diff options
author | Matthias Wolf <matthias.wolf@epfl.ch> | 2022-05-24 16:01:46 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-24 16:01:46 +0200 |
commit | 557845cccc0523c34072dbeddf6035f54fb2a76e (patch) | |
tree | c9714859119f9409f997d02e4c19ff6072518a49 /var | |
parent | c5297523af7387b358511fe15cfb520a6441113c (diff) | |
download | spack-557845cccc0523c34072dbeddf6035f54fb2a76e.tar.gz spack-557845cccc0523c34072dbeddf6035f54fb2a76e.tar.bz2 spack-557845cccc0523c34072dbeddf6035f54fb2a76e.tar.xz spack-557845cccc0523c34072dbeddf6035f54fb2a76e.zip |
apptainer: new package (#30745)
Diffstat (limited to 'var')
3 files changed, 77 insertions, 14 deletions
diff --git a/var/spack/repos/builtin/packages/apptainer/package.py b/var/spack/repos/builtin/packages/apptainer/package.py new file mode 100644 index 0000000000..7733e75830 --- /dev/null +++ b/var/spack/repos/builtin/packages/apptainer/package.py @@ -0,0 +1,37 @@ +# Copyright 2013-2022 Lawrence Livermore National Security, LLC and other +# Spack Project Developers. See the top-level COPYRIGHT file for details. +# +# SPDX-License-Identifier: (Apache-2.0 OR MIT) + + +from spack import * +from spack.pkg.builtin.singularityce import SingularityBase + + +# Apptainer is the new name of Singularity, piggy-back on the original package +class Apptainer(SingularityBase): + '''Apptainer is an open source container platform designed to be simple, fast, and + secure. Many container platforms are available, but Apptainer is designed for + ease-of-use on shared systems and in high performance computing (HPC) + environments. + + Needs post-install chmod/chown steps to enable full functionality. + See package definition or `spack-build-out.txt` build log for details, + e.g.:: + + tail -15 $(spack location -i apptainer)/.spack/spack-build-out.txt + ''' + + homepage = "https://apptainer.org" + url = "https://github.com/apptainer/apptainer/releases/download/v1.0.2/apptainer-1.0.2.tar.gz" + git = "https://github.com/apptainer/apptainer.git" + + version('main', branch='main') + version('1.0.2', sha256='2d7a9d0a76d5574459d249c3415e21423980d9154ce85e8c34b0600782a7dfd3') + + singularity_org = 'apptainer' + singularity_name = 'apptainer' + singularity_security_urls = ( + "https://apptainer.org/docs/admin/main/security.html", + "https://apptainer.org/docs/admin/main/admin_quickstart.html#apptainer-security", + ) diff --git a/var/spack/repos/builtin/packages/apptainer/spack_perms_fix.sh.j2 b/var/spack/repos/builtin/packages/apptainer/spack_perms_fix.sh.j2 new file mode 100644 index 0000000000..32baa21203 --- /dev/null +++ b/var/spack/repos/builtin/packages/apptainer/spack_perms_fix.sh.j2 @@ -0,0 +1,11 @@ +#!/bin/sh -eu + +{% for cf in chown_files %} +chown root {{ prefix }}/{{ cf }} +{% endfor %} + +{% for sf in setuid_files %} +chmod 4555 {{ prefix }}/{{ sf }} +{% endfor %} + +# end diff --git a/var/spack/repos/builtin/packages/singularityce/package.py b/var/spack/repos/builtin/packages/singularityce/package.py index dccae4a86f..f59142f9f4 100644 --- a/var/spack/repos/builtin/packages/singularityce/package.py +++ b/var/spack/repos/builtin/packages/singularityce/package.py @@ -27,6 +27,14 @@ class SingularityBase(MakefilePackage): conflicts('platform=darwin', msg='singularity requires a Linux VM on Windows & Mac') + # Use these properties to buffer the renaming to Apptainer + singularity_org = 'sylabs' + singularity_name = 'singularity' + singularity_security_urls = ( + "https://sylabs.io/guides/2.6/admin-guide/security.html", + "https://sylabs.io/guides/3.2/admin-guide/admin_quickstart.html#singularity-security", + ) + # Go has novel ideas about how projects should be organized. # We'll point GOPATH at the stage dir, and move the unpacked src # tree into the proper subdir in our overridden do_stage below. @@ -35,12 +43,9 @@ class SingularityBase(MakefilePackage): return self.stage.path @property - def sylabs_gopath_dir(self): - return join_path(self.gopath, 'src/github.com/sylabs/') - - @property def singularity_gopath_dir(self): - return join_path(self.sylabs_gopath_dir, 'singularity') + return join_path(self.gopath, 'src', 'github.com', + self.singularity_org, self.singularity_name) # Unpack the tarball as usual, then move the src dir into # its home within GOPATH. @@ -90,7 +95,9 @@ class SingularityBase(MakefilePackage): squash_path = join_path(self.spec['squashfs'].prefix.bin, 'mksquashfs') filter_file(r'^# mksquashfs path =', 'mksquashfs path = {0}'.format(squash_path), - join_path(prefix.etc, 'singularity', 'singularity.conf')) + join_path(prefix.etc, + self.singularity_name, + self.singularity_name + '.conf')) # # Assemble a script that fixes the ownership and permissions of several @@ -116,11 +123,18 @@ class SingularityBase(MakefilePackage): def build_perms_script(self): if self.spec.satisfies('+suid'): script = self.perm_script_path() - chown_files = ['libexec/singularity/bin/starter-suid', - 'etc/singularity/singularity.conf', - 'etc/singularity/capability.json', - 'etc/singularity/ecl.toml'] - setuid_files = ['libexec/singularity/bin/starter-suid'] + chown_files = [ + fn.format(self.singularity_name) + for fn in ['libexec/{0}/bin/starter-suid', + 'etc/{0}/{0}.conf', + 'etc/{0}/capability.json', + 'etc/{0}/ecl.toml'] + ] + setuid_files = [ + 'libexec/{0}/bin/starter-suid'.format( + self.singularity_name + ) + ] self._build_script(script, {'prefix': self.spec.prefix, 'chown_files': chown_files, 'setuid_files': setuid_files}) @@ -136,8 +150,8 @@ class SingularityBase(MakefilePackage): For full functionality, you'll need to chown and chmod some files after installing the package. This has security implications. For details, see: - https://sylabs.io/guides/2.6/admin-guide/security.html - https://sylabs.io/guides/3.2/admin-guide/admin_quickstart.html#singularity-security + {1} + {2} We've installed a script that will make the necessary changes; read through it and then execute it as root (e.g. via sudo). @@ -145,7 +159,8 @@ class SingularityBase(MakefilePackage): The script is named: {0} - """.format(self.perm_script_path())) + """.format(self.perm_script_path(), + *self.singularity_security_urls)) class Singularityce(SingularityBase): |