commit: 41abbc7ea300e8ae95f669d6d5878804cbd5736c Author: Nicolas PARLANT <nicolas.parlant <AT> parhuet <DOT> fr> AuthorDate: Mon Jul 7 10:47:00 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Tue Jul 8 19:31:49 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=41abbc7e
app-containers/apptainer: add 1.4.1 useflags : remove examples, it's only 144K add seccomp to avoid automagic, enabled by default add rootless using libsubid (sys-apps/shadow) update min_go to 1.23.6 remove backslashes in array export PKG_CONFIG for seccomp c23 failures are fixed Bug: https://bugs.gentoo.org/934988 Bug: https://bugs.gentoo.org/946063 Signed-off-by: Nicolas PARLANT <nicolas.parlant <AT> parhuet.fr> Part-of: https://github.com/gentoo/gentoo/pull/42928 Signed-off-by: Sam James <sam <AT> gentoo.org> app-containers/apptainer/Manifest | 1 + app-containers/apptainer/apptainer-1.4.1.ebuild | 89 +++++++++++++++++++++++++ app-containers/apptainer/metadata.xml | 1 + 3 files changed, 91 insertions(+) diff --git a/app-containers/apptainer/Manifest b/app-containers/apptainer/Manifest index 89b0f69c1d9e..3a5572f8009a 100644 --- a/app-containers/apptainer/Manifest +++ b/app-containers/apptainer/Manifest @@ -1,2 +1,3 @@ DIST apptainer-1.3.2.tar.gz 17129103 BLAKE2B a2c15d408dc956a4bc8cb154dadfe0e60aa8b4216277ff4afd508058f9425722fb66200e7d4ab33cf5a73aee34761ac198e7b31439ab69dfaceebb9f768b58e6 SHA512 c3112c8254c995f83e3ae424ecf734e8ca9583c34cd8b0e56fdde2a7ef8d5145ac68a7a2c9575b071515a2cb681d11423fe57a5a3910750d3bc697c85c15585d DIST apptainer-1.3.6.tar.gz 17129602 BLAKE2B 2dd17c1a0601c7d191d4604f2c0e3fb5d8cc4e831dba7bf4cfcbfc359eba1bb3f255ab2c1a81ae844cbebfc6e96729911e5ac4a92195b30f74d77fafac12059f SHA512 e50b8cbdac544241a56d7dc662ad927fdcf9a0f245bab4be0bc35ba9658f9db7c851a95de500e32c0975a2f5e8bcf7f16628e963ebb945ca036de9e91bd8a4a9 +DIST apptainer-1.4.1.tar.gz 17420970 BLAKE2B 7675db9ea53a58c2fe15a84c9806709a7d88e53a531a4421b73a86ddb9630b06227f9dd371b83c7a3fb6c380994e00f8484ed7124d2986f858ecc221864deaa0 SHA512 2481233ba31ffebd50e84620abf84c4995f1a01aafda4562605a9ec754fb271f15e04f45ad4cc234a8ee60c30588fcd40c8468b3f29b9a20329bc5a50dc1625b diff --git a/app-containers/apptainer/apptainer-1.4.1.ebuild b/app-containers/apptainer/apptainer-1.4.1.ebuild new file mode 100644 index 000000000000..93464060d5fc --- /dev/null +++ b/app-containers/apptainer/apptainer-1.4.1.ebuild @@ -0,0 +1,89 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit eapi9-ver linux-info toolchain-funcs + +DESCRIPTION="The container system for secure high-performance computing" +HOMEPAGE="https://apptainer.org/"; +SRC_URI="https://github.com/apptainer/${PN}/releases/download/v${PV}/${P}.tar.gz"; + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~riscv ~x86 ~amd64-linux ~x86-linux" +IUSE="+network rootless +seccomp suid systemd" + +# Do not complain about CFLAGS etc. since go projects do not use them. +QA_FLAGS_IGNORED='.*' + +DEPEND="app-crypt/gpgme + >=dev-lang/go-1.23.6 + dev-libs/openssl + sys-apps/util-linux + sys-fs/cryptsetup + sys-fs/squashfs-tools + rootless? ( sys-apps/shadow:= ) + seccomp? ( sys-libs/libseccomp ) + !suid? ( + sys-fs/e2fsprogs[fuse] + sys-fs/squashfuse + )" +RDEPEND="${DEPEND}" +BDEPEND="virtual/pkgconfig" + +CONFIG_CHECK="~SQUASHFS" + +PATCHES=( + "${FILESDIR}"/${PN}-1.0.2-trim_upstream_cflags.patch +) + +DOCS=( README.md CONTRIBUTORS.md CONTRIBUTING.md ) + +src_configure() { + tc-export PKG_CONFIG + local myconfargs=( + -c "$(tc-getBUILD_CC)" + -x "$(tc-getBUILD_CXX)" + -C "$(tc-getCC)" + -X "$(tc-getCXX)" + --prefix="${EPREFIX}"/usr + --sysconfdir="${EPREFIX}"/etc + --runstatedir="${EPREFIX}"/run + --localstatedir="${EPREFIX}"/var + $(usev !network --without-network) + $(usev !seccomp --without-seccomp) + $(usev !rootless --without-libsubid) + $(use_with suid) + ) + ./mconfig -v ${myconfargs[@]} || die "Error invoking mconfig" +} + +src_compile() { + emake -C builddir +} + +src_install() { + emake DESTDIR="${D}" -C builddir install + keepdir /var/${PN}/mnt/session + + if use systemd; then + sed -i -e '/systemd cgroups/ s/no/yes/' "${ED}"/etc/${PN}/${PN}.conf \ + || die "Failed to enable systemd use in configuration" + else + sed -i -e '/systemd cgroups/ s/yes/no/' "${ED}"/etc/${PN}/${PN}.conf \ + || die "Failed to disable systemd use in configuration" + fi + + einstalldocs + dodoc -r examples +} + +pkg_postinst() { + if ! use suid; then + if ver_replacing -lt 1.1.0; then + ewarn "Since version 1.1.0 ${PN} no longer installs setuid-root components by default, relying on unprivileged user namespaces instead. For details, see https://apptainer.org/docs/admin/main/user_namespace.html"; + ewarn "Make sure user namespaces (possibly except network ones for improved security) are enabled on your system, or re-enable installation of setuid root components by passing USE=suid to ${CATEGORY}/${PN}" + fi + fi +} diff --git a/app-containers/apptainer/metadata.xml b/app-containers/apptainer/metadata.xml index c461d956342a..fa91d4c5a278 100644 --- a/app-containers/apptainer/metadata.xml +++ b/app-containers/apptainer/metadata.xml @@ -4,6 +4,7 @@ <!-- maintainer-needed --> <use> <flag name="network">Install network plug-ins</flag> + <flag name="rootless">Enable libsubid (subuid/subgid mapping) for rootless</flag> <flag name="suid">Install SUID helper binary</flag> </use> <upstream>
