Commit 8f7bd991 authored by Oleg Titov's avatar Oleg Titov Committed by Kevin Daudt

testing/singularity: upgrade to 3.2.1

- https://github.com/sylabs/singularity/releases 3.2.1
- Removed patch as it already included upstream

Closes GH-8262
parent 8bd42972
# Contributor: Oleg Titov <oleg.titov@gmail.com>
# Maintainer: Oleg Titov <oleg.titov@gmail.com>
pkgname=singularity
pkgver=3.2.0
pkgver=3.2.1
pkgrel=0
pkgdesc="Application containers focused on reproducibility for scientific computing and HPC world."
url="https://www.sylabs.io/singularity/"
......@@ -18,14 +18,13 @@ makedepends="
libseccomp-dev
"
subpackages="$pkgname-doc $pkgname-bash-completion:bashcomp:noarch"
source="$pkgname-$pkgver.tar.gz::https://github.com/sylabs/singularity/archive/v$pkgver.tar.gz
c0f9abf5d9877372bff12127fd7294c2e962e1ab.patch"
source="$pkgname-$pkgver.tar.gz::https://github.com/sylabs/singularity/archive/v$pkgver.tar.gz"
builddir="$srcdir/src/github.com/sylabs/$pkgname"
prepare() {
export GOPATH="$srcdir"
mkdir -p $(dirname $builddir)
mkdir -p "$(dirname $builddir)"
mv "$srcdir"/$pkgname-$pkgver "$builddir"/
default_prepare
......@@ -65,5 +64,4 @@ bashcomp() {
mv "$pkgdir"/etc/bash_completion.d/singularity \
"$subpkgdir"/usr/share/bash-completion/completions/singularity
}
sha512sums="a9128a1da1e47858779a89d8af5807f7c1419863e78969be66d90fe635da225594c8051f570f25471ef393829ac8d7d1e854fc73773da3e49716da32a05aa15c singularity-3.2.0.tar.gz
0ac10ce764caae55d2850d32d4d9c428d5cea4b2a6b0eec3e95bf0e0e0240ec8eaca3394db62fa65e7f7b9ab202e0df54117104e08a8c1e0f185ceee5116bbc9 c0f9abf5d9877372bff12127fd7294c2e962e1ab.patch"
sha512sums="769f9381a625c0e4dc2829e7a353e695a60944194ea88675bab4a1fdc80cee0545caacfcd9d0380728970ffd8f2256e77dd6b8f9d4babf91b9e4f8a0d8533535 singularity-3.2.1.tar.gz"
From c0f9abf5d9877372bff12127fd7294c2e962e1ab Mon Sep 17 00:00:00 2001
From: Cedric Clerget <cedric.clerget@gmail.com>
Date: Tue, 21 May 2019 12:22:01 +0200
Subject: [PATCH] Fix instance join regression with root user
---
.../runtime/engines/singularity/prepare_linux.go | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/internal/pkg/runtime/engines/singularity/prepare_linux.go b/internal/pkg/runtime/engines/singularity/prepare_linux.go
index 72f177a0fd..b639ff111b 100644
--- a/internal/pkg/runtime/engines/singularity/prepare_linux.go
+++ b/internal/pkg/runtime/engines/singularity/prepare_linux.go
@@ -375,14 +375,18 @@ func (e *EngineOperations) prepareInstanceJoinConfig(starterConfig *starter.Conf
return err
}
+ uid := os.Getuid()
+ gid := os.Getgid()
+ suidRequired := uid != 0 && !file.UserNs
+
// basic checks:
// 1. a user must not use SUID workflow to join an instance
// started with user namespace
// 2. a user must use SUID workflow to join an instance
// started without user namespace
- if starterConfig.GetIsSUID() && file.UserNs {
+ if starterConfig.GetIsSUID() && !suidRequired {
return fmt.Errorf("joining user namespace with SUID workflow is not allowed")
- } else if !starterConfig.GetIsSUID() && !file.UserNs {
+ } else if !starterConfig.GetIsSUID() && suidRequired {
return fmt.Errorf("a setuid installation is required to join this instance")
}
@@ -425,13 +429,10 @@ func (e *EngineOperations) prepareInstanceJoinConfig(starterConfig *starter.Conf
return err
}
- uid := os.Getuid()
- gid := os.Getgid()
-
// enforce checks while joining an instance process with SUID workflow
// since instance file is stored in user home directory, we can't trust
// its content when using SUID workflow
- if !file.UserNs && uid != 0 {
+ if suidRequired {
// check if instance is running with user namespace enabled
// by reading /proc/pid/uid_map
_, hid, err := proc.ReadIDMap("uid_map")
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment