diyism · February 25, 2024 05:35
diff --git a/google_colab_VM_initial.ipynb.txt b/google_colab_VM_initial.ipynb.txt
 #############################ipynb START###############################################

 #################### the 1st step after factory reset VM runtime
 !apt update ; apt install openssh-server
 !echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
 !mkdir /root/.ssh
 !echo 'ssh-rsa .....' >/root/.ssh/authorized_keys
 !service ssh start

 from google.colab import drive
 drive.mount('/root/gdrive')
 !ln -s /root/gdrive/MyDrive/ColabSingularity /root/sing

 !cp /root/sing/tailscale_1.32.1_amd64.tgz ./
 !tar zxvf tailscale_1.32.1_amd64.tgz
 !cp tailscale_1.32.1_amd64/tailscale* /usr/bin/
 !rm -rf tailscale_1.32.1_amd64*
 !mkdir /var/lib/tailscale ; cp /root/sing/tailscaled.state /var/lib/tailscale/tailscaled.state
 !nohup /usr/bin/tailscaled --tun=userspace-networking --state=/var/lib/tailscale/tailscaled.state --socket=/run/tailscale/tailscaled.sock --port 41641 >/dev/null 2>&1 &
 #!cp /var/lib/tailscale/tailscaled.state /root/sing/    #first time, after tailscale inited
 !tailscale up
 !tailscale ip

 ##################### the 1st step after restart VM runtime
 %cd /root/

 #!JFS_LATEST_TAG=$(curl -s https://api.github.com/repos/juicedata/juicefs/releases/latest | grep 'tag_name' | cut -d '"' -f 4 | tr -d 'v')
 #!cd /root/sing/ && wget "https://github.com/juicedata/juicefs/releases/download/v${JFS_LATEST_TAG}/juicefs-${JFS_LATEST_TAG}-linux-amd64.tar.gz"
 #!cd /root/sing/ && tar -zxf "juicefs-${JFS_LATEST_TAG}-linux-amd64.tar.gz" juicefs && rm juicefs-${JFS_LATEST_TAG}-linux-amd64.tar.gz
 !install /root/sing/juicefs /usr/local/bin

 #!juicefs format --storage file --bucket /root/sing/gdrive_file_volume1 "sqlite3:///root/sing/gdrive_file_volume1.db" volume1
 !while true; do nohup cp /root/gdrive_file_volume1.db /root/sing/ > /dev/null 2>&1; sleep 5; done &
 !juicefs mount -d "sqlite3:///root/sing/gdrive_file_volume1.db" ./gdrive_file_volume1

 #################### the 2nd step after restart VM runtime
 #!wget https://github.com/OurGI-com/OurGI-src/blob/master/singularity/singularity_3.8.3_for_google_colab.deb?raw=true -O sing/singularity_3.8.3_for_google_colab.deb
 !dpkg -i sing/singularity_3.8.3_for_google_colab.deb
 !ln -s /usr/local/bin/singularity /usr/bin/sing
 !apt install nano squashfs-tools uidmap
 !mkdir -p /usr/local/var/singularity/mnt/session
 !singularity config fakeroot --add root

 #!sing build -s ./storj_demobucket_volume1/sing-debian-1/ docker://debian:buster-slim
 #!cp sing/sing-debian-1.20211019.0416.tar.gz ./
 #!pv sing-debian-1.20211019.0416.tar.gz| tar xzpf - -C ./gdrive__volume1
 #extract debian image only cost 3.5 minutes
 !sing shell --fakeroot --writable ./gdrive_volume1/sing-debian-1/

 ##################### misc console:
 #show status:
 !pwd
 !tailscale ip
 !ps axu | grep ssh
 !ls
 !nvidia-smi

 #run single command:


 #############################ipynb END###############################################


 #############################run rootless docker in google colab:###############################################
 useradd -md /opt/docker docker
 apt-get -qq install iproute2 uidmap
 sudo -Hu docker SKIP_IPTABLES=1 bash < <(curl -fsSL https://get.docker.com/rootless)
 mkdir /run/docker/plugins
 chown docker:docker -R /run/docker
 su docker
 cd /opt/docker
 %%writefile docker-run.sh
 #!/usr/bin/env bash
 set -e
 export DOCKER_SOCK=/opt/docker/.docker/run/docker.sock
 export DOCKER_HOST=unix://$DOCKER_SOCK
 export PATH=/opt/docker/bin:$PATH
 export XDG_RUNTIME_DIR=/opt/docker/.docker/run
 rootlesskit --debug --disable-host-loopback --copy-up=/etc --copy-up=/run /opt/docker/bin/dockerd -b none --experimental --iptables=false --storage-driver vfs &
 for i in $(seq 5); do [ ! -S "$DOCKER_SOCK" ] && sleep 2 || break; done
 docker $@
 jobs -p
 kill $(jobs -p)

 chmod 777 docker-run.sh
 ./docker-run.sh run --cap-add SYS_ADMIN hello-world

 #"join session keyring: create session key: operation not permitted": unknown.
 #Which could be solved by !sysctl -w kernel.keys.maxkeys=500, however Colab doesn't allow it.


 #############################procedure notes:###############################################

 ##################### juicefs mount file gdrive
 #!juicefs format --storage file --bucket /root/sing/gdrive_file_volume1 "sqlite3:///root/sing/gdrive_file_volume1.db" volume1
 !juicefs mount -d "sqlite3:///root/sing/gdrive_file_volume1.db" ./gdrive_file_volume1

 ###################### juicefs mount webdav
 #enable google drive api: https://console.cloud.google.com/apis/library/drive.googleapis.com
 #create oauth client credential: https://console.cloud.google.com/apis/credentials/oauthclient
 !cd /root/sing && wget https://github.com/diyism/gdrive-webdav/releases/download/google_colab_bin/gdrave
 !install /root/sing/gdrave /usr/local/bin/
 !gdrave --client-id=... --client-secret=...
 !nohup gdrave --client-id=... --client-secret=... >/dev/null 2>&1 &

 #!juicefs format --storage webdav --bucket http://127.0.0.1:8765/ "sqlite3:///root/gdrive/MyDrive/ColabSingularity/gdrive_webdav_volume1.db" volume1
 !juicefs mount -d "sqlite3:///root/gdrive_webdav_volume1.db" ./gdrive_webdav_volume1

 ###################### juicefs mount storj or minio
 #!juicefs format --storage s3 --bucket https://gateway.us1.storjshare.io/demo-bucket --access-key ... --secret-key ... "sqlite3:///root/gdrive/MyDrive/ColabSingularity/storj_demobucket_volume1.db" volume1
 #!juicefs format --storage s3 --bucket https://gateway.us1.storjshare.io/demo-bucket --access-key ... --secret-key ... "badger:///root/gdrive/MyDrive/ColabSingularity/storj_demobucket_volume1" volume1
 #!juicefs format --storage minio --bucket http://<vps ip>:9000/bucket1 --access-key ... --secret-key ... "sqlite3:///root/gdrive/MyDrive/ColabSingularity/minio_bucket1_volume1.db" volume1
 #the last param of juicefs "format" is the volume name, mapped to the storj storage's first level folder, the volume name will be saved into the storj_demobucket_volume1.db, so that while execing "juicefs mount" it can connect https://gateway.us1.storjshare.io/demo-bucket/volume1
 !cp sing/storj_demobucket_volume1.db ./
 !juicefs mount -d "sqlite3:///root/storj_demobucket_volume1.db" ./storj_demobucket_volume1
 #!juicefs mount -d "badger:///root/storj_demobucket_volume1" ./storj_demobucket_volume1
 #!juicefs umount ./storj_demobucket_volume1

 ###################### replace storj, self host s3 server(MinIO) on my vps
 #single file, google colab->korea vps minio: 2.5MB/s  #china home->korea vps: 0.5MB/s, local to local 80MB/s
 #sing file, google-colab->korea vps sshfs: 1.5MB/s    #sshfs support hardlink in mounted volume
 #sing file, google colab or china home->storj crowd source network: 0.2MB/s
 #sing file, google colab->google drive webdav: 7MB/s
 #a folder, google colab->google drive webdav: 0MB/s   #gdrive-webdav has bug, leaking tcp  ESTAB while cp a folder
 #sing file, google colab->google drive juicefs_folder: 200MB/s
 #a folder, google colab->google drive juicefs_folder: 0.5MB/s(juicefs meta db out of gdrive),   0.05MB/s(juicefs meta db in gdrive)

 wget https://dl.min.io/server/minio/release/linux-amd64/minio
 sudo install minio /usr/local/bin/
 rm minio
 sudo mkdir /data
 sudo chmod 777 /data
 sudo iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 9091 -j ACCEPT
 sudo iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 9000 -j ACCEPT
 MINIO_ROOT_USER=admin MINIO_ROOT_PASSWORD=... minio server /data --console-address ":9091"
 #visit http://<vps ip>:9091  with the MINIO_ROOT_USER and MINIO_ROOT_PASSWORD
 #create bucket1 and user1

 ######################   storj official gateway is very slow
 #try to run self hosted gateway on local PC to connect the mesh network:
 ./gateway setup --non-interactive --access <access grant>
 ./gateway run    #it will show the local access key and local secret key
 juicefs format --storage s3 --bucket http://127.0.0.1:7777/demo-bucket --access-key <local access key> --secret-key <local secret key> "sqlite3://volume21.db" volume21
 juicefs mount -d "sqlite3://volume21.db" ./volume21
 pv ../b4gi.tar.gz | tar xzpf - -C ./volume21       #juicefs format and juicefs mount didn't create volume21 on storj website, unitl start to write file into volume21
 ss -tuwnap | grep gateway   #I can see more than 100 nodes connected all over the world
 #I can see the self hosted gateway is as slow as the official one: 10KB/s to 200KB/s

 #####################不可行(关机时间不定性) run before restart/stop VM runtime
 #run before restart/stop VM
 !tar -czpf /content/sing/sing-debian-1.`date +%Y%m%d.%H%M`.tar.gz sing-debian-1
 #sync to google drive:
 from google.colab import drive
 drive.flush_and_unmount()
 drive.mount('/root/gdrive')

 ##################### (not work, maybe keyboard/mouse detecting) in browser console, run:
 function ClickConnect() {console.log("Working"); document.querySelector('#top-toolbar > colab-connect-button').shadowRoot.querySelector('#connect').click()}
 setInterval(ClickConnect, 60000)

 ##################### then login with ssh cloudflare proxy or normal ssh login through tailscale ip

 ==================apt install failed in sing shell:=======================================
 #what a pity, mounted gdrive file system(like rclone: https://github.com/rclone/rclone/issues/3800) doesn't support hardlink,
 #we can start a sing shell, but we can't apt install in this sing shell ("dpkg -i" using hardlink sys call)
 #!cd /root && cp -R sing-debian-1 sing/
 #before shutdown/leave, backup exec permissions:
 #!cd /root/sing-debian-1 && find . -perm -100 -type f >/root/sing/sing-debian-1.acls
 #after start, restore exec permissions:
 #!cd /root/sing/sing-debian-1 && cat /root/sing/sing-debian-1.acls |xargs -I{} sh -c "test -e {} && chmod +x {}"
 #!cd /root/sing && sing shell --fakeroot --writable sing-debian-1/

 ==================build writable sif file failed:===========================================
 #!cd /root && sing build sing-debian-1.sif docker://debian:buster-slim
 #!cd /root && dd if=/dev/zero of=overlay.img bs=1M count=1000 && mkfs.ext3 overlay.img
 #!cd /root && singularity siftool add --datatype 4 --partfs 2 --parttype 4 --partarch 2 --groupid 1 sing-debian-1.sif overlay.img
 #!cd /root && rm overlay.img && mv sing-debian-1.sif /root/sing/
 #!cd /root/sing && sing shell --fakeroot --writable sing-debian-1.sif
 #but failed with system setcap limitations

 ==================build singularity_3.8.3_for_google_colab.deb:===========================================

 #build singularity debian package:
 cd sing
 #apt install acl
 #backup acl permissions, because google drive won't keep it after unmount(to fix: drive.flush_and_unmount())
 #getfacl -R ./ >../sing.acls
 #setfacl --restore ../sing.acls
 #if seems "setfacl" won't work with google drive mount
 #the sing.acls file located at /content/gdrive/MyDrive/
 #to use these 2 lines to replace getfacl and setfacl:
 find . -perm -100 -type f >../sing.acls
 cat ../sing.acls |xargs -I{} sh -c "test -e {} && chmod +x {}"

 rm -rf /usr/local/go && wget -qO- https://golang.org/dl/go1.17.linux-amd64.tar.gz | sudo tar -xvz -C /usr/local
 export PATH=$PATH:/usr/local/go/bin
 export GOPATH=/root/sing/gopath
 sed -i 's{/usr/games:/usr/local/games{/usr/local/go/bin{' /etc/environment
 echo 'GOPATH=/root/sing/gopath' >> /etc/environment
 cd sing
 export VERSION=3.8.3
 wget https://github.com/hpcng/singularity/releases/download/v${VERSION}/singularity-${VERSION}.tar.gz
 tar -xzf singularity-${VERSION}.tar.gz
 cd singularity-${VERSION}
 apt install cryptsetup libseccomp-dev
 ./mconfig
 #need "make" first to prepare go pkgs for debmake
 make -C builddir

 #debmake >../debmake.log 2>&1
 #create file debian/source/include-binaries with content in the attachment
 #dpkg-source --commit -i'(^|/)(\.github|makeit-intermediate)($|/)'
 #debuild -i'(^|/)(\.github|makeit-intermediate)($|/)'
 #but debuild built a nearly empty deb file, to use "checkinstall" to build deb:

 checkinstall -D make install
 ln -s /usr/local/bin/singularity /usr/bin/sing

 #the singularity_3.8.3_for_google_colab.deb is 28MB, uploading to github will show " Yowza, that’s a big file. Try again with a file smaller than 25MB.", to use git lfs, for example in Kali/debian:
 #to check "Include Git LFS objects in archives" option in github project Settings
 wget https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh
 chmod 777 ./script.deb.sh
 os=debian dist=bullseyes ./script.deb.sh
 sudo apt install git-lfs
 git clone --depth 1 https://github.com/OurGI-com/OurGI-src.git
 cd OurGI-src/singularity
 cp <builtdir>/singularity_3.8.3_for_google_colab.deb ./
 git lfs install
 git lfs track "singularity_3.8.3_for_google_colab.deb"
 git add .gitattributes
 git add .
 git commit -m "Upload big file"
 git push
	#############################ipynb START###############################################

	#################### the 1st step after factory reset VM runtime
	!apt update ; apt install openssh-server
	!echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
	!mkdir /root/.ssh
	!echo 'ssh-rsa .....' >/root/.ssh/authorized_keys
	!service ssh start

	from google.colab import drive
	drive.mount('/root/gdrive')
	!ln -s /root/gdrive/MyDrive/ColabSingularity /root/sing

	!cp /root/sing/tailscale_1.32.1_amd64.tgz ./
	!tar zxvf tailscale_1.32.1_amd64.tgz
	!cp tailscale_1.32.1_amd64/tailscale* /usr/bin/
	!rm -rf tailscale_1.32.1_amd64*
	!mkdir /var/lib/tailscale ; cp /root/sing/tailscaled.state /var/lib/tailscale/tailscaled.state
	!nohup /usr/bin/tailscaled --tun=userspace-networking --state=/var/lib/tailscale/tailscaled.state --socket=/run/tailscale/tailscaled.sock --port 41641 >/dev/null 2>&1 &
	#!cp /var/lib/tailscale/tailscaled.state /root/sing/ #first time, after tailscale inited
	!tailscale up
	!tailscale ip

	##################### the 1st step after restart VM runtime
	%cd /root/

	#!JFS_LATEST_TAG=$(curl -s https://api.github.com/repos/juicedata/juicefs/releases/latest \| grep 'tag_name' \| cut -d '"' -f 4 \| tr -d 'v')
	#!cd /root/sing/ && wget "https://github.com/juicedata/juicefs/releases/download/v${JFS_LATEST_TAG}/juicefs-${JFS_LATEST_TAG}-linux-amd64.tar.gz"
	#!cd /root/sing/ && tar -zxf "juicefs-${JFS_LATEST_TAG}-linux-amd64.tar.gz" juicefs && rm juicefs-${JFS_LATEST_TAG}-linux-amd64.tar.gz
	!install /root/sing/juicefs /usr/local/bin

	#!juicefs format --storage file --bucket /root/sing/gdrive_file_volume1 "sqlite3:///root/sing/gdrive_file_volume1.db" volume1
	!while true; do nohup cp /root/gdrive_file_volume1.db /root/sing/ > /dev/null 2>&1; sleep 5; done &
	!juicefs mount -d "sqlite3:///root/sing/gdrive_file_volume1.db" ./gdrive_file_volume1

	#################### the 2nd step after restart VM runtime
	#!wget https://github.com/OurGI-com/OurGI-src/blob/master/singularity/singularity_3.8.3_for_google_colab.deb?raw=true -O sing/singularity_3.8.3_for_google_colab.deb
	!dpkg -i sing/singularity_3.8.3_for_google_colab.deb
	!ln -s /usr/local/bin/singularity /usr/bin/sing
	!apt install nano squashfs-tools uidmap
	!mkdir -p /usr/local/var/singularity/mnt/session
	!singularity config fakeroot --add root

	#!sing build -s ./storj_demobucket_volume1/sing-debian-1/ docker://debian:buster-slim
	#!cp sing/sing-debian-1.20211019.0416.tar.gz ./
	#!pv sing-debian-1.20211019.0416.tar.gz\| tar xzpf - -C ./gdrive__volume1
	#extract debian image only cost 3.5 minutes
	!sing shell --fakeroot --writable ./gdrive_volume1/sing-debian-1/

	##################### misc console:
	#show status:
	!pwd
	!tailscale ip
	!ps axu \| grep ssh
	!ls
	!nvidia-smi

	#run single command:


	#############################ipynb END###############################################


	#############################run rootless docker in google colab:###############################################
	useradd -md /opt/docker docker
	apt-get -qq install iproute2 uidmap
	sudo -Hu docker SKIP_IPTABLES=1 bash < <(curl -fsSL https://get.docker.com/rootless)
	mkdir /run/docker/plugins
	chown docker:docker -R /run/docker
	su docker
	cd /opt/docker
	%%writefile docker-run.sh
	#!/usr/bin/env bash
	set -e
	export DOCKER_SOCK=/opt/docker/.docker/run/docker.sock
	export DOCKER_HOST=unix://$DOCKER_SOCK
	export PATH=/opt/docker/bin:$PATH
	export XDG_RUNTIME_DIR=/opt/docker/.docker/run
	rootlesskit --debug --disable-host-loopback --copy-up=/etc --copy-up=/run /opt/docker/bin/dockerd -b none --experimental --iptables=false --storage-driver vfs &
	for i in $(seq 5); do [ ! -S "$DOCKER_SOCK" ] && sleep 2 \|\| break; done
	docker $@
	jobs -p
	kill $(jobs -p)

	chmod 777 docker-run.sh
	./docker-run.sh run --cap-add SYS_ADMIN hello-world

	#"join session keyring: create session key: operation not permitted": unknown.
	#Which could be solved by !sysctl -w kernel.keys.maxkeys=500, however Colab doesn't allow it.


	#############################procedure notes:###############################################

	##################### juicefs mount file gdrive
	#!juicefs format --storage file --bucket /root/sing/gdrive_file_volume1 "sqlite3:///root/sing/gdrive_file_volume1.db" volume1
	!juicefs mount -d "sqlite3:///root/sing/gdrive_file_volume1.db" ./gdrive_file_volume1

	###################### juicefs mount webdav
	#enable google drive api: https://console.cloud.google.com/apis/library/drive.googleapis.com
	#create oauth client credential: https://console.cloud.google.com/apis/credentials/oauthclient
	!cd /root/sing && wget https://github.com/diyism/gdrive-webdav/releases/download/google_colab_bin/gdrave
	!install /root/sing/gdrave /usr/local/bin/
	!gdrave --client-id=... --client-secret=...
	!nohup gdrave --client-id=... --client-secret=... >/dev/null 2>&1 &

	#!juicefs format --storage webdav --bucket http://127.0.0.1:8765/ "sqlite3:///root/gdrive/MyDrive/ColabSingularity/gdrive_webdav_volume1.db" volume1
	!juicefs mount -d "sqlite3:///root/gdrive_webdav_volume1.db" ./gdrive_webdav_volume1

	###################### juicefs mount storj or minio
	#!juicefs format --storage s3 --bucket https://gateway.us1.storjshare.io/demo-bucket --access-key ... --secret-key ... "sqlite3:///root/gdrive/MyDrive/ColabSingularity/storj_demobucket_volume1.db" volume1
	#!juicefs format --storage s3 --bucket https://gateway.us1.storjshare.io/demo-bucket --access-key ... --secret-key ... "badger:///root/gdrive/MyDrive/ColabSingularity/storj_demobucket_volume1" volume1
	#!juicefs format --storage minio --bucket http://<vps ip>:9000/bucket1 --access-key ... --secret-key ... "sqlite3:///root/gdrive/MyDrive/ColabSingularity/minio_bucket1_volume1.db" volume1
	#the last param of juicefs "format" is the volume name, mapped to the storj storage's first level folder, the volume name will be saved into the storj_demobucket_volume1.db, so that while execing "juicefs mount" it can connect https://gateway.us1.storjshare.io/demo-bucket/volume1
	!cp sing/storj_demobucket_volume1.db ./
	!juicefs mount -d "sqlite3:///root/storj_demobucket_volume1.db" ./storj_demobucket_volume1
	#!juicefs mount -d "badger:///root/storj_demobucket_volume1" ./storj_demobucket_volume1
	#!juicefs umount ./storj_demobucket_volume1

	###################### replace storj, self host s3 server(MinIO) on my vps
	#single file, google colab->korea vps minio: 2.5MB/s #china home->korea vps: 0.5MB/s, local to local 80MB/s
	#sing file, google-colab->korea vps sshfs: 1.5MB/s #sshfs support hardlink in mounted volume
	#sing file, google colab or china home->storj crowd source network: 0.2MB/s
	#sing file, google colab->google drive webdav: 7MB/s
	#a folder, google colab->google drive webdav: 0MB/s #gdrive-webdav has bug, leaking tcp ESTAB while cp a folder
	#sing file, google colab->google drive juicefs_folder: 200MB/s
	#a folder, google colab->google drive juicefs_folder: 0.5MB/s(juicefs meta db out of gdrive), 0.05MB/s(juicefs meta db in gdrive)

	wget https://dl.min.io/server/minio/release/linux-amd64/minio
	sudo install minio /usr/local/bin/
	rm minio
	sudo mkdir /data
	sudo chmod 777 /data
	sudo iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 9091 -j ACCEPT
	sudo iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 9000 -j ACCEPT
	MINIO_ROOT_USER=admin MINIO_ROOT_PASSWORD=... minio server /data --console-address ":9091"
	#visit http://<vps ip>:9091 with the MINIO_ROOT_USER and MINIO_ROOT_PASSWORD
	#create bucket1 and user1

	###################### storj official gateway is very slow
	#try to run self hosted gateway on local PC to connect the mesh network:
	./gateway setup --non-interactive --access <access grant>
	./gateway run #it will show the local access key and local secret key
	juicefs format --storage s3 --bucket http://127.0.0.1:7777/demo-bucket --access-key <local access key> --secret-key <local secret key> "sqlite3://volume21.db" volume21
	juicefs mount -d "sqlite3://volume21.db" ./volume21
	pv ../b4gi.tar.gz \| tar xzpf - -C ./volume21 #juicefs format and juicefs mount didn't create volume21 on storj website, unitl start to write file into volume21
	ss -tuwnap \| grep gateway #I can see more than 100 nodes connected all over the world
	#I can see the self hosted gateway is as slow as the official one: 10KB/s to 200KB/s

	#####################不可行(关机时间不定性) run before restart/stop VM runtime
	#run before restart/stop VM
	!tar -czpf /content/sing/sing-debian-1.`date +%Y%m%d.%H%M`.tar.gz sing-debian-1
	#sync to google drive:
	from google.colab import drive
	drive.flush_and_unmount()
	drive.mount('/root/gdrive')

	##################### (not work, maybe keyboard/mouse detecting) in browser console, run:
	function ClickConnect() {console.log("Working"); document.querySelector('#top-toolbar > colab-connect-button').shadowRoot.querySelector('#connect').click()}
	setInterval(ClickConnect, 60000)

	##################### then login with ssh cloudflare proxy or normal ssh login through tailscale ip

	==================apt install failed in sing shell:=======================================
	#what a pity, mounted gdrive file system(like rclone: https://github.com/rclone/rclone/issues/3800) doesn't support hardlink,
	#we can start a sing shell, but we can't apt install in this sing shell ("dpkg -i" using hardlink sys call)
	#!cd /root && cp -R sing-debian-1 sing/
	#before shutdown/leave, backup exec permissions:
	#!cd /root/sing-debian-1 && find . -perm -100 -type f >/root/sing/sing-debian-1.acls
	#after start, restore exec permissions:
	#!cd /root/sing/sing-debian-1 && cat /root/sing/sing-debian-1.acls \|xargs -I{} sh -c "test -e {} && chmod +x {}"
	#!cd /root/sing && sing shell --fakeroot --writable sing-debian-1/

	==================build writable sif file failed:===========================================
	#!cd /root && sing build sing-debian-1.sif docker://debian:buster-slim
	#!cd /root && dd if=/dev/zero of=overlay.img bs=1M count=1000 && mkfs.ext3 overlay.img
	#!cd /root && singularity siftool add --datatype 4 --partfs 2 --parttype 4 --partarch 2 --groupid 1 sing-debian-1.sif overlay.img
	#!cd /root && rm overlay.img && mv sing-debian-1.sif /root/sing/
	#!cd /root/sing && sing shell --fakeroot --writable sing-debian-1.sif
	#but failed with system setcap limitations

	==================build singularity_3.8.3_for_google_colab.deb:===========================================

	#build singularity debian package:
	cd sing
	#apt install acl
	#backup acl permissions, because google drive won't keep it after unmount(to fix: drive.flush_and_unmount())
	#getfacl -R ./ >../sing.acls
	#setfacl --restore ../sing.acls
	#if seems "setfacl" won't work with google drive mount
	#the sing.acls file located at /content/gdrive/MyDrive/
	#to use these 2 lines to replace getfacl and setfacl:
	find . -perm -100 -type f >../sing.acls
	cat ../sing.acls \|xargs -I{} sh -c "test -e {} && chmod +x {}"

	rm -rf /usr/local/go && wget -qO- https://golang.org/dl/go1.17.linux-amd64.tar.gz \| sudo tar -xvz -C /usr/local
	export PATH=$PATH:/usr/local/go/bin
	export GOPATH=/root/sing/gopath
	sed -i 's{/usr/games:/usr/local/games{/usr/local/go/bin{' /etc/environment
	echo 'GOPATH=/root/sing/gopath' >> /etc/environment
	cd sing
	export VERSION=3.8.3
	wget https://github.com/hpcng/singularity/releases/download/v${VERSION}/singularity-${VERSION}.tar.gz
	tar -xzf singularity-${VERSION}.tar.gz
	cd singularity-${VERSION}
	apt install cryptsetup libseccomp-dev
	./mconfig
	#need "make" first to prepare go pkgs for debmake
	make -C builddir

	#debmake >../debmake.log 2>&1
	#create file debian/source/include-binaries with content in the attachment
	#dpkg-source --commit -i'(^\|/)(\.github\|makeit-intermediate)($\|/)'
	#debuild -i'(^\|/)(\.github\|makeit-intermediate)($\|/)'
	#but debuild built a nearly empty deb file, to use "checkinstall" to build deb:

	checkinstall -D make install
	ln -s /usr/local/bin/singularity /usr/bin/sing

	#the singularity_3.8.3_for_google_colab.deb is 28MB, uploading to github will show " Yowza, that’s a big file. Try again with a file smaller than 25MB.", to use git lfs, for example in Kali/debian:
	#to check "Include Git LFS objects in archives" option in github project Settings
	wget https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh
	chmod 777 ./script.deb.sh
	os=debian dist=bullseyes ./script.deb.sh
	sudo apt install git-lfs
	git clone --depth 1 https://github.com/OurGI-com/OurGI-src.git
	cd OurGI-src/singularity
	cp <builtdir>/singularity_3.8.3_for_google_colab.deb ./
	git lfs install
	git lfs track "singularity_3.8.3_for_google_colab.deb"
	git add .gitattributes
	git add .
	git commit -m "Upload big file"
	git push