奇点将github存储库放入用户的主目录

时间:2019-05-22 10:25:31

标签: git permissions virtual-machine singularity-container

目标

目标是创建一个安装了某些软件包的奇异容器,然后从git repo克隆自定义软件包并制作它。用户需要具有使用自定义程序包执行操作的权限,理想情况下,该程序包应位于单个用户的主目录中,但这似乎比我预期的要困难。

奇异性几乎总是作为外壳启动,它包含一组麻烦的自定义包,并以可重复,可共享的方式从中生成结果。

问题

克隆git repo似乎很好,但是我只能说/github_repo是用户可以看到的唯一位置,并且它始终是root拥有的。

我无法将其获取到用户的主目录,因为在%post期间变量$HOME似乎没有指向用户的主目录,它指向了/root和对象创建的然后属于根。实际上,/home确实存在,但它是空的,看来用户还不存在。

我尝试克隆到/github_repo然后添加

chown -R $USER /github_repo
chmod -R 766 /github_repo

%post。 容器可以被构建和运行,以及何时运行; 

$ ls -lh /github_repo
ls: cannot access '/github_repo': Permission denied
total 0
d????????? ? ? ? ?           ? CorrectNameOfGithubFolder
-????????? ? ? ? ?           ? CorrectNameOfGithubFile

因此它可以看到文件和文件夹的名称,但看不到它们的权限?我什至不知道那是可能的。如果我不喜欢%post中的权限,则它是root拥有的完全正常的文件。

食谱

到目前为止,这是我所拥有的,您应该找到它的构建和运行。 如果要运行它,则将配方另存为example.def,然后

sudo singularity build example.sif example.def
singularity run --containall example.sif

然后尝试

$ ls -lh /packages

example.def 


BootStrap: docker
From: ubuntu:18.04

# commands on the host system
%setup
    # make print colour #
    GREEN='\033[0;32m'
    NOCOLOUR='\033[0m'
    echo "${GREEN}~~~ Getting modified packages from github ~~~ ${NOCOLOUR}"
    export PACKAGES_TMP=/tmp/packages
    rm -fr $PACKAGES_TMP
    mkdir -p $PACKAGES_TMP
    git clone https://github.com/rootpy/rootpy-tutorials.git $PACKAGES_TMP
    cp -R ${PACKAGES_TMP} ${SINGULARITY_ROOTFS}

# get files from the host (but we dont need any)
%files

# what is done when the container is built
%post
    # make print colour #
    GREEN='\033[0;32m'
    NOCOLOUR='\033[0m'
    # start
    echo "${GREEN}~~~ install apt packages ~~~ ${NOCOLOUR}"
    apt -y update
    # for fetching from repos if needed
    apt -y install git
    # for getting anything else from the net
    apt -y install wget
    # text editors
    apt -y install vim-tiny
    apt -y install nano
    # for making downloaded packages
    apt -y install make

    echo "${GREEN}~~~ Set up a .bashrc ~~~ ${NOCOLOUR}"
    BASHRC=/home/.bashrc
    touch $BASHRC
    echo "alias vim=vim.tiny\n" >> $BASHRC
    # will be called in run

    ## Not working???
    ## the /home/ directory appears empty
    # echo "${GREEN}~~~ Move packages to home dir ~~~ ${NOCOLOUR}"
    MY_HOME=$(ls -l /home/)
    echo in post home is $MY_HOME
    touch ~/test
    touch $HOME/test
    mkdir $HOME/test_dir
    # PACKAGES=$MY_HOME/packages/
    # mv /packages $PACKAGES

    echo "${GREEN}~~~ Give the user permission and control ~~~ ${NOCOLOUR}"
    # this bit does odd things
    PACKAGES=/packages
    chown -R $USER $PACKAGES
    chmod -R 766 $PACKAGES

    echo "${GREEN}~~~ Making the packages ~~~ ${NOCOLOUR}"
    # need to implement


# enviroment variabels instide the container
# sourced at run time not build time
%environment
    export PACKAGES=/packages/
    export BASHRC=/home/.bashrc


# this is executed when the contain is launched with
# singularity run example.sif
%runscript
    MY_HOME=$(ls -l /home/)
    echo at run home is $MY_HOME
    touch ~/runtest1
    touch $HOME/runtest2
    mkdir $HOME/runtest_dir
    ls -lh /
    ls -lh $HOME
    ls -lh $HOME/runtest_dir/
    # source the .bashrc
    echo $BASHRC
    /bin/bash --rcfile $BASHRC


# this would be executed just after build
%test
    echo I havent written any tests

# metadata
%labels
    Author ClumsyCat
    Version v1.0

%help
    to build me
    > sudo singularity build example.sif example.def
    to run me do
    > singularity run --containall --bind /my/out/dir/ example.sif
        the "--containall" flag prevents interactions with your system
        the "--bind /my/out/dir/" mounts a directory in your system
        this allows scripts in that directory to be accessed from the image
        and results from the image to persist in the directory
        It also allows the run script to call .bashrc

1 个答案:

答案 0 :(得分:1)

这里发生了一些事情。

  1. 除非您在主机系统don't use %setup上确实确实需要某些东西。它在主机操作系统上以root用户身份运行,并且很容易以您意想不到的方式破坏事物。
  2. 默认情况下,奇点会将正在运行的用户的Sub ToCAndTitle() With ActiveDocument 'Insert a Section break before existing content .Range(0, 0).InsertBreak Type:=wdSectionBreakNextPage .TablesOfContents.Add Range:=.Range(0, 0), RightAlignPageNumbers:=True, _ UseHeadingStyles:=True, IncludePageNumbers:=True, UseHyperlinks:=True, _ HidePageNumbersInWeb:=True, UseOutlineLevels:=False 'Insert a page break before existing content .Range(0, 0).InsertBreak Type:=wdPageBreak Application.Templates(mypath).BuildingBlockEntries("BuildingBlockName").Insert Where:=.Range(0, 0), RichText:=True End With End Sub 装入容器,因此除非用户使用$HOME,否则您放置在/home/...中的所有内容都会被覆盖。 Best practices出于这个原因,建议不要安装到$ HOME
  3. 引用$ USER时,--no-home中的所有步骤都将其设置为root,因为它是运行时的用户(%post),因此它实际上在做任何事情
  4. sudo singularity build ...-这正在破坏您的目录。您需要execute位才能实际访问目录,而不仅仅是读取

我已经调整了您的样本定义文件,以按照您的预期工作。评论解释了原因。

chmod -R 664

运行BootStrap: docker From: ubuntu:18.04 %post # make print colour # GREEN='\033[0;32m' NOCOLOUR='\033[0m' PACKAGES=/packages # give all files 774 and directories 775 by default umask 002 # start echo "${GREEN}~~~ install apt packages ~~~ ${NOCOLOUR}" # install everything at once and use apt-get for non-interactive installs apt-get -y update && apt-get install -y git wget vim-tiny nano make # create a symlink to vim instead of an alias ln -s $(which vim.tiny) /usr/local/bin/vim echo "${GREEN}~~~ Getting modified packages from github ~~~ ${NOCOLOUR}" # git clone in %post instead of %setup mkdir $PACKAGES cd $PACKAGES git clone https://github.com/rootpy/rootpy-tutorials.git echo "${GREEN}~~~ Making the packages ~~~ ${NOCOLOUR}" # need to implement echo do something here %environment export PACKAGES=/packages %runscript echo I am $(whoami) echo cd $PACKAGES echo I am in $PWD ls -la --color=auto echo echo vim is: $(which vim) 给出:

singularity run --containall example.sif
相关问题
最新问题