Accepting request 1075177 from network:cluster

OBS-URL: https://build.opensuse.org/request/show/1075177 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apptainer?expand=0&rev=16
2023-03-29 21:28:06 +00:00 · 2023-03-29 21:28:06 +00:00 · 8cd6abb4e7
commit 8cd6abb4e7
parent 3a099f90c5 7bb312ce20
5 changed files with 23 additions and 343 deletions
--- a/apptainer-1.1.6.tar.gz
+++ b/apptainer-1.1.6.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:da5f3d54e636713d103f5b125e1a816b965f4de08a833f461ca64d9d319f37b9
-size 5188018
--- a/apptainer-1.1.7.tar.gz
+++ b/apptainer-1.1.7.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:40c193d078484c2bb6435030c9308e34ee00d75870454f7c4acfb4f1b222d3f7
+size 5188635
--- a/apptainer.changes
+++ b/apptainer.changes
@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Wed Mar 29 08:14:47 UTC 2023 - Christian Goll <cgoll@suse.com>
+
+- updated to 1.1.7 with following changes:
+  * removed simpler-sif-building.patch as this was incoperated upstream
+  * Allow gpu options such as --nv to be nested by always inheriting all
+    libraries bound in to a parent container's /.singularity.d/libs.
+  * Map the user's home directory to the root home directory by default in the
+    non-subuid fakeroot mode like it was in the subuid fakeroot mode, for both
+    action commands and building containers from definition files.
+  * Make the error message more helpful in another place where a remote is
+    found to have no library client.
+  * Avoid incorrect error when requesting fakeroot network.
+  * Pass computed LD_LIBRARY_PATH to wrapped unsquashfs. Fixes issues where
+    unsquashfs on host uses libraries in non-default paths.
+
+
 -------------------------------------------------------------------
 Fri Feb 24 13:22:57 UTC 2023 - Christian Goll <cgoll@suse.com>

--- a/apptainer.spec
+++ b/apptainer.spec
@ -25,7 +25,7 @@ Summary:        Application and environment virtualization
 License:        BSD-3-Clause-LBNL
 Group:          Productivity/Clustering/Computing
 Name:           apptainer
-Version:        1.1.6
+Version:        1.1.7
 Release:        0
 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html
 URL:            https://apptainer.org
@ -39,7 +39,6 @@ Source4:        SLE.def
 Source5:        leap.def
 Source8:        %{name}-rpmlintrc
 Source9:        vendor.tar.gz
-Patch1:         simpler-sif-building.patch
 %if "%{?squashfuse_version}" != ""
 Source10:       https://github.com/vasi/squashfuse/archive/%{squashfuse_version}/squashfuse-%{squashfuse_version}.tar.gz
 Patch10:        https://github.com/vasi/squashfuse/pull/70.patch
@ -63,7 +62,8 @@ BuildRequires:  automake
 BuildRequires:  fuse3-devel
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
-BuildRequires:  zlib-devel
+BuildRequires:  pkgconfig(liblz4)
+BuildRequires:  pkgconfig(liblzma)
 %endif
 Requires:       squashfs
 Recommends:     fuse2fs
@ -88,7 +88,6 @@ containers that can be used across host environments.
 %patch -P 10 -p1
 %endif
 %setup -q -n %{name}-%{version}
-%patch1 -p 1
 cp %{S:1} %{S:2} %{S:3} %{S:4} %{S:5} .

 %build
--- a/simpler-sif-building.patch
+++ b/simpler-sif-building.patch
@ -1,336 +0,0 @@
-diff --git a/CHANGELOG.md b/CHANGELOG.md
-index 4a39aa99a..e76b16e65 100644
--- a/CHANGELOG.md
-+++ b/CHANGELOG.md
-@@ -5,6 +5,11 @@ The Singularity Project has been
- and re-branded as Apptainer.
- For older changes see the [archived Singularity change log](https://github.com/apptainer/singularity/blob/release-3.8/CHANGELOG.md).
- 
-+### Backported from main tree
-+
-+- Build via zypper on SLE systems will use repositories of host via 
-+  suseconnect-container
-+
- ## v1.1.6 - \[2023-02-14\]
- 
- ### Security fix
-diff --git a/docs/content.go b/docs/content.go
-index c1ac8465a..81525d08f 100644
--- a/docs/content.go
-+++ b/docs/content.go
-@@ -90,6 +90,15 @@ Enterprise Performance Computing (EPC)`
-           MirrorURL: http://mirror.centos.org/centos-%{OSVERSION}/%{OSVERSION}/os/x86_64/
-           Include: yum
- 
-+      SUSE:
-+          Bootstrap: zypper # on SLE system registration of build host is used
-+          Include: zypper
-+      
-+      openSUSE:
-+          Bootstrap: zypper
-+          MirrorURL: http://download.opensuse.org/distribution/openSUSE-stable/repo/oss
-+          Include: zypper
-+
-       Debian/Ubuntu:
-           Bootstrap: debootstrap
-           OSVersion: trusty
-diff --git a/examples/sle/Apptainer b/examples/sle/Apptainer
-index 1883e9d12..9d9197436 100644
--- a/examples/sle/Apptainer
-+++ b/examples/sle/Apptainer
-@@ -1,38 +1,13 @@
-+# use repos and registration from build host
- BootStrap: zypper
-OSVersion: 12.4
-Product: SLE-HPC/%{OSVERSION}/x86_64
-User: 
-Regcode: 
-# MirrorURL: 
-#  Modules: sle-module-basesystem,sle-module-server-applications,sle-module-web-scripting,sle-module-hpc
-Include: zypper
-# Otherurl0: 
-# Otherurl1: 
-ProductPGP: -----BEGIN PGP PUBLIC KEY BLOCK-----\n\
-Version: rpm-4.11.2 (NSS-3)\n\
-\n\
-mQENBFEKlmsBCADbpZZbbSC5Zi+HxCR/ynYsVxU5JNNiSSZabN5GMgc9Z0hxeXxp\n\
-YWvFoE/4n0+IXIsp83iKvxf06Eu8je/DXp0lMqDZu7WiT3XXAlkOPSNV4akHTDoY\n\
-91SJaZCpgUJ7K1QXOPABNbREsAMN1a7rxBowjNjBUyiTJ2YuvQRLtGdK1kExsVma\n\
-hieh/QxpoDyYd5w/aky3z23erCoEd+OPfAqEHd5tQIa6LOosa63BSCEl3milJ7J9\n\
-vDmoGPAoS6ui7S2R5X4/+PLN8Mm2kOBrFjhmL93LX0mrGCMxsNsKgP6zabYKQEb8\n\
-L028SXvl7EGoA+Vw5Vd3wIGbM73PfbgNrXjfABEBAAG0KFN1U0UgUGFja2FnZSBT\n\
-aWduaW5nIEtleSA8YnVpbGRAc3VzZS5kZT6JATwEEwECACYCGwMGCwkIBwMCBBUC\n\
-CAMEFgIDAQIeAQIXgAUCWEfrHwUJDsIitAAKCRBwr56BOdt8gpqUB/wPSSS5BcDu\n\
-Oi4n02cj4Hdt7WITKBjjo0lG1fXG1ppx1wOST+s8FertMVFY53TW6FGjcYtwVOIq\n\
-rsMYiV6kf1NxUV/jcAy7VmC5EZnO0R/D3sT4Oh5hsLtERauZolK5BZmd0S51Qa8e\n\
-TxZ5mX9PL2i3s/ShETc30drf83ugc7B4yZPNQWXNDPgGcC+hEeC5qw48RzHYIpUt\n\
-RzHmefR5Z3ioTUbDlzy+SGP2uA7mhR4Lfk/df5fYxWfCoKlyGjtrvA65cB+Pksyn\n\
-xrAeBuB+vBM+KnDrxW2Sn4AbWkzH//dfz9OJDJu4UM91hb7qxM0OkrXHQV3iNqzg\n\
-MDEhky/9NqMy\n\
-=GdP5\n\
------END PGP PUBLIC KEY BLOCK-----
-+
- 
- %runscript
-     echo "This is what happens when you run the container..."
- 
- 
- %post
-+    update-ca-certificates
-     echo "Hello from inside the container"
-     zypper lr -d
-     SUSEConnect -l
-diff --git a/internal/pkg/build/sources/conveyorPacker_zypper.go b/internal/pkg/build/sources/conveyorPacker_zypper.go
-index 43745c25e..d146f6857 100644
--- a/internal/pkg/build/sources/conveyorPacker_zypper.go
-+++ b/internal/pkg/build/sources/conveyorPacker_zypper.go
-@@ -14,7 +14,6 @@ import (
- 	"bytes"
- 	"context"
- 	"fmt"
-	"io/ioutil"
- 	"os"
- 	"os/exec"
- 	"path/filepath"
-@@ -24,13 +23,18 @@ import (
- 	"strings"
- 	"syscall"
- 
-+	"github.com/BurntSushi/toml"
- 	"github.com/apptainer/apptainer/internal/pkg/util/bin"
-+	"github.com/apptainer/apptainer/internal/pkg/util/fs"
- 	"github.com/apptainer/apptainer/pkg/build/types"
- 	"github.com/apptainer/apptainer/pkg/sylog"
- )
- 
- const (
-	zypperConf = "/etc/zypp/zypp.conf"
-+	zypperConf         = "/etc/zypp/zypp.conf"
-+	osreleaseFile      = "/etc/os-release"
-+	ssccredentialsFile = "/etc/zypp/credentials.d/SCCcredentials"
-+	gpgKeyid           = "gpg-pubkey-307e3d54-5aaa90a5 gpg-pubkey-39db7c82-5f68629b"
- )
- 
- // ZypperConveyorPacker only needs to hold the bundle for the container
-@@ -58,6 +62,8 @@ func machine() (string, error) {
- func (cp *ZypperConveyorPacker) Get(ctx context.Context, b *types.Bundle) (err error) {
- 	var suseconnectProduct, suseconnectModver string
- 	var suseconnectPath string
-+	// dependContainer is a container which shares the repos with the host through container-suseconnect
-+	dependContainer := false
- 	var pgpfile string
- 	var iosmajor int
- 	var otherurl [20]string
-@@ -76,7 +82,6 @@ func (cp *ZypperConveyorPacker) Get(ctx context.Context, b *types.Bundle) (err e
- 	}
- 
- 	include := cp.b.Recipe.Header["include"]
-
- 	// check for include environment variable and add it to requires string
- 	include += ` ` + os.Getenv("INCLUDE")
- 
-@@ -86,14 +91,22 @@ func (cp *ZypperConveyorPacker) Get(ctx context.Context, b *types.Bundle) (err e
- 	// add aaa_base to start of include list by default
- 	include = `aaa_base ` + include
- 
-+	suseVars := getSusevars()
- 	// get mirrorURL, OSVerison, and Includes components to definition
- 	osversion, osversionOk := cp.b.Recipe.Header["osversion"]
-+	if !osversionOk {
-+		osversion = suseVars.Version
-+	}
- 	mirrorurl, mirrorurlOk := cp.b.Recipe.Header["mirrorurl"]
- 	updateurl, updateurlOk := cp.b.Recipe.Header["updateurl"]
- 	sleproduct, sleproductOk := cp.b.Recipe.Header["product"]
- 	sleuser, sleuserOk := cp.b.Recipe.Header["user"]
- 	sleregcode, sleregcodeOk := cp.b.Recipe.Header["regcode"]
- 	slepgp, slepgpOk := cp.b.Recipe.Header["productpgp"]
-+	if !slepgpOk && suseVars.GpgKeyOk {
-+		slepgpOk = true
-+		slepgp = suseVars.GpgKey
-+	}
- 	sleurl, sleurlOk := cp.b.Recipe.Header["registerurl"]
- 	slemodules, slemodulesOk := cp.b.Recipe.Header["modules"]
- 	cnt := -1
-@@ -116,7 +129,6 @@ func (cp *ZypperConveyorPacker) Get(ctx context.Context, b *types.Bundle) (err e
- 		}
- 	}
- 	regex := regexp.MustCompile(`(?i)%{OSVERSION}`)
-
- 	if sleproductOk || sleuserOk || sleregcodeOk {
- 		if !sleproductOk || !sleuserOk || !sleregcodeOk {
- 			return fmt.Errorf("for installation of SLE 'Product', 'User' and 'Regcode' need to be set")
-@@ -173,23 +185,9 @@ func (cp *ZypperConveyorPacker) Get(ctx context.Context, b *types.Bundle) (err e
- 		default:
- 			return fmt.Errorf("malformed Product setting")
- 		}
-		if slepgpOk {
-			tmpfile, err := ioutil.TempFile("/tmp", "apptainer-pgp")
-			if err != nil {
-				return fmt.Errorf("cannot create pgp-file: %v", err)
-			}
-			pgpfile = tmpfile.Name()
-
-			if _, err = tmpfile.WriteString(slepgp + "\n"); err != nil {
-				return fmt.Errorf("cannot write pgp-file: %v", err)
-			}
-			if err = tmpfile.Close(); err != nil {
-				return fmt.Errorf("cannot close pgp-file %v", err)
-			}
-		}
- 
- 		include = include + ` SUSEConnect`
-	} else {
-+	} else if mirrorurlOk {
- 		if !mirrorurlOk {
- 			return fmt.Errorf("invalid zypper header, no MirrorURL specified")
- 		}
-@@ -202,6 +200,24 @@ func (cp *ZypperConveyorPacker) Get(ctx context.Context, b *types.Bundle) (err e
- 				updateurl = regex.ReplaceAllString(updateurl, osversion)
- 			}
- 		}
-+	} else if suseVars.HasScc {
-+		dependContainer = true
-+		include += " container-suseconnect"
-+		cp.b.Opts.Binds = append(cp.b.Opts.Binds, ssccredentialsFile+":"+ssccredentialsFile)
-+	}
-+	if slepgpOk {
-+		tmpfile, err := os.CreateTemp("/tmp", "apptainer-pgp")
-+		if err != nil {
-+			return fmt.Errorf("cannot create pgp-file: %v", err)
-+		}
-+		pgpfile = tmpfile.Name()
-+
-+		if _, err = tmpfile.WriteString(slepgp + "\n"); err != nil {
-+			return fmt.Errorf("cannot write pgp-file: %v", err)
-+		}
-+		if err = tmpfile.Close(); err != nil {
-+			return fmt.Errorf("cannot close pgp-file %v", err)
-+		}
- 	}
- 
- 	// Create the main portion of zypper config
-@@ -318,8 +334,26 @@ func (cp *ZypperConveyorPacker) Get(ctx context.Context, b *types.Bundle) (err e
- 			return fmt.Errorf("while refreshing: %s %v", `repo-`+sID, err)
- 		}
- 	}
-+	args := []string{`--non-interactive`, `-c`, filepath.Join(cp.b.RootfsPath, zypperConf)}
-+	if dependContainer {
-+		// --installroot will use containers from repo
-+		args = append(args, `--installroot`, cp.b.RootfsPath)
-+		include += " zypper"
-+		if suseVars.HasScc {
-+			if err = os.MkdirAll(filepath.Join(cp.b.RootfsPath, "/etc/zypp/credentials.d/"), 0o755); err != nil {
-+				return fmt.Errorf("cannot recreate /etc/zypp/credentials.d/ directories: %v", err)
-+			}
-+			sccF, err := os.Create(filepath.Join(cp.b.RootfsPath, "/etc/zypp/credentials.d/SCCcredentials"))
-+			if err != nil {
-+				return fmt.Errorf("couldn't create SCCcredentials file: %v", err)
-+			}
-+			sccF.Close()
-+		}
-+	} else {
-+		args = append(args, `--root`, cp.b.RootfsPath, `--releasever=`+osversion)
-+	}
-+	args = append(args, `-n`, `install`, `--auto-agree-with-licenses`, `--download-in-advance`)
- 
-	args := []string{`--non-interactive`, `-c`, filepath.Join(cp.b.RootfsPath, zypperConf), `--root`, cp.b.RootfsPath, `--releasever=` + osversion, `-n`, `install`, `--auto-agree-with-licenses`, `--download-in-advance`}
- 	args = append(args, strings.Fields(include)...)
- 
- 	// Zypper install command
-@@ -392,7 +426,7 @@ func (cp *ZypperConveyorPacker) genZypperConfig() (err error) {
- 		return fmt.Errorf("while creating %v: %v", filepath.Join(cp.b.RootfsPath, "/etc/zypp"), err)
- 	}
- 
-	err = ioutil.WriteFile(filepath.Join(cp.b.RootfsPath, zypperConf), []byte("[main]\ncachedir=/val/cache/zypp-bootstrap\n\n"), 0o664)
-+	err = os.WriteFile(filepath.Join(cp.b.RootfsPath, zypperConf), []byte("[main]\ncachedir=/var/cache/zypp-bootstrap\n\n"), 0o664)
- 	if err != nil {
- 		return
- 	}
-@@ -469,3 +503,44 @@ func rpmPathCheck() (err error) {
- 
- 	return nil
- }
-+
-+/*
-+Parse the /etc/os.release file to a a struct, so that SUSE versions
-+need not to be set on a SLE syste,
-+*/
-+func getSusevars() (ret struct {
-+	osRelease
-+	GpgKey   string
-+	GpgKeyOk bool
-+	HasScc   bool
-+},
-+) {
-+	// ignore errors as we check for empty fields later
-+	b, _ := os.ReadFile(osreleaseFile)
-+	var osrel osRelease
-+	_ = toml.Unmarshal(b, &osrel)
-+	ret.osRelease = osrel
-+	if ret.Name != "" {
-+		ret.Product = ret.Name + "/" + ret.VersionID + "/" + runtime.GOARCH
-+	}
-+	ret.GpgKeyOk = false
-+	args := []string{"-q", "--qf", "'%{PUBKEYS:armor}'"}
-+	args = append(args, strings.Split(gpgKeyid, " ")...)
-+	out, err := exec.Command("rpm", args...).Output()
-+	if err == nil {
-+		ret.GpgKeyOk = true
-+		ret.GpgKey = string(out)
-+	}
-+	ret.HasScc = fs.IsFile(ssccredentialsFile)
-+	return ret
-+}
-+
-+/*
-+hold the os_release vars
-+*/
-+type osRelease struct {
-+	Name      string `toml:"NAME"`
-+	Version   string `toml:"VERSION"`
-+	VersionID string `toml:"VERSION_ID"`
-+	Product   string
-+}
-diff --git a/internal/pkg/build/stage.go b/internal/pkg/build/stage.go
-index ed041b64b..18cad349a 100644
--- a/internal/pkg/build/stage.go
-+++ b/internal/pkg/build/stage.go
-@@ -109,7 +109,11 @@ func (s *stage) runPostScript(sessionResolv, sessionHosts string) error {
- 			}
- 			cmdArgs = append(cmdArgs, "-B", strings.Join(fakerootBinds[:], ","))
- 		}
-
-+		if len(s.b.Opts.Binds) != 0 {
-+			for _, bind := range s.b.Opts.Binds {
-+				cmdArgs = append(cmdArgs, "-B", bind)
-+			}
-+		}
- 		script := s.b.Recipe.BuildData.Post
- 		scriptPath := filepath.Join(s.b.RootfsPath, ".post.script")
- 		if err = createScript(scriptPath, []byte(script.Script)); err != nil {
-@@ -153,6 +157,11 @@ func (s *stage) runTestScript(sessionResolv, sessionHosts string) error {
- 		if sessionHosts != "" {
- 			cmdArgs = append(cmdArgs, "-B", sessionHosts+":/etc/hosts")
- 		}
-+		if len(s.b.Opts.Binds) != 0 {
-+			for _, bind := range s.b.Opts.Binds {
-+				cmdArgs = append(cmdArgs, "-B", bind)
-+			}
-+		}
- 
- 		exe := filepath.Join(buildcfg.BINDIR, "apptainer")
- 
-diff --git a/pkg/build/types/bundle.go b/pkg/build/types/bundle.go
-index 6ecee877b..322518a2c 100644
--- a/pkg/build/types/bundle.go
-+++ b/pkg/build/types/bundle.go
-@@ -81,6 +81,8 @@ type Options struct {
- 	// To warn when the above is needed, we need to know if the target of this
- 	// bundle will be a sandbox
- 	SandboxTarget bool
-+	// Binds stores bind mounts used for the post scripts
-+	Binds []string
- }
- 
- // NewEncryptedBundle creates an Encrypted Bundle environment.