From e70a35ddc8f9297965c8fbcd7d9cb727dcadeb90 Mon Sep 17 00:00:00 2001
From: Jan De Landtsheer <jan@delandtsheer.eu>
Date: Tue, 9 Sep 2025 11:48:17 +0200
Subject: [PATCH] build: ensure stable container CWD to PROJECT_ROOT before
 stages
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

• Normalize CWD inside container to PROJECT_ROOT to prevent relative path issues in validation and downstream stages via [bash.setup_build_environment()](scripts/build.sh:133)

• Complements earlier hardening in [bash.initramfs_validate()](scripts/lib/initramfs.sh:774) that resolves absolute paths and checks existence
---
 scripts/build.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/scripts/build.sh b/scripts/build.sh
index 72f3973..2fe6032 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -138,6 +138,14 @@ function setup_build_environment() {
     log_info "Kernel version: ${KERNEL_VERSION}"
     log_info "Rust target: ${RUST_TARGET}"
     log_info "Optimization level: ${OPTIMIZATION_LEVEL}"
+
+    # Ensure a stable CWD inside the container (prefer /workspace)
+    if in_container; then
+        if [[ "$(pwd)" != "${PROJECT_ROOT}" ]]; then
+            log_info "Ensuring container CWD=${PROJECT_ROOT}"
+            safe_execute cd "${PROJECT_ROOT}"
+        fi
+    fi
     
     # Create build directories only if we're in container
     # Host will let container create them to avoid permission issues