It's possible to use the genimage tool to build the final SD card image without needing to use sudo/root or the kernel at all. I've done this for creating installation media at my work, and tested it out with this project and it Worked For Me™.
If you're interested in the approach, I'd be happy to polish the details and make a PR. If you'd rather stick with the loop device approach, I won't go to the trouble.
Pros:
no need for sudo/root
no need for kernel operations
interrupted or failed builds only require filesystem cleanup, not device nodes
can do the entire build in a container eg. Docker
can build the installer in CI (because of the above)
genimage is available in Debian since Bullseye (but no earlier)
Cons:
loop mount approach is tried and tested
more development/maintenance on kernel development than genimage (the genimage dev is still active and responsive, all I mean is it's obviously not at the same level)
the only testing has been on one person's RPi 2B+ (mine)
adds dependencies (genimage, mtools)
technically this also removes dependencies (linux kernel, losetup, kpartx, kmod) if the genimage approach replaces the loop mount approach
It's possible to use the genimage tool to build the final SD card image without needing to use sudo/root or the kernel at all. I've done this for creating installation media at my work, and tested it out with this project and it Worked For Me™.
If you're interested in the approach, I'd be happy to polish the details and make a PR. If you'd rather stick with the loop device approach, I won't go to the trouble.
Pros:
Cons: