I can't rely on the umask since my machine does not use umask to set permissions. Is there a way to specify that all sub-directories (and their sub-directories etc) of some root directory all have a certain permission, and similarly, that all sub-files of the same root directory have another type of permission in the %files section of the spec file.
If not, I'll have to run some external bash scrip to get the spec file syntax for each individual file, and copy that output to the %files section of the spec file, which will be highly tedious.
If you look at the various references online, %defattr() takes a lesser-known fourth parameter for directories.
Related
Question
When building Singularity images using definition files, is there a way to specify the path to a file on the host system relative to the definition file (i.e. independent of where the build command is called)?
Example to Illustrate the Problem
I have the following files in the same directory (e.g. a git repository):
foobar.def
some_file.txt
foobar.def looks as follows:
Bootstrap: library
From: ubuntu:20.04
Stage: build
%files
# Add some_file.txt at the root of the image
some_file.txt /some_file.txt
This works fine when I build with the following command in the directory which contains the files:
singularity build --fakeroot foobar.sif foobar.def
However, it fails if I call the build command from anywhere else (e.g. from a dedicated "build" directory) because it searches some_file.txt relative to the current working directory of the build command, not relative to the definition file.
Is there a way to implement the definition file such that the build works independently of where the command is called? I know that I could use absolute paths but this is not a viable solution in my case.
To make it even more complicated: My actual definition file is bootstrapping from another local image, which is located in the build directory. So ideally I would need a solution where some files are found relative the working directory while others are found relative to the location of the definition file.
Short answer: Not really
Longer answer: Not really, but there's a reason why and it shouldn't really matter for most use cases. While Docker went the route of letting you specify what your directory context is, Singularity decided to base all of its commands off the current directory where it is being executed. This also follows with $PWD being auto-mounted into the container, so it makes sense for it to be consistent.
That said, is there a reason you can't run singularity build --fakeroot $build_dir/foobar.sif foobar.def from the repo directory? There isn't any other output written besides the final image and it makes more sense for the directory with the data being used to be the context to work from.
I am trying to backup some of the essential folders in the / in my ubuntu system. I am using
sudo rsync -aAXv --delete --include="/etc" --include="/home" --include="/usr/local" // /home/$USER/Desktop/bkup/
This command should only copy /etc, /home, /usr/local dirs and leave the rest of the files. But, when I run this command this copies every dir and every file in the / dir.
I am not sure what wrong I am doing here.
Includes without any excludes are meaningless.
--exclude='*' would exclude everything not explicitly included, from every subfolder, even the included ones.
--exclude='*/' would exclude every directory not explicitly included, but allow copying files within included directories (and the root).
--exclude='/*' would exclude all root directories and files not explicitly included, but allow all directories and files within included directories. You probably want this one.
You should add your exclude rule after your include rules. The rule is that, for each directory and file, it's the first matching include/exclude rule that matters, and the default (when no rule matches) is to include.
By "root" I mean the root of the copied directory, not the root of the whole file system.
P.S. Your command also has the destination directory inside the source directory; you probably want an exclude rule for that!
I've not been able to find a solution to this problem.
I'd like clients I give jail-shell access to (rather than normal shell access) the ability to run commands I allow access too, such as Git.
Git requires you include the folder /usr/local/libexec/git-core but I can't work out a way of including the folder for jail-shell access ?
Perhaps it's not even possible, but I'm keen to find out.
You can mount additional directories in /var/cpanel/jailshell-additional-mounts
If the file doesn't exist create it and put the directories which you want to allow into it, one directory name per line:
/usr/local/libexec/git-core
/usr/local/lib
...
I've tried 'umask 77' in the shell, then building it with:
[non-root-user#machine SPECS]$ rpmbuild -bb SPECFILE.spec
but I still get this from the output:
+ umask 022
You cannot change the umask from the shell because rpmbuild will always set a a fixed umask of 0022 before running %prep script.
Therefore, depending on what you're trying to achieve, you could try change the umask in the spec file, at the beginning the %prep section:
%prep
umask 077
But, if you're just trying to set the file permissions for the files in the RPM, the standard way is to use %defattr and %attr directives in the %files section:
%defattr sets the default attributes for files and folders:
%defattr(<file mode>, <user>, <group>, <dir mode>)
some attributes may be omitted by replacing them with a dash (because the file is installed with those attributes properly set)
%attr sets the attributes for a single file or folder:
%attr(<mode>, <user>, <group>) file/folder
As with %defattr if a particular attribute does not need to be specified, you can replace it with a dash (for example you can use it along with %defattr to keep the default value for that attribute)
A full example:
%files
# set default attributes for all files and folders:
%defattr(644, root, root, 755)
# make a file executable:
%attr(755, -, -) /usr/bin/myexec
# set a different owner for a file:
%attr(-, myuser, -) /var/log/mylog.log
# set different permissions, owner and group for a file:
%attr(600, myuser, mygroup) /home/myfile
For more details & examples you can take a look to:
http://www.rpm.org/max-rpm-snapshot/s1-rpm-specref-files-list-directives.html and
http://www.rpm.org/max-rpm/s1-rpm-anywhere-specifying-file-attributes.html
I don't think changing the umask is what you should be doing. I assume you are unhappy with the permissions on the files coming out of the RPM. For that, you should be using %attr() and %defattr() in your %files section.
extracting ZIP files that have been created using:
PKSFX(R) Version 2.50 FAST! Self Extract Utility for Windows 95/NT 4-15-1998
Is there an option to specify which folder the files contained in the EXE should be extracted to?
By typing "/help" I was able to find some useful options (like Overwrite, Exclude, etc.), but I cannot see anything related to the Output Folder.
Any suggestion?
Thank you!
I found the following over at ousob.com. It appears as part of a larger article which seems to have the documentation for the whole PKSFX suite. It looks like you run the executable and then specify any flags followed by the path to extract to and, optionally, specific named files from within the archive to be extracted if you don't want them all.
PKSFX Command Summary
Command line syntax and options are the same as PKUNZIP. The options
listed below are offered by a self-extracting file.
Syntax: pksfx [option] [d:\path] [file]* [file]*
PKSFX indicates the name of the self-extracting file you are executing.
No options are necessary if you wish to simply extract all files to the
current directory. If you wish to extract the contents to another
directory, indicate the drive and/or path the files should extract to. To
extract only particular files, indicate the name(s) at the end of the
command line.
Options:
#listfile.lst Specify list of files for extraction*
-c[m] Extract to console*
-d Re-create directories stored in .ZIP file*
-l Display software license agreement*
-n Extract only newer files*
-o Overwrite existing files
-p[a|b][c][#] Extract to printer*
-s<password> Decrypt with password*
-t Test file integrity*
* Indicates options not available in the PKSFX Junior and PKUNZIP Junior
programs.
Options should be placed after the self-extracting files name. If
multiple options are used they must be separated by a space and each must
have its own option indicator (either - or /).
All options behave in the same manner as they do with PKUNZIP, with one
exception. The -s option cannot accept keyboard entry. A password
entered with a self-extracting file must be able to be entered from the
command line.