find "${TARGET_MODEL_DIR}/blobs" -type f -print0)

echo " Layer 2..."
mksquashfs "$L2" "${ISO_DIR}/live/02-ai-part1.squashfs" -comp zstd
mksquashfs "$L2" "${ISO_DIR}/live/02-ai-part1.squashfs" -comp zstd -processors "$(nproc)"
echo " Layer 3..."
mksquashfs "$L3" "${ISO_DIR}/live/03-ai-part2.squashfs" -comp zstd
mksquashfs "$L3" "${ISO_DIR}/live/03-ai-part2.squashfs" -comp zstd -processors "$(nproc)"
echo " Layer 4..."
mksquashfs "$L4" "${ISO_DIR}/live/04-ai-part3.squashfs" -comp zstd
mksquashfs "$L4" "${ISO_DIR}/live/04-ai-part3.squashfs" -comp zstd -processors "$(nproc)"

# --- 7. Bootloader & Final ISO ---
echo "--> Bootloader..."
Expand Down
Loading