Skip to content

Releases: apptainer/singularity

Singularity 3.8.7

17 Mar 05:04
c6dcd5c
Compare
Choose a tag to compare

Bug fixes

  • Correct library bindings for unsquashfs containment. Fixes errors where resolved library filename does not match library filename in binary (e.g. EL8, POWER9 with glibc-hwcaps).
  • Remove python as a dependency of the debian package.
  • Increased the TLS Handshake Timeout for the busybox bootstrap agent in build definition files to 60 seconds.
  • Preload NSS libraries prior to mountspace name creation to avoid circumstances that can cause loading those libraries from the container image instead of the host, for example in the startup environment.

Singularity 3.8.6

09 Feb 02:01
e6433fa
Compare
Choose a tag to compare

Changed behaviours and bug fixes

  • Update builds to require at least golang version 1.16.12, and update package builds to build the go toolchain from source if the provided version is too old.
  • Auto-generate release assets including the distribution tarball and rpm (built on CentOS 7) and deb (built on Debian 11) x86_64 packages.
  • Update dependency to correctly unset variables in container startup environment processing. Fixes regression introduced in singularity-3.8.5.
  • Remove subshell overhead when processing large environments on container startup.
  • make install now installs man pages. A separate make man is not required. As a consequence, man pages are now included in deb packages.

Singularity 3.8.5

29 Nov 19:36
6177403
Compare
Choose a tag to compare

Security Related Fixes

  • CVE-2021-41190 / GHSA-77vh-xpmg-72qh:
    OCI specifications allow ambiguous documents that contain both "manifests"
    and "layers" fields. Interpretation depends on the presence / value of a
    Content-Type header. Dependencies handling the retrieval of OCI images
    have been updated to versions that reject ambiguous documents.

Changed defaults / behaviours

  • Building Singularity from source requires go >=1.16. We now aim to support
    the two most recent stable versions of Go. This corresponds to the Go
    Release Maintenance Policy and Security Policy,
    ensuring critical bug fixes and security patches are available for all supported language
    versions. However, rpm packaging applies a patch to support older native
    go installations.

Bug fixes

  • Sourcing a script based on PATH is now permitted, fixing a regression introduced in 3.6.0.
  • Environment variables in container definition files are properly scoped, fixing a regression introduced in 3.8.0.

Singularity 3.8.4

09 Nov 20:44
08f85b3
Compare
Choose a tag to compare

Bug Fixes

  • Fix the oras contexts to avoid hangs upon failed pushes to Harbor registry.

Enhancements

  • Added seccomp, cryptsetup, devscripts & correct go version test to debian packaging.

Singularity 3.8.3

08 Sep 05:06
4a18984
Compare
Choose a tag to compare

Bug Fixes

  • Fix regression introduced in 3.8.1 that caused bind mounts without a destination to be added twice.

Singularity 3.8.2

01 Sep 06:18
ee8f485
Compare
Choose a tag to compare

Bug Fixes

  • Fix regression when files sourced from %environment contain \ escaped shell builtins (fixes issue with source of conda profile.d script).
  • singularity delete will use the correct library service when the hostname is specified in the library:// URI.
  • singularity build will use the correct library service when the hostname is specified in the library:// URI / definition file.
  • Call debootstrap with correct Debian arch when it is not identical to the value of runtime.GOARCH. E.g. ppc64el -> ppc64le.
  • When destination is ommitted in %files entry in definition file, ensure globbed files are copied to correct resolved path.
  • Return an error if --tokenfile used for remote login to an OCI registry, as this is not supported.
  • Ensure repeated remote login to same URI does not create duplicate entries in ~/.singularity/remote.yaml.
  • Properly escape single quotes in Docker CMD / ENTRYPOINT translation.
  • Use host uid when choosing unsquashfs flags, to avoid selinux xattr errors with --fakeroot on non-EL/Fedora distributions with recent squashfs-tools.
  • Updated the modified golang-x-crypto module with the latest upstream version.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/hpcng/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: [email protected].

Have fun!

Downloads

Please use the singularity-3.8.2.tar.gz download below to obtain and install Singularity 3.8.2. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Singularity 3.8.1

16 Aug 17:03
043aa06
Compare
Choose a tag to compare

Bug Fixes

  • Allow escaped \$ in a SINGULARITYENV_ var to set a literal $ in a container env var. Also allow escaped commas and colons in the source bind path.
  • Handle absolute symlinks correctly in multi-stage build %copy from blocks.
  • Fix incorrect reference in sandbox restrictive permissions warning.
  • Prevent garbage collection from closing the container image file descriptor.
  • Update to Arch Linux pacman.conf URL and remove file size verification.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/hpcng/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: [email protected].

Have fun!

Downloads

Please use the singularity-3.8.1.tar.gz download below to obtain and install Singularity 3.8.1. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Singularity 3.8.0

15 Jun 20:47
Compare
Choose a tag to compare

Changed defaults / behaviours

⚠️ Go module was renamed from github.com/sylabs/singularity to github.com/hpcng/singularity

New features / functionalities

  • A new overlay command allows creation and addition of writable overlays.
  • Administrators can allow named users/groups to use specific CNI network configurations. Managed by directives in singularity.conf.
  • The build command now honors --nv, --rocm, and --bind flags, permitting builds that require GPU access or files bound in from the host.
  • A library service hostname can be specified as the first component of a library:// URL.
  • Singularity is now relocatable for unprivileged installations only.

Bug Fixes

  • Respect http proxy server environment variables in key operations.
  • When pushing SIF images to oras:// endpoints, work around Harbor & GitLab failure to accept the SifConfigMediaType.
  • Avoid a setfsuid compilation warning on some gcc versions.
  • Fix a crash when silent/quiet log levels used on pulls from shub:// and http(s):// URIs.
  • Wait for dm device to appear when mounting an encrypted container rootfs.
  • Accommodate ppc64le pageSize in TestCgroups and disable -race.
  • Fix Debian packaging.

Testing / Development

Testing changes are not generally itemized. However, developers and contributors should note that this release has modified the behavior of make test for ease of use:

  • make test runs limited unit and integration tests that will not require docker hub credentials.
  • make testall runs the full unit/integration/e2e test suite that requires docker credentials to be set with E2E_DOCKER_USERNAME and E2E_DOCKER_PASSWORD environment variables.

Singularity 3.8.0 Release Candidate 2

26 May 18:06
0dfc07b
Compare
Choose a tag to compare

Singularity 3.7.4

26 May 17:25
2ae1fa2
Compare
Choose a tag to compare

Singularity 3.7.4 is a security release. We recommend all users upgrade to this version.

Security Related Fixes

  • CVE-2021-32635: Due to incorrect use of a default URL, singularity action commands (run/shell/exec) specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint (cloud.sylabs.io) rather than the configured remote endpoint. An attacker may be able to push a malicious container to the default remote endpoint with a URI that is identical to the URI used by a victim with a non-default remote endpoint, thus executing the malicious container.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/hpcng/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: [email protected].

Have fun!

Downloads

Please use the singularity-3.7.4.tar.gz download below to obtain and install Singularity 3.7.4. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.