fix(disk): propagate SetPartionLabel errors to installer layer

[wangrong1069]

Summary

• Change SetPartionLabel return type from void to bool to propagate errors
• Handle fsck failure gracefully (warn but continue)
• Improve Volume id parsing logic for robustness
• Callers (QtX86Installer, QtMipsInstaller) now check return value and abort on failure

Test plan

• Verify bootable USB creation still works with valid ISO images
• Verify error is reported when isoinfo fails or returns no volume id
• Verify volume id truncation works for labels longer than 11 characters

Summary by Sourcery

Bug Fixes:

• Ensure Qt x86 and MIPS installers detect and fail installation when setting the partition label fails instead of ignoring errors.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR makes disk partition labeling failures detectable by callers, hardens volume ID parsing, and improves error handling around filesystem checks during bootloader installation for both x86 and MIPS installers.

Sequence diagram for updated bootloader installation error handling

sequenceDiagram
    participant QtX86Installer
    participant DiskUtil
    participant fsck
    participant isoinfo

    QtX86Installer->>DiskUtil: SetPartionLabel(partitionName, image)
    DiskUtil->>fsck: run_fsck(device)
    alt [fsck failure]
        fsck-->>DiskUtil: failure
        Note right of DiskUtil: warn and continue
    else [fsck success]
        fsck-->>DiskUtil: success
    end
    DiskUtil->>isoinfo: get_volume_id(image)
    alt [volume id parsed]
        isoinfo-->>DiskUtil: volume_id
        DiskUtil-->>QtX86Installer: true
        QtX86Installer->>QtX86Installer: installBootload completes
    else [volume id error]
        isoinfo-->>DiskUtil: error
        DiskUtil-->>QtX86Installer: false
        QtX86Installer->>QtX86Installer: qCritical Failed to set partition label
        QtX86Installer-->>QtX86Installer: installBootload returns false
    end

    Note over QtX86Installer,DiskUtil: QtMipsInstaller follows the same interaction with SetPartionLabel

Loading

File-Level Changes

Change	Details	Files
Make partition label operations return a status and enforce failure handling in installers.	Change DiskUtil::SetPartionLabel return type from void to bool so callers can detect errors. Update QtX86Installer::installBootload to check SetPartionLabel result, log a critical error, and abort on failure. Update QtMipsInstaller::installBootload to check SetPartionLabel result, log a critical error, and abort on failure.	src/libdbm/installer/qtX86Installer.cpp src/libdbm/installer/qtmipsinstaller.cpp src/vendor/src/libxsys/DiskUtil/DiskUtil.cpp src/vendor/src/libxsys/DiskUtil/DiskUtil.h
Harden disk utility command execution, fsck handling, and volume ID parsing for robustness.	Adjust DiskUtil command execution paths to surface fsck failures as warnings while allowing processing to continue. Improve volume ID parsing logic to handle isoinfo failures and empty or long volume IDs more robustly, including truncation for labels over 11 characters. Update or add logging around command failures and parsing issues to aid diagnostics.	src/vendor/src/libxsys/Cmd/Cmd.cpp src/vendor/src/libxsys/DiskUtil/DiskUtil.cpp

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• Now that SetPartionLabel propagates failure via a bool, consider returning or logging more contextual information (e.g., device name, image path, underlying error string) so callers and logs can distinguish different failure causes.
• The SetPartionLabel API still uses the misspelled name; if feasible, introduce a correctly spelled wrapper (e.g., SetPartitionLabel) and deprecate the old one to avoid further propagation of the typo in new code.
• In the installer callers, consider including the partition name and image in the qCritical message when label setting fails to make troubleshooting easier in multi-disk environments.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Now that `SetPartionLabel` propagates failure via a bool, consider returning or logging more contextual information (e.g., device name, image path, underlying error string) so callers and logs can distinguish different failure causes.
- The `SetPartionLabel` API still uses the misspelled name; if feasible, introduce a correctly spelled wrapper (e.g., `SetPartitionLabel`) and deprecate the old one to avoid further propagation of the typo in new code.
- In the installer callers, consider including the partition name and image in the `qCritical` message when label setting fails to make troubleshooting easier in multi-disk environments.

## Individual Comments

### Comment 1
<location path="src/libdbm/installer/qtX86Installer.cpp" line_range="50-52" />
<code_context>

     qDebug() << "Setting partition label for image:" << m_strImage;
-    XSys::DiskUtil::SetPartionLabel(m_strPartionName, m_strImage);
+    if (!XSys::DiskUtil::SetPartionLabel(m_strPartionName, m_strImage)) {
+        qCritical() << "Failed to set partition label";
+        return false;
+    }

</code_context>
<issue_to_address>
**suggestion:** Include more context in the critical log to aid diagnosis.

Consider including `m_strPartionName` and/or `m_strImage` in this critical log so operators can identify which partition/image failed, especially when multiple installs run in parallel or logs are aggregated.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[deepin-ci-robot]

deepin pr auto review

你好！我是CodeGeeX。我已仔细审查了你提供的Git Diff。本次代码变更主要涉及：版权年份更新、错误处理增强（SetPartionLabel返回值检查）、日志改进（SynExec输出错误详情）以及SetPartionLabel函数的重构（修复解析逻辑、返回bool、修复命令注入风险等）。

总体来说，这次修改大幅度提升了代码的健壮性、安全性和可读性。以下是针对各个维度的详细审查意见和进一步优化建议：

1. 语法与逻辑

👍 亮点：

• 解析逻辑修复：原代码使用 split("\n").filter("Volume id").takeAt(0) 存在数组越界崩溃风险（若无匹配项会抛出异常）。新代码改用 for 循环遍历并 break，并增加了 volumeId.isEmpty() 的判断，逻辑更加严谨。
• 返回值校验：在 QtX86Installer 和 QtMipsInstaller 中增加了对 SetPartionLabel 返回值的检查，使得错误能够及时向上层传播，避免了“静默失败”。

🛠️ 改进建议：

• 潜在的空指针/越界风险：在 DiskUtil.cpp 中解析 Volume id 时：

  volumeId = line.split(":").last().trimmed();

  虽然已经通过 line.startsWith("Volume id:") 确定了前缀，但 split(":") 必然会产生至少两个元素，因此使用 last() 是安全的。不过，如果 ISO 镜像的 Volume id 本身包含冒号（如 Volume id: MY:DISK），last() 只会取到最后一段，导致名字被截断。建议改为 mid(line.indexOf(':') + 1).trimmed()，这样更稳健：

  if (line.startsWith("Volume id:")) {
      volumeId = line.mid(line.indexOf(':') + 1).trimmed();
      break;
  }

2. 代码质量

👍 亮点：

• 消除冗余代码：删除了原代码中未使用的 strName、strTemp 等临时变量，代码更加简洁。
• 日志语义提升：SynExec 中在执行失败时输出 stdout 和 stderr，这对于排查制作启动盘失败等线上问题非常有帮助。SetPartionLabel 中对截断情况增加了 qWarning，对 fsck 失败增加了 "continuing anyway" 提示，非常贴心。

🛠️ 改进建议：

• 拼写错误：代码中多处将 Partition（分区）拼写成 Partion（如 SetPartionLabel, m_strPartionName）。虽然为了保持与现有代码库的一致性不宜在本次修改中大规模重命名，但建议在后续重构中修正。
• 日志级别调整：在 Cmd.cpp 中：

  qInfo() << "resut:" << ret.isSuccess();
  if (!ret.isSuccess()) {
      qInfo() << "stdout:" << ret.result();
      qInfo() << "stderr:" << ret.errmsg();
  }

  当命令执行失败时，错误输出使用 qInfo() 级别偏低，建议改为 qWarning() 或 qCritical()，以便在日志系统中更容易过滤和报警。同时，"resut:" 存在拼写错误，应为 "result:"。

  qInfo() << "result:" << ret.isSuccess();
  if (!ret.isSuccess()) {
      qWarning() << "stdout:" << ret.result();
      qWarning() << "stderr:" << ret.errmsg();
  }

3. 代码性能

👍 亮点：

• 字符串构造优化：原代码 QString("-y %1").arg(strPartion) 和 QString(" %1 \"%2\"").arg(...) 会引发额外的字符串解析和内存分配。新代码改为 QStringList{"-y", strPartion}，直接构建字符串列表传递给 QProcess，不仅性能更好，也是 Qt 推荐的执行外部命令的方式。

🛠️ 改进建议：

• 本次修改的性能影响微乎其微，无需特别调整。外部命令调用（fsck, isoinfo, fatlabel）的进程创建开销远大于内存分配开销。

4. 代码安全 🚨

👍 亮点（重大安全修复）：

• 修复命令注入漏洞：原代码 XSys::SynExec(XSys::FS::SearchBin("fatlabel"), QString(" %1 \"%2\"").arg(strPartion).arg(strName)) 存在严重的命令注入风险。如果 strName 或 strPartion 包含特殊字符（如 "; rm -rf /" 或反引号），由于是通过 Shell 解析执行，会导致恶意命令被执行。新代码改为 QStringList{strPartion, label}，参数直接作为独立参数传递给 QProcess，绕过了 Shell 解析，彻底修复了此漏洞。这是本次 PR 最大的价值所在！

🛠️ 改进建议：

• fsck 命令参数仍需注意：新代码中 XSys::SynExec(XSys::FS::SearchBin("fsck"), QStringList{"-y", strPartion}) 已经使用了安全的 QStringList 形式，非常安全。但原代码注释 /*QProcess cannot handle Chinese paths*/ 似乎暗示之前用拼接字符串是为了绕过中文路径的 Bug。请务必测试在包含中文或空格的分区路径下（如 /dev/sdb1 挂载点含中文），fsck 和 fatlabel 使用 QStringList 方式是否能正常工作。Qt 的 QProcess 对中文路径支持良好，通常不需要绕过。

---

总结与重构后代码参考

本次代码变更质量很高，尤其是安全漏洞的修复和异常处理的增强。建议按照上述意见微调后合入。

以下是整合了改进建议的 SetPartionLabel 函数代码参考：

bool SetPartionLabel(const QString& strPartion, const QString& strImage)
{
    if (!XSys::SynExec(XSys::FS::SearchBin("fsck"), QStringList{"-y", strPartion}).isSuccess()) {
        qWarning() << "fsck failed on" << strPartion << ", continuing anyway";
    }

    XSys::Result isoResult = XSys::SynExec("isoinfo", QStringList{"-i", strImage, "-d"});
    if (!isoResult.isSuccess()) {
        qWarning() << "call isoinfo failed:" << isoResult.result();
        return false;
    }

    // Volume id 格式: "Volume id: DEEPIN" 或 "Volume id: UOS"
    QString volumeId;
    for (const QString &line : isoResult.result().split("\n")) {
        if (line.startsWith("Volume id:")) {
            // 使用 mid 代替 split(":").last()，防止卷标中包含冒号导致被截断
            volumeId = line.mid(line.indexOf(':') + 1).trimmed();
            break;
        }
    }

    if (volumeId.isEmpty()) {
        qWarning() << "No volume id found in isoinfo output";
        return false;
    }

    // FAT32 卷标最长 11 字符
    QString label = volumeId.left(11);
    if (volumeId.length() > 11) {
        qWarning() << "Volume id truncated:" << volumeId << "->" << label;
    }
    
    // 使用 QStringList 防止命令注入，无需手动拼接空格和引号
    return XSys::SynExec(XSys::FS::SearchBin("fatlabel"), QStringList{strPartion, label}).isSuccess();
}

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: lzwind, wangrong1069

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[wangrong1069]

/forcemerge

[deepin-bot]

This pr force merged! (status: unstable)