From 44aaa77ff1d6e2bf937a6a8224fb6347da2b81d6 Mon Sep 17 00:00:00 2001
From: Marco Clemencic <marco.clemencic@cern.ch>
Date: Fri, 28 Jul 2023 10:51:33 +0200
Subject: [PATCH 1/3] Add --contain option to apptainer to improve isolation

---
 python/LbNightlyTools/BuildMethods.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/python/LbNightlyTools/BuildMethods.py b/python/LbNightlyTools/BuildMethods.py
index 22222aa6..2080bc82 100644
--- a/python/LbNightlyTools/BuildMethods.py
+++ b/python/LbNightlyTools/BuildMethods.py
@@ -80,6 +80,7 @@ def _apptainer_wrap_cmd(platform, cmd, host_root, cont_root, env, cwd):
     apptainer_cmd = [
         apptainer,
         "exec",
+        "--contain",
         "--bind",
         "/cvmfs",
         "--bind",
-- 
GitLab


From 069b086428be972aa385c10506228c656f22774f Mon Sep 17 00:00:00 2001
From: Marco Clemencic <marco.clemencic@cern.ch>
Date: Fri, 28 Jul 2023 13:34:02 +0200
Subject: [PATCH 2/3] Relocate command line arguments when wrapping in
 apptainer

---
 python/LbNightlyTools/BuildMethods.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/python/LbNightlyTools/BuildMethods.py b/python/LbNightlyTools/BuildMethods.py
index 2080bc82..561e5377 100644
--- a/python/LbNightlyTools/BuildMethods.py
+++ b/python/LbNightlyTools/BuildMethods.py
@@ -127,6 +127,8 @@ def log_call(cmd, *args, **kwargs):
         key: value.replace(host_root, cont_root)
         for key, value in (kwargs.get("env") or os.environ).items()
     }
+    # patch the command line arguments
+    cmd = [value.replace(host_root, cont_root) for value in cmd]
 
     cmd = _apptainer_wrap_cmd(
         os.environ["BINARY_TAG"],
-- 
GitLab


From 36cce95e7f03d647307f08c7a8901d46b0823452 Mon Sep 17 00:00:00 2001
From: Marco Clemencic <marco.clemencic@cern.ch>
Date: Fri, 28 Jul 2023 13:39:02 +0200
Subject: [PATCH 3/3] Always get containers from /cvmfs/lhcb.cern.ch/containers

---
 python/LbNightlyTools/BuildMethods.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/python/LbNightlyTools/BuildMethods.py b/python/LbNightlyTools/BuildMethods.py
index 561e5377..56a96fbd 100644
--- a/python/LbNightlyTools/BuildMethods.py
+++ b/python/LbNightlyTools/BuildMethods.py
@@ -64,9 +64,9 @@ def _apptainer_wrap_cmd(platform, cmd, host_root, cont_root, env, cwd):
 
     image = None
     if re.match(r"x86_64.*-centos7-.*", platform):
-        image = "/cvmfs/cernvm-prod.cern.ch/cvm4"
+        image = "/cvmfs/lhcb.cern.ch/containers/os-base/centos7-devel/prod/amd64"
     elif re.match(r"x86_64.*-slc[56]-.*", platform):
-        image = "/cvmfs/cernvm-prod.cern.ch/cvm3"
+        image = "/cvmfs/lhcb.cern.ch/containers/os-base/slc6-devel/prod/amd64"
     elif re.match(r"x86_64.*-el9-.*", platform):
         image = "/cvmfs/lhcb.cern.ch/containers/os-base/alma9-devel/prod/amd64"
     elif re.match(r"arm.*-centos7-.*", platform):
-- 
GitLab