[ARVADOS] created: 2.1.0-2492-gf7954ab0a

Git user git at public.arvados.org
Tue May 17 15:42:58 UTC 2022 

        at  f7954ab0a45cbc302aa07fa60697363895395dde (commit)


commit f7954ab0a45cbc302aa07fa60697363895395dde
Author: Tom Clegg <tom at curii.com>
Date:   Tue May 17 11:41:40 2022 -0400

    19081: Disable singularity env var eval behavior if possible.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>

diff --git a/lib/crunchrun/singularity.go b/lib/crunchrun/singularity.go
index 64a377325..61992b312 100644
--- a/lib/crunchrun/singularity.go
+++ b/lib/crunchrun/singularity.go
@@ -292,6 +292,14 @@ func (e *singularityExecutor) execCmd(path string) *exec.Cmd {
 		// us to select specific devices we need to propagate that.
 		env = append(env, "SINGULARITYENV_CUDA_VISIBLE_DEVICES="+cudaVisibleDevices)
 	}
+	// Singularity's default behavior is to evaluate each
+	// SINGULARITYENV_* env var with a shell as a double-quoted
+	// string and pass the result to the contained
+	// process. Singularity 3.10+ has an option to pass env vars
+	// through literally without evaluating, which is what we
+	// want. See https://github.com/sylabs/singularity/pull/704
+	// and https://dev.arvados.org/issues/19081
+	env = append(env, "SINGULARITY_NO_EVAL=1")
 
 	args = append(args, e.imageFilename)
 	args = append(args, e.spec.Command...)
diff --git a/lib/crunchrun/singularity_test.go b/lib/crunchrun/singularity_test.go
index cdeafee88..bad2abef3 100644
--- a/lib/crunchrun/singularity_test.go
+++ b/lib/crunchrun/singularity_test.go
@@ -48,5 +48,5 @@ func (s *singularityStubSuite) TestSingularityExecArgs(c *C) {
 	e.imageFilename = "/fake/image.sif"
 	cmd := e.execCmd("./singularity")
 	c.Check(cmd.Args, DeepEquals, []string{"./singularity", "exec", "--containall", "--cleanenv", "--pwd", "/WorkingDir", "--net", "--network=none", "--nv", "--bind", "/hostpath:/mnt:ro", "/fake/image.sif"})
-	c.Check(cmd.Env, DeepEquals, []string{"SINGULARITYENV_FOO=bar"})
+	c.Check(cmd.Env, DeepEquals, []string{"SINGULARITYENV_FOO=bar", "SINGULARITY_NO_EVAL=1"})
 }

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list