Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

apptainer: 1.1.5 -> 1.1.7, singularity: 3.10.4 -> 3.11.1 and add test image-hello-cowsay #224683

Merged
merged 4 commits into from Apr 19, 2023
Merged

apptainer: 1.1.5 -> 1.1.7, singularity: 3.10.4 -> 3.11.1 and add test image-hello-cowsay #224683

merged 4 commits into from Apr 19, 2023

Conversation

ShamrockLee
Copy link
Contributor

@ShamrockLee ShamrockLee commented Apr 4, 2023
edited

Description of changes

Apptainer 1.1.6 brings a fix for CVE-2022-23538

Adjust dependencies according to the Debian control file in the upstream repositories.

Add package test to build image with singularity-tools.buildImage.

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • [ X] Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.05 Release Notes (or backporting 22.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@ShamrockLee
apptainer, singularity: add passthru.tests.image-hello-cowsay
1f32cee 
Add image-building tests with singularity-tools
@ShamrockLee ShamrockLee changed the title apptainer: 1.1.5 -> 1.1.7, singularity: 3.10.4 -> 3.11.1 apptainer: 1.1.5 -> 1.1.7, singularity: 3.10.4 -> 3.11.1 and add test image-hello-cowsay Apr 4, 2023
@ShamrockLee
Copy link
Contributor Author

@jbedo @SomeoneSerge Regarding the vulnerability in scs-library-client (CVE-2022-23538),

  • The singularity on our release-21.11 branch is from hpcng/singularity (now apptainer/singularity) version 3.8.4. The version of scs-library-client it uses is 1.0.5. See https://github.com/apptainer/singularity/blob/v3.8.4/go.mod#L47
  • Does it affect the singularity on our stable branch?
  • Should we backport Apptainer and Singularity to the stable branch?

@ofborg ofborg bot requested a review from jbedo April 5, 2023 11:04
@ShamrockLee
apptainer, singularity: unify the PATH prefix to defaultPath and wrap…
f6e7fcc 
…Program

Use defaultPathInputs to control both path prefixes,
reducing the number of input lists to maintain.
@jbedo
Copy link
Contributor

jbedo commented Apr 6, 2023

21.11 is end of life so we can't backport anything to it.

@ShamrockLee
Copy link
Contributor Author

21.11 is end of life so we can't backport anything to it.

Time flies.

This was referenced Apr 8, 2023
Draft
Open
@jbedo jbedo merged commit fbad1e5 into NixOS:master Apr 19, 2023
21 checks passed
@github-actions
Copy link
Contributor

Backport failed for release-22.11, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally.

git fetch origin release-22.11
git worktree add -d .worktree/backport-224683-to-release-22.11 origin/release-22.11
cd .worktree/backport-224683-to-release-22.11
git checkout -b backport-224683-to-release-22.11
ancref=$(git merge-base 6f95dd4fd050daf017cae2dfeb1cea1ec0e4c1a1 722948a9429d89c7661d9fec89128ba9eae6eb54)
git cherry-pick -x $ancref..722948a9429d89c7661d9fec89128ba9eae6eb54

@ShamrockLee ShamrockLee deleted the apptainer-update branch April 19, 2023 08:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jbedo jbedo jbedo approved these changes

Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 0 10.rebuild-linux: 1-10 11.by: package-maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ShamrockLee @jbedo @NickCao