From: Tom Clegg Date: Tue, 17 May 2022 18:13:34 +0000 (-0400) Subject: Merge branch '19081-singularity-no-eval' X-Git-Tag: 2.5.0~170 X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/844ff7cc1dc1c93a29b7ad8eca2987b987cf89e6?hp=a3a51578bb709f35b57ab5c35790dcd9e4e7affc Merge branch '19081-singularity-no-eval' refs #19081 Arvados-DCO-1.1-Signed-off-by: Tom Clegg --- diff --git a/lib/crunchrun/singularity.go b/lib/crunchrun/singularity.go index 879c46c898..1af0d420e4 100644 --- a/lib/crunchrun/singularity.go +++ b/lib/crunchrun/singularity.go @@ -299,6 +299,14 @@ func (e *singularityExecutor) execCmd(path string) *exec.Cmd { // us to select specific devices we need to propagate that. env = append(env, "SINGULARITYENV_CUDA_VISIBLE_DEVICES="+cudaVisibleDevices) } + // Singularity's default behavior is to evaluate each + // SINGULARITYENV_* env var with a shell as a double-quoted + // string and pass the result to the contained + // process. Singularity 3.10+ has an option to pass env vars + // through literally without evaluating, which is what we + // want. See https://github.com/sylabs/singularity/pull/704 + // and https://dev.arvados.org/issues/19081 + env = append(env, "SINGULARITY_NO_EVAL=1") args = append(args, e.imageFilename) args = append(args, e.spec.Command...) diff --git a/lib/crunchrun/singularity_test.go b/lib/crunchrun/singularity_test.go index cdeafee882..bad2abef33 100644 --- a/lib/crunchrun/singularity_test.go +++ b/lib/crunchrun/singularity_test.go @@ -48,5 +48,5 @@ func (s *singularityStubSuite) TestSingularityExecArgs(c *C) { e.imageFilename = "/fake/image.sif" cmd := e.execCmd("./singularity") c.Check(cmd.Args, DeepEquals, []string{"./singularity", "exec", "--containall", "--cleanenv", "--pwd", "/WorkingDir", "--net", "--network=none", "--nv", "--bind", "/hostpath:/mnt:ro", "/fake/image.sif"}) - c.Check(cmd.Env, DeepEquals, []string{"SINGULARITYENV_FOO=bar"}) + c.Check(cmd.Env, DeepEquals, []string{"SINGULARITYENV_FOO=bar", "SINGULARITY_NO_EVAL=1"}) }