From d6bcc3cdbc584a710c37fb5672697c7c431e14ed Mon Sep 17 00:00:00 2001 From: Thomas Roeblitz Date: Fri, 28 Mar 2025 22:19:29 +0100 Subject: [PATCH 1/7] run container more isolated from host --- eessi_container.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/eessi_container.sh b/eessi_container.sh index 1cbc6c1c8d..7bb17aec11 100755 --- a/eessi_container.sh +++ b/eessi_container.sh @@ -842,6 +842,9 @@ if [ ! -z ${EESSI_SOFTWARE_SUBDIR_OVERRIDE} ]; then export APPTAINERENV_EESSI_SOFTWARE_SUBDIR_OVERRIDE=${EESSI_SOFTWARE_SUBDIR_OVERRIDE} fi +# always add --contain option to further isolate container run from host +ADDITIONAL_CONTAINER_OPTIONS+=("--contain") + echo "Launching container with command (next line):" echo "singularity ${RUN_QUIET} ${MODE} ${ADDITIONAL_CONTAINER_OPTIONS[@]} ${EESSI_FUSE_MOUNTS[@]} ${CONTAINER} $@" singularity ${RUN_QUIET} ${MODE} "${ADDITIONAL_CONTAINER_OPTIONS[@]}" "${EESSI_FUSE_MOUNTS[@]}" ${CONTAINER} "$@" From 482d7431ab0a092c8fe364553fd3159515b903dc Mon Sep 17 00:00:00 2001 From: Thomas Roeblitz Date: Fri, 28 Mar 2025 22:24:24 +0100 Subject: [PATCH 2/7] install package needed since apptainer 1.4.0 --- install_apptainer_ubuntu.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/install_apptainer_ubuntu.sh b/install_apptainer_ubuntu.sh index 192a36a483..471fc8172d 100755 --- a/install_apptainer_ubuntu.sh +++ b/install_apptainer_ubuntu.sh @@ -2,6 +2,9 @@ set -e +# needed since apptainer 1.4.x +sudo apt-get install -y libsubid-dev + # see https://github.com/apptainer/singularity/issues/5390#issuecomment-899111181 sudo apt-get install alien alien --version From f375d1284357c9cb8299330c8aa86189b40847db Mon Sep 17 00:00:00 2001 From: Thomas Roeblitz Date: Fri, 28 Mar 2025 22:34:41 +0100 Subject: [PATCH 3/7] try another package that might provide libsubid.so.3 --- install_apptainer_ubuntu.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/install_apptainer_ubuntu.sh b/install_apptainer_ubuntu.sh index 471fc8172d..12336a57ac 100755 --- a/install_apptainer_ubuntu.sh +++ b/install_apptainer_ubuntu.sh @@ -3,7 +3,8 @@ set -e # needed since apptainer 1.4.x -sudo apt-get install -y libsubid-dev +# sudo apt-get install -y libsubid-dev +sudo apt-get install -y shadow # see https://github.com/apptainer/singularity/issues/5390#issuecomment-899111181 sudo apt-get install alien From b4f16bf304a7835a43f8cf1d2655e470ff5c2f05 Mon Sep 17 00:00:00 2001 From: Thomas Roeblitz Date: Fri, 28 Mar 2025 22:57:24 +0100 Subject: [PATCH 4/7] revert changes to installing apptainer --- install_apptainer_ubuntu.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/install_apptainer_ubuntu.sh b/install_apptainer_ubuntu.sh index 12336a57ac..192a36a483 100755 --- a/install_apptainer_ubuntu.sh +++ b/install_apptainer_ubuntu.sh @@ -2,10 +2,6 @@ set -e -# needed since apptainer 1.4.x -# sudo apt-get install -y libsubid-dev -sudo apt-get install -y shadow - # see https://github.com/apptainer/singularity/issues/5390#issuecomment-899111181 sudo apt-get install alien alien --version From 9a0082a2d3cf08986204692fc580d53d0906a7a7 Mon Sep 17 00:00:00 2001 From: Thomas Roeblitz Date: Fri, 28 Mar 2025 23:09:44 +0100 Subject: [PATCH 5/7] {2023.06}[2023b,grace] BWA v0.7.18 --- .../2023.06/grace/eessi-2023.06-eb-4.9.4-2023b.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/easystacks/software.eessi.io/2023.06/grace/eessi-2023.06-eb-4.9.4-2023b.yml b/easystacks/software.eessi.io/2023.06/grace/eessi-2023.06-eb-4.9.4-2023b.yml index f81d506be0..0ee3e00749 100644 --- a/easystacks/software.eessi.io/2023.06/grace/eessi-2023.06-eb-4.9.4-2023b.yml +++ b/easystacks/software.eessi.io/2023.06/grace/eessi-2023.06-eb-4.9.4-2023b.yml @@ -86,3 +86,9 @@ easyconfigs: # from-pr: 20201 - Qt5-5.15.13-GCCcore-13.2.0.eb - OSU-Micro-Benchmarks-7.2-gompi-2023b.eb +# JUST FOR TESTING WHETHER adding --contain removes lua error messages and lets +# ReFrame tests run + - BWA-0.7.18-GCCcore-13.2.0.eb: + options: + # see https://github.com/easybuilders/easybuild-easyconfigs/pull/22025 + from-commit: b5024368af15a9bdd18a92ea908d1f7595f87797 From 77061394705d079fdda8da1f8ec10384c2fc4208 Mon Sep 17 00:00:00 2001 From: Thomas Roeblitz Date: Fri, 28 Mar 2025 23:41:11 +0100 Subject: [PATCH 6/7] ensure scripts are accessible inside container --- bot/build.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bot/build.sh b/bot/build.sh index ab28be4124..ef44d70da0 100755 --- a/bot/build.sh +++ b/bot/build.sh @@ -184,6 +184,10 @@ if [[ "${REPOSITORY_NAME}" == "dev.eessi.io" ]]; then COMMON_ARGS+=("--repository" "software.eessi.io,access=ro") fi +# add $software_layer_dir as extra bind path; needed because of the result of +# realpath this script may not yet be at a location bind mounted into the container +COMMON_ARGS+=("--extra-bind-paths" "${software_layer_dir}") + # make sure to use the same parent dir for storing tarballs of tmp PREVIOUS_TMP_DIR=${PWD}/previous_tmp From df59ac9c116b4278e0280b650595913c76302463 Mon Sep 17 00:00:00 2001 From: Thomas Roeblitz Date: Sat, 29 Mar 2025 00:13:19 +0100 Subject: [PATCH 7/7] add /dev to extra bind paths --- bot/build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bot/build.sh b/bot/build.sh index ef44d70da0..8949712ba2 100755 --- a/bot/build.sh +++ b/bot/build.sh @@ -184,9 +184,9 @@ if [[ "${REPOSITORY_NAME}" == "dev.eessi.io" ]]; then COMMON_ARGS+=("--repository" "software.eessi.io,access=ro") fi -# add $software_layer_dir as extra bind path; needed because of the result of +# add $software_layer_dir and /dev as extra bind paths; needed because of the result of # realpath this script may not yet be at a location bind mounted into the container -COMMON_ARGS+=("--extra-bind-paths" "${software_layer_dir}") +COMMON_ARGS+=("--extra-bind-paths" "${software_layer_dir},/dev") # make sure to use the same parent dir for storing tarballs of tmp PREVIOUS_TMP_DIR=${PWD}/previous_tmp