apptainer: new package (#30745)

var/spack/repos/builtin/packages/apptainer/package.py

@@ -0,0 +1,37 @@
+# Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
+# Spack Project Developers. See the top-level COPYRIGHT file for details.
+#
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+
+
+from spack import *
+from spack.pkg.builtin.singularityce import SingularityBase
+
+
+# Apptainer is the new name of Singularity, piggy-back on the original package
+class Apptainer(SingularityBase):
+    '''Apptainer is an open source container platform designed to be simple, fast, and
+       secure. Many container platforms are available, but Apptainer is designed for
+       ease-of-use on shared systems and in high performance computing (HPC)
+       environments.
+
+       Needs post-install chmod/chown steps to enable full functionality.
+       See package definition or `spack-build-out.txt` build log for details,
+       e.g.::
+
+           tail -15 $(spack location -i apptainer)/.spack/spack-build-out.txt
+    '''
+
+    homepage = "https://apptainer.org"
+    url      = "https://github.com/apptainer/apptainer/releases/download/v1.0.2/apptainer-1.0.2.tar.gz"
+    git      = "https://github.com/apptainer/apptainer.git"
+
+    version('main', branch='main')
+    version('1.0.2', sha256='2d7a9d0a76d5574459d249c3415e21423980d9154ce85e8c34b0600782a7dfd3')
+
+    singularity_org = 'apptainer'
+    singularity_name = 'apptainer'
+    singularity_security_urls = (
+        "https://apptainer.org/docs/admin/main/security.html",
+        "https://apptainer.org/docs/admin/main/admin_quickstart.html#apptainer-security",
+    )

var/spack/repos/builtin/packages/apptainer/spack_perms_fix.sh.j2

@@ -0,0 +1,11 @@
+#!/bin/sh -eu
+
+{% for cf  in chown_files %}
+chown root {{ prefix }}/{{ cf }}
+{% endfor %}
+
+{% for sf in setuid_files %}
+chmod 4555 {{ prefix }}/{{ sf }}
+{% endfor %}
+
+# end

var/spack/repos/builtin/packages/singularityce/package.py

@@ -27,6 +27,14 @@ class SingularityBase(MakefilePackage):
 
     conflicts('platform=darwin', msg='singularity requires a Linux VM on Windows & Mac')
 
+    # Use these properties to buffer the renaming to Apptainer
+    singularity_org = 'sylabs'
+    singularity_name = 'singularity'
+    singularity_security_urls = (
+        "https://sylabs.io/guides/2.6/admin-guide/security.html",
+        "https://sylabs.io/guides/3.2/admin-guide/admin_quickstart.html#singularity-security",
+    )
+
     # Go has novel ideas about how projects should be organized.
     # We'll point GOPATH at the stage dir, and move the unpacked src
     # tree into the proper subdir in our overridden do_stage below.
@@ -34,13 +42,10 @@ class SingularityBase(MakefilePackage):
     def gopath(self):
         return self.stage.path
 
-    @property
-    def sylabs_gopath_dir(self):
-        return join_path(self.gopath, 'src/github.com/sylabs/')
-
     @property
     def singularity_gopath_dir(self):
-        return join_path(self.sylabs_gopath_dir, 'singularity')
+        return join_path(self.gopath, 'src', 'github.com',
+                         self.singularity_org, self.singularity_name)
 
     # Unpack the tarball as usual, then move the src dir into
     # its home within GOPATH.
@@ -90,7 +95,9 @@ def fix_mksquashfs_path(self):
         squash_path = join_path(self.spec['squashfs'].prefix.bin, 'mksquashfs')
         filter_file(r'^# mksquashfs path =',
                     'mksquashfs path = {0}'.format(squash_path),
-                    join_path(prefix.etc, 'singularity', 'singularity.conf'))
+                    join_path(prefix.etc,
+                              self.singularity_name,
+                              self.singularity_name + '.conf'))
 
     #
     # Assemble a script that fixes the ownership and permissions of several
@@ -116,11 +123,18 @@ def _build_script(self, filename, variable_data):
     def build_perms_script(self):
         if self.spec.satisfies('+suid'):
             script = self.perm_script_path()
-            chown_files = ['libexec/singularity/bin/starter-suid',
-                           'etc/singularity/singularity.conf',
-                           'etc/singularity/capability.json',
-                           'etc/singularity/ecl.toml']
-            setuid_files = ['libexec/singularity/bin/starter-suid']
+            chown_files = [
+                fn.format(self.singularity_name)
+                for fn in ['libexec/{0}/bin/starter-suid',
+                           'etc/{0}/{0}.conf',
+                           'etc/{0}/capability.json',
+                           'etc/{0}/ecl.toml']
+            ]
+            setuid_files = [
+                'libexec/{0}/bin/starter-suid'.format(
+                    self.singularity_name
+                )
+            ]
             self._build_script(script, {'prefix': self.spec.prefix,
                                         'chown_files': chown_files,
                                         'setuid_files': setuid_files})
@@ -136,8 +150,8 @@ def caveats(self):
             For full functionality, you'll need to chown and chmod some files
             after installing the package.  This has security implications.
             For details, see:
-            https://sylabs.io/guides/2.6/admin-guide/security.html
-            https://sylabs.io/guides/3.2/admin-guide/admin_quickstart.html#singularity-security
+            {1}
+            {2}
 
             We've installed a script that will make the necessary changes;
             read through it and then execute it as root (e.g. via sudo).
@@ -145,7 +159,8 @@ def caveats(self):
             The script is named:
 
             {0}
-            """.format(self.perm_script_path()))
+            """.format(self.perm_script_path(),
+                       *self.singularity_security_urls))
 
 
 class Singularityce(SingularityBase):