I’m working on the Apptainer / Singularity packaging and NixOS module.
Since it provides integration to SUID-enabled components through build options, it is therefore sensible to override the package with the NixOS module before installing, and it would be a plus to the UX to be able to download the overridden package from the binary cache when related options in the NixOS module remains default.
My current solution is the add two extra packages, _apptainer-nixos-overriden-default and _singularity-nixos-overriden-default into all-packages.nix aside from apptainer and singularity with the pkgs.nixos function. The problem is that they will occupy the top two results when trying to do nix search . singularity. It would be even more confusing if the meta.description remains the same.
The workaround I could think of is to override the meta.description with "" or something like (Not for install). I wonder which practice would be better, or if there would be some other less-confusing solutions.
NixOS:master ← ShamrockLee:singularity-apptainer
opened 04:20PM - 07 Feb 22 UTC
<!--
To help with the large amounts of pull requests, we would appreciate your
…
reviews of other pull requests, especially simple package updates. Just leave a
comment describing what you have tested in the relevant package/service.
Reviewing helps to reduce the average time-to-merge for everyone.
Thanks a lot if you do!
List of open PRs: https://github.com/NixOS/nixpkgs/pulls
Reviewing guidelines: https://nixos.org/manual/nixpkgs/unstable/#chap-reviewing-contributions
-->
###### Motivation for this change
Upstream changes:
singularity 3.8.7 -> ~[singularity-legacy](https://github.com/apptainer/singularity) 3.8.7~ / [apptainer](https://github.com/apptainer/apptainer) 1.0.3 / [singularity (singularity-ce)](https://github.com/sylabs/singularity) 3.10.4
Build process:
* Share between different sources.
* Fix the sed regexp to make defaultPath patch work.
* Add bin path of `bash` to the defaultPath to provide `sh` executable.
* Set `allowGoReference` true to allow singularity to compile plugins when building container images.
* Build with `buildGoModule` and pass `vendorSha256` as a function argument to allow building from non-vendored source.
* ~Set `doCheck` true.~
* Format with `nixpkgs-fmt`.
* Add input parameter `enableSuid` that defaults to `false`. `--with-suid` or `--without-suid` will be passed to `mconfig` according to `enableSuid` the upstream's policy to enable / disable the SUID support by default.
This parameter will be `overwrite` to `false` in the NixOS module `programs.singularity`.
* ~Add man page output.~
NixOS module programs.singularity:
* Allow users to specify packages
* Format with `nixpkgs-fmt`.
Singularity (the upstream) renamed themselves to Apptainer to distinguish themselves from a fork made by Sylabs Inc..
https://sylabs.io/2021/05/singularity-community-edition
https://apptainer.org/news/community-announcement-20211130
In this PR
* `singularity-legacy` is from the original repo before the renaming.
* `apptainer` is from the new repo after the renaming.
* `singularity-ce` is from the fork of Sylabs Inc..
As `apptainer` is still at pre-released version `1.0.0-rc1` and the source and the revision of the previous `singularity` derivation is the same as that of `singularity-legacy` here,
```
singularity = singularity-legacy;
```
is chosen.
~WIP: Update the release note.~ Done.
###### Things done
- Built on platform(s)
- [X] x86_64-linux
- [ ] aarch64-linux
- [ ] x86_64-darwin
- [ ] aarch64-darwin
- [ ] For non-Linux: Is `sandbox = true` set in `nix.conf`? (See [Nix manual](https://nixos.org/manual/nix/stable/command-ref/conf-file.html))
- [ ] Tested, as applicable:
- [NixOS test(s)](https://nixos.org/manual/nixos/unstable/index.html#sec-nixos-tests) (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests))
- and/or [package tests](https://nixos.org/manual/nixpkgs/unstable/#sec-package-tests)
- or, for functions and "core" functionality, tests in [lib/tests](https://github.com/NixOS/nixpkgs/blob/master/lib/tests) or [pkgs/test](https://github.com/NixOS/nixpkgs/blob/master/pkgs/test)
- made sure NixOS tests are [linked](https://nixos.org/manual/nixpkgs/unstable/#ssec-nixos-tests-linking) to the relevant packages
- [X] Tested compilation of all packages that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"`. Note: all changes have to be committed, also see [nixpkgs-review usage](https://github.com/Mic92/nixpkgs-review#usage)
- [X] Tested basic functionality of all binary files (usually in `./result/bin/`)
- [22.05 Release Notes (or backporting 21.11 Release notes)](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#generating-2205-release-notes)
- [X] (Package updates) Added a release notes entry if the change is major or breaking
- [X] (Module updates) Added a release notes entry if the change is significant
- [ ] (Module addition) Added a release notes entry if adding a new NixOS module
- [X] (Release notes changes) Ran `nixos/doc/manual/md-to-db.sh` to update generated release notes
- [X] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md).
1 Like
The build option, defaultPath, and configuration directory are all required at compile time, preventing any changes without a rebuild.
The upstream said that the decision is made out of security consideration.
Sandro
January 4, 2023, 6:04pm
4
How about we patch that out and replace it with a config file or env? It is rather wasteful to recompile an entire program just to change those strings.