SingularityCE 3.8.3

This is a bugfix release of SingularityCE, the Community Edition of the Singularity container runtime hosted at https://github.com/sylabs/singularity. Documentation is available at https://sylabs.io/docs/.

Bug fixes

• Fix regression when files sourced from %environment contain \ escaped shell builtins (fixes issue with source of conda profile.d script).

Additional changes include dependency updates for the SIF module (to v2.0.0), and migration to maintained versions of other modules. There is no change to functionality, on-disk SIF format etc.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Please use the singularity-ce-3.8.3.tar.gz download below to obtain and install SingularityCE 3.8.3. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

SingularityCE 3.8.2

This is a bugfix release of SingularityCE, the Community Edition of the Singularity container runtime hosted at https://github.com/sylabs/singularity. Documentation is available at https://sylabs.io/docs/.

Bug Fixes

• singularity delete will use the correct library service when the hostname is specified in the library:// URI.
• singularity build will use the correct library service when the hostname is specified in the library:// URI / definition file.
• Fix download of default pacman.conf in arch bootstrap.
• Call debootstrap with correct Debian arch when it is not identical to the value of runtime.GOARCH. E.g. ppc64el -> ppc64le.
• When destination is ommitted in %files entry in definition file, ensure globbed files are copied to correct resolved path.
• Return an error if --tokenfile used for remote login to an OCI registry, as this is not supported.
• Ensure repeated remote login to same URI does not create duplicate entries in ~/.singularity/remote.yaml.
• Avoid panic when mountinfo line has a blank field.
• Properly escape single quotes in Docker CMD / ENTRYPOINT translation.
• Use host uid when choosing unsquashfs flags, to avoid selinux xattr errors with --fakeroot on non-EL/Fedora distributions with recent squashfs-tools.

Additionally, dependencies have been updated and some testing changes have been applied.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Please use the singularity-ce-3.8.2.tar.gz download below to obtain and install SingularityCE 3.8.2. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

SingularityCE 3.8.1

This is a patch release of SingularityCE, the Community Edition of the Singularity container runtime hosted at https://github.com/sylabs/singularity. Documentation is available at https://sylabs.io/docs/.

Bug Fixes

• Allow escaped \$ in a SINGULARITYENV_ var to set a literal $ in a container env var.
• Handle absolute symlinks correctly in multi-stage build %copy from blocks.
• Fix incorrect reference in sandbox restrictive permissions warning.

Additionally, dependencies have been updated and some testing & markdown file changes have been applied.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Please use the singularity-ce-3.8.1.tar.gz download below to obtain and install SingularityCE 3.8.1. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

SingularityCE 3.8.0

This is the first release of SingularityCE 3.8.0, the Community Edition of the Singularity container runtime hosted at https://github.com/sylabs/singularity. Documentation is available at https://sylabs.io/docs/

Changed defaults / behaviours

• The package name for this release is now singularity-ce. This name is used for the source tarball, output of an rpmbuild, and displayed in --version information.
• The name of the top level directory in the source tarball from make dist now includes the version string.

New features / functionalities

• A new overlay command allows creation and addition of writable overlays.
• Administrators can allow named users/groups to use specific CNI network configurations. Managed by directives in singularity.conf.
• The build command now honors --nv, --rocm, and --bind flags, permitting builds that require GPU access or files bound in from the host.
• A library service hostname can be specified as the first component of a library:// URL.
• Singularity is now relocatable for unprivileged installations only.

Bug Fixes

• Respect http proxy server environment variables in key operations.
• When pushing SIF images to oras:// endpoints, work around Harbor & GitLab failure to accept the SifConfigMediaType.
• Avoid a setfsuid compilation warning on some gcc versions.
• Fix a crash when silent/quiet log levels used on pulls from shub:// and http(s):// URIs.
• Wait for dm device to appear when mounting an encrypted container rootfs.

Testing / Development

Testing changes are not generally itemized. However, developers and contributors should note that this release has modified the behavior of make test for ease of use:

• make test runs limited unit and integration tests that will not require docker hub credentials.
• make testall runs the full unit/integration/e2e test suite that requires docker credentials to be set with E2E_DOCKER_USERNAME and E2E_DOCKER_PASSWORD environment variables.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Please use the singularity-ce-3.8.0.tar.gz download below to obtain and install SingularityCE 3.8.0. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Singularity 3.7.4

Singularity 3.7.4 is the most recent stable release of Singularity prior to Sylabs' fork from github.com/hpcng/singularity which will take effect from the SingularityCE 3.8.0 onward.

This is a security release that has been coordinated with HPCng. We recommend all users upgrade to this version.

The downloads provided here are identical to those provided at https://github.com/hpcng/singularity/releases/tag/v3.7.4

This release is provided for convenience to users arriving from outdated links. Future releases posted here will be made from the code-base of this Sylabs fork.

---

Security Related Fixes

CVE-2021-32635: Due to incorrect use of a default URL, singularity action commands (run/shell/exec) specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint (cloud.sylabs.io) rather than the configured remote endpoint. An attacker may be able to push a malicious container to the default remote endpoint with a URI that is identical to the URI used by a victim with a non-default remote endpoint, thus executing the malicious container.

Please see the published security advisory at github.com/sylabs/singularity/security/advisories for further detail.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Please use the singularity-3.7.4.tar.gz download below to obtain and install Singularity 3.7.4. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

SingularityCE 3.8.0 Release Candidate 2

Replaced by the 3.8.0 release: https://github.com/sylabs/singularity/releases/tag/v3.8.0

SingularityCE 3.8.0 Release Candidate 1

Replaced by RC2: https://github.com/sylabs/singularity/releases/tag/v3.8.0-rc.2

Singularity 3.7.3

Singularity 3.7.3 is the previous stable release of Singularity prior to Sylabs' fork from github.com/hpcng/singularity

The downloads provided here are identical to those provided at https://github.com/hpcng/singularity/releases/tag/v3.7.3

This release is provided for convenience to users arriving from outdated links. Future releases posted here will be made from the code-base of this Sylabs fork.

---

Singularity 3.7.3 is a security release. We recommend all users upgrade to this version.

Security Related Fixes

CVE-2021-29136: A dependency used by Singularity to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." (or "/"), when running as root. This vulnerability affects a singularity build or singularity pull as root, from a docker or OCI source, as well as the implicit build to SIF that occurs through root use of run/exec/shell against a malicious docker/OCI image URI.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/hpcng/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Please use the singularity-3.7.3.tar.gz download below to obtain and install Singularity 3.7.3. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.