diff options
| author | Yueh-Shun Li <44064051+ShamrockLee@users.noreply.github.com> | 2023-01-29 01:02:48 +0800 |
|---|---|---|
| committer | Yueh-Shun Li <44064051+ShamrockLee@users.noreply.github.com> | 2023-02-08 18:04:05 +0800 |
| commit | 71a89291ee0643b23b87aba090c885324d30bc45 (patch) | |
| tree | 9c1051d5cbb480afb1843d7400faab44b5397824 /pkgs/applications/virtualization/singularity | |
| parent | 50788d2fb00e79c3f3ef720edbb5218d561c8ce7 (diff) | |
| download | nixpkgs-71a89291ee0643b23b87aba090c885324d30bc45.tar nixpkgs-71a89291ee0643b23b87aba090c885324d30bc45.tar.gz nixpkgs-71a89291ee0643b23b87aba090c885324d30bc45.tar.bz2 nixpkgs-71a89291ee0643b23b87aba090c885324d30bc45.tar.lz nixpkgs-71a89291ee0643b23b87aba090c885324d30bc45.tar.xz nixpkgs-71a89291ee0643b23b87aba090c885324d30bc45.tar.zst nixpkgs-71a89291ee0643b23b87aba090c885324d30bc45.zip | |
apptainer, singularity: enable non-FHS --fakeroot support
This patch provides input arguments `newuidmapPath` and `newgidmapPath` for apptainer and singularity to specify the path to the SUID-ed executables newuidmap and newgidmap where they are not available from the FHS PATH. As NixOS places those suided executables in a non-FHS position (/run/wrapper/bin), this patch provides programs.singularity.enableFakeroot option and implement with the above input parameters.
Diffstat (limited to 'pkgs/applications/virtualization/singularity')
| -rw-r--r-- | pkgs/applications/virtualization/singularity/generic.nix | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/pkgs/applications/virtualization/singularity/generic.nix b/pkgs/applications/virtualization/singularity/generic.nix index 6910674b93e..562781b09a3 100644 --- a/pkgs/applications/virtualization/singularity/generic.nix +++ b/pkgs/applications/virtualization/singularity/generic.nix @@ -25,6 +25,7 @@ let in { lib , buildGoModule +, runCommandLocal # Native build inputs , makeWrapper , pkg-config @@ -55,6 +56,12 @@ in # Whether to compile with SUID support , enableSuid ? false , starterSuidPath ? null + # newuidmapPath and newgidmapPath are to support --fakeroot + # where those SUID-ed executables are unavailable from the FHS system PATH. + # Path to SUID-ed newuidmap executable +, newuidmapPath ? null + # Path to SUID-ed newgidmap executable +, newgidmapPath ? null # Remove the symlinks to `singularity*` when projectName != "singularity" , removeCompat ? false # Workaround #86349 @@ -66,6 +73,12 @@ in let defaultPathOriginal = "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin"; + privileged-un-utils = if ((isNull newuidmapPath) && (isNull newgidmapPath)) then null else + (runCommandLocal "privileged-un-utils" { } '' + mkdir -p "$out/bin" + ln -s ${lib.escapeShellArg newuidmapPath} "$out/bin/newuidmap" + ln -s ${lib.escapeShellArg newgidmapPath} "$out/bin/newgidmap" + ''); in buildGoModule { inherit pname version src; @@ -130,6 +143,7 @@ buildGoModule { coreutils cryptsetup # cryptsetup go + privileged-un-utils squashfsTools # mksquashfs unsquashfs # Make / unpack squashfs image squashfuse # squashfuse_ll squashfuse # Mount (without unpacking) a squashfs image without privileges ] |