summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--var/spack/repos/builtin/packages/apptainer/package.py37
-rw-r--r--var/spack/repos/builtin/packages/apptainer/spack_perms_fix.sh.j211
-rw-r--r--var/spack/repos/builtin/packages/singularityce/package.py43
3 files changed, 77 insertions, 14 deletions
diff --git a/var/spack/repos/builtin/packages/apptainer/package.py b/var/spack/repos/builtin/packages/apptainer/package.py
new file mode 100644
index 0000000000..7733e75830
--- /dev/null
+++ b/var/spack/repos/builtin/packages/apptainer/package.py
@@ -0,0 +1,37 @@
+# Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
+# Spack Project Developers. See the top-level COPYRIGHT file for details.
+#
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+
+
+from spack import *
+from spack.pkg.builtin.singularityce import SingularityBase
+
+
+# Apptainer is the new name of Singularity, piggy-back on the original package
+class Apptainer(SingularityBase):
+ '''Apptainer is an open source container platform designed to be simple, fast, and
+ secure. Many container platforms are available, but Apptainer is designed for
+ ease-of-use on shared systems and in high performance computing (HPC)
+ environments.
+
+ Needs post-install chmod/chown steps to enable full functionality.
+ See package definition or `spack-build-out.txt` build log for details,
+ e.g.::
+
+ tail -15 $(spack location -i apptainer)/.spack/spack-build-out.txt
+ '''
+
+ homepage = "https://apptainer.org"
+ url = "https://github.com/apptainer/apptainer/releases/download/v1.0.2/apptainer-1.0.2.tar.gz"
+ git = "https://github.com/apptainer/apptainer.git"
+
+ version('main', branch='main')
+ version('1.0.2', sha256='2d7a9d0a76d5574459d249c3415e21423980d9154ce85e8c34b0600782a7dfd3')
+
+ singularity_org = 'apptainer'
+ singularity_name = 'apptainer'
+ singularity_security_urls = (
+ "https://apptainer.org/docs/admin/main/security.html",
+ "https://apptainer.org/docs/admin/main/admin_quickstart.html#apptainer-security",
+ )
diff --git a/var/spack/repos/builtin/packages/apptainer/spack_perms_fix.sh.j2 b/var/spack/repos/builtin/packages/apptainer/spack_perms_fix.sh.j2
new file mode 100644
index 0000000000..32baa21203
--- /dev/null
+++ b/var/spack/repos/builtin/packages/apptainer/spack_perms_fix.sh.j2
@@ -0,0 +1,11 @@
+#!/bin/sh -eu
+
+{% for cf in chown_files %}
+chown root {{ prefix }}/{{ cf }}
+{% endfor %}
+
+{% for sf in setuid_files %}
+chmod 4555 {{ prefix }}/{{ sf }}
+{% endfor %}
+
+# end
diff --git a/var/spack/repos/builtin/packages/singularityce/package.py b/var/spack/repos/builtin/packages/singularityce/package.py
index dccae4a86f..f59142f9f4 100644
--- a/var/spack/repos/builtin/packages/singularityce/package.py
+++ b/var/spack/repos/builtin/packages/singularityce/package.py
@@ -27,6 +27,14 @@ class SingularityBase(MakefilePackage):
conflicts('platform=darwin', msg='singularity requires a Linux VM on Windows & Mac')
+ # Use these properties to buffer the renaming to Apptainer
+ singularity_org = 'sylabs'
+ singularity_name = 'singularity'
+ singularity_security_urls = (
+ "https://sylabs.io/guides/2.6/admin-guide/security.html",
+ "https://sylabs.io/guides/3.2/admin-guide/admin_quickstart.html#singularity-security",
+ )
+
# Go has novel ideas about how projects should be organized.
# We'll point GOPATH at the stage dir, and move the unpacked src
# tree into the proper subdir in our overridden do_stage below.
@@ -35,12 +43,9 @@ class SingularityBase(MakefilePackage):
return self.stage.path
@property
- def sylabs_gopath_dir(self):
- return join_path(self.gopath, 'src/github.com/sylabs/')
-
- @property
def singularity_gopath_dir(self):
- return join_path(self.sylabs_gopath_dir, 'singularity')
+ return join_path(self.gopath, 'src', 'github.com',
+ self.singularity_org, self.singularity_name)
# Unpack the tarball as usual, then move the src dir into
# its home within GOPATH.
@@ -90,7 +95,9 @@ class SingularityBase(MakefilePackage):
squash_path = join_path(self.spec['squashfs'].prefix.bin, 'mksquashfs')
filter_file(r'^# mksquashfs path =',
'mksquashfs path = {0}'.format(squash_path),
- join_path(prefix.etc, 'singularity', 'singularity.conf'))
+ join_path(prefix.etc,
+ self.singularity_name,
+ self.singularity_name + '.conf'))
#
# Assemble a script that fixes the ownership and permissions of several
@@ -116,11 +123,18 @@ class SingularityBase(MakefilePackage):
def build_perms_script(self):
if self.spec.satisfies('+suid'):
script = self.perm_script_path()
- chown_files = ['libexec/singularity/bin/starter-suid',
- 'etc/singularity/singularity.conf',
- 'etc/singularity/capability.json',
- 'etc/singularity/ecl.toml']
- setuid_files = ['libexec/singularity/bin/starter-suid']
+ chown_files = [
+ fn.format(self.singularity_name)
+ for fn in ['libexec/{0}/bin/starter-suid',
+ 'etc/{0}/{0}.conf',
+ 'etc/{0}/capability.json',
+ 'etc/{0}/ecl.toml']
+ ]
+ setuid_files = [
+ 'libexec/{0}/bin/starter-suid'.format(
+ self.singularity_name
+ )
+ ]
self._build_script(script, {'prefix': self.spec.prefix,
'chown_files': chown_files,
'setuid_files': setuid_files})
@@ -136,8 +150,8 @@ class SingularityBase(MakefilePackage):
For full functionality, you'll need to chown and chmod some files
after installing the package. This has security implications.
For details, see:
- https://sylabs.io/guides/2.6/admin-guide/security.html
- https://sylabs.io/guides/3.2/admin-guide/admin_quickstart.html#singularity-security
+ {1}
+ {2}
We've installed a script that will make the necessary changes;
read through it and then execute it as root (e.g. via sudo).
@@ -145,7 +159,8 @@ class SingularityBase(MakefilePackage):
The script is named:
{0}
- """.format(self.perm_script_path()))
+ """.format(self.perm_script_path(),
+ *self.singularity_security_urls))
class Singularityce(SingularityBase):