Releases: sylabs/singularity
SingularityCE 3.8.3
This is a bugfix release of SingularityCE, the Community Edition of the Singularity container runtime hosted at https://github.com/sylabs/singularity. Documentation is available at https://sylabs.io/docs/.
Bug fixes
- Fix regression when files
source
d from%environment
contain\
escaped shell builtins (fixes issue withsource
of conda profile.d script).
Additional changes include dependency updates for the SIF module (to v2.0.0), and migration to maintained versions of other modules. There is no change to functionality, on-disk SIF format etc.
Thanks / Reporting Bugs
Thanks to our contributors for code, feedback and, testing efforts!
As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new
If you think that you've discovered a security vulnerability please report it to: security@sylabs.io
Have fun!
Downloads
Please use the singularity-ce-3.8.3.tar.gz download below to obtain and install SingularityCE 3.8.3. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.
SingularityCE 3.8.2
This is a bugfix release of SingularityCE, the Community Edition of the Singularity container runtime hosted at https://github.com/sylabs/singularity. Documentation is available at https://sylabs.io/docs/.
Bug Fixes
singularity delete
will use the correct library service when the hostname is specified in thelibrary://
URI.singularity build
will use the correct library service when the hostname is specified in thelibrary://
URI / definition file.- Fix download of default
pacman.conf
inarch
bootstrap. - Call
debootstrap
with correct Debian arch when it is not identical to the value ofruntime.GOARCH
. E.g.ppc64el -> ppc64le
. - When destination is ommitted in
%files
entry in definition file, ensure globbed files are copied to correct resolved path. - Return an error if
--tokenfile
used forremote login
to an OCI registry, as this is not supported. - Ensure repeated
remote login
to same URI does not create duplicate entries in~/.singularity/remote.yaml
. - Avoid panic when mountinfo line has a blank field.
- Properly escape single quotes in Docker
CMD
/ENTRYPOINT
translation. - Use host uid when choosing unsquashfs flags, to avoid selinux xattr errors with
--fakeroot
on non-EL/Fedora distributions with recent squashfs-tools.
Additionally, dependencies have been updated and some testing changes have been applied.
Thanks / Reporting Bugs
Thanks to our contributors for code, feedback and, testing efforts!
As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new
If you think that you've discovered a security vulnerability please report it to: security@sylabs.io
Have fun!
Downloads
Please use the singularity-ce-3.8.2.tar.gz download below to obtain and install SingularityCE 3.8.2. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.
SingularityCE 3.8.1
This is a patch release of SingularityCE, the Community Edition of the Singularity container runtime hosted at https://github.com/sylabs/singularity. Documentation is available at https://sylabs.io/docs/.
Bug Fixes
- Allow escaped
\$
in a SINGULARITYENV_ var to set a literal$
in a container env var. - Handle absolute symlinks correctly in multi-stage build
%copy from
blocks. - Fix incorrect reference in sandbox restrictive permissions warning.
Additionally, dependencies have been updated and some testing & markdown file changes have been applied.
Thanks / Reporting Bugs
Thanks to our contributors for code, feedback and, testing efforts!
As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new
If you think that you've discovered a security vulnerability please report it to: security@sylabs.io
Have fun!
Downloads
Please use the singularity-ce-3.8.1.tar.gz download below to obtain and install SingularityCE 3.8.1. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.
SingularityCE 3.8.0
This is the first release of SingularityCE 3.8.0, the Community Edition of the Singularity container runtime hosted at https://github.com/sylabs/singularity. Documentation is available at https://sylabs.io/docs/
Changed defaults / behaviours
- The package name for this release is now
singularity-ce
. This name is used for the source tarball, output of anrpmbuild
, and displayed in--version
information. - The name of the top level directory in the source tarball from
make dist
now includes the version string.
New features / functionalities
- A new
overlay
command allows creation and addition of writable overlays. - Administrators can allow named users/groups to use specific CNI network configurations. Managed by directives in
singularity.conf
. - The
build
command now honors--nv
,--rocm
, and--bind
flags, permitting builds that require GPU access or files bound in from the host. - A library service hostname can be specified as the first component of a
library://
URL. - Singularity is now relocatable for unprivileged installations only.
Bug Fixes
- Respect http proxy server environment variables in key operations.
- When pushing SIF images to
oras://
endpoints, work around Harbor & GitLab failure to accept theSifConfigMediaType
. - Avoid a
setfsuid
compilation warning on some gcc versions. - Fix a crash when silent/quiet log levels used on pulls from
shub://
andhttp(s)://
URIs. - Wait for dm device to appear when mounting an encrypted container rootfs.
Testing / Development
Testing changes are not generally itemized. However, developers and contributors should note that this release has modified the behavior of make test
for ease of use:
make test
runs limited unit and integration tests that will not require docker hub credentials.make testall
runs the full unit/integration/e2e test suite that requires docker credentials to be set withE2E_DOCKER_USERNAME
andE2E_DOCKER_PASSWORD
environment variables.
Thanks / Reporting Bugs
Thanks to our contributors for code, feedback and, testing efforts!
As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new
If you think that you've discovered a security vulnerability please report it to: security@sylabs.io
Have fun!
Downloads
Please use the singularity-ce-3.8.0.tar.gz download below to obtain and install SingularityCE 3.8.0. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.
Singularity 3.7.4
Singularity 3.7.4 is the most recent stable release of Singularity prior to Sylabs' fork from github.com/hpcng/singularity which will take effect from the SingularityCE 3.8.0 onward.
This is a security release that has been coordinated with HPCng. We recommend all users upgrade to this version.
The downloads provided here are identical to those provided at https://github.com/hpcng/singularity/releases/tag/v3.7.4
This release is provided for convenience to users arriving from outdated links. Future releases posted here will be made from the code-base of this Sylabs fork.
Security Related Fixes
CVE-2021-32635: Due to incorrect use of a default URL, singularity action commands (run/shell/exec) specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint (cloud.sylabs.io) rather than the configured remote endpoint. An attacker may be able to push a malicious container to the default remote endpoint with a URI that is identical to the URI used by a victim with a non-default remote endpoint, thus executing the malicious container.
Please see the published security advisory at github.com/sylabs/singularity/security/advisories for further detail.
Thanks / Reporting Bugs
Thanks to our contributors for code, feedback and, testing efforts!
As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new
If you think that you've discovered a security vulnerability please report it to: security@sylabs.io
Have fun!
Downloads
Please use the singularity-3.7.4.tar.gz download below to obtain and install Singularity 3.7.4. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.
SingularityCE 3.8.0 Release Candidate 2
Replaced by the 3.8.0 release: https://github.com/sylabs/singularity/releases/tag/v3.8.0
SingularityCE 3.8.0 Release Candidate 1
Replaced by RC2: https://github.com/sylabs/singularity/releases/tag/v3.8.0-rc.2
Singularity 3.7.3
Singularity 3.7.3 is the previous stable release of Singularity prior to Sylabs' fork from github.com/hpcng/singularity
The downloads provided here are identical to those provided at https://github.com/hpcng/singularity/releases/tag/v3.7.3
This release is provided for convenience to users arriving from outdated links. Future releases posted here will be made from the code-base of this Sylabs fork.
Singularity 3.7.3 is a security release. We recommend all users upgrade to this version.
Security Related Fixes
CVE-2021-29136: A dependency used by Singularity to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." (or "/"), when running as root. This vulnerability affects a singularity build or singularity pull as root, from a docker or OCI source, as well as the implicit build to SIF that occurs through root use of run/exec/shell against a malicious docker/OCI image URI.
Thanks / Reporting Bugs
Thanks to our contributors for code, feedback and, testing efforts!
As always, please report any bugs to: https://github.com/hpcng/singularity/issues/new
If you think that you've discovered a security vulnerability please report it to: security@sylabs.io
Have fun!
Downloads
Please use the singularity-3.7.3.tar.gz download below to obtain and install Singularity 3.7.3. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.