forked from pool/apptainer
Christian Goll
2bf2146d97
- Updated to version 1.1.0-rc1 which enables apptainer to run without
suid and additional groups. Although this is a prerelease this is
a major advantage justifying its use.
* Added a squashfuse image driver that enables mounting SIF files without
using setuid-root. Requires the squashfuse command and unprivileged user
namespaces.
* Added a fuse2fs image driver that enables mounting EXT3 files and EXT3 SIF
overlay partitions without using setuid-root. Requires the fuse2fs command
and unprivileged user namespaces.
* Added the ability to use persistent overlay (--overlay) and
--writable-tmpfs without using setuid-root. This requires unprivileged user
namespaces and either a new enough kernel (>= 5.11) or the fuse-overlayfs
command. Persistent overlay works when the overlay path points to a regular
filesystem (known as "sandbox" mode, which is not allowed when in setuid
mode), or when it points to an EXT3 image. Does not work with a SIF
partition because that requires privileges to mount as an ext3 image.
* Extended the --fakeroot option to be useful when /etc/subuid and
/etc/subgid mappings have not been set up. If they have not been set up, a
root-mapped unprivileged user namespace (the equivalent of unshare -r)
and/or the fakeroot command from the host will be tried. Together they
emulate the mappings pretty well but they are simpler to administer. This
feature is especially useful with the --overlay and --writable-tmpfs
options and for building containers unprivileged, because they allow
installing packages that assume they're running as root. A limitation on
using it with --overlay and --writable-tmpfs however is that when only the
fakeroot command can be used (because there are no user namespaces
available, in suid mode) then the base image has to be a sandbox. This
feature works nested inside of an apptainer container, where another
apptainer command will also be in the fakeroot environment without
requesting the --fakeroot option again, or it can be used inside an
OBS-URL: https://build.opensuse.org/request/show/993098
OBS-URL: https://build.opensuse.org/package/show/network:cluster/apptainer?expand=0&rev=14
159 lines
4.8 KiB
RPMSpec
159 lines
4.8 KiB
RPMSpec
#
|
|
# spec file for package apptainer
|
|
#
|
|
# Copyright (c) 2022 SUSE LLC
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
%define apptainerpath src/github.com/apptainer/
|
|
%define _buildshell /bin/bash
|
|
|
|
%define vers_suffix -rc.1
|
|
|
|
Summary: Application and environment virtualization
|
|
License: BSD-3-Clause-LBNL
|
|
Group: Productivity/Clustering/Computing
|
|
Name: apptainer
|
|
Version: 1.1.0
|
|
Release: 0
|
|
# https://spdx.org/licenses/BSD-3-Clause-LBNL.html
|
|
URL: https://apptainer.org
|
|
Source0: https://github.com/apptainer/apptainer/archive/v%{version}%{?vers_suffix}/apptainer-%{version}%{?vers_suffix}.tar.gz
|
|
Source1: README.SUSE
|
|
Source2: SLE-12SP5.def
|
|
Source3: SLE-15SP3.def
|
|
Source5: %{name}-rpmlintrc
|
|
Source10: vendor.tar.gz
|
|
BuildRequires: cryptsetup
|
|
BuildRequires: fdupes
|
|
BuildRequires: gcc
|
|
BuildRequires: git
|
|
BuildRequires: go >= 1.17
|
|
BuildRequires: libuuid-devel
|
|
BuildRequires: make
|
|
BuildRequires: openssl-devel
|
|
BuildRequires: sysuser-tools
|
|
%ifarch aarch64
|
|
BuildRequires: binutils-gold
|
|
%endif
|
|
BuildRequires: libseccomp-devel
|
|
Requires: squashfs
|
|
PreReq: permissions
|
|
|
|
# there's no golang for ppc64, ppc64le does not have non pie builds
|
|
ExcludeArch: ppc64 ppc64le
|
|
|
|
Obsoletes: singularity
|
|
Obsoletes: singularity-ce
|
|
Obsoletes: singularity-runtime
|
|
|
|
%description
|
|
Singularity provides functionality to make portable
|
|
containers that can be used across host environments.
|
|
|
|
%prep
|
|
%setup -q -n gopath/%{apptainerpath} -c
|
|
cp %{S:1} %{S:2} %{S:3} .
|
|
mv %{name}-%{version}%{?vers_suffix} %{name}
|
|
cd %{_builddir}/gopath/%{apptainerpath}/apptainer
|
|
|
|
%build
|
|
cd %{name}
|
|
# create VERSION file
|
|
echo %version > VERSION
|
|
# Not all of these parameters currently have an effect, but they might be
|
|
# used someday. They are the same parameters as in the configure macro.
|
|
tar xzf %{S:10}
|
|
./mconfig -V %{version}-%{release} \
|
|
-P release \
|
|
--prefix=%{_prefix} \
|
|
--exec-prefix=%{_exec_prefix} \
|
|
--bindir=%{_bindir} \
|
|
--sbindir=%{_sbindir} \
|
|
--sysconfdir=%{_sysconfdir} \
|
|
--datadir=%{_datadir} \
|
|
--includedir=%{_includedir} \
|
|
--libdir=%{_libdir} \
|
|
--libexecdir=%{_libexecdir} \
|
|
--localstatedir=%{_localstatedir}/lib \
|
|
--sharedstatedir=%{_sharedstatedir} \
|
|
--mandir=%{_mandir} \
|
|
--infodir=%{_infodir} \
|
|
--without-suid
|
|
cd builddir
|
|
make V="" old_config=
|
|
|
|
%install
|
|
export GOPATH=$PWD/gopath
|
|
export GOFLAGS=-mod=vendor
|
|
export PATH=$GOPATH/bin:$PATH
|
|
cd %{name}/builddir
|
|
|
|
make DESTDIR=$RPM_BUILD_ROOT install
|
|
cd ../..
|
|
%fdupes apptainer/examples
|
|
mkdir -p .tmp
|
|
for j in LICENSE.md LICENSE; do
|
|
for i in `find . -name $j`; do
|
|
k="`basename ${i/%\/$j/-$j}`"
|
|
if ! [[ $k =~ apptainer-.* ]]; then
|
|
cp $i .tmp/$k
|
|
fi
|
|
done
|
|
done
|
|
|
|
%fdupes -s .tmp/
|
|
mv .tmp/* .
|
|
rmdir .tmp
|
|
%fdupes -s %buildroot
|
|
|
|
%files
|
|
%doc apptainer/examples
|
|
%doc apptainer/CONTRIBUTING.md
|
|
%doc apptainer/README.md
|
|
%doc apptainer/CHANGELOG.md
|
|
%doc apptainer/CONTRIBUTORS.md
|
|
%doc %{basename:%{S:1}}
|
|
%doc %{basename:%{S:2}}
|
|
%doc %{basename:%{S:3}}
|
|
%license apptainer/LICENSE.md
|
|
%license *-LICENSE.md *-LICENSE
|
|
%{_bindir}/*
|
|
%dir %{_libexecdir}/apptainer
|
|
%dir %{_libexecdir}/apptainer/bin
|
|
%dir %{_libexecdir}/apptainer/cni
|
|
%dir %{_libexecdir}/apptainer/lib
|
|
%{_libexecdir}/apptainer/bin/starter
|
|
%{_libexecdir}/apptainer/lib/offsetpreload.so
|
|
%{_libexecdir}/apptainer/cni/*
|
|
%dir %{_sysconfdir}/apptainer
|
|
%config(noreplace) %{_sysconfdir}/apptainer/capability.json
|
|
%config(noreplace) %{_sysconfdir}/apptainer/cgroups
|
|
%config(noreplace) %{_sysconfdir}/apptainer/ecl.toml
|
|
%config(noreplace) %{_sysconfdir}/apptainer/global-pgp-public
|
|
%config(noreplace) %{_sysconfdir}/apptainer/network
|
|
%config(noreplace) %{_sysconfdir}/apptainer/nvliblist.conf
|
|
%config(noreplace) %{_sysconfdir}/apptainer/seccomp-profiles
|
|
%config(noreplace) %{_sysconfdir}/apptainer/apptainer.conf
|
|
%config(noreplace) %{_sysconfdir}/apptainer/remote.yaml
|
|
%config(noreplace) %{_sysconfdir}/apptainer/rocmliblist.conf
|
|
%config(noreplace) %{_sysconfdir}/apptainer/dmtcp-conf.yaml
|
|
%{_datadir}/bash-completion/completions/*
|
|
%dir %{_localstatedir}/lib/apptainer
|
|
%dir %{_localstatedir}/lib/apptainer/mnt
|
|
%dir %{_localstatedir}/lib/apptainer/mnt/session
|
|
%{_mandir}/man1/*
|
|
|
|
%changelog
|