diff options
Diffstat (limited to 'app-containers/apptainer')
-rw-r--r-- | app-containers/apptainer/Manifest | 4 | ||||
-rw-r--r-- | app-containers/apptainer/apptainer-1.3.0.ebuild (renamed from app-containers/apptainer/apptainer-1.0.1.ebuild) | 39 | ||||
-rw-r--r-- | app-containers/apptainer/apptainer-1.3.1.ebuild (renamed from app-containers/apptainer/apptainer-1.0.2.ebuild) | 41 | ||||
-rw-r--r-- | app-containers/apptainer/files/apptainer-1.0.2-trim_upstream_cflags.patch | 24 |
4 files changed, 95 insertions, 13 deletions
diff --git a/app-containers/apptainer/Manifest b/app-containers/apptainer/Manifest index 4ee78ec0af5d..7ba5b9344783 100644 --- a/app-containers/apptainer/Manifest +++ b/app-containers/apptainer/Manifest @@ -1,2 +1,2 @@ -DIST apptainer-1.0.1.tar.gz 11977965 BLAKE2B ba0187c82321583825210f418744add120b682af3f14ee6d8071b927cd884b7e58f67f891ccc53c0d7d98bd786a27abcc26b2bafe79ed723a2f4f38a8e1a344b SHA512 273e94a348be2eaf83cf14b4c72a571670a9fa5cd185a90a0f557ba58ea7eb90d3a0f4bdb749673b0009e2291dd994dc715223c38ce82f9fcd6bf142e7692363 -DIST apptainer-1.0.2.tar.gz 11984629 BLAKE2B 56ed18bf86fe51e3bb27605f2c87a2c20fd9f3457594f1e0628b00d8616befa275b76bc4aba2a4306c854217e03662aab7eb7022c6ca5db418537df011b2398b SHA512 c29d04eff3a2ee7126c9bbb65664540a446fe695efc9c4662a6da151b2e809d55c1f5a7b5bddb82ba4fdd41a49ceb538c00a72778a4ed1d0306ff5f49d2f4d53 +DIST apptainer-1.3.0.tar.gz 17103544 BLAKE2B ed42b763a20b2b71cce6081b903697dc506073f91f9d928d49801165289d15c1416044af8fcedddcbd2a260c17a2e6488ed3d06b1edb4fb5f5ca5e9d14a14312 SHA512 a72afcac8e783f43732517314a94ffe039ab8f29027bcc398295fed97b123e6777039c016b6655a3cefbcba7e69832f62f3418b11e1bbd0452edc702ecaef69e +DIST apptainer-1.3.1.tar.gz 17131707 BLAKE2B 08b25f188c8c0b3b72dd692ce9bb21ee5b40ad599170c12ec18b485a05a9b7309215ad17d2b2d15086f35864bf1d09dfd0834b7e2c8c54c5b175bb5989328022 SHA512 da24d7aac8b4a66c665f5d01a293a6de6ea214011a4f1b728c10fff03ee1e94beb648f3be04df072011dbac920624927ddbe2cf7c13a9aba424b463c51d2df64 diff --git a/app-containers/apptainer/apptainer-1.0.1.ebuild b/app-containers/apptainer/apptainer-1.3.0.ebuild index 3dce15725ab8..5f69289300ad 100644 --- a/app-containers/apptainer/apptainer-1.0.1.ebuild +++ b/app-containers/apptainer/apptainer-1.3.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -12,24 +12,32 @@ SRC_URI="https://github.com/apptainer/${PN}/releases/download/v${PV}/${P}.tar.gz SLOT="0" LICENSE="BSD" KEYWORDS="amd64 ~riscv ~x86 ~amd64-linux ~x86-linux" -IUSE="examples +network +suid" +IUSE="examples +network suid systemd" # Do not complain about CFLAGS etc. since go projects do not use them. QA_FLAGS_IGNORED='.*' DEPEND="app-crypt/gpgme - >=dev-lang/go-1.17.6 + >=dev-lang/go-1.20.0 dev-libs/openssl sys-apps/util-linux sys-fs/cryptsetup sys-fs/squashfs-tools - sys-libs/libseccomp" + sys-libs/libseccomp + !suid? ( + sys-fs/e2fsprogs[fuse] + sys-fs/squashfuse + )" RDEPEND="${DEPEND} !sys-cluster/singularity" BDEPEND="virtual/pkgconfig" CONFIG_CHECK="~SQUASHFS" +PATCHES=( + "${FILESDIR}"/${PN}-1.0.2-trim_upstream_cflags.patch +) + DOCS=( README.md CONTRIBUTORS.md CONTRIBUTING.md ) src_configure() { @@ -43,7 +51,7 @@ src_configure() { --runstatedir="${EPREFIX}"/run \ --localstatedir="${EPREFIX}"/var \ $(usex network "" "--without-network") \ - $(usex suid "" "--without-suid") + $(use_with suid) ) ./mconfig -v ${myconfargs[@]} || die "Error invoking mconfig" } @@ -56,8 +64,29 @@ src_install() { emake DESTDIR="${D}" -C builddir install keepdir /var/${PN}/mnt/session + if use systemd; then + sed -i -e '/systemd cgroups/ s/no/yes/' "${ED}"/etc/${PN}/${PN}.conf \ + || die "Failed to enable systemd use in configuration" + else + sed -i -e '/systemd cgroups/ s/yes/no/' "${ED}"/etc/${PN}/${PN}.conf \ + || die "Failed to disable systemd use in configuration" + fi + einstalldocs if use examples; then dodoc -r examples fi } + +pkg_postinst() { + if ! use suid; then + local oldver + for oldver in ${REPLACING_VERSIONS}; do + if ver_test "${oldver}" -lt 1.1.0; then + ewarn "Since version 1.1.0 ${PN} no longer installs setuid-root components by default, relying on unprivileged user namespaces instead. For details, see https://apptainer.org/docs/admin/main/user_namespace.html" + ewarn "Make sure user namespaces (possibly except network ones for improved security) are enabled on your system, or re-enable installation of setuid root components by passing USE=suid to ${CATEGORY}/${PN}" + break + fi + done + fi +} diff --git a/app-containers/apptainer/apptainer-1.0.2.ebuild b/app-containers/apptainer/apptainer-1.3.1.ebuild index 9f711a070ada..144ecd780c6e 100644 --- a/app-containers/apptainer/apptainer-1.0.2.ebuild +++ b/app-containers/apptainer/apptainer-1.3.1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -9,27 +9,35 @@ DESCRIPTION="The container system for secure high-performance computing" HOMEPAGE="https://apptainer.org/" SRC_URI="https://github.com/apptainer/${PN}/releases/download/v${PV}/${P}.tar.gz" -SLOT="0" LICENSE="BSD" +SLOT="0" KEYWORDS="~amd64 ~riscv ~x86 ~amd64-linux ~x86-linux" -IUSE="examples +network +suid" +IUSE="examples +network suid systemd" # Do not complain about CFLAGS etc. since go projects do not use them. QA_FLAGS_IGNORED='.*' DEPEND="app-crypt/gpgme - >=dev-lang/go-1.17.6 + >=dev-lang/go-1.20.0 dev-libs/openssl sys-apps/util-linux sys-fs/cryptsetup sys-fs/squashfs-tools - sys-libs/libseccomp" + sys-libs/libseccomp + !suid? ( + sys-fs/e2fsprogs[fuse] + sys-fs/squashfuse + )" RDEPEND="${DEPEND} !sys-cluster/singularity" BDEPEND="virtual/pkgconfig" CONFIG_CHECK="~SQUASHFS" +PATCHES=( + "${FILESDIR}"/${PN}-1.0.2-trim_upstream_cflags.patch +) + DOCS=( README.md CONTRIBUTORS.md CONTRIBUTING.md ) src_configure() { @@ -43,7 +51,7 @@ src_configure() { --runstatedir="${EPREFIX}"/run \ --localstatedir="${EPREFIX}"/var \ $(usex network "" "--without-network") \ - $(usex suid "" "--without-suid") + $(use_with suid) ) ./mconfig -v ${myconfargs[@]} || die "Error invoking mconfig" } @@ -56,8 +64,29 @@ src_install() { emake DESTDIR="${D}" -C builddir install keepdir /var/${PN}/mnt/session + if use systemd; then + sed -i -e '/systemd cgroups/ s/no/yes/' "${ED}"/etc/${PN}/${PN}.conf \ + || die "Failed to enable systemd use in configuration" + else + sed -i -e '/systemd cgroups/ s/yes/no/' "${ED}"/etc/${PN}/${PN}.conf \ + || die "Failed to disable systemd use in configuration" + fi + einstalldocs if use examples; then dodoc -r examples fi } + +pkg_postinst() { + if ! use suid; then + local oldver + for oldver in ${REPLACING_VERSIONS}; do + if ver_test "${oldver}" -lt 1.1.0; then + ewarn "Since version 1.1.0 ${PN} no longer installs setuid-root components by default, relying on unprivileged user namespaces instead. For details, see https://apptainer.org/docs/admin/main/user_namespace.html" + ewarn "Make sure user namespaces (possibly except network ones for improved security) are enabled on your system, or re-enable installation of setuid root components by passing USE=suid to ${CATEGORY}/${PN}" + break + fi + done + fi +} diff --git a/app-containers/apptainer/files/apptainer-1.0.2-trim_upstream_cflags.patch b/app-containers/apptainer/files/apptainer-1.0.2-trim_upstream_cflags.patch new file mode 100644 index 000000000000..b1329b5d9d3e --- /dev/null +++ b/app-containers/apptainer/files/apptainer-1.0.2-trim_upstream_cflags.patch @@ -0,0 +1,24 @@ +--- a/mconfig ++++ b/mconfig +@@ -42,14 +42,14 @@ + + # user_cflags - user-defined CFLAGS without all the cflags_opts + user_cflags="$CFLAGS" +-cflags_opts="-Wall -Werror -Wfatal-errors -Wno-unknown-warning-option \ ++cflags_opts="-Wall -Wfatal-errors -Wno-unknown-warning-option \ + -Wstrict-prototypes -Wpointer-arith -Wbad-function-cast \ + -Woverlength-strings -Wframe-larger-than=2047 \ + -Wno-sign-compare -Wclobbered -Wempty-body -Wmissing-parameter-type \ + -Wtype-limits -Wunused-parameter -Wunused-but-set-parameter \ + -Wno-discarded-qualifiers -Wno-incompatible-pointer-types \ + -pipe -fmessage-length=0 -fPIC" +-cflags="$CFLAGS -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -fstack-protector --param ssp-buffer-size=4" ++cflags="$CFLAGS -Wformat -Wformat-security -fstack-protector --param ssp-buffer-size=4" + ldflags=$LDFLAGS + + package_name=apptainer +--- a/mlocal/frags/go_runtime_opts.mk ++++ b/mlocal/frags/go_runtime_opts.mk +@@ -1 +1 @@ +-CGO_CFLAGS += -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -fstack-protector --param ssp-buffer-size=4 ++CGO_CFLAGS += -O2 -Wformat -Wformat-security -fstack-protector --param ssp-buffer-size=4 |