[gentoo-commits] repo/gentoo:master commit in: app-containers/apptainer/

["Sam James" <sam@gentoo.org>]

commit:     41abbc7ea300e8ae95f669d6d5878804cbd5736c
Author:     Nicolas PARLANT <nicolas.parlant <AT> parhuet <DOT> fr>
AuthorDate: Mon Jul  7 10:47:00 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jul  8 19:31:49 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=41abbc7e

app-containers/apptainer: add 1.4.1

useflags :
remove examples, it's only 144K
add seccomp to avoid automagic, enabled by default
add rootless using libsubid (sys-apps/shadow)

update min_go to 1.23.6

remove backslashes in array
export PKG_CONFIG for seccomp

c23 failures are fixed

Bug: https://bugs.gentoo.org/934988
Bug: https://bugs.gentoo.org/946063
Signed-off-by: Nicolas PARLANT <nicolas.parlant <AT> parhuet.fr>
Part-of: https://github.com/gentoo/gentoo/pull/42928
Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-containers/apptainer/Manifest               |  1 +
 app-containers/apptainer/apptainer-1.4.1.ebuild | 89 +++++++++++++++++++++++++
 app-containers/apptainer/metadata.xml           |  1 +
 3 files changed, 91 insertions(+)

diff --git a/app-containers/apptainer/Manifest b/app-containers/apptainer/Manifest
index 89b0f69c1d9e..3a5572f8009a 100644
--- a/app-containers/apptainer/Manifest
+++ b/app-containers/apptainer/Manifest
@@ -1,2 +1,3 @@
 DIST apptainer-1.3.2.tar.gz 17129103 BLAKE2B a2c15d408dc956a4bc8cb154dadfe0e60aa8b4216277ff4afd508058f9425722fb66200e7d4ab33cf5a73aee34761ac198e7b31439ab69dfaceebb9f768b58e6 SHA512 c3112c8254c995f83e3ae424ecf734e8ca9583c34cd8b0e56fdde2a7ef8d5145ac68a7a2c9575b071515a2cb681d11423fe57a5a3910750d3bc697c85c15585d
 DIST apptainer-1.3.6.tar.gz 17129602 BLAKE2B 2dd17c1a0601c7d191d4604f2c0e3fb5d8cc4e831dba7bf4cfcbfc359eba1bb3f255ab2c1a81ae844cbebfc6e96729911e5ac4a92195b30f74d77fafac12059f SHA512 e50b8cbdac544241a56d7dc662ad927fdcf9a0f245bab4be0bc35ba9658f9db7c851a95de500e32c0975a2f5e8bcf7f16628e963ebb945ca036de9e91bd8a4a9
+DIST apptainer-1.4.1.tar.gz 17420970 BLAKE2B 7675db9ea53a58c2fe15a84c9806709a7d88e53a531a4421b73a86ddb9630b06227f9dd371b83c7a3fb6c380994e00f8484ed7124d2986f858ecc221864deaa0 SHA512 2481233ba31ffebd50e84620abf84c4995f1a01aafda4562605a9ec754fb271f15e04f45ad4cc234a8ee60c30588fcd40c8468b3f29b9a20329bc5a50dc1625b

diff --git a/app-containers/apptainer/apptainer-1.4.1.ebuild b/app-containers/apptainer/apptainer-1.4.1.ebuild
new file mode 100644
index 000000000000..93464060d5fc
--- /dev/null
+++ b/app-containers/apptainer/apptainer-1.4.1.ebuild
@@ -0,0 +1,89 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit eapi9-ver linux-info toolchain-funcs
+
+DESCRIPTION="The container system for secure high-performance computing"
+HOMEPAGE="https://apptainer.org/"
+SRC_URI="https://github.com/apptainer/${PN}/releases/download/v${PV}/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+IUSE="+network rootless +seccomp suid systemd"
+
+# Do not complain about CFLAGS etc. since go projects do not use them.
+QA_FLAGS_IGNORED='.*'
+
+DEPEND="app-crypt/gpgme
+	>=dev-lang/go-1.23.6
+	dev-libs/openssl
+	sys-apps/util-linux
+	sys-fs/cryptsetup
+	sys-fs/squashfs-tools
+	rootless? ( sys-apps/shadow:= )
+	seccomp? ( sys-libs/libseccomp )
+	!suid? (
+		sys-fs/e2fsprogs[fuse]
+		sys-fs/squashfuse
+	)"
+RDEPEND="${DEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+CONFIG_CHECK="~SQUASHFS"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.0.2-trim_upstream_cflags.patch
+)
+
+DOCS=( README.md CONTRIBUTORS.md CONTRIBUTING.md )
+
+src_configure() {
+	tc-export PKG_CONFIG
+	local myconfargs=(
+		-c "$(tc-getBUILD_CC)"
+		-x "$(tc-getBUILD_CXX)"
+		-C "$(tc-getCC)"
+		-X "$(tc-getCXX)"
+		--prefix="${EPREFIX}"/usr
+		--sysconfdir="${EPREFIX}"/etc
+		--runstatedir="${EPREFIX}"/run
+		--localstatedir="${EPREFIX}"/var
+		$(usev !network --without-network)
+		$(usev !seccomp --without-seccomp)
+		$(usev !rootless --without-libsubid)
+		$(use_with suid)
+	)
+	./mconfig -v ${myconfargs[@]} || die "Error invoking mconfig"
+}
+
+src_compile() {
+	emake -C builddir
+}
+
+src_install() {
+	emake DESTDIR="${D}" -C builddir install
+	keepdir /var/${PN}/mnt/session
+
+	if use systemd; then
+		sed -i -e '/systemd cgroups/ s/no/yes/' "${ED}"/etc/${PN}/${PN}.conf \
+			|| die "Failed to enable systemd use in configuration"
+	else
+		sed -i -e '/systemd cgroups/ s/yes/no/' "${ED}"/etc/${PN}/${PN}.conf \
+			|| die "Failed to disable systemd use in configuration"
+	fi
+
+	einstalldocs
+	dodoc -r examples
+}
+
+pkg_postinst() {
+	if ! use suid; then
+		if ver_replacing -lt 1.1.0; then
+			ewarn "Since version 1.1.0 ${PN} no longer installs setuid-root components by default, relying on unprivileged user namespaces instead. For details, see https://apptainer.org/docs/admin/main/user_namespace.html"
+			ewarn "Make sure user namespaces (possibly except network ones for improved security) are enabled on your system, or re-enable installation of setuid root components by passing USE=suid to ${CATEGORY}/${PN}"
+		fi
+	fi
+}

diff --git a/app-containers/apptainer/metadata.xml b/app-containers/apptainer/metadata.xml
index c461d956342a..fa91d4c5a278 100644
--- a/app-containers/apptainer/metadata.xml
+++ b/app-containers/apptainer/metadata.xml
@@ -4,6 +4,7 @@
 	<!-- maintainer-needed -->
 	<use>
 		<flag name="network">Install network plug-ins</flag>
+		<flag name="rootless">Enable libsubid (subuid/subgid mapping) for rootless</flag>
 		<flag name="suid">Install SUID helper binary</flag>
 	</use>
 	<upstream>