diff options
3 files changed, 182 insertions, 139 deletions
diff --git a/var/spack/repos/builtin/packages/singularity/package.py b/var/spack/repos/builtin/packages/singularity/package.py index da6536faea..16671d31a5 100644 --- a/var/spack/repos/builtin/packages/singularity/package.py +++ b/var/spack/repos/builtin/packages/singularity/package.py @@ -4,13 +4,10 @@ # SPDX-License-Identifier: (Apache-2.0 OR MIT) from spack import * +from spack.pkg.builtin.singularityce import SingularityBase -import llnl.util.tty as tty -import os -import shutil - -class Singularity(MakefilePackage): +class Singularity(SingularityBase): '''Singularity is a container technology focused on building portable encapsulated environments to support "Mobility of Compute" For older versions of Singularity (pre 3.0) you should use singularity-legacy, @@ -23,7 +20,7 @@ class Singularity(MakefilePackage): tail -15 $(spack location -i singularity)/.spack/spack-build-out.txt ''' - homepage = "https://sylabs.io/singularity/" + homepage = "https://singularity.hpcng.org/" url = "https://github.com/hpcng/singularity/releases/download/v3.6.4/singularity-3.6.4.tar.gz" git = "https://github.com/hpcng/singularity.git" @@ -47,137 +44,4 @@ class Singularity(MakefilePackage): version('3.2.1', sha256='d4388fb5f7e0083f0c344354c9ad3b5b823e2f3f27980e56efa7785140c9b616') version('3.1.1', sha256='7f0df46458d8894ba0c2071b0848895304ae6b1137d3d4630f1600ed8eddf1a4') - variant('suid', default=True, description='install SUID binary') - variant('network', default=True, description='install network plugins') - - depends_on('pkgconfig', type='build') - depends_on('go') - depends_on('uuid') - depends_on('libgpg-error') - depends_on('libseccomp') - depends_on('squashfs', type='run') - depends_on('git', when='@develop') # mconfig uses it for version info - depends_on('shadow', type='run', when='@3.3:') - depends_on('cryptsetup', type=('build', 'run'), when='@3.4:') - patch('singularity_v3.4.0_remove_root_check.patch', level=0, when='@3.4.0:3.4.1') - - # Go has novel ideas about how projects should be organized. - # We'll point GOPATH at the stage dir, and move the unpacked src - # tree into the proper subdir in our overridden do_stage below. - @property - def gopath(self): - return self.stage.path - - @property - def sylabs_gopath_dir(self): - return join_path(self.gopath, 'src/github.com/sylabs/') - - @property - def singularity_gopath_dir(self): - return join_path(self.sylabs_gopath_dir, 'singularity') - - # Unpack the tarball as usual, then move the src dir into - # its home within GOPATH. - def do_stage(self, mirror_only=False): - super(Singularity, self).do_stage(mirror_only) - if not os.path.exists(self.singularity_gopath_dir): - # Move the expanded source to its destination - tty.debug("Moving {0} to {1}".format( - self.stage.source_path, self.singularity_gopath_dir)) - shutil.move(self.stage.source_path, self.singularity_gopath_dir) - - # The build process still needs access to the source path, - # so create a symlink. - force_symlink(self.singularity_gopath_dir, self.stage.source_path) - - # MakefilePackage's stages use this via working_dir() - @property - def build_directory(self): - return self.singularity_gopath_dir - - # Hijack the edit stage to run mconfig. - def edit(self, spec, prefix): - with working_dir(self.build_directory): - confstring = './mconfig --prefix=%s' % prefix - if '~suid' in spec: - confstring += ' --without-suid' - if '~network' in spec: - confstring += ' --without-network' - configure = Executable(confstring) - configure() - - # Set these for use by MakefilePackage's default build/install methods. - build_targets = ['-C', 'builddir', 'parallel=False'] - install_targets = ['install', '-C', 'builddir', 'parallel=False'] - - def setup_build_environment(self, env): - # Point GOPATH at the top of the staging dir for the build step. - env.prepend_path('GOPATH', self.gopath) - - # `singularity` has a fixed path where it will look for - # mksquashfs. If it lives somewhere else you need to specify the - # full path in the config file. This bit uses filter_file to edit - # the config file, uncommenting and setting the mksquashfs path. - @run_after('install') - def fix_mksquashfs_path(self): - prefix = self.spec.prefix - squash_path = join_path(self.spec['squashfs'].prefix.bin, 'mksquashfs') - filter_file(r'^# mksquashfs path =', - 'mksquashfs path = {0}'.format(squash_path), - join_path(prefix.etc, 'singularity', 'singularity.conf')) - - # - # Assemble a script that fixes the ownership and permissions of several - # key files, install it, and tty.warn() the user. - # HEADSUP: https://github.com/spack/spack/pull/10412. - # - def perm_script(self): - return 'spack_perms_fix.sh' - - def perm_script_tmpl(self): - return "{0}.j2".format(self.perm_script()) - - def perm_script_path(self): - return join_path(self.spec.prefix.bin, self.perm_script()) - - def _build_script(self, filename, variable_data): - with open(filename, 'w') as f: - env = spack.tengine.make_environment(dirs=self.package_dir) - t = env.get_template(self.perm_script_tmpl()) - f.write(t.render(variable_data)) - - @run_after('install') - def build_perms_script(self): - if self.spec.satisfies('+suid'): - script = self.perm_script_path() - chown_files = ['libexec/singularity/bin/starter-suid', - 'etc/singularity/singularity.conf', - 'etc/singularity/capability.json', - 'etc/singularity/ecl.toml'] - setuid_files = ['libexec/singularity/bin/starter-suid'] - self._build_script(script, {'prefix': self.spec.prefix, - 'chown_files': chown_files, - 'setuid_files': setuid_files}) - chmod = which('chmod') - chmod('555', script) - - # Until tty output works better from build steps, this ends up in - # the build log. See https://github.com/spack/spack/pull/10412. - @run_after('install') - def caveats(self): - if self.spec.satisfies('+suid'): - tty.warn(""" - For full functionality, you'll need to chown and chmod some files - after installing the package. This has security implications. - For details, see: - https://sylabs.io/guides/2.6/admin-guide/security.html - https://sylabs.io/guides/3.2/admin-guide/admin_quickstart.html#singularity-security - - We've installed a script that will make the necessary changes; - read through it and then execute it as root (e.g. via sudo). - - The script is named: - - {0} - """.format(self.perm_script_path())) diff --git a/var/spack/repos/builtin/packages/singularityce/package.py b/var/spack/repos/builtin/packages/singularityce/package.py new file mode 100644 index 0000000000..725293b20e --- /dev/null +++ b/var/spack/repos/builtin/packages/singularityce/package.py @@ -0,0 +1,168 @@ +# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other +# Spack Project Developers. See the top-level COPYRIGHT file for details. +# +# SPDX-License-Identifier: (Apache-2.0 OR MIT) + +from spack import * + +import llnl.util.tty as tty +import os +import shutil + + +class SingularityBase(MakefilePackage): + variant('suid', default=True, description='install SUID binary') + variant('network', default=True, description='install network plugins') + + depends_on('pkgconfig', type='build') + depends_on('go') + depends_on('uuid') + depends_on('libgpg-error') + depends_on('libseccomp') + depends_on('squashfs', type='run') + depends_on('git', when='@develop') # mconfig uses it for version info + depends_on('shadow', type='run', when='@3.3:') + depends_on('cryptsetup', type=('build', 'run'), when='@3.4:') + + # Go has novel ideas about how projects should be organized. + # We'll point GOPATH at the stage dir, and move the unpacked src + # tree into the proper subdir in our overridden do_stage below. + @property + def gopath(self): + return self.stage.path + + @property + def sylabs_gopath_dir(self): + return join_path(self.gopath, 'src/github.com/sylabs/') + + @property + def singularity_gopath_dir(self): + return join_path(self.sylabs_gopath_dir, 'singularity') + + # Unpack the tarball as usual, then move the src dir into + # its home within GOPATH. + def do_stage(self, mirror_only=False): + super(SingularityBase, self).do_stage(mirror_only) + if not os.path.exists(self.singularity_gopath_dir): + # Move the expanded source to its destination + tty.debug("Moving {0} to {1}".format( + self.stage.source_path, self.singularity_gopath_dir)) + shutil.move(self.stage.source_path, self.singularity_gopath_dir) + + # The build process still needs access to the source path, + # so create a symlink. + force_symlink(self.singularity_gopath_dir, self.stage.source_path) + + # MakefilePackage's stages use this via working_dir() + @property + def build_directory(self): + return self.singularity_gopath_dir + + # Hijack the edit stage to run mconfig. + def edit(self, spec, prefix): + with working_dir(self.build_directory): + confstring = './mconfig --prefix=%s' % prefix + if '~suid' in spec: + confstring += ' --without-suid' + if '~network' in spec: + confstring += ' --without-network' + configure = Executable(confstring) + configure() + + # Set these for use by MakefilePackage's default build/install methods. + build_targets = ['-C', 'builddir', 'parallel=False'] + install_targets = ['install', '-C', 'builddir', 'parallel=False'] + + def setup_build_environment(self, env): + # Point GOPATH at the top of the staging dir for the build step. + env.prepend_path('GOPATH', self.gopath) + + # `singularity` has a fixed path where it will look for + # mksquashfs. If it lives somewhere else you need to specify the + # full path in the config file. This bit uses filter_file to edit + # the config file, uncommenting and setting the mksquashfs path. + @run_after('install') + def fix_mksquashfs_path(self): + prefix = self.spec.prefix + squash_path = join_path(self.spec['squashfs'].prefix.bin, 'mksquashfs') + filter_file(r'^# mksquashfs path =', + 'mksquashfs path = {0}'.format(squash_path), + join_path(prefix.etc, 'singularity', 'singularity.conf')) + + # + # Assemble a script that fixes the ownership and permissions of several + # key files, install it, and tty.warn() the user. + # HEADSUP: https://github.com/spack/spack/pull/10412. + # + def perm_script(self): + return 'spack_perms_fix.sh' + + def perm_script_tmpl(self): + return "{0}.j2".format(self.perm_script()) + + def perm_script_path(self): + return join_path(self.spec.prefix.bin, self.perm_script()) + + def _build_script(self, filename, variable_data): + with open(filename, 'w') as f: + env = spack.tengine.make_environment(dirs=self.package_dir) + t = env.get_template(self.perm_script_tmpl()) + f.write(t.render(variable_data)) + + @run_after('install') + def build_perms_script(self): + if self.spec.satisfies('+suid'): + script = self.perm_script_path() + chown_files = ['libexec/singularity/bin/starter-suid', + 'etc/singularity/singularity.conf', + 'etc/singularity/capability.json', + 'etc/singularity/ecl.toml'] + setuid_files = ['libexec/singularity/bin/starter-suid'] + self._build_script(script, {'prefix': self.spec.prefix, + 'chown_files': chown_files, + 'setuid_files': setuid_files}) + chmod = which('chmod') + chmod('555', script) + + # Until tty output works better from build steps, this ends up in + # the build log. See https://github.com/spack/spack/pull/10412. + @run_after('install') + def caveats(self): + if self.spec.satisfies('+suid'): + tty.warn(""" + For full functionality, you'll need to chown and chmod some files + after installing the package. This has security implications. + For details, see: + https://sylabs.io/guides/2.6/admin-guide/security.html + https://sylabs.io/guides/3.2/admin-guide/admin_quickstart.html#singularity-security + + We've installed a script that will make the necessary changes; + read through it and then execute it as root (e.g. via sudo). + + The script is named: + + {0} + """.format(self.perm_script_path())) + + +class Singularityce(SingularityBase): + '''Singularity is a container technology focused on building portable + encapsulated environments to support "Mobility of Compute" For older + versions of Singularity (pre 3.0) you should use singularity-legacy, + which has a different install base (Autotools). + + Needs post-install chmod/chown steps to enable full functionality. + See package definition or `spack-build-out.txt` build log for details, + e.g. + + tail -15 $(spack location -i singularity)/.spack/spack-build-out.txt + ''' + + homepage = "https://sylabs.io/singularity/" + url = "https://github.com/sylabs/singularity/releases/download/v3.8.0/singularity-ce-3.8.0.tar.gz" + git = "https://github.com/sylabs/singularity.git" + + maintainers = ['alalazo'] + version('master', branch='master') + + version('3.8.0', sha256='5fa2c0e7ef2b814d8aa170826b833f91e5031a85d85cd1292a234e6c55da1be1') diff --git a/var/spack/repos/builtin/packages/singularityce/spack_perms_fix.sh.j2 b/var/spack/repos/builtin/packages/singularityce/spack_perms_fix.sh.j2 new file mode 100644 index 0000000000..32baa21203 --- /dev/null +++ b/var/spack/repos/builtin/packages/singularityce/spack_perms_fix.sh.j2 @@ -0,0 +1,11 @@ +#!/bin/sh -eu + +{% for cf in chown_files %} +chown root {{ prefix }}/{{ cf }} +{% endfor %} + +{% for sf in setuid_files %} +chmod 4555 {{ prefix }}/{{ sf }} +{% endfor %} + +# end |