1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
{
lib,
# Build helpers
stdenv,
runCommand,
vmTools,
writeClosure,
writeDirectReferencesToFile,
writeScript,
writeStringReferencesToFile,
# Native build inputs
buildPackages,
e2fsprogs,
util-linux,
# Build inputs
bashInteractive,
runtimeShell,
singularity,
}:
let
defaultSingularity = singularity;
in
lib.makeExtensible (final: {
buildImage =
{
name,
contents ? [ ],
diskSize ? 1024,
memSize ? 1024,
runAsRoot ? null,
runScript ? "#!${stdenv.shell}\nexec /bin/sh",
singularity ? defaultSingularity,
}:
let
projectName = singularity.projectName or "singularity";
runAsRootFile = buildPackages.writers.writeBash "run-as-root.sh" ''
set -e
${runAsRoot}
'';
runScriptFile = writeScript "run-script.sh" ''
#!/bin/sh
set -e
${runScript}
'';
runScriptReferences =
if builtins ? getContext then
lib.splitString "\n" (writeStringReferencesToFile runScriptFile.text).text
else
[ (writeDirectReferencesToFile runScriptFile) ];
result = vmTools.runInLinuxVM (
runCommand "${projectName}-image-${name}.sif"
{
__structuredAttrs = true;
nativeBuildInputs = [
singularity
e2fsprogs
util-linux
];
strictDeps = true;
inherit contents;
layerClosure = writeClosure ([ bashInteractive ] ++ runScriptReferences ++ contents);
preVM = vmTools.createEmptyImage {
size = diskSize;
fullName = "${projectName}-run-disk";
# Leaving "$out" for the Singularity/Container image
destination = "disk-image";
};
inherit memSize;
}
''
mkdir workspace
mkfs -t ext3 -b 4096 /dev/${vmTools.hd}
mount /dev/${vmTools.hd} workspace
mkdir -p workspace/img
cd workspace/img
mkdir proc sys dev
# Run root script
${lib.optionalString (runAsRoot != null) ''
mkdir -p ./${builtins.storeDir}
mount --rbind "${builtins.storeDir}" ./${builtins.storeDir}
unshare -imnpuf --mount-proc chroot ./ ${runAsRootFile}
umount -R ./${builtins.storeDir}
''}
# Build /bin and copy across closure
mkdir -p bin ./${builtins.storeDir}
# Loop over the line-separated paths in $layerClosure
while IFS= read -r f; do
cp -ar "$f" "./$f"
done < "$layerClosure"
for c in "''${contents[@]}"; do
for f in "$c"/bin/* ; do
if [ ! -e "bin/$(basename "$f")" ] ; then
ln -s "$f" bin/
fi
done
done
# Link /bin/sh
if [ ! -e bin/sh ]; then
ln -s ${lib.getExe bashInteractive} bin/sh
fi
mkdir -p .singularity.d
# Create runscript
cp "${runScriptFile}" .singularity.d/runscript
# Fill out .singularity.d
mkdir -p .singularity.d/env
touch .singularity.d/env/94-appsbase.sh
cd ..
mkdir -p /var/lib/${projectName}/mnt/session
echo "root:x:0:0:System administrator:/root:/bin/sh" > /etc/passwd
echo > /etc/resolv.conf
TMPDIR="$(pwd -P)" ${projectName} build "$out" ./img
''
);
in
result;
})
|
