Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

singularity: 3.2.1 -> 3.6.1 #93165

Merged
merged 1 commit into from Jul 24, 2020
Merged

singularity: 3.2.1 -> 3.6.1 #93165

merged 1 commit into from Jul 24, 2020

Conversation

jbedo
Copy link
Contributor

@jbedo jbedo commented Jul 15, 2020

Motivation for this change

Update to latest release. Resolves #92466 and also a hardening bug.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@jbedo jbedo requested a review from Mic92 July 15, 2020 07:36
@Mic92
Copy link
Member

Mic92 commented Jul 15, 2020

Is this also broken in 20.03?

Mic92
Mic92 reviewed Jul 15, 2020
View reviewed changes
pkgs/applications/virtualization/singularity/default.nix
make -C builddir install LOCALSTATEDIR=$out/var
chmod 755 $out/libexec/singularity/bin/starter-suid
wrapProgram $out/bin/singularity --prefix PATH : ${stdenv.lib.makeBinPath propagatedBuildInputs}
runHook postInstall
'';

postFixup = ''
find $out/libexec/ -type f -executable -exec remove-references-to -t ${go} '{}' + || true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Different PR, but should we include $out/libexec in buildGoPackage as well for removing references?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be valuable to do so, libexec is part of the FHS so we should expect some binaries to land there.

@jbedo
Copy link
Contributor Author

jbedo commented Jul 15, 2020

Is this also broken in 20.03?

Partially broken, some functionality works (building images) but running images fails. Would be worth backporting this to 20.03.

@jbedo jbedo mentioned this pull request Jul 15, 2020
Closed
@jbedo jbedo changed the title singularity: 3.2.1 -> 3.6.0 singularity: 3.2.1 -> 3.6.1 Jul 21, 2020
@jbedo
Copy link
Contributor Author

jbedo commented Jul 21, 2020

They cut a new release which fixes a security bug and resolves the hardening issues. I've updated and we now don't need to disable hardening.

@Mic92
Copy link
Member

Mic92 commented Jul 24, 2020

Result of nixpkgs-review pr 93165 1

1 package built:
- singularity

@Mic92 Mic92 merged commit 0216dbd into NixOS:master Jul 24, 2020
@Mic92
Copy link
Member

Mic92 commented Jul 24, 2020

Please backport if necessary.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mic92 Mic92 Mic92 left review comments

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 10.rebuild-linux: 1-10 10.rebuild-linux: 1 11.by: package-maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

singularity may be out-dated
2 participants
@jbedo @Mic92