fix(pxe): fully write out sparse OS images

[iExalt]

Description

Ensure OS image conversion writes zero-filled and unallocated source regions to the destination boot disk. Without -S 0, sparse conversion can leave stale filesystem or volume metadata behind when reprovisioning a previously used disk.

• Example:
  • QEMU image A is 2GB of 1s
  • QEMU image B is 1GB of 1s then a 9GB sparse region of 0s
  • Writing QEMU image B over a disk with image A without the -S 0 flag will not overwrite the 2nd GB of 1s with zeros as expected; the disk will still contain 2GB of 1s.

Related issues

• Related to feat: harden PXE host OS imaging boots #2605

Type of Change

• Add - New feature or capability
• Change - Changes in existing functionality
• Fix - Bug fixes
• Remove - Removed features or deprecated functionality
• Internal - Internal changes (refactoring, tests, docs, etc.)

Breaking Changes

• This PR contains breaking changes

Testing

• Unit tests added/updated
• Integration tests added/updated
• Manual testing performed
• No testing required (docs, internal refactor, etc.)

Validated with:

• git diff --check nvidia-upstream/main...personal-upstream/codex/pxe-overwrite-sparse-images
• bash -n pxe/common_files/disk_imaging.sh

Additional Notes

qemu-img convert -S 0 disables sparse-region detection so zero-filled regions represented by the source image are explicitly written. This is not a secure wipe of any destination capacity beyond the source image's virtual size.

[copy-pr-bot]

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

[coderabbitai]

Walkthrough

A single character flag, -S 0, is appended to the qemu-img convert command in disk_imaging.sh. This instructs qemu-img to disable sparse block detection, ensuring all blocks — including those containing only zeroes — are explicitly written to the target disk during raw conversion.

Changes

Disk Imaging Command Update

Layer / File(s)	Summary
Add -S 0 to qemu-img convert pxe/common_files/disk_imaging.sh	The qemu-img convert invocation is updated from -p -O raw to -p -S 0 -O raw, disabling sparse block skipping so all blocks are written unconditionally to the target disk.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The pull request description directly addresses the changeset, providing clear technical rationale for the -S 0 flag addition and concrete examples of the problem being solved.
Title check	✅ Passed	The title 'fix(pxe): fully write out sparse OS images' directly addresses the main change: adding the -S 0 flag to ensure complete writing of sparse images during disk imaging, matching the PR's core objective.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

🧹 Nitpick comments (1)

pxe/common_files/disk_imaging.sh (1)

534-534: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Wrap unquoted shell variables to prevent word-splitting and globbing.

The variables $file, $image_disk, and $log_output lack double-quotes on line 534. While their expected values (filenames, device paths, log paths) are typically single tokens, unquoted variables create word-splitting and globbing vulnerabilities if these values ever contain spaces, glob characters, or special shell metacharacters. This violation of shell quoting discipline is flagged by ShellCheck (SC2086).

🔧 Proposed fix with properly quoted variables

-	qemu-img convert -p -O raw -S 0 $file $image_disk 2>&1 | tee $log_output
+	qemu-img convert -p -O raw -S 0 "$file" "$image_disk" 2>&1 | tee "$log_output"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pxe/common_files/disk_imaging.sh` at line 534, The qemu-img convert command
on line 534 uses unquoted shell variables $file, $image_disk, and $log_output
which creates word-splitting and globbing vulnerabilities. Wrap each of these
three variables in double quotes in the command: "$file", "$image_disk", and
"$log_output" to properly protect against spaces and special characters that may
appear in their values.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@pxe/common_files/disk_imaging.sh`:
- Line 534: The qemu-img convert command on line 534 uses unquoted shell
variables $file, $image_disk, and $log_output which creates word-splitting and
globbing vulnerabilities. Wrap each of these three variables in double quotes in
the command: "$file", "$image_disk", and "$log_output" to properly protect
against spaces and special characters that may appear in their values.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: cb3c556f-0770-4f90-ba0f-16a3327199f3

📥 Commits

Reviewing files that changed from the base of the PR and between 40c7ca4 and 86521de.

📒 Files selected for processing (1)

• pxe/common_files/disk_imaging.sh

[github-actions]

🔍 Container Scan Summary

Service	Total	Critical	High	Medium	Low	Other
boot-artifacts-aarch64	3	0	0	3	0	0
boot-artifacts-x86_64	3	0	0	3	0	0
forge-admin-cli-x86_64	264	6	24	98	6	130
machine-validation-runner	712	32	184	267	35	194
machine_validation	712	32	184	267	35	194
nvmetal-carbide	712	32	184	267	35	194
TOTAL	2406	102	576	905	111	712

Per-CVE detail lives in the per-service grype-* artifacts (JSON + SARIF). Severity counts only — no CVE IDs published here.