[ARVADOS] updated: 2.1.0-1085-g1a05dda00

Git user git at public.arvados.org
Tue Jul 20 20:29:19 UTC 2021 

Summary of changes:
 .../docker/service/crunch-dispatch-local/run       | 28 ++++++----------------
 .../crunch-dispatch-local/{run => run-service}     |  0
 2 files changed, 7 insertions(+), 21 deletions(-)
 copy tools/arvbox/lib/arvbox/docker/service/crunch-dispatch-local/{run => run-service} (100%)

       via  1a05dda00c1f5d124bfa15443c6cdc68232704a4 (commit)
      from  e7d48122693019e8f80e97896037210e86ce19fa (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 1a05dda00c1f5d124bfa15443c6cdc68232704a4
Author: Peter Amstutz <peter.amstutz at curii.com>
Date:   Tue Jul 20 16:28:30 2021 -0400

    Make singularity suid in arvbox, crunch-dispatch-local runs as user
    
    no issue #
    
    Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>

diff --git a/tools/arvbox/lib/arvbox/docker/service/crunch-dispatch-local/run b/tools/arvbox/lib/arvbox/docker/service/crunch-dispatch-local/run
index 821afdce5..3ce2220d0 100755
--- a/tools/arvbox/lib/arvbox/docker/service/crunch-dispatch-local/run
+++ b/tools/arvbox/lib/arvbox/docker/service/crunch-dispatch-local/run
@@ -6,25 +6,11 @@
 exec 2>&1
 set -ex -o pipefail
 
-. /usr/local/lib/arvbox/common.sh
-. /usr/local/lib/arvbox/go-setup.sh
+# singularity can use suid
+chown root /var/lib/arvados/bin/singularity \
+      /var/lib/arvados/etc/singularity/singularity.conf \
+      /var/lib/arvados/etc/singularity/capability.json \
+      /var/lib/arvados/etc/singularity/ecl.toml
+chmod u+s /var/lib/arvados/bin/singularity
 
-flock /var/lib/gopath/gopath.lock go install "git.arvados.org/arvados.git/services/crunch-dispatch-local"
-install $GOPATH/bin/crunch-dispatch-local /usr/local/bin
-ln -sf arvados-server /usr/local/bin/crunch-run
-
-if test "$1" = "--only-deps" ; then
-    exit
-fi
-
-cat > /usr/local/bin/crunch-run.sh <<EOF
-#!/bin/sh
-exec /usr/local/bin/crunch-run -container-enable-networking=default -container-network-mode=host \$@
-EOF
-chmod +x /usr/local/bin/crunch-run.sh
-
-export ARVADOS_API_HOST=$localip:${services[controller-ssl]}
-export ARVADOS_API_HOST_INSECURE=1
-export ARVADOS_API_TOKEN=$(cat $ARVADOS_CONTAINER_PATH/superuser_token)
-
-exec /usr/local/bin/crunch-dispatch-local -crunch-run-command=/usr/local/bin/crunch-run.sh -poll-interval=1
+exec /usr/local/lib/arvbox/runsu.sh $0-service $1
diff --git a/tools/arvbox/lib/arvbox/docker/service/crunch-dispatch-local/run b/tools/arvbox/lib/arvbox/docker/service/crunch-dispatch-local/run-service
similarity index 100%
copy from tools/arvbox/lib/arvbox/docker/service/crunch-dispatch-local/run
copy to tools/arvbox/lib/arvbox/docker/service/crunch-dispatch-local/run-service

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list