fix direfctory creation

Author: UriHerrera

include/nuts/SystemInterface.h

@@ -64,7 +64,11 @@ class NUTS_EXPORT SystemInterface : public QObject {
     qint64 getAvailableSpace(const QString& path);
 
     // Security validation
-    bool validatePath(const QString& path, const QString& allowedPrefix);
+    // When logError is false the function returns false silently; use this
+    // when the result is combined with a second OR-condition validatePath()
+    // call to avoid a spurious security log on the first failing attempt.
+    bool validatePath(const QString& path, const QString& allowedPrefix,
+                      bool logError = true);
     bool validateURL(const QString& url);
     QString sanitizeVersionString(const QString& version);
 

src/lib/BackupManager.cpp

@@ -83,8 +83,12 @@ bool BackupManager::compressBackup(const QString& inputPath, const QString& outp
     QString backupDir = Config::instance().backupDir();
     QString xfsDir = Config::instance().xfsDir();
 
-    if (!m_sysInterface->validatePath(inputPath, backupDir) &&
-        !m_sysInterface->validatePath(inputPath, xfsDir)) {
+    // The XFS backup file always lives in xfsDir; backupDir is a secondary
+    // allowed location.  The first validatePath() call is silent so that it
+    // doesn't log a spurious security error when the file is legitimately in
+    // xfsDir and the backupDir check would never be reached.
+    if (!m_sysInterface->validatePath(inputPath, xfsDir, /*logError=*/false) &&
+        !m_sysInterface->validatePath(inputPath, backupDir)) {
         Logger::instance().error("SECURITY: Invalid input path for compression");
         return false;
     }

src/lib/SystemInterface.cpp

@@ -595,10 +595,12 @@ qint64 SystemInterface::getAvailableSpace(const QString& path) {
     return storage.bytesAvailable();
 }
 
-bool SystemInterface::validatePath(const QString& path, const QString& allowedPrefix) {
+bool SystemInterface::validatePath(const QString& path, const QString& allowedPrefix,
+                                   bool logError) {
     // Check for path traversal sequences
     if (path.contains("../") || path.contains("..\\")) {
-        Logger::instance().error("SECURITY: Path traversal sequence detected: " + path);
+        if (logError)
+            Logger::instance().error("SECURITY: Path traversal sequence detected: " + path);
         return false;
     }
 
@@ -620,8 +622,10 @@ bool SystemInterface::validatePath(const QString& path, const QString& allowedPr
 
     // Ensure path doesn't escape allowed directory
     if (!allowedPrefix.isEmpty() && !canonicalPath.startsWith(allowedPrefix)) {
-        Logger::instance().error("SECURITY: Path escapes allowed directory: " + path);
-        Logger::instance().error("Canonical: " + canonicalPath + ", Allowed: " + allowedPrefix);
+        if (logError) {
+            Logger::instance().error("SECURITY: Path escapes allowed directory: " + path);
+            Logger::instance().error("Canonical: " + canonicalPath + ", Allowed: " + allowedPrefix);
+        }
         return false;
     }
 

src/lib/UpdateManager.cpp

@@ -376,8 +376,17 @@ bool UpdateManager::verifyUpdateArchive(const QString& filePath, const QString&
 }
 
 bool UpdateManager::checkDiskSpace() {
-    // Check space on /home for OTA download
+    // Check space on /home for OTA download.
+    // downloadDir (/home/.nuts/downloads) may not exist yet — it is created
+    // inside the chroot later.  Walk up to the nearest existing ancestor so
+    // QStorageInfo can resolve the correct mount point.
     QString downloadDir = Config::instance().downloadDir();
+    {
+        QDir d(downloadDir);
+        while (!d.exists() && !d.isRoot())
+            d.cdUp();
+        downloadDir = d.absolutePath();
+    }
     qint64 availableHome = m_sysInterface->getAvailableSpace(downloadDir);
 
     // Estimate needed space: OTA size (from metadata) + 20% buffer
@@ -404,9 +413,11 @@ bool UpdateManager::checkDiskSpace() {
     requiredHome = estimatedOtaSize + buffer; // +20% buffer
 
     if (availableHome < requiredHome) {
-        Logger::instance().error(QString("Insufficient space on /home. Required: %1 GB, Available: %2 GB")
-                                .arg(requiredHome / (1024.0 * 1024 * 1024), 0, 'f', 2)
-                                .arg(availableHome / (1024.0 * 1024 * 1024), 0, 'f', 2));
+        Logger::instance().error(
+            QString("Insufficient space on %1. Required: %2 GB, Available: %3 GB")
+            .arg(downloadDir)
+            .arg(requiredHome / (1024.0 * 1024 * 1024), 0, 'f', 2)
+            .arg(availableHome / (1024.0 * 1024 * 1024), 0, 'f', 2));
         return false;
     }