From 557845cccc0523c34072dbeddf6035f54fb2a76e Mon Sep 17 00:00:00 2001 From: Matthias Wolf Date: Tue, 24 May 2022 16:01:46 +0200 Subject: apptainer: new package (#30745) --- .../repos/builtin/packages/apptainer/package.py | 37 +++++++++++++++++++ .../packages/apptainer/spack_perms_fix.sh.j2 | 11 ++++++ .../builtin/packages/singularityce/package.py | 43 +++++++++++++++------- 3 files changed, 77 insertions(+), 14 deletions(-) create mode 100644 var/spack/repos/builtin/packages/apptainer/package.py create mode 100644 var/spack/repos/builtin/packages/apptainer/spack_perms_fix.sh.j2 (limited to 'var') diff --git a/var/spack/repos/builtin/packages/apptainer/package.py b/var/spack/repos/builtin/packages/apptainer/package.py new file mode 100644 index 0000000000..7733e75830 --- /dev/null +++ b/var/spack/repos/builtin/packages/apptainer/package.py @@ -0,0 +1,37 @@ +# Copyright 2013-2022 Lawrence Livermore National Security, LLC and other +# Spack Project Developers. See the top-level COPYRIGHT file for details. +# +# SPDX-License-Identifier: (Apache-2.0 OR MIT) + + +from spack import * +from spack.pkg.builtin.singularityce import SingularityBase + + +# Apptainer is the new name of Singularity, piggy-back on the original package +class Apptainer(SingularityBase): + '''Apptainer is an open source container platform designed to be simple, fast, and + secure. Many container platforms are available, but Apptainer is designed for + ease-of-use on shared systems and in high performance computing (HPC) + environments. + + Needs post-install chmod/chown steps to enable full functionality. + See package definition or `spack-build-out.txt` build log for details, + e.g.:: + + tail -15 $(spack location -i apptainer)/.spack/spack-build-out.txt + ''' + + homepage = "https://apptainer.org" + url = "https://github.com/apptainer/apptainer/releases/download/v1.0.2/apptainer-1.0.2.tar.gz" + git = "https://github.com/apptainer/apptainer.git" + + version('main', branch='main') + version('1.0.2', sha256='2d7a9d0a76d5574459d249c3415e21423980d9154ce85e8c34b0600782a7dfd3') + + singularity_org = 'apptainer' + singularity_name = 'apptainer' + singularity_security_urls = ( + "https://apptainer.org/docs/admin/main/security.html", + "https://apptainer.org/docs/admin/main/admin_quickstart.html#apptainer-security", + ) diff --git a/var/spack/repos/builtin/packages/apptainer/spack_perms_fix.sh.j2 b/var/spack/repos/builtin/packages/apptainer/spack_perms_fix.sh.j2 new file mode 100644 index 0000000000..32baa21203 --- /dev/null +++ b/var/spack/repos/builtin/packages/apptainer/spack_perms_fix.sh.j2 @@ -0,0 +1,11 @@ +#!/bin/sh -eu + +{% for cf in chown_files %} +chown root {{ prefix }}/{{ cf }} +{% endfor %} + +{% for sf in setuid_files %} +chmod 4555 {{ prefix }}/{{ sf }} +{% endfor %} + +# end diff --git a/var/spack/repos/builtin/packages/singularityce/package.py b/var/spack/repos/builtin/packages/singularityce/package.py index dccae4a86f..f59142f9f4 100644 --- a/var/spack/repos/builtin/packages/singularityce/package.py +++ b/var/spack/repos/builtin/packages/singularityce/package.py @@ -27,6 +27,14 @@ class SingularityBase(MakefilePackage): conflicts('platform=darwin', msg='singularity requires a Linux VM on Windows & Mac') + # Use these properties to buffer the renaming to Apptainer + singularity_org = 'sylabs' + singularity_name = 'singularity' + singularity_security_urls = ( + "https://sylabs.io/guides/2.6/admin-guide/security.html", + "https://sylabs.io/guides/3.2/admin-guide/admin_quickstart.html#singularity-security", + ) + # Go has novel ideas about how projects should be organized. # We'll point GOPATH at the stage dir, and move the unpacked src # tree into the proper subdir in our overridden do_stage below. @@ -34,13 +42,10 @@ class SingularityBase(MakefilePackage): def gopath(self): return self.stage.path - @property - def sylabs_gopath_dir(self): - return join_path(self.gopath, 'src/github.com/sylabs/') - @property def singularity_gopath_dir(self): - return join_path(self.sylabs_gopath_dir, 'singularity') + return join_path(self.gopath, 'src', 'github.com', + self.singularity_org, self.singularity_name) # Unpack the tarball as usual, then move the src dir into # its home within GOPATH. @@ -90,7 +95,9 @@ class SingularityBase(MakefilePackage): squash_path = join_path(self.spec['squashfs'].prefix.bin, 'mksquashfs') filter_file(r'^# mksquashfs path =', 'mksquashfs path = {0}'.format(squash_path), - join_path(prefix.etc, 'singularity', 'singularity.conf')) + join_path(prefix.etc, + self.singularity_name, + self.singularity_name + '.conf')) # # Assemble a script that fixes the ownership and permissions of several @@ -116,11 +123,18 @@ class SingularityBase(MakefilePackage): def build_perms_script(self): if self.spec.satisfies('+suid'): script = self.perm_script_path() - chown_files = ['libexec/singularity/bin/starter-suid', - 'etc/singularity/singularity.conf', - 'etc/singularity/capability.json', - 'etc/singularity/ecl.toml'] - setuid_files = ['libexec/singularity/bin/starter-suid'] + chown_files = [ + fn.format(self.singularity_name) + for fn in ['libexec/{0}/bin/starter-suid', + 'etc/{0}/{0}.conf', + 'etc/{0}/capability.json', + 'etc/{0}/ecl.toml'] + ] + setuid_files = [ + 'libexec/{0}/bin/starter-suid'.format( + self.singularity_name + ) + ] self._build_script(script, {'prefix': self.spec.prefix, 'chown_files': chown_files, 'setuid_files': setuid_files}) @@ -136,8 +150,8 @@ class SingularityBase(MakefilePackage): For full functionality, you'll need to chown and chmod some files after installing the package. This has security implications. For details, see: - https://sylabs.io/guides/2.6/admin-guide/security.html - https://sylabs.io/guides/3.2/admin-guide/admin_quickstart.html#singularity-security + {1} + {2} We've installed a script that will make the necessary changes; read through it and then execute it as root (e.g. via sudo). @@ -145,7 +159,8 @@ class SingularityBase(MakefilePackage): The script is named: {0} - """.format(self.perm_script_path())) + """.format(self.perm_script_path(), + *self.singularity_security_urls)) class Singularityce(SingularityBase): -- cgit v1.2.3-70-g09d2