fix(mount): remove original AEA DMG after decrypting

[supervacuus]

Summary

ipsw mount sys leaks the original *.dmg.aea temporary extracted from an IPSW.

This happens here:

ipsw/internal/commands/mount/mount.go

Lines 144 to 158 in c902158

	if filepath.Ext(extractedDMG) == ".aea" {
	defer func() {
	_ = os.Remove(extractedDMG) // remove the encrypted AEA DMG after decrypting and mounting
	}()
	extractedDMG, err = aea.Decrypt(&aea.DecryptConfig{
	Input: extractedDMG,
	Output: filepath.Dir(extractedDMG),
	PemDB: cfg.PemDB,
	Proxy: "", // TODO: make proxy configurable
	Insecure: false, // TODO: make insecure configurable
	})
	if err != nil {
	return nil, fmt.Errorf("failed to parse AEA encrypted DMG: %v", err)
	}
	}

The deferred cleanup closes over extractedDMG, but that variable is then reassigned to the decrypted .dmg path. When the defer runs, it removes the decrypted DMG path instead of the original .dmg.aea, leaving the encrypted AEA file behind.

This is likely not an issue for most users, since the output would be removed when temporaries are garbage collected. However, in our case, where we process many artifacts sequentially on a disk-restricted runner, it can quickly lead to running out of disk space.

Testing

ipsw mount sys on any IPSW that contains AEA-encrypted DMGs. This is easier to observe with controlled temporary directories (TMPDIR env var).

AI Assistance

none.

[blacktop]

Thank you @supervacuus !!