diff --git a/.gitignore b/.gitignore index e69de29..48c1f3d 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/singularity-2.0.tar.gz diff --git a/singularity-fedora.patch b/singularity-fedora.patch new file mode 100644 index 0000000..dee2589 --- /dev/null +++ b/singularity-fedora.patch @@ -0,0 +1,23 @@ +diff --git a/examples/fedora.def b/examples/fedora.def +new file mode 100644 +index 0000000..7099b30 +--- /dev/null ++++ b/examples/fedora.def +@@ -0,0 +1,17 @@ ++RELEASE=23 ++ ++if [ -n "$1" ]; then ++ RELEASE="$1" ++fi ++echo "Setting RELEASE=$RELEASE" ++ ++DistType "redhat" ++MirrorURL "http://download.fedoraproject.org/pub/fedora/linux/releases/$RELEASE/Everything/\$basearch/os/" ++ ++Setup ++Bootstrap ++ ++InstallPkgs dnf ++ ++Cleanup ++ diff --git a/singularity-mkdir.patch b/singularity-mkdir.patch new file mode 100644 index 0000000..9693916 --- /dev/null +++ b/singularity-mkdir.patch @@ -0,0 +1,10 @@ +--- singularity-2.0/libexec/mods/linux_build.smod~ 2016-06-01 15:12:38.000000000 +0100 ++++ singularity-2.0/libexec/mods/linux_build.smod 2016-06-16 12:09:24.314611837 +0100 +@@ -172,6 +172,7 @@ + if [ -e "$SINGULARITY_BUILD_ROOT/$i" ]; then + rm -rf "$SINGULARITY_BUILD_ROOT/$i" + fi ++ mkdir -m 755 -p $(basename "$SINGULARITY_BUILD_ROOT/$i") + > "$SINGULARITY_BUILD_ROOT/$i" + fi + done diff --git a/singularity-release.patch b/singularity-release.patch new file mode 100644 index 0000000..b55351b --- /dev/null +++ b/singularity-release.patch @@ -0,0 +1,26 @@ +diff --git a/libexec/mods/linux_build_redhat.smod b/libexec/mods/linux_build_redhat.smod +index d51c373..52748da 100644 +--- a/libexec/mods/linux_build_redhat.smod ++++ b/libexec/mods/linux_build_redhat.smod +@@ -28,9 +28,6 @@ if ! YUM_PATH=`singularity_which dnf` && + fi + + +-RELEASE_PKG=`rpm -qf /etc/redhat-release --qf '%{NAME}\n'` +- +- + REPO_NAME="os-base" + YUM_CONF="/etc/bootstrap-yum.conf" + +@@ -75,8 +72,9 @@ Setup() { + + Bootstrap() { + # Avoid plugins which might cuase trouble, e.g. etckeeper, Red Hat +- # subscription-manager. +- if ! eval "$YUM_PATH --noplugins -c $SINGULARITY_BUILD_ROOT/$YUM_CONF --tolerant --installroot $SINGULARITY_BUILD_ROOT -y install $RELEASE_PKG redhat-release coreutils $@"; then ++ # subscription-manager. Install the release file, as the name of ++ # the release package varies between RHEL, CentOS, etc. ++ if ! eval "$YUM_PATH --noplugins -c $SINGULARITY_BUILD_ROOT/$YUM_CONF --tolerant --installroot $SINGULARITY_BUILD_ROOT -y install /etc/redhat-release coreutils $@"; then + exit 1 + fi + diff --git a/singularity-sec.patch b/singularity-sec.patch new file mode 100644 index 0000000..4acf6b6 --- /dev/null +++ b/singularity-sec.patch @@ -0,0 +1,66 @@ +--- src/sexec.c.orig 2016-06-01 15:12:38.000000000 +0100 ++++ src/sexec.c 2016-06-08 20:12:26.305999334 +0100 +@@ -99,10 +99,12 @@ + int lockfile_fd; + int retval = 0; + int bind_mount_writable = 0; +- uid_t uid = getuid(); +- gid_t gid = getgid(); ++ int gid_list_count; ++ uid_t uid; ++ gid_t gid; ++ gid_t *gid_list; + pid_t namespace_fork_pid = 0; +- struct passwd *pw = getpwuid(uid); ++ struct passwd *pw; + + + //****************************************************************************// +@@ -115,6 +117,17 @@ + + openlog("Singularity", LOG_CONS | LOG_NDELAY, LOG_LOCAL0); + ++ // Get all user/group info ++ uid = getuid(); ++ gid = getgid(); ++ gid_list_count = getgroups(0, NULL); ++ gid_list = (gid_t *) malloc(sizeof(gid_t) * gid_list_count); ++ if ( getgroups(gid_list_count, gid_list) < 0 ) { ++ fprintf(stderr, "ABORT: Could not obtain current supplementary group list: %s\n", strerror(errno)); ++ return(255); ++ } ++ pw = getpwuid(uid); ++ + // Check to make sure we are installed correctly + if ( seteuid(0) < 0 ) { + fprintf(stderr, "ABORT: Check installation, must be performed by root.\n"); +@@ -617,6 +630,10 @@ + fprintf(stderr, "ABORT: failed enter CONTAINERIMAGE: %s\n", containerpath); + return(255); + } ++ if ( chdir("/") < 0 ) { ++ fprintf(stderr, "ABORT: Could not chdir after chroot to /: %s\n", strerror(errno)); ++ return(1); ++ } + + + //****************************************************************************// +@@ -641,6 +658,10 @@ + // Drop all privledges for good + //****************************************************************************// + ++ if ( setgroups(gid_list_count, gid_list) < 0 ) { ++ fprintf(stderr, "ABORT: Could not reset supplementary group list: %s\n", strerror(errno)); ++ return(255); ++ } + if ( setregid(gid, gid) < 0 ) { + fprintf(stderr, "ABORT: Could not dump real and effective group privledges!\n"); + return(255); +@@ -661,7 +682,6 @@ + return(1); + } + +-//TODO: Fix logic so that we use cwd_fd for OS dirs + if ( is_dir(cwd) == 0 ) { + if ( chdir(cwd) < 0 ) { + fprintf(stderr, "ABORT: Could not chdir to: %s\n", cwd); diff --git a/singularity-yum.patch b/singularity-yum.patch new file mode 100644 index 0000000..236a79d --- /dev/null +++ b/singularity-yum.patch @@ -0,0 +1,47 @@ +diff --git a/libexec/mods/linux_build_redhat.smod b/libexec/mods/linux_build_redhat.smod +index 488b463..d51c373 100644 +--- a/libexec/mods/linux_build_redhat.smod ++++ b/libexec/mods/linux_build_redhat.smod +@@ -20,9 +20,10 @@ + # + + +- +-if ! YUM_PATH=`singularity_which yum`; then +- message ERROR "YUM is not in PATH!\n" ++# dnf should probably be preferred if it's present ++if ! YUM_PATH=`singularity_which dnf` && ++ ! YUM_PATH=`singularity_which yum`; then ++ message ERROR "Neither yum nor dnf in PATH!\n" + return 255 + fi + +@@ -73,7 +74,9 @@ Setup() { + } + + Bootstrap() { +- if ! eval "$YUM_PATH -c $SINGULARITY_BUILD_ROOT/$YUM_CONF --tolerant --installroot $SINGULARITY_BUILD_ROOT -y install $RELEASE_PKG redhat-release coreutils $@"; then ++ # Avoid plugins which might cuase trouble, e.g. etckeeper, Red Hat ++ # subscription-manager. ++ if ! eval "$YUM_PATH --noplugins -c $SINGULARITY_BUILD_ROOT/$YUM_CONF --tolerant --installroot $SINGULARITY_BUILD_ROOT -y install $RELEASE_PKG redhat-release coreutils $@"; then + exit 1 + fi + +@@ -81,7 +84,7 @@ Bootstrap() { + } + + InstallPkgs() { +- if ! eval "$YUM_PATH --nogpgcheck --tolerant --installroot $SINGULARITY_BUILD_ROOT -y install $*"; then ++ if ! eval "$YUM_PATH --noplugins --nogpgcheck --tolerant --installroot $SINGULARITY_BUILD_ROOT -y install $*"; then + exit 1 + fi + +@@ -89,7 +92,7 @@ InstallPkgs() { + } + + Cleanup() { +- if ! eval "$YUM_PATH --installroot $SINGULARITY_BUILD_ROOT clean all"; then ++ if ! eval "$YUM_PATH --noplugins --installroot $SINGULARITY_BUILD_ROOT clean all"; then + exit 1 + fi + diff --git a/singularity.spec b/singularity.spec new file mode 100644 index 0000000..b50db25 --- /dev/null +++ b/singularity.spec @@ -0,0 +1,176 @@ +# Based on the bundled version with as few changes as possible. +# The el5 features are required. +# See https://github.com/gmkurtzer/singularity/issues/64 about some +# rpmlint warnings. + +%global _hardened_build 1 + +# Run %%check, which requires sudo +%bcond_with check + +# For non-releases +#global commit e7409ff5b279bcee0574576c352f2d251851b9ba + +%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:8})} +%{?commit:%global ver %{commit}} +%{!?commit:%global ver %{version}} + +Summary: Enabling "Mobility of Compute" with container based applications +Name: singularity +Version: 2.0 +Release: 6%{?shortcommit:.git%shortcommit}%{?dist} +License: BSD +Group: System Environment/Base +URL: http://singularity.lbl.gov/ +%if 0%{?commit:1} +Source: https://codeload.github.com/gmkurtzer/singularity/tar.gz/%{commit}#/%{name}-%{shortcommit}.tar.gz +%else +Source: https://github.com/gmkurtzer/singularity/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz +%endif +# Port upstream changes for +Patch1: singularity-sec.patch +# Better handling of yum/dnf +Patch2: singularity-yum.patch +# DTRT for rpm release package +Patch3: singularity-release.patch +# Fedora example +Patch4: singularity-fedora.patch +# Ensure directory exists before copying file to it. Not upstream yet. +Patch5: singularity-mkdir.patch +BuildRequires: automake libtool +# For debugging in containers. +Requires: strace ncurses-base +# ftrace manipulates registers; it's not currently used, but will be +# resurrected, and configure checks the arch. +ExclusiveArch: x86_64 %ix86 +BuildRoot: %{?_tmppath}%{!?_tmppath:/var/tmp}/%{name}-%{version}-%{release}-root + +%description +Singularity is a container platform focused on supporting "Mobility of +Compute". + +Mobility of Compute encapsulates the development to compute model +where developers can work in an environment of their choosing and +creation and when the developer needs additional compute resources, +this environment can easily be copied and executed on other platforms. +Additionally as the primary use case for Singularity is targeted +towards computational portability, many of the barriers to entry of +other container solutions do not apply to Singularity making it an +ideal solution for users (both computational and non-computational) +and HPC centers. + +%prep +%setup -q -n %{name}-%{ver} +%patch1 -p0 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +NO_CONFIGURE=y ./autogen.sh + + +%build +# https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/6CPVVNZHV3LAGYSMM6EA4JTUCWT2HLWT/ +%{!?__global_ldflags: %global __global_ldflags -Wl,-z,relro -Wl,-z,now} +%configure +%{__make} %{?mflags} %{?smp_mflags} + + +%install +rm -rf $RPM_BUILD_ROOT +%{__make} install DESTDIR=$RPM_BUILD_ROOT %{?mflags_install} +chmod 644 $RPM_BUILD_ROOT%{_libexecdir}/singularity/cli/*{summary,help} + + +%check +# requires sudo +%if %{with check} +sh test.sh +%endif + + +%clean +rm -rf $RPM_BUILD_ROOT + + +%{!?_licensedir:%global license %doc} + +%files +%license COPYING LICENSE +%doc AUTHORS README.md TODO examples +# currently empty: NEWS ChangeLog +%dir %{_libexecdir}/singularity +# Required -- see the URL. +%attr(4755, root, root) %{_libexecdir}/singularity/sexec +%{_libexecdir}/singularity/functions +# Not used in this version (but to be resurrected in future) +%exclude %{_libexecdir}/singularity/ftrace +%exclude %{_libexecdir}/singularity/ftype +%{_libexecdir}/singularity/mods +%{_libexecdir}/singularity/cli +%{_libexecdir}/singularity/bootstrap.sh +%{_libexecdir}/singularity/copy.sh +%{_libexecdir}/singularity/image-bind +%{_libexecdir}/singularity/image-create +%{_libexecdir}/singularity/image-expand +%{_libexecdir}/singularity/image-mount +%{_bindir}/singularity +%{_bindir}/run-singularity +%dir %{_sysconfdir}/singularity +%config(noreplace) %{_sysconfdir}/singularity/* + + +%changelog +* Thu Jun 16 2016 Dave Love - 2.0-6 +- Patches for yum/dnf usage, Fedora example, installing rpm release package, + creating directories +- Change URL + +* Sat Jun 11 2016 Dave Love - 2.0-5 +- Modify snapshot bits per review instructions + +* Wed Jun 8 2016 Dave Love - 2.0-5 +- Patch for rpmlint warnings + +* Tue Jun 7 2016 Dave Love - 2.0-4 +- Revert last change; configure limits arch, and ftrace to be used again + +* Tue Jun 7 2016 Dave Love - 2.0-3 +- Don't build ftrace, ftype and remove the arch restriction + +* Mon Jun 6 2016 Dave Love - 2.0-2 +- Ship LICENSE, examples + +* Thu Jun 2 2016 Dave Love - 2.0-1 +- New version +- Replace spec features for el5 +- Exclude ftrace, ftype + +* Fri Apr 29 2016 Dave Love - 1.0-6.e7409ff5 +- Updated snapshot + +* Thu Apr 21 2016 Dave Love - 1.0-5.20160420 +- Don't require which + +* Thu Apr 21 2016 Dave Love - 1.0-5.20160420 +- Snapshot version +- Remove resolver patch +- Add hardening ldflags + +* Wed Apr 20 2016 Dave Love - 1.0-4 +- Take description from readme + +* Mon Apr 18 2016 Dave Love - 1.0-3 +- Patch for missing utils for debug on el6 +- More resolver changes + +* Sat Apr 16 2016 Dave Love - 1.0-2 +- Fix running text resolvers +- Don't configure twice + +* Fri Apr 15 2016 Dave Love - 1.0-1 +- New version +- BR automake, libtool and run autogen + +* Wed Apr 06 2016 Dave Love - 1.0-0.1.20150405 +- Initial version adapted for Fedora as minimally as possible from + bundled spec (can't run on el5) diff --git a/sources b/sources index e69de29..ee1f9ef 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +6cb704b6dbbccdde0e0c886caceaa097 singularity-2.0.tar.gz