Merge pull request #224 from inab/STABLE-1.0.x

Several fixes

Author: jmfernandez

.pre-commit-config.yaml

@@ -11,6 +11,7 @@ repos:
         files: \.(py|pyi)$
         exclude: "/(site-packages|development-[^/]*|docs|node_modules|__pycache__|\\..*)/$"
       - id: check-json
+      - id: check-toml
       - id: check-yaml
         types: [file]
         files: \.(yaml|yml|wfex\.(stage|export|ctxt))$
@@ -123,4 +124,4 @@ repos:
     hooks:
       - id: pip-audit
         stages: [manual]
-        args: ["-r", "requirements.txt"]
+        args: ["-r", "requirements.txt"]

CITATION.cff

@@ -28,5 +28,5 @@ repository-code: "https://github.com/inab/WfExS-backend"
 repository-artifact: "https://github.com/inab/WfExS-backend/pkgs/container/wfexs-backend"
 type: software
 title: "WfExS-backend"
-version: 1.0.2
+version: 1.0.3
 date-released: "2025-10-11"

INSTALL.md

@@ -14,12 +14,12 @@ just using next bash pattern:
 
 ```bash
 # WFEXS_VER can be either a branch, a tag or a commit hash
-WFEXS_VER=4f314f46ce2c18499837947081e74a1e9eba1f31
+WFEXS_VER=dae813eb000bdb0a921fb74c87b7ff356e3f7134
 
 # Alternatively, you can use local copy
 WFEXS_VER=$(git rev-parse HEAD)
 
-docker build -t inab/wfexs-backend:${WFEXS_VER} \
+docker buildx build -t inab/wfexs-backend:${WFEXS_VER} \
 --build-arg wfexs_checkout="${WFEXS_VER}" \
 https://raw.githubusercontent.com/inab/WfExS-backend/${WFEXS_VER}/container_recipes/Dockerfile
 ```
@@ -29,7 +29,7 @@ a local copy of the recipe, and next command line from the project root will hel
 
 ```bash
 # WFEXS_VER can be either a branch, a tag or a commit hash
-WFEXS_VER=4f314f46ce2c18499837947081e74a1e9eba1f31
+WFEXS_VER=dae813eb000bdb0a921fb74c87b7ff356e3f7134
 
 # Alternatively, you can use local copy
 WFEXS_VER=$(git rev-parse HEAD)
@@ -38,7 +38,7 @@ mkdir WfExS_docker_build
 cd WfExS_docker_build
 curl -O https://raw.githubusercontent.com/inab/WfExS-backend/${WFEXS_VER}/container_recipes/Dockerfile
 
-docker build -t inab/wfexs-backend:${WFEXS_VER} \
+docker buildx build -t inab/wfexs-backend:${WFEXS_VER} \
 --build-arg wfexs_checkout="${WFEXS_VER}" \
 Dockerfile
 ```
@@ -54,7 +54,7 @@ just using next bash pattern:
 
 ```bash
 # WFEXS_VER can be either a branch, a tag or a commit hash
-WFEXS_VER=4f314f46ce2c18499837947081e74a1e9eba1f31
+WFEXS_VER=dae813eb000bdb0a921fb74c87b7ff356e3f7134
 
 # Alternatively, you can use local copy
 WFEXS_VER=$(git rev-parse HEAD)
@@ -70,7 +70,7 @@ a local copy of the recipe, and next command line from the project root will hel
 
 ```bash
 # WFEXS_VER can be either a branch, a tag or a commit hash
-WFEXS_VER=4f314f46ce2c18499837947081e74a1e9eba1f31
+WFEXS_VER=dae813eb000bdb0a921fb74c87b7ff356e3f7134
 
 # Alternatively, you can use local copy
 WFEXS_VER=$(git rev-parse HEAD)
@@ -95,7 +95,7 @@ The precondition is having either Apptainer or Singularity properly setup. There
 
   ```bash
   # WFEXS_VER can be either a branch, a tag or a commit hash
-  WFEXS_VER=4f314f46ce2c18499837947081e74a1e9eba1f31
+  WFEXS_VER=dae813eb000bdb0a921fb74c87b7ff356e3f7134
   mkdir WfExS_SIF_build
   cd WfExS_SIF_build
   curl -O https://raw.githubusercontent.com/inab/WfExS-backend/${WFEXS_VER}/container_recipes/Singularity.def
@@ -106,7 +106,7 @@ The precondition is having either Apptainer or Singularity properly setup. There
 
   ```bash
   # WFEXS_VER can be either a branch, a tag or a commit hash
-  WFEXS_VER=4f314f46ce2c18499837947081e74a1e9eba1f31
+  WFEXS_VER=dae813eb000bdb0a921fb74c87b7ff356e3f7134
 
   # Alternatively, you can use local copy
   WFEXS_VER=$(git rev-parse HEAD)
@@ -122,7 +122,7 @@ The precondition is having either Apptainer or Singularity properly setup. There
 
   ```bash
   # Remember to use the correct tag!!!
-  WFEXS_VER=4f314f46ce2c18499837947081e74a1e9eba1f31
+  WFEXS_VER=dae813eb000bdb0a921fb74c87b7ff356e3f7134
   singularity build wfexs-${WFEXS_VER}.sif docker-daemon://inab/wfexs-backend:${WFEXS_VER}
   ```
 
@@ -139,7 +139,7 @@ The precondition is having either Apptainer or Singularity properly setup. There
   cd WfExS_SIF_build
 
   # Remember to use the correct tag!!!
-  WFEXS_VER=4f314f46ce2c18499837947081e74a1e9eba1f31
+  WFEXS_VER=dae813eb000bdb0a921fb74c87b7ff356e3f7134
 
   # Next command should be used if you used podman to build the local image
   podman save -o wfexs-backend-${WFEXS_VER}.tar inab/wfexs-backend:${WFEXS_VER}

MANIFEST.in

@@ -0,0 +1,3 @@
+include LICENSE
+include *.md
+include requirements.txt

container_recipes/Dockerfile

@@ -10,26 +10,25 @@ RUN	git clone --filter=blob:none --no-checkout https://github.com/jmfernandez/su
 	gcc -static -o suid_entrypoint suid_entrypoint.c
 
 # The default images of python are based on debian
-FROM	pypy:3.11-slim AS podman_build
+FROM	pypy:3.11-slim-trixie AS podman_build
 SHELL	["/bin/bash", "-o", "pipefail", "-c"]
-ARG	apptainer_version=1.3.6
+ARG	apptainer_version=1.4.3
+WORKDIR	/
 # Install apptainer
 # hadolint ignore=DL3008
 RUN	DPKG_ARCH=$(dpkg --print-architecture) && \
 	apt-get update && \
-	apt-get install -y wget build-essential git libxml2-dev libxslt-dev zlib1g-dev && \
-	wget -O /tmp/rust-installer.sh https://sh.rustup.rs && \
+	apt-get install -y --no-install-recommends wget build-essential git libxml2-dev libxslt-dev zlib1g-dev && \
+	wget -nv -O /tmp/rust-installer.sh https://sh.rustup.rs && \
 	chmod +x /tmp/rust-installer.sh && \
 	/tmp/rust-installer.sh -y && \
 	wget -nv \
-	https://github.com/apptainer/apptainer/releases/download/v${apptainer_version}/apptainer_${apptainer_version}_${DPKG_ARCH}.deb \
-	https://github.com/apptainer/apptainer/releases/download/v${apptainer_version}/apptainer-suid_${apptainer_version}_${DPKG_ARCH}.deb && \
-	apt-get install -y ./*.deb && \
-	rm -f *.deb
+	https://github.com/apptainer/apptainer/releases/download/v"${apptainer_version}"/apptainer_"${apptainer_version}"-trixie+_"${DPKG_ARCH}".deb \
+	https://github.com/apptainer/apptainer/releases/download/v"${apptainer_version}"/apptainer-suid_"${apptainer_version}"-trixie+_"${DPKG_ARCH}".deb && \
+	apt-get install -y --no-install-recommends ./*.deb
 # Install WfExS, trusting the installers in the commit rather than the
 # one in the docker recipe
-ARG	wfexs_checkout=70277f9708ecb338cfb192ddcbf24c7159d8f319
-WORKDIR	/
+ARG	wfexs_checkout=eb5d0f0fc95c60e545b0c96ec8da0efff0a7d74b
 # hadolint ignore=DL3003,DL3013
 RUN	git clone --filter=blob:none --no-checkout https://github.com/inab/WfExS-backend.git && \
 	cd WfExS-backend && \
@@ -41,9 +40,9 @@ RUN	git clone --filter=blob:none --no-checkout https://github.com/inab/WfExS-bac
 	  container_recipes/full-installer.bash && \
 	git checkout "${wfexs_checkout}" && \
 	grep -vF git+ constraints-${PYVER}.txt > constraints-${PYVER}.txt-relaxed && \
-	. ${HOME}/.cargo/env && \
+	. "${HOME}"/.cargo/env && \
 	pip install --no-cache-dir --upgrade pip wheel && \
-	pip install --no-cache-dir "git+https://github.com/inab/WfExS-backend.git@${wfexs_checkout}" -c constraints-${PYVER}.txt-relaxed && \
+	pip install --no-cache-dir "git+https://github.com/inab/WfExS-backend.git@${wfexs_checkout}" -c constraints-"${PYVER}".txt-relaxed && \
 	python -m compileall "$(python -c 'import sys; print(sys.prefix)')" && \
 	mv container_recipes/* /
 
@@ -56,7 +55,7 @@ ARG	OPENJ9_VER=0.26.0
 # Go version to compile
 ARG	GO_VER=1.20.14
 # gocryptfs version
-ARG	GOCRYPTFS_VER=v2.5.1
+ARG	GOCRYPTFS_VER=v2.6.1
 # static bash version
 ARG	STATIC_BASH_VER=5.1.004-1.2.2
 # static busybox version
@@ -73,13 +72,13 @@ RUN	apt-get install -y --no-install-recommends curl libmagic1 graphviz && \
 	BUSYBOX_VER="${BUSYBOX_VER}" \
 	bash /full-installer.bash
 
-FROM	pypy:3.11-slim AS podman_image
+FROM	pypy:3.11-slim-trixie AS podman_image
 COPY	--from=podman_build /podman_containers_nokeyring.conf /etc/containers/containers.conf
 COPY	--from=podman_build /opt/pypy /opt/pypy
+COPY	--from=podman_build /*.deb /tmp/
 SHELL	["/bin/bash", "-o", "pipefail", "-c"]
 
 # Python 3 is installed so it can be used with cwltool
-ARG	apptainer_version=1.3.6
 # hadolint ignore=DL3008
 RUN	DPKG_ARCH=$(dpkg --print-architecture) && \
 	python -c 'import urllib.request ; urllib.request.urlretrieve("https://download.docker.com/linux/debian/gpg", "/etc/apt/keyrings/docker.asc")' && \
@@ -90,11 +89,10 @@ RUN	DPKG_ARCH=$(dpkg --print-architecture) && \
 	tee /etc/apt/sources.list.d/docker.list > /dev/null && \
 	apt-get update && \
 	apt-get install -y --no-install-recommends git libmagic1 libxml2 libxslt1.1 zlib1g python3-venv podman encfs graphviz docker-ce-cli wget && \
-	wget -nv \
-	https://github.com/apptainer/apptainer/releases/download/v${apptainer_version}/apptainer_${apptainer_version}_${DPKG_ARCH}.deb \
-	https://github.com/apptainer/apptainer/releases/download/v${apptainer_version}/apptainer-suid_${apptainer_version}_${DPKG_ARCH}.deb && \
-	apt-get install -y ./*.deb && \
-	rm -f *.deb /var/cache/apt/archives/*.deb 
+	apt-get install -y --no-install-recommends /tmp/*.deb && \
+	apt-get clean && \
+	rm -f /tmp/*.deb /var/cache/apt/archives/*.deb && \ 
+	rm -rf /var/lib/apt/lists/*
 
 CMD	["/bin/bash"]
 

container_recipes/Singularity.def

@@ -1,12 +1,12 @@
 Bootstrap: docker
-From: python:3.12
-Stage: spython-base
+From: pypy:3.11-slim-trixie
+Stage: build
 
 %arguments
 # The default images of python are based on debian
 # These arguments help customizing what it is included in the generated image
-wfexs_checkout=574fe343c0b59eecd95afbc67894456359ebe649
-apptainer_version=1.3.6
+wfexs_checkout=eb5d0f0fc95c60e545b0c96ec8da0efff0a7d74b
+apptainer_version=1.4.3
 # JDK version parameters
 JDK_MAJOR_VER=11
 # Nested arguments are not allowed
@@ -16,7 +16,7 @@ OPENJ9_VER=0.26.0
 # Go version to compile
 GO_VER=1.20.14
 # gocryptfs version
-GOCRYPTFS_VER=v2.4.0
+GOCRYPTFS_VER=v2.6.1
 # static bash version
 STATIC_BASH_VER=5.1.004-1.2.2
 # static busybox version
@@ -25,56 +25,79 @@ BUSYBOX_VER=1.35.0
 
 %post
 set -ue
-# Install apptainer
+
+cd /
+
+# Install preconditions (including apptainer)
 DPKG_ARCH=$(dpkg --print-architecture) && \
-wget -nv \
-https://github.com/apptainer/apptainer/releases/download/v{{ apptainer_version }}/apptainer_{{ apptainer_version }}_${DPKG_ARCH}.deb \
-https://github.com/apptainer/apptainer/releases/download/v{{ apptainer_version }}/apptainer-suid_{{ apptainer_version }}_${DPKG_ARCH}.deb && \
 apt-get update && \
-apt-get install -y ./*.deb && \
-rm -f *.deb
-# Install docker-ce-cli
-# hadolint ignore=DL3008
-wget -nv -O /etc/apt/keyrings/docker.asc https://download.docker.com/linux/debian/gpg && \
-chmod a+r /etc/apt/keyrings/docker.asc && \
-echo \
-"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
-$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
-tee /etc/apt/sources.list.d/docker.list > /dev/null && \
-apt-get update && \
-apt-get install -y --no-install-recommends docker-ce-cli
-# Install both podman, encfs and graphviz
-# hadolint ignore=DL3008
-apt-get install -y podman encfs graphviz
+apt-get install -y --no-install-recommends wget build-essential git libxml2-dev libxslt-dev zlib1g-dev && \
+wget -nv -O /tmp/rust-installer.sh https://sh.rustup.rs && \
+chmod +x /tmp/rust-installer.sh && \
+/tmp/rust-installer.sh -y && \
+wget -nv \
+https://github.com/apptainer/apptainer/releases/download/v"{{ apptainer_version }}"/apptainer_"{{ apptainer_version }}"-trixie+_"${DPKG_ARCH}".deb \
+https://github.com/apptainer/apptainer/releases/download/v"{{ apptainer_version }}"/apptainer-suid_"{{ apptainer_version }}"-trixie+_"${DPKG_ARCH}".deb && \
+apt-get install -y --no-install-recommends ./*.deb
+
 # Install WfExS, trusting the installers in the commit rather than the
 # one in the docker recipe
-mkdir -p /
-cd /
-# hadolint ignore=DL3003
 git clone --filter=blob:none --no-checkout https://github.com/inab/WfExS-backend.git && \
 cd WfExS-backend && \
 git sparse-checkout init --cone && \
-PYVER=$(python -c 'import sys; print("{}.{}".format(sys.version_info.major, sys.version_info.minor))') && \
-git sparse-checkout set constraints-${PYVER}.txt container_recipes/basic-installer.bash container_recipes/full-installer.bash && \
+PYVER=$(python -c 'import sys; import platform ; print("{}{}.{}".format("pypy" if platform.python_implementation() == "PyPy" else "", sys.version_info.major, sys.version_info.minor))') && \
+git sparse-checkout set constraints-${PYVER}.txt \
+  podman_containers_nokeyring.conf \
+  container_recipes/basic-installer.bash \
+  container_recipes/full-installer.bash && \
 git checkout "{{ wfexs_checkout }}" && \
-pip install --no-cache-dir "git+https://github.com/inab/WfExS-backend.git@{{ wfexs_checkout }}" -c constraints-${PYVER}.txt && \
+grep -vF git+ constraints-${PYVER}.txt > constraints-${PYVER}.txt-relaxed && \
+. "${HOME}"/.cargo/env && \
+pip install --no-cache-dir --upgrade pip wheel && \
+pip install --no-cache-dir "git+https://github.com/inab/WfExS-backend.git@{{ wfexs_checkout }}" -c constraints-"${PYVER}".txt-relaxed && \
 python -m compileall "$(python -c 'import sys; print(sys.prefix)')" && \
-mv container_recipes/* / && \
-cd .. && \
-rm -rf WfExS-backend
-# Transfer other third party installation script
-# COPY basic-installer.bash full-installer.bash ./
+mv container_recipes/* /
+
 # Install third party software
+apt-get install -y --no-install-recommends curl libmagic1 graphviz && \
 JDK_MAJOR_VER="{{ JDK_MAJOR_VER }}" \
 JDK_VER="{{ JDK_VER }}" \
-JDK_REV="{{JDK_REV }}" \
+JDK_REV="{{ JDK_REV }}" \
 OPENJ9_VER="{{ OPENJ9_VER }}" \
 GO_VER="{{ GO_VER }}" \
 GOCRYPTFS_VER="{{ GOCRYPTFS_VER }}" \
 STATIC_BASH_VER="{{ STATIC_BASH_VER }}" \
 BUSYBOX_VER="{{ BUSYBOX_VER }}" \
 bash /full-installer.bash
 
+Bootstrap: docker
+From: pypy:3.11-slim-trixie
+Stage: image
+
+%files from build
+/podman_containers_nokeyring.conf /etc/containers/containers.conf
+/opt/pypy /opt
+/*.deb /tmp/
+
+%post
+set -ue
+
+# Install docker-ce-cli
+# Cleanups
+DPKG_ARCH=$(dpkg --print-architecture) && \
+python -c 'import urllib.request ; urllib.request.urlretrieve("https://download.docker.com/linux/debian/gpg", "/etc/apt/keyrings/docker.asc")' && \
+chmod a+r /etc/apt/keyrings/docker.asc && \
+echo \
+"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
+$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+tee /etc/apt/sources.list.d/docker.list > /dev/null && \
+apt-get update && \
+apt-get install -y --no-install-recommends git libmagic1 libxml2 libxslt1.1 zlib1g python3-venv podman encfs graphviz docker-ce-cli wget && \
+apt-get install -y --no-install-recommends /tmp/*.deb && \
+apt-get clean && \
+rm -f /tmp/*.deb /var/cache/apt/archives/*.deb && \ 
+rm -rf /var/lib/apt/lists/*
+
 %runscript
 cd /
 exec /bin/bash bash "$@"

pyproject.toml

@@ -0,0 +1,7 @@
+[build-system]
+requires = [
+	"setuptools>=42",
+	"wheel"
+]
+build-backend = "setuptools.build_meta"
+

requirements.txt

@@ -35,7 +35,7 @@ pyncclient-ext >= 0.1.2
 wiktionary-term-fetcher >= 0.1.1
 funny-passphrase >= 0.2.3
 pyxdg
-groovy-parser == 0.2.1
+groovy-parser == 0.2.2
 data-url >= 1.1.1
 pgzip
 defusedxml

wfexs_backend/__init__.py

@@ -21,7 +21,7 @@
 __license__ = "Apache 2.0"
 
 # https://www.python.org/dev/peps/pep-0396/
-__version__ = "1.0.2"
+__version__ = "1.0.3"
 __url__ = "https://github.com/inab/WfExS-backend"
 __official_name__ = "WfExS-backend"
 

wfexs_backend/fetchers/git.py

@@ -86,6 +86,8 @@
 import dulwich.porcelain
 import dulwich.repo
 
+from dulwich import __version__ as dulwich_version
+
 from . import (
     AbstractSchemeRepoFetcher,
     DocumentedStatefulProtocolFetcher,
@@ -296,9 +298,14 @@ def _find_git_repo_in_uri(
             # Possible sha in repoTag
             memory_repo = dulwich.repo.MemoryRepo()
             transport, path = get_transport_and_path(remote_uri_anc)
-            fetch_pack_result = transport.fetch(
-                path, cast("dulwich.repo.Repo", memory_repo)
-            )
+            if dulwich_version < (0, 24, 6):
+                fetch_pack_result = transport.fetch(
+                    path, cast("dulwich.repo.Repo", memory_repo)  # type: ignore[arg-type]
+                )
+            else:
+                fetch_pack_result = transport.fetch(
+                    path.encode("utf-8"), cast("dulwich.repo.Repo", memory_repo)  # type: ignore[arg-type]
+                )
             try:
                 memory_repo.get_object(repoTag.encode("utf-8"))
                 b_default_repo_tag = repoTag