+46

nixos/doc/manual/from_md/release-notes/rl-2305.section.xml

··· 924 924 </listitem> 925 925 <listitem> 926 926 <para> 927 927 + As Singularity has renamed to 928 928 + <link xlink:href="https://apptainer.org/news/community-announcement-20211130">Apptainer</link> 929 929 + to distinguish from 930 930 + <link xlink:href="https://sylabs.io/2021/05/singularity-community-edition">an 931 931 + un-renamed fork by Sylabs Inc.</link>, there are now two 932 932 + packages of Singularity/Apptainer: 933 933 + </para> 934 934 + <itemizedlist spacing="compact"> 935 935 + <listitem> 936 936 + <para> 937 937 + <literal>apptainer</literal>: From 938 938 + <literal>github.com/apptainer/apptainer</literal>, which 939 939 + is the new repo after renaming. 940 940 + </para> 941 941 + </listitem> 942 942 + <listitem> 943 943 + <para> 944 944 + <literal>singularity</literal>: From 945 945 + <literal>github.com/sylabs/singularity</literal>, which is 946 946 + the fork by Sylabs Inc.. 947 947 + </para> 948 948 + </listitem> 949 949 + </itemizedlist> 950 950 + <para> 951 951 + <literal>programs.singularity</literal> got a new 952 952 + <literal>package</literal> option to specify which package to 953 953 + use. 954 954 + </para> 955 955 + <para> 956 956 + <literal>singularity-tools.buildImage</literal> got a new 957 957 + input argument <literal>singularity</literal> to specify which 958 958 + package to use. 959 959 + </para> 960 960 + </listitem> 961 961 + <listitem> 962 962 + <para> 963 963 + The new option 964 964 + <literal>programs.singularity.enableFakeroot</literal>, if set 965 965 + to <literal>true</literal>, provides 966 966 + <literal>--fakeroot</literal> support for 967 967 + <literal>apptainer</literal> and 968 968 + <literal>singularity</literal>. 969 969 + </para> 970 970 + </listitem> 971 971 + <listitem> 972 972 + <para> 927 973 The <literal>unifi-poller</literal> package and corresponding 928 974 NixOS module have been renamed to <literal>unpoller</literal> 929 975 to match upstream.

+12

nixos/doc/manual/release-notes/rl-2305.section.md

··· 225 225 226 226 - The `zramSwap` is now implemented with `zram-generator`, and the option `zramSwap.numDevices` for using ZRAM devices as general purpose ephemeral block devices has been removed. 227 227 228 228 + - As Singularity has renamed to [Apptainer](https://apptainer.org/news/community-announcement-20211130) 229 229 + to distinguish from [an un-renamed fork by Sylabs Inc.](https://sylabs.io/2021/05/singularity-community-edition), 230 230 + there are now two packages of Singularity/Apptainer: 231 231 + * `apptainer`: From `github.com/apptainer/apptainer`, which is the new repo after renaming. 232 232 + * `singularity`: From `github.com/sylabs/singularity`, which is the fork by Sylabs Inc.. 233 233 + 234 234 + `programs.singularity` got a new `package` option to specify which package to use. 235 235 + 236 236 + `singularity-tools.buildImage` got a new input argument `singularity` to specify which package to use. 237 237 + 238 238 + - The new option `programs.singularity.enableFakeroot`, if set to `true`, provides `--fakeroot` support for `apptainer` and `singularity`. 239 239 + 228 240 - The `unifi-poller` package and corresponding NixOS module have been renamed to `unpoller` to match upstream. 229 241 230 242 - The new option `services.tailscale.useRoutingFeatures` controls various settings for using Tailscale features like exit nodes and subnet routers. If you wish to use your machine as an exit node, you can set this setting to `server`, otherwise if you wish to use an exit node you can set this setting to `client`. The strict RPF warning has been removed as the RPF will be loosened automatically based on the value of this setting.

+80 -22

nixos/modules/programs/singularity.nix

··· 3 3 with lib; 4 4 let 5 5 cfg = config.programs.singularity; 6 6 - singularity = pkgs.singularity.overrideAttrs (attrs : { 7 7 - installPhase = attrs.installPhase + '' 8 8 - mv $out/libexec/singularity/bin/starter-suid $out/libexec/singularity/bin/starter-suid.orig 9 9 - ln -s /run/wrappers/bin/singularity-suid $out/libexec/singularity/bin/starter-suid 10 10 - ''; 11 11 - }); 12 12 - in { 6 6 + in 7 7 + { 8 8 + 13 9 options.programs.singularity = { 14 14 - enable = mkEnableOption (lib.mdDoc "Singularity"); 10 10 + enable = mkEnableOption (mdDoc "singularity") // { 11 11 + description = mdDoc '' 12 12 + Whether to install Singularity/Apptainer with system-level overriding such as SUID support. 13 13 + ''; 14 14 + }; 15 15 + package = mkOption { 16 16 + type = types.package; 17 17 + default = pkgs.singularity; 18 18 + defaultText = literalExpression "pkgs.singularity"; 19 19 + example = literalExpression "pkgs.apptainer"; 20 20 + description = mdDoc '' 21 21 + Singularity/Apptainer package to override and install. 22 22 + ''; 23 23 + }; 24 24 + packageOverriden = mkOption { 25 25 + type = types.nullOr types.package; 26 26 + default = null; 27 27 + description = mdDoc '' 28 28 + This option provides access to the overriden result of `programs.singularity.package`. 29 29 + 30 30 + For example, the following configuration makes all the Nixpkgs packages use the overriden `singularity`: 31 31 + ```Nix 32 32 + { config, lib, pkgs, ... }: 33 33 + { 34 34 + nixpkgs.overlays = [ 35 35 + (final: prev: { 36 36 + _singularity-orig = prev.singularity; 37 37 + singularity = config.programs.singularity.packageOverriden; 38 38 + }) 39 39 + ]; 40 40 + programs.singularity.enable = true; 41 41 + programs.singularity.package = pkgs._singularity-orig; 42 42 + } 43 43 + ``` 44 44 + 45 45 + Use `lib.mkForce` to forcefully specify the overriden package. 46 46 + ''; 47 47 + }; 48 48 + enableFakeroot = mkOption { 49 49 + type = types.bool; 50 50 + default = true; 51 51 + example = false; 52 52 + description = mdDoc '' 53 53 + Whether to enable the `--fakeroot` support of Singularity/Apptainer. 54 54 + ''; 55 55 + }; 56 56 + enableSuid = mkOption { 57 57 + type = types.bool; 58 58 + default = true; 59 59 + example = false; 60 60 + description = mdDoc '' 61 61 + Whether to enable the SUID support of Singularity/Apptainer. 62 62 + ''; 63 63 + }; 15 64 }; 16 65 17 66 config = mkIf cfg.enable { 18 18 - environment.systemPackages = [ singularity ]; 19 19 - security.wrappers.singularity-suid = 20 20 - { setuid = true; 21 21 - owner = "root"; 22 22 - group = "root"; 23 23 - source = "${singularity}/libexec/singularity/bin/starter-suid.orig"; 24 24 - }; 25 25 - systemd.tmpfiles.rules = [ 26 26 - "d /var/singularity/mnt/session 0770 root root -" 27 27 - "d /var/singularity/mnt/final 0770 root root -" 28 28 - "d /var/singularity/mnt/overlay 0770 root root -" 29 29 - "d /var/singularity/mnt/container 0770 root root -" 30 30 - "d /var/singularity/mnt/source 0770 root root -" 31 31 - ]; 67 67 + programs.singularity.packageOverriden = (cfg.package.override ( 68 68 + optionalAttrs cfg.enableFakeroot { 69 69 + newuidmapPath = "/run/wrappers/bin/newuidmap"; 70 70 + newgidmapPath = "/run/wrappers/bin/newgidmap"; 71 71 + } // optionalAttrs cfg.enableSuid { 72 72 + enableSuid = true; 73 73 + starterSuidPath = "/run/wrappers/bin/${cfg.package.projectName}-suid"; 74 74 + } 75 75 + )); 76 76 + environment.systemPackages = [ cfg.packageOverriden ]; 77 77 + security.wrappers."${cfg.packageOverriden.projectName}-suid" = mkIf cfg.enableSuid { 78 78 + setuid = true; 79 79 + owner = "root"; 80 80 + group = "root"; 81 81 + source = "${cfg.packageOverriden}/libexec/${cfg.packageOverriden.projectName}/bin/starter-suid.orig"; 82 82 + }; 83 83 + systemd.tmpfiles.rules = [ 84 84 + "d /var/lib/${cfg.packageOverriden.projectName}/mnt/session 0770 root root -" 85 85 + "d /var/lib/${cfg.packageOverriden.projectName}/mnt/final 0770 root root -" 86 86 + "d /var/lib/${cfg.packageOverriden.projectName}/mnt/overlay 0770 root root -" 87 87 + "d /var/lib/${cfg.packageOverriden.projectName}/mnt/container 0770 root root -" 88 88 + "d /var/lib/${cfg.packageOverriden.projectName}/mnt/source 0770 root root -" 89 89 + ]; 32 90 }; 33 91 34 92 }

-73

pkgs/applications/virtualization/singularity/default.nix

··· 1 1 - { lib 2 2 - , fetchurl 3 3 - , util-linux 4 4 - , gpgme 5 5 - , openssl 6 6 - , libuuid 7 7 - , coreutils 8 8 - , which 9 9 - , makeWrapper 10 10 - , cryptsetup 11 11 - , squashfsTools 12 12 - , buildGoPackage}: 13 13 - 14 14 - with lib; 15 15 - 16 16 - buildGoPackage rec { 17 17 - pname = "singularity"; 18 18 - version = "3.8.7"; 19 19 - 20 20 - src = fetchurl { 21 21 - url = "https://github.com/hpcng/singularity/releases/download/v${version}/singularity-${version}.tar.gz"; 22 22 - sha256 = "sha256-Myny5YP4SoNDyywDgKHWy86vrn0eYztcvK33FD6shZs="; 23 23 - }; 24 24 - 25 25 - goPackagePath = "github.com/sylabs/singularity"; 26 26 - 27 27 - buildInputs = [ gpgme openssl libuuid ]; 28 28 - nativeBuildInputs = [ util-linux which makeWrapper cryptsetup ]; 29 29 - propagatedBuildInputs = [ coreutils squashfsTools ]; 30 30 - 31 31 - postPatch = '' 32 32 - substituteInPlace internal/pkg/build/files/copy.go \ 33 33 - --replace /bin/cp ${coreutils}/bin/cp 34 34 - ''; 35 35 - 36 36 - postConfigure = '' 37 37 - cd go/src/github.com/sylabs/singularity 38 38 - 39 39 - patchShebangs . 40 40 - sed -i 's|defaultPath := "[^"]*"|defaultPath := "${lib.makeBinPath propagatedBuildInputs}"|' cmd/internal/cli/actions.go 41 41 - 42 42 - ./mconfig -V ${version} -p $out --localstatedir=/var 43 43 - 44 44 - # Don't install SUID binaries 45 45 - sed -i 's/-m 4755/-m 755/g' builddir/Makefile 46 46 - ''; 47 47 - 48 48 - buildPhase = '' 49 49 - runHook preBuild 50 50 - make -C builddir 51 51 - runHook postBuild 52 52 - ''; 53 53 - 54 54 - installPhase = '' 55 55 - runHook preInstall 56 56 - make -C builddir install LOCALSTATEDIR=$out/var 57 57 - chmod 755 $out/libexec/singularity/bin/starter-suid 58 58 - 59 59 - # Explicitly configure paths in the config file 60 60 - sed -i 's|^# mksquashfs path =.*$|mksquashfs path = ${lib.makeBinPath [squashfsTools]}/mksquashfs|' $out/etc/singularity/singularity.conf 61 61 - sed -i 's|^# cryptsetup path =.*$|cryptsetup path = ${lib.makeBinPath [cryptsetup]}/cryptsetup|' $out/etc/singularity/singularity.conf 62 62 - 63 63 - runHook postInstall 64 64 - ''; 65 65 - 66 66 - meta = with lib; { 67 67 - homepage = "http://www.sylabs.io/"; 68 68 - description = "Application containers for linux"; 69 69 - license = licenses.bsd3; 70 70 - platforms = platforms.linux; 71 71 - maintainers = [ maintainers.jbedo ]; 72 72 - }; 73 73 - }

+236

pkgs/applications/virtualization/singularity/generic.nix

··· 1 1 + # Configurations that should only be overrided by 2 2 + # overrideAttrs 3 3 + { pname 4 4 + , version 5 5 + , src 6 6 + , projectName # "apptainer" or "singularity" 7 7 + , vendorHash ? null 8 8 + , deleteVendor ? false 9 9 + , proxyVendor ? false 10 10 + , extraConfigureFlags ? [ ] 11 11 + , extraDescription ? "" 12 12 + , extraMeta ? { } 13 13 + }: 14 14 + 15 15 + let 16 16 + # Workaround for vendor-related attributes not overridable (#86349) 17 17 + # should be removed when the issue is resolved 18 18 + _defaultGoVendorArgs = { 19 19 + inherit 20 20 + vendorHash 21 21 + deleteVendor 22 22 + proxyVendor 23 23 + ; 24 24 + }; 25 25 + in 26 26 + { lib 27 27 + , buildGoModule 28 28 + , runCommandLocal 29 29 + # Native build inputs 30 30 + , makeWrapper 31 31 + , pkg-config 32 32 + , util-linux 33 33 + , which 34 34 + # Build inputs 35 35 + , bash 36 36 + , conmon 37 37 + , coreutils 38 38 + , cryptsetup 39 39 + , fakeroot 40 40 + , go 41 41 + , gpgme 42 42 + , libseccomp 43 43 + , libuuid 44 44 + # This is for nvidia-container-cli 45 45 + , nvidia-docker 46 46 + , openssl 47 47 + , squashfsTools 48 48 + , squashfuse 49 49 + # Overridable configurations 50 50 + , enableNvidiaContainerCli ? true 51 51 + # Compile with seccomp support 52 52 + # SingularityCE 3.10.0 and above requires explicit --without-seccomp when libseccomp is not available. 53 53 + , enableSeccomp ? true 54 54 + # Whether the configure script treat SUID support as default 55 55 + , defaultToSuid ? true 56 56 + # Whether to compile with SUID support 57 57 + , enableSuid ? false 58 58 + , starterSuidPath ? null 59 59 + # newuidmapPath and newgidmapPath are to support --fakeroot 60 60 + # where those SUID-ed executables are unavailable from the FHS system PATH. 61 61 + # Path to SUID-ed newuidmap executable 62 62 + , newuidmapPath ? null 63 63 + # Path to SUID-ed newgidmap executable 64 64 + , newgidmapPath ? null 65 65 + # Remove the symlinks to `singularity*` when projectName != "singularity" 66 66 + , removeCompat ? false 67 67 + # Workaround #86349 68 68 + # should be removed when the issue is resolved 69 69 + , vendorHash ? _defaultGoVendorArgs.vendorHash 70 70 + , deleteVendor ? _defaultGoVendorArgs.deleteVendor 71 71 + , proxyVendor ? _defaultGoVendorArgs.proxyVendor 72 72 + }: 73 73 + 74 74 + let 75 75 + defaultPathOriginal = "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin"; 76 76 + privileged-un-utils = if ((isNull newuidmapPath) && (isNull newgidmapPath)) then null else 77 77 + (runCommandLocal "privileged-un-utils" { } '' 78 78 + mkdir -p "$out/bin" 79 79 + ln -s ${lib.escapeShellArg newuidmapPath} "$out/bin/newuidmap" 80 80 + ln -s ${lib.escapeShellArg newgidmapPath} "$out/bin/newgidmap" 81 81 + ''); 82 82 + in 83 83 + buildGoModule { 84 84 + inherit pname version src; 85 85 + 86 86 + # Override vendorHash with the output got from 87 87 + # nix-prefetch -E "{ sha256 }: ((import ./. { }).apptainer.override { vendorHash = sha256; }).go-modules" 88 88 + # or with `null` when using vendored source tarball. 89 89 + inherit vendorHash deleteVendor proxyVendor; 90 90 + 91 91 + # go is used to compile extensions when building container images 92 92 + allowGoReference = true; 93 93 + 94 94 + strictDeps = true; 95 95 + 96 96 + passthru = { 97 97 + inherit 98 98 + enableSeccomp 99 99 + enableSuid 100 100 + projectName 101 101 + removeCompat 102 102 + starterSuidPath 103 103 + ; 104 104 + }; 105 105 + 106 106 + nativeBuildInputs = [ 107 107 + makeWrapper 108 108 + pkg-config 109 109 + util-linux 110 110 + which 111 111 + ]; 112 112 + 113 113 + buildInputs = [ 114 114 + bash # To patch /bin/sh shebangs. 115 115 + conmon 116 116 + cryptsetup 117 117 + gpgme 118 118 + libuuid 119 119 + openssl 120 120 + squashfsTools 121 121 + squashfuse 122 122 + ] 123 123 + ++ lib.optional enableNvidiaContainerCli nvidia-docker 124 124 + ++ lib.optional enableSeccomp libseccomp 125 125 + ; 126 126 + 127 127 + configureScript = "./mconfig"; 128 128 + 129 129 + configureFlags = [ 130 130 + "--localstatedir=/var/lib" 131 131 + "--runstatedir=/var/run" 132 132 + ] 133 133 + ++ lib.optional (!enableSeccomp) "--without-seccomp" 134 134 + ++ lib.optional (defaultToSuid && !enableSuid) "--without-suid" 135 135 + ++ lib.optional (!defaultToSuid && enableSuid) "--with-suid" 136 136 + ++ extraConfigureFlags 137 137 + ; 138 138 + 139 139 + # Packages to prefix to the Apptainer/Singularity container runtime default PATH 140 140 + # Use overrideAttrs to override 141 141 + defaultPathInputs = [ 142 142 + bash 143 143 + coreutils 144 144 + cryptsetup # cryptsetup 145 145 + go 146 146 + privileged-un-utils 147 147 + squashfsTools # mksquashfs unsquashfs # Make / unpack squashfs image 148 148 + squashfuse # squashfuse_ll squashfuse # Mount (without unpacking) a squashfs image without privileges 149 149 + ] 150 150 + ++ lib.optional enableNvidiaContainerCli nvidia-docker 151 151 + ; 152 152 + 153 153 + postPatch = '' 154 154 + if [[ ! -e .git || ! -e VERSION ]]; then 155 155 + echo "${version}" > VERSION 156 156 + fi 157 157 + # Patch shebangs for script run during build 158 158 + patchShebangs --build "$configureScript" makeit e2e scripts mlocal/scripts 159 159 + # Patching the hard-coded defaultPath by prefixing the packages in defaultPathInputs 160 160 + substituteInPlace cmd/internal/cli/actions.go \ 161 161 + --replace "defaultPath = \"${defaultPathOriginal}\"" "defaultPath = \"''${defaultPathInputs// /\/bin:}''${defaultPathInputs:+/bin:}${defaultPathOriginal}\"" 162 162 + ''; 163 163 + 164 164 + postConfigure = '' 165 165 + # Code borrowed from pkgs/stdenv/generic/setup.sh configurePhase() 166 166 + 167 167 + # set to empty if unset 168 168 + : ''${configureFlags=} 169 169 + 170 170 + # shellcheck disable=SC2086 171 171 + $configureScript -V ${version} "''${prefixKey:---prefix=}$prefix" $configureFlags "''${configureFlagsArray[@]}" 172 172 + 173 173 + # End of the code from pkgs/stdenv/generic/setup.sh configurPhase() 174 174 + ''; 175 175 + 176 176 + buildPhase = '' 177 177 + runHook preBuild 178 178 + make -C builddir -j"$NIX_BUILD_CORES" 179 179 + runHook postBuild 180 180 + ''; 181 181 + 182 182 + installPhase = '' 183 183 + runHook preInstall 184 184 + make -C builddir install LOCALSTATEDIR="$out/var/lib" 185 185 + runHook postInstall 186 186 + ''; 187 187 + 188 188 + postFixup = '' 189 189 + substituteInPlace "$out/bin/run-singularity" \ 190 190 + --replace "/usr/bin/env ${projectName}" "$out/bin/${projectName}" 191 191 + wrapProgram "$out/bin/${projectName}" \ 192 192 + --prefix PATH : "${lib.makeBinPath [ 193 193 + fakeroot 194 194 + squashfsTools # Singularity (but not Apptainer) expects unsquashfs from the host PATH 195 195 + ]}" 196 196 + # Make changes in the config file 197 197 + ${lib.optionalString enableNvidiaContainerCli '' 198 198 + substituteInPlace "$out/etc/${projectName}/${projectName}.conf" \ 199 199 + --replace "use nvidia-container-cli = no" "use nvidia-container-cli = yes" 200 200 + ''} 201 201 + ${lib.optionalString (removeCompat && (projectName != "singularity")) '' 202 202 + unlink "$out/bin/singularity" 203 203 + for file in "$out"/share/man/man?/singularity*.gz; do 204 204 + if [[ -L "$file" ]]; then 205 205 + unlink "$file" 206 206 + fi 207 207 + done 208 208 + for file in "$out"/share/*-completion/completions/singularity; do 209 209 + if [[ -e "$file" ]] 210 210 + rm "$file" 211 211 + done 212 212 + ''} 213 213 + ${lib.optionalString enableSuid (lib.warnIf (isNull starterSuidPath) "${projectName}: Null starterSuidPath when enableSuid produces non-SUID-ed starter-suid and run-time permission denial." '' 214 214 + chmod +x $out/libexec/${projectName}/bin/starter-suid 215 215 + '')} 216 216 + ${lib.optionalString (enableSuid && !isNull starterSuidPath) '' 217 217 + mv "$out"/libexec/${projectName}/bin/starter-suid{,.orig} 218 218 + ln -s ${lib.escapeShellArg starterSuidPath} "$out/libexec/${projectName}/bin/starter-suid" 219 219 + ''} 220 220 + ''; 221 221 + 222 222 + meta = with lib; { 223 223 + description = "Application containers for linux" + extraDescription; 224 224 + longDescription = '' 225 225 + Singularity (the upstream) renamed themselves to Apptainer 226 226 + to distinguish themselves from a fork made by Sylabs Inc.. See 227 227 + 228 228 + https://sylabs.io/2021/05/singularity-community-edition 229 229 + https://apptainer.org/news/community-announcement-20211130 230 230 + ''; 231 231 + license = licenses.bsd3; 232 232 + platforms = platforms.linux; 233 233 + maintainers = with maintainers; [ jbedo ShamrockLee ]; 234 234 + mainProgram = projectName; 235 235 + } // extraMeta; 236 236 + }

+94

pkgs/applications/virtualization/singularity/packages.nix

··· 1 1 + { callPackage 2 2 + , fetchFromGitHub 3 3 + , nixos 4 4 + , conmon 5 5 + }: 6 6 + let 7 7 + apptainer = callPackage 8 8 + (import ./generic.nix rec { 9 9 + pname = "apptainer"; 10 10 + # TODO: Upgrade to 1.1.4 only after https://github.com/apptainer/apptainer/pull/967 get merge 11 11 + # and https://github.com/apptainer/apptainer/issues/958 get fixed 12 12 + version = "1.1.3"; 13 13 + projectName = "apptainer"; 14 14 + 15 15 + src = fetchFromGitHub { 16 16 + owner = "apptainer"; 17 17 + repo = "apptainer"; 18 18 + rev = "v${version}"; 19 19 + hash = "sha256-QFg6RC77OE/a6Qlzn6Zi5I7Iaq/U3/m0eI9yLArzuNc="; 20 20 + }; 21 21 + 22 22 + # Update by running 23 23 + # nix-prefetch -E "{ sha256 }: ((import ./. { }).apptainer.override { vendorHash = sha256; }).go-modules" 24 24 + # at the root directory of the Nixpkgs repository 25 25 + vendorHash = "sha256-tAnh7A8Lw5KtY7hq+sqHMEUlgXvgeeCKKIfRZFoRtug="; 26 26 + 27 27 + extraDescription = " (previously known as Singularity)"; 28 28 + extraMeta.homepage = "https://apptainer.org"; 29 29 + }) 30 30 + { 31 31 + # Apptainer doesn't depend on conmon 32 32 + conmon = null; 33 33 + 34 34 + # defaultToSuid becomes false since Apptainer 1.1.0 35 35 + # https://github.com/apptainer/apptainer/pull/495 36 36 + # https://github.com/apptainer/apptainer/releases/tag/v1.1.0 37 37 + defaultToSuid = false; 38 38 + }; 39 39 + 40 40 + singularity = callPackage 41 41 + (import ./generic.nix rec { 42 42 + pname = "singularity-ce"; 43 43 + version = "3.10.4"; 44 44 + projectName = "singularity"; 45 45 + 46 46 + src = fetchFromGitHub { 47 47 + owner = "sylabs"; 48 48 + repo = "singularity"; 49 49 + rev = "v${version}"; 50 50 + hash = "sha256-bUnQXQVwaVA3Lkw3X9TBWqNBgiPxAVCHnkq0vc+CIsM="; 51 51 + }; 52 52 + 53 53 + # Update by running 54 54 + # nix-prefetch -E "{ sha256 }: ((import ./. { }).singularity.override { vendorHash = sha256; }).go-modules" 55 55 + # at the root directory of the Nixpkgs repository 56 56 + vendorHash = "sha256-K8helLcOuz3E4LzBE9y3pnZqwdwhO/iMPTN1o22ipVg="; 57 57 + 58 58 + # Do not build conmon from the Git submodule source, 59 59 + # Use Nixpkgs provided version 60 60 + extraConfigureFlags = [ 61 61 + "--without-conmon" 62 62 + ]; 63 63 + 64 64 + extraDescription = " (Sylabs Inc's fork of Singularity, a.k.a. SingularityCE)"; 65 65 + extraMeta.homepage = "https://sylabs.io/"; 66 66 + }) 67 67 + { 68 68 + defaultToSuid = true; 69 69 + }; 70 70 + 71 71 + genOverridenNixos = package: packageName: (nixos { 72 72 + programs.singularity = { 73 73 + enable = true; 74 74 + inherit package; 75 75 + }; 76 76 + }).config.programs.singularity.packageOverriden.overrideAttrs (oldAttrs: { 77 77 + meta = oldAttrs.meta // { 78 78 + description = ""; 79 79 + longDescription = '' 80 80 + This package produces identical store derivations to `pkgs.${packageName}` 81 81 + overriden and installed by the NixOS module `programs.singularity` 82 82 + with default configuration. 83 83 + 84 84 + This is for binary substitutes only. Use pkgs.${packageName} instead. 85 85 + ''; 86 86 + }; 87 87 + }); 88 88 + in 89 89 + { 90 90 + inherit apptainer singularity; 91 91 + 92 92 + apptainer-overriden-nixos = genOverridenNixos apptainer "apptainer"; 93 93 + singularity-overriden-nixos = genOverridenNixos singularity "singularity"; 94 94 + }

+46 -34

pkgs/build-support/singularity-tools/default.nix

··· 10 10 , gawk 11 11 , util-linux 12 12 , runtimeShell 13 13 - , e2fsprogs }: 14 14 - 13 13 + , e2fsprogs 14 14 + }: 15 15 rec { 16 16 shellScript = name: text: 17 17 writeScript name '' ··· 20 20 ${text} 21 21 ''; 22 22 23 23 - mkLayer = { 24 24 - name, 25 25 - contents ? [], 26 26 - }: 27 27 - runCommand "singularity-layer-${name}" { 28 28 - inherit contents; 29 29 - } '' 23 23 + mkLayer = 24 24 + { name 25 25 + , contents ? [ ] 26 26 + # May be "apptainer" instead of "singularity" 27 27 + , projectName ? (singularity.projectName or "singularity") 28 28 + }: 29 29 + runCommand "${projectName}-layer-${name}" 30 30 + { 31 31 + inherit contents; 32 32 + } '' 30 33 mkdir $out 31 34 for f in $contents ; do 32 35 cp -ra $f $out/ 33 36 done 34 37 ''; 35 38 36 36 - buildImage = { 37 37 - name, 38 38 - contents ? [], 39 39 - diskSize ? 1024, 40 40 - runScript ? "#!${stdenv.shell}\nexec /bin/sh", 41 41 - runAsRoot ? null, 42 42 - memSize ? 512 43 43 - }: 44 44 - let layer = mkLayer { 45 45 - inherit name; 46 46 - contents = contents ++ [ bash runScriptFile ]; 47 47 - }; 48 48 - runAsRootFile = shellScript "run-as-root.sh" runAsRoot; 49 49 - runScriptFile = shellScript "run-script.sh" runScript; 50 50 - result = vmTools.runInLinuxVM ( 51 51 - runCommand "singularity-image-${name}.img" { 39 39 + buildImage = 40 40 + let 41 41 + defaultSingularity = singularity; 42 42 + in 43 43 + { name 44 44 + , contents ? [ ] 45 45 + , diskSize ? 1024 46 46 + , runScript ? "#!${stdenv.shell}\nexec /bin/sh" 47 47 + , runAsRoot ? null 48 48 + , memSize ? 512 49 49 + , singularity ? defaultSingularity 50 50 + }: 51 51 + let 52 52 + projectName = singularity.projectName or "singularity"; 53 53 + layer = mkLayer { 54 54 + inherit name; 55 55 + contents = contents ++ [ bash runScriptFile ]; 56 56 + inherit projectName; 57 57 + }; 58 58 + runAsRootFile = shellScript "run-as-root.sh" runAsRoot; 59 59 + runScriptFile = shellScript "run-script.sh" runScript; 60 60 + result = vmTools.runInLinuxVM ( 61 61 + runCommand "${projectName}-image-${name}.img" 62 62 + { 52 63 buildInputs = [ singularity e2fsprogs util-linux gawk ]; 53 64 layerClosure = writeReferencesToFile layer; 54 65 preVM = vmTools.createEmptyImage { 55 66 size = diskSize; 56 56 - fullName = "singularity-run-disk"; 67 67 + fullName = "${projectName}-run-disk"; 57 68 }; 58 69 inherit memSize; 59 70 } ··· 92 103 if [ ! -e bin/sh ]; then 93 104 ln -s ${runtimeShell} bin/sh 94 105 fi 95 95 - mkdir -p .singularity.d 96 96 - ln -s ${runScriptFile} .singularity.d/runscript 106 106 + mkdir -p .${projectName}.d 107 107 + ln -s ${runScriptFile} .${projectName}.d/runscript 97 108 98 98 - # Fill out .singularity.d 99 99 - mkdir -p .singularity.d/env 100 100 - touch .singularity.d/env/94-appsbase.sh 109 109 + # Fill out .${projectName}.d 110 110 + mkdir -p .${projectName}.d/env 111 111 + touch .${projectName}.d/env/94-appsbase.sh 101 112 102 113 cd .. 103 103 - mkdir -p /var/singularity/mnt/{container,final,overlay,session,source} 114 114 + mkdir -p /var/lib/${projectName}/mnt/{container,final,overlay,session,source} 104 115 echo "root:x:0:0:System administrator:/root:/bin/sh" > /etc/passwd 105 116 echo > /etc/resolv.conf 106 106 - TMPDIR=$(pwd -P) singularity build $out ./img 117 117 + TMPDIR=$(pwd -P) ${projectName} build $out ./img 107 118 ''); 108 119 109 109 - in result; 120 120 + in 121 121 + result; 110 122 }

+7 -2

pkgs/top-level/all-packages.nix

··· 30209 30209 30210 30210 shepherd = nodePackages."@nerdwallet/shepherd"; 30211 30211 30212 30212 + inherit (callPackage ../applications/virtualization/singularity/packages.nix { }) 30213 30213 + apptainer 30214 30214 + singularity 30215 30215 + apptainer-overriden-nixos 30216 30216 + singularity-overriden-nixos 30217 30217 + ; 30218 30218 + 30212 30219 skate = callPackage ../applications/misc/skate { }; 30213 30220 30214 30221 slack = callPackage ../applications/networking/instant-messengers/slack { }; ··· 30218 30225 slack-term = callPackage ../applications/networking/instant-messengers/slack-term { }; 30219 30226 30220 30227 slweb = callPackage ../applications/misc/slweb { }; 30221 30221 - 30222 30222 - singularity = callPackage ../applications/virtualization/singularity { }; 30223 30228 30224 30229 sonixd = callPackage ../applications/audio/sonixd { }; 30225 30230