From 23007d6375676b05b7b660f56707aea19478f4de70d5783ad0dbf2cb78cc94b9 Mon Sep 17 00:00:00 2001 From: Christian Goll Date: Tue, 20 Dec 2022 14:26:28 +0000 Subject: [PATCH] Accepting request 1043930 from home:mslacken:pr - Update to 1.1.4 with following changes: * Make the binaries built in the unprivileged apptainer package relocatable. When moving the binaries to a new location, the /usr at the top of some of the paths needs to be removed. Relocation is disallowed when the starter-suid is present, for security reasons. * Change the warning when an overlay image is not writable, introduced in v1.1.3, back into a (more informative) fatal error because it doesn't actually enter the container environment. * Set the --net flag if --network or --network-args is set rather than silently ignoring them if --net was not set. * Do not hang on pull from http(s) source that doesn't provide a content-length. * Avoid hang on fakeroot cleanup under high load seen on some distributions / kernels. * Remove obsolete pacstrap -d in Arch packer. * Adjust warning message for deprecated environment variables usage. * Enable the --security uid:N and --security gid:N options to work when run in non-suid mode. In non-suid mode they work with any user, not just root. Unlike with root and suid mode, however, only one gid may be set in non-suid mode. - Changes from 1.1.3 * Prefer the fakeroot-sysv command over the fakeroot command because the latter can be linked to either fakeroot-sysv or fakeroot-tcp, but fakeroot-sysv is much faster. * Update the included squashfuse_ll to have -o uid=N and -o gid=N options and changed the corresponding image driver to use them when available. This makes files inside sif files appear to be owned by the user instead of by the nobody id 65534 when running in non-setuid mode. * Fix the locating of shared libraries when running unsquashfs from a non-standard location. * Properly clean up temporary files if unsquashfs fails. * Fix the creation of missing bind points when using image binding with underlay. * Change the error when an overlay image is not writable into a warning that OBS-URL: https://build.opensuse.org/request/show/1043930 OBS-URL: https://build.opensuse.org/package/show/network:cluster/apptainer?expand=0&rev=30 --- apptainer-1.1.2.tar.gz | 3 --- apptainer-1.1.4.tar.gz | 3 +++ apptainer.changes | 43 ++++++++++++++++++++++++++++++++++++++++++ apptainer.spec | 2 +- 4 files changed, 47 insertions(+), 4 deletions(-) delete mode 100644 apptainer-1.1.2.tar.gz create mode 100644 apptainer-1.1.4.tar.gz diff --git a/apptainer-1.1.2.tar.gz b/apptainer-1.1.2.tar.gz deleted file mode 100644 index 6b24e4e..0000000 --- a/apptainer-1.1.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4892d2a4347a05ae66b2d7c8becf6dbbe175e12c11a4960040aa293319ee4601 -size 5175828 diff --git a/apptainer-1.1.4.tar.gz b/apptainer-1.1.4.tar.gz new file mode 100644 index 0000000..562ab59 --- /dev/null +++ b/apptainer-1.1.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:505cb17d86bf8449bfa58148f02dfb7e0707d23a7233d0d4791dfdef2da96e84 +size 5182805 diff --git a/apptainer.changes b/apptainer.changes index b98dc90..13c29bc 100644 --- a/apptainer.changes +++ b/apptainer.changes @@ -1,3 +1,46 @@ +------------------------------------------------------------------- +Tue Dec 20 14:14:43 UTC 2022 - Christian Goll + +- Update to 1.1.4 with following changes: + * Make the binaries built in the unprivileged apptainer package relocatable. + When moving the binaries to a new location, the /usr at the top of some of + the paths needs to be removed. Relocation is disallowed when the + starter-suid is present, for security reasons. + * Change the warning when an overlay image is not writable, introduced in + v1.1.3, back into a (more informative) fatal error because it doesn't + actually enter the container environment. + * Set the --net flag if --network or --network-args is set rather than + silently ignoring them if --net was not set. + * Do not hang on pull from http(s) source that doesn't provide a content-length. + * Avoid hang on fakeroot cleanup under high load seen on some distributions / kernels. + * Remove obsolete pacstrap -d in Arch packer. + * Adjust warning message for deprecated environment variables usage. + * Enable the --security uid:N and --security gid:N options to work when run + in non-suid mode. In non-suid mode they work with any user, not just root. + Unlike with root and suid mode, however, only one gid may be set in + non-suid mode. +- Changes from 1.1.3 + * Prefer the fakeroot-sysv command over the fakeroot command because the + latter can be linked to either fakeroot-sysv or fakeroot-tcp, but + fakeroot-sysv is much faster. + * Update the included squashfuse_ll to have -o uid=N and -o gid=N options and + changed the corresponding image driver to use them when available. This + makes files inside sif files appear to be owned by the user instead of by + the nobody id 65534 when running in non-setuid mode. + * Fix the locating of shared libraries when running unsquashfs from a non-standard location. + * Properly clean up temporary files if unsquashfs fails. + * Fix the creation of missing bind points when using image binding with underlay. + * Change the error when an overlay image is not writable into a warning that + suggests adding :ro to make it read only or using --fakeroot. + * Avoid permission denied errors during unprivileged builds without + /etc/subuid-based fakeroot when /var/lib/containers/sigstore is readable + only by root. + * Avoid failures with --writable-tmpfs in non-setuid mode when using + fuse-overlayfs versions 1.8 or greater by adding the fuse-overlayfs noacl + mount option to disable support for POSIX Access Control Lists. + * Fix the --rocm flag in combination with -c / -C by forwarding all + /dri/render* devices into the container. + ------------------------------------------------------------------- Fri Oct 28 08:54:51 UTC 2022 - Egbert Eich diff --git a/apptainer.spec b/apptainer.spec index 2a910af..e3a7481 100644 --- a/apptainer.spec +++ b/apptainer.spec @@ -25,7 +25,7 @@ Summary: Application and environment virtualization License: BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: apptainer -Version: 1.1.2 +Version: 1.1.4 Release: 0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL: https://apptainer.org