summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew W Elble <aweits@rit.edu>2020-04-17 11:38:22 -0400
committerGitHub <noreply@github.com>2020-04-17 17:38:22 +0200
commit985af94c4580fbdd3ec733082c285e70edeb86ea (patch)
tree8c2c28c9054fb33714a250acacca77dcf0bc8162
parent854a82bbecc368291daec4a57a38c1fa36fbcfb1 (diff)
downloadspack-985af94c4580fbdd3ec733082c285e70edeb86ea.tar.gz
spack-985af94c4580fbdd3ec733082c285e70edeb86ea.tar.bz2
spack-985af94c4580fbdd3ec733082c285e70edeb86ea.tar.xz
spack-985af94c4580fbdd3ec733082c285e70edeb86ea.zip
singularity: new variants to enable non-suid and non-network builds (#16088)
Defaults are left as they are currently
-rw-r--r--var/spack/repos/builtin/packages/singularity/package.py55
1 files changed, 32 insertions, 23 deletions
diff --git a/var/spack/repos/builtin/packages/singularity/package.py b/var/spack/repos/builtin/packages/singularity/package.py
index c33b6a3202..8931e270da 100644
--- a/var/spack/repos/builtin/packages/singularity/package.py
+++ b/var/spack/repos/builtin/packages/singularity/package.py
@@ -35,6 +35,8 @@ class Singularity(MakefilePackage):
version('3.2.1', sha256='d4388fb5f7e0083f0c344354c9ad3b5b823e2f3f27980e56efa7785140c9b616')
version('3.1.1', sha256='7f0df46458d8894ba0c2071b0848895304ae6b1137d3d4630f1600ed8eddf1a4')
+ variant('suid', default=True, description='install SUID binary')
+ variant('network', default=True, description='install network plugins')
depends_on('go')
depends_on('libuuid')
depends_on('libgpg-error')
@@ -82,7 +84,12 @@ class Singularity(MakefilePackage):
# Hijack the edit stage to run mconfig.
def edit(self, spec, prefix):
with working_dir(self.build_directory):
- configure = Executable('./mconfig --prefix=%s' % prefix)
+ confstring = './mconfig --prefix=%s' % prefix
+ if '~suid' in spec:
+ confstring += ' --without-suid'
+ if '~network' in spec:
+ confstring += ' --without-network'
+ configure = Executable(confstring)
configure()
# Set these for use by MakefilePackage's default build/install methods.
@@ -127,33 +134,35 @@ class Singularity(MakefilePackage):
@run_after('install')
def build_perms_script(self):
- script = self.perm_script_path()
- chown_files = ['libexec/singularity/bin/starter-suid',
- 'etc/singularity/singularity.conf',
- 'etc/singularity/capability.json',
- 'etc/singularity/ecl.toml']
- setuid_files = ['libexec/singularity/bin/starter-suid']
- self._build_script(script, {'prefix': self.spec.prefix,
- 'chown_files': chown_files,
- 'setuid_files': setuid_files})
- chmod = which('chmod')
- chmod('555', script)
+ if self.spec.satisfies('+suid'):
+ script = self.perm_script_path()
+ chown_files = ['libexec/singularity/bin/starter-suid',
+ 'etc/singularity/singularity.conf',
+ 'etc/singularity/capability.json',
+ 'etc/singularity/ecl.toml']
+ setuid_files = ['libexec/singularity/bin/starter-suid']
+ self._build_script(script, {'prefix': self.spec.prefix,
+ 'chown_files': chown_files,
+ 'setuid_files': setuid_files})
+ chmod = which('chmod')
+ chmod('555', script)
# Until tty output works better from build steps, this ends up in
# the build log. See https://github.com/spack/spack/pull/10412.
@run_after('install')
def caveats(self):
- tty.warn("""
- For full functionality, you'll need to chown and chmod some files
- after installing the package. This has security implications.
- For details, see:
- https://sylabs.io/guides/2.6/admin-guide/security.html
- https://sylabs.io/guides/3.2/admin-guide/admin_quickstart.html#singularity-security
+ if self.spec.satisfies('+suid'):
+ tty.warn("""
+ For full functionality, you'll need to chown and chmod some files
+ after installing the package. This has security implications.
+ For details, see:
+ https://sylabs.io/guides/2.6/admin-guide/security.html
+ https://sylabs.io/guides/3.2/admin-guide/admin_quickstart.html#singularity-security
- We've installed a script that will make the necessary changes;
- read through it and then execute it as root (e.g. via sudo).
+ We've installed a script that will make the necessary changes;
+ read through it and then execute it as root (e.g. via sudo).
- The script is named:
+ The script is named:
- {0}
- """.format(self.perm_script_path()))
+ {0}
+ """.format(self.perm_script_path()))