奇点；将github放到用户主目录中

Question

目标

其目的是创建一个奇异容器来安装一些包，然后从git克隆一个自定义包并制作它。用户需要拥有使用自定义包的权限，理想情况下，它将位于奇异用户的主目录中，但这似乎比我预期的要困难得多。

奇点几乎总是以shell的形式启动，它包含一组麻烦的自定义包，并以可重复、可共享的方式从它们生成结果。

问题

克隆git似乎很好，但是我可以把它放在用户甚至可以看到它的唯一位置：/github_repo，它总是由root所有。

我无法将它放到用户的主目录中，因为在%post期间，变量$HOME似乎没有指向用户主目录，它指向/root，然后创建的对象属于根。事实上，虽然/home确实存在，但它是空的，但用户似乎还不存在。

我尝试过克隆到/github_repo，然后添加

chown -R $USER /github_repo
chmod -R 766 /github_repo

敬%post。容器可以建立和运行，以及当它运行时；

$ ls -lh /github_repo
ls: cannot access '/github_repo': Permission denied
total 0
d????????? ? ? ? ?           ? CorrectNameOfGithubFolder
-????????? ? ? ? ?           ? CorrectNameOfGithubFile

所以它可以看到文件和文件夹的名称，而不是它们的权限？我甚至不知道那是可能的。如果我不处理%post中的权限，那么它是根用户拥有的一个完全正常的文件。

食谱

到目前为止，这就是我所拥有的，您应该找到它的构建和运行。如果您想运行它，请像example.def那样保存菜谱，然后执行

sudo singularity build example.sif example.def
singularity run --containall example.sif

然后试着

$ ls -lh /packages

example.def

BootStrap: docker
From: ubuntu:18.04
    
# commands on the host system
%setup
    # make print colour #
    GREEN='\033[0;32m'
    NOCOLOUR='\033[0m'
    echo "${GREEN}~~~ Getting modified packages from github ~~~ ${NOCOLOUR}"
    export PACKAGES_TMP=/tmp/packages
    rm -fr $PACKAGES_TMP
    mkdir -p $PACKAGES_TMP
    git clone https://github.com/rootpy/rootpy-tutorials.git $PACKAGES_TMP
    cp -R ${PACKAGES_TMP} ${SINGULARITY_ROOTFS}

# get files from the host (but we dont need any)
%files

# what is done when the container is built
%post
    # make print colour #
    GREEN='\033[0;32m'
    NOCOLOUR='\033[0m'
    # start
    echo "${GREEN}~~~ install apt packages ~~~ ${NOCOLOUR}"
    apt -y update
    # for fetching from repos if needed
    apt -y install git
    # for getting anything else from the net
    apt -y install wget
    # text editors
    apt -y install vim-tiny
    apt -y install nano
    # for making downloaded packages
    apt -y install make

    echo "${GREEN}~~~ Set up a .bashrc ~~~ ${NOCOLOUR}"
    BASHRC=/home/.bashrc
    touch $BASHRC
    echo "alias vim=vim.tiny\n" >> $BASHRC
    # will be called in run

    ## Not working???
    ## the /home/ directory appears empty
    # echo "${GREEN}~~~ Move packages to home dir ~~~ ${NOCOLOUR}"
    MY_HOME=$(ls -l /home/)
    echo in post home is $MY_HOME
    touch ~/test
    touch $HOME/test
    mkdir $HOME/test_dir
    # PACKAGES=$MY_HOME/packages/
    # mv /packages $PACKAGES
    
    echo "${GREEN}~~~ Give the user permission and control ~~~ ${NOCOLOUR}"
    # this bit does odd things
    PACKAGES=/packages
    chown -R $USER $PACKAGES
    chmod -R 766 $PACKAGES

    echo "${GREEN}~~~ Making the packages ~~~ ${NOCOLOUR}"
    # need to implement


# enviroment variabels instide the container
# sourced at run time not build time
%environment
    export PACKAGES=/packages/
    export BASHRC=/home/.bashrc


# this is executed when the contain is launched with
# singularity run example.sif
%runscript
    MY_HOME=$(ls -l /home/)
    echo at run home is $MY_HOME
    touch ~/runtest1
    touch $HOME/runtest2
    mkdir $HOME/runtest_dir
    ls -lh /
    ls -lh $HOME
    ls -lh $HOME/runtest_dir/
    # source the .bashrc
    echo $BASHRC
    /bin/bash --rcfile $BASHRC
    

# this would be executed just after build
%test
    echo I havent written any tests

# metadata
%labels
    Author ClumsyCat
    Version v1.0

%help
    to build me
    > sudo singularity build example.sif example.def
    to run me do
    > singularity run --containall --bind /my/out/dir/ example.sif
        the "--containall" flag prevents interactions with your system
        the "--bind /my/out/dir/" mounts a directory in your system
        this allows scripts in that directory to be accessed from the image
        and results from the image to persist in the directory
        It also allows the run script to call .bashrc

Answer 1

这里发生了一些事情。

1. 除非您在主机系统上确实需要一些东西，%setup。它在主机操作系统上以根用户的身份运行，并且很容易以你不想看到的方式破坏它。
2. 默认情况下，奇点会将正在运行的用户的$HOME安装到容器中，因此，除非用户使用--no-home，否则/home/...中的任何内容都将被覆盖。由于这个原因，最佳实践建议不要安装到$HOME。
3. 当您引用%post时，$USER中的所有步骤都将其设置为根，因为它运行时是用户(sudo singularity build ...)，所以它实际上正在执行任何操作
4. chmod -R 664 -这是破坏您的目录。您需要执行位才能真正访问目录，而不仅仅是读取。

我已经根据您的意愿调整了您的示例定义文件以更好地工作。评论解释了原因。

BootStrap: docker
From: ubuntu:18.04

%post
    # make print colour #
    GREEN='\033[0;32m'
    NOCOLOUR='\033[0m'
    PACKAGES=/packages

    # give all files 774 and directories 775 by default
    umask 002

    # start
    echo "${GREEN}~~~ install apt packages ~~~ ${NOCOLOUR}"
    # install everything at once and use apt-get for non-interactive installs
    apt-get -y update && apt-get install -y git wget vim-tiny nano make

    # create a symlink to vim instead of an alias
    ln -s $(which vim.tiny) /usr/local/bin/vim

    echo "${GREEN}~~~ Getting modified packages from github ~~~ ${NOCOLOUR}"
    # git clone in %post instead of %setup
    mkdir $PACKAGES
    cd $PACKAGES
    git clone https://github.com/rootpy/rootpy-tutorials.git

    echo "${GREEN}~~~ Making the packages ~~~ ${NOCOLOUR}"
    # need to implement
    echo do something here

%environment
    export PACKAGES=/packages

%runscript
    echo I am $(whoami)
    echo

    cd $PACKAGES
    echo I am in $PWD
    ls -la --color=auto
    echo

    echo vim is: $(which vim)

运行singularity run --containall example.sif提供：

I am tsnowlan

I am in /packages
total 0
drwxrwxr-x 3 root     root      39 May 28 12:23 .
drwxr-xr-x 1 tsnowlan tsnowlan  60 May 28 12:24 ..
drwxrwxr-x 6 root     root     117 May 28 12:23 rootpy-tutorials

vim is: /usr/local/bin/vim