Merge pull request #1279 from sylabs/main

Merge main to 3.11 for bugfixes

Author: dtrudg

CHANGELOG.md

@@ -1,5 +1,11 @@
 # SingularityCE Changelog
 
+## Changes Since Last Release
+
+### Bug Fixes
+
+- Avoid UID / GID readonly var warnings with `--env-file`.
+
 ## 3.11.0 Release Candidate 1 \[2023-01-11\]
 
 *This is the first release candidate for the upcoming Singularity 3.11.0

cmd/internal/cli/build_linux.go

@@ -148,7 +148,10 @@ func runBuild(cmd *cobra.Command, args []string) {
 	dest := args[0]
 	spec := args[1]
 
-	if syscall.Getuid() != 0 && !buildArgs.fakeroot && fs.IsFile(spec) && !isImage(spec) {
+	// Non-remote build with def file as source
+	rootNeeded := !buildArgs.remote && fs.IsFile(spec) && !isImage(spec)
+
+	if rootNeeded && syscall.Getuid() != 0 && !buildArgs.fakeroot {
 		prootPath, err := bin.FindBin("proot")
 		if err != nil {
 			sylog.Fatalf("--remote, --fakeroot, or the proot command are required to build this source as a non-root user")

e2e/env/env.go

@@ -1,4 +1,4 @@
-// Copyright (c) 2019-2022, Sylabs Inc. All rights reserved.
+// Copyright (c) 2019-2023, Sylabs Inc. All rights reserved.
 // This software is licensed under a 3-clause BSD license. Please consult the
 // LICENSE.md file distributed with the sources of this project regarding your
 // rights to use or distribute this software.
@@ -640,6 +640,7 @@ func E2ETests(env e2e.TestEnv) testhelper.Tests {
 		"issue 5057":               c.issue5057, // https://github.com/sylabs/hpcng/issues/5057
 		"issue 5426":               c.issue5426, // https://github.com/sylabs/hpcng/issues/5426
 		"issue 43":                 c.issue43,   // https://github.com/sylabs/singularity/issues/43
+		"issue 1263":               c.issue1263, // https://github.com/sylabs/singularity/issues/1263
 		//
 		// --oci mode
 		//

e2e/env/regressions.go

@@ -1,4 +1,4 @@
-// Copyright (c) 2020-2022, Sylabs Inc. All rights reserved.
+// Copyright (c) 2020-2023, Sylabs Inc. All rights reserved.
 // This software is licensed under a 3-clause BSD license. Please consult the
 // LICENSE.md file distributed with the sources of this project regarding your
 // rights to use or distribute this software.
@@ -122,3 +122,29 @@ func (c ctx) issue43(t *testing.T) {
 		),
 	)
 }
+
+// https://github.com/sylabs/singularity/issues/1263
+// With --env-file we should avoid any override of UID / GID that are set readonly by bash.
+func (c ctx) issue1263(t *testing.T) {
+	e2e.EnsureImage(t, c.env)
+
+	// An empty env file is sufficient, as UID/GID come from the mvdan.cc/sh evaluation of it.
+	envFile, err := e2e.WriteTempFile(c.env.TestDir, "env-file", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(func() {
+		os.Remove(envFile)
+	})
+
+	c.env.RunSingularity(
+		t,
+		e2e.WithProfile(e2e.UserProfile),
+		e2e.WithCommand("exec"),
+		e2e.WithArgs("--env-file", envFile, c.env.ImagePath, "/bin/true"),
+		e2e.ExpectExit(
+			0,
+			e2e.ExpectError(e2e.UnwantedContainMatch, "readonly variable"),
+		),
+	)
+}

e2e/imgbuild/imgbuild.go

@@ -1624,5 +1624,6 @@ func E2ETests(env e2e.TestEnv) testhelper.Tests {
 		"issue 5435":                      c.issue5435,                 // https://github.com/hpcng/singularity/issues/5435
 		"issue 5668":                      c.issue5668,                 // https://github.com/hpcng/singularity/issues/5435
 		"issue 5690":                      c.issue5690,                 // https://github.com/hpcng/singularity/issues/5690
+		"issue 1273":                      c.issue1273,                 // https://github.com/sylabs/singularity/issues/1273
 	}
 }

e2e/imgbuild/regressions.go

@@ -445,3 +445,22 @@ From: {{ .From }}
 		e2e.ExpectExit(0),
 	)
 }
+
+// Ensure a `--remote` build request fails (not-authorized) and proot flow is not invoked.
+func (c *imgBuildTests) issue1273(t *testing.T) {
+	image := filepath.Join(c.env.TestDir, "issue_1273.sif")
+
+	c.env.RunSingularity(
+		t,
+		e2e.WithProfile(e2e.UserProfile),
+		e2e.WithCommand("build"),
+		e2e.WithArgs("--remote", image, "testdata/proot_alpine.def"),
+		e2e.PostRun(func(t *testing.T) {
+			os.Remove(image)
+		}),
+		e2e.ExpectExit(
+			255,
+			e2e.ExpectError(e2e.UnwantedContainMatch, "proot"),
+		),
+	)
+}

internal/pkg/runtime/launcher/native/launcher_linux.go

@@ -1,4 +1,4 @@
-// Copyright (c) 2019-2022, Sylabs Inc. All rights reserved.
+// Copyright (c) 2019-2023, Sylabs Inc. All rights reserved.
 // This software is licensed under a 3-clause BSD license. Please consult the
 // LICENSE.md file distributed with the sources of this project regarding your
 // rights to use or distribute this software.
@@ -859,6 +859,11 @@ func (l *Launcher) setEnv(ctx context.Context, args []string) error {
 				sylog.Warningf("Ignored environment variable %q: '=' is missing", envar)
 				continue
 			}
+			// Don't attempt to overwrite bash builtin readonly vars
+			// https://github.com/sylabs/singularity/issues/1263
+			if e[0] == "UID" || e[0] == "GID" {
+				continue
+			}
 			// Ensure we don't overwrite --env variables with environment file
 			if _, ok := l.cfg.Env[e[0]]; ok {
 				sylog.Warningf("Ignored environment variable %s from %s: override from --env", e[0], l.cfg.EnvFile)