summary refs log tree commit diff
path: root/pkgs/applications/virtualization/singularity
diff options
context:
space:
mode:
authorYueh-Shun Li <44064051+ShamrockLee@users.noreply.github.com>2023-02-14 17:22:39 +0800
committerYueh-Shun Li <44064051+ShamrockLee@users.noreply.github.com>2023-02-19 07:55:10 +0000
commit6e9902c7f6ef9af4434f01db2c05a6a3f488ce97 (patch)
tree99734485eb07c8a194a5fa11a4c271d8dad6ecd4 /pkgs/applications/virtualization/singularity
parent8ee6a032ca2f30d24e481e15d509cfd1da0e7119 (diff)
downloadnixpkgs-6e9902c7f6ef9af4434f01db2c05a6a3f488ce97.tar
nixpkgs-6e9902c7f6ef9af4434f01db2c05a6a3f488ce97.tar.gz
nixpkgs-6e9902c7f6ef9af4434f01db2c05a6a3f488ce97.tar.bz2
nixpkgs-6e9902c7f6ef9af4434f01db2c05a6a3f488ce97.tar.lz
nixpkgs-6e9902c7f6ef9af4434f01db2c05a6a3f488ce97.tar.xz
nixpkgs-6e9902c7f6ef9af4434f01db2c05a6a3f488ce97.tar.zst
nixpkgs-6e9902c7f6ef9af4434f01db2c05a6a3f488ce97.zip
apptainer: always specify either --with-suid or --without-suid build flag
Diffstat (limited to 'pkgs/applications/virtualization/singularity')
-rw-r--r--pkgs/applications/virtualization/singularity/generic.nix6


-rw-r--r--pkgs/applications/virtualization/singularity/packages.nix8


2 files changed, 8 insertions, 6 deletions
diff --git a/pkgs/applications/virtualization/singularity/generic.nix b/pkgs/applications/virtualization/singularity/generic.nix
index 562781b09a3..f20735e45e3 100644
--- a/pkgs/applications/virtualization/singularity/generic.nix
+++ b/pkgs/applications/virtualization/singularity/generic.nix
@@ -52,6 +52,9 @@ in
   # SingularityCE 3.10.0 and above requires explicit --without-seccomp when libseccomp is not available.
 , enableSeccomp ? true
   # Whether the configure script treat SUID support as default
+  # When equal to enableSuid, it supress the --with-suid / --without-suid build flag
+  # It can be set to `null` to always pass either --with-suid or --without-suided
+  # Type: null or boolean
 , defaultToSuid ? true
   # Whether to compile with SUID support
 , enableSuid ? false
@@ -131,8 +134,7 @@ buildGoModule {
     "--runstatedir=/var/run"
   ]
   ++ lib.optional (!enableSeccomp) "--without-seccomp"
-  ++ lib.optional (defaultToSuid && !enableSuid) "--without-suid"
-  ++ lib.optional (!defaultToSuid && enableSuid) "--with-suid"
+  ++ lib.optional (enableSuid != defaultToSuid) (if enableSuid then "--with-suid" else "--without-suid")
   ++ extraConfigureFlags
   ;
 
diff --git a/pkgs/applications/virtualization/singularity/packages.nix b/pkgs/applications/virtualization/singularity/packages.nix
index aa626443c53..a21066d7757 100644
--- a/pkgs/applications/virtualization/singularity/packages.nix
+++ b/pkgs/applications/virtualization/singularity/packages.nix
@@ -29,10 +29,10 @@ let
       # Apptainer doesn't depend on conmon
       conmon = null;
 
-      # defaultToSuid becomes false since Apptainer 1.1.0
-      # https://github.com/apptainer/apptainer/pull/495
-      # https://github.com/apptainer/apptainer/releases/tag/v1.1.0
-      defaultToSuid = false;
+      # Apptainer builders require explicit --with-suid / --without-suid flag
+      # when building on a system with disabled unprivileged namespace.
+      # See https://github.com/NixOS/nixpkgs/pull/215690#issuecomment-1426954601
+      defaultToSuid = null;
     };
 
   singularity = callPackage

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-07 09:21:01 +0000