Singularity 3.8.0 Released

176 views
Skip to first unread message

Krishna Muriki

unread,
Jun 16, 2021, 3:14:15 AM6/16/21
to singu...@lbl.gov

Singularity 3.8.0 is now available

https://github.com/hpcng/singularity/releases/tag/v3.8.0

We are pleased to announce the release of Singularity 3.8.0. This is a new version of Singularity with new features, bug fixes, and other improvements detailed below. Please read the release notes below carefully. As always, please report any bugs to: https://github.com/hpcng/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to singularit...@hpcng.org.

Changed defaults/ behaviours


New features / functionalities


  • A new overlay command allows creation and addition of writable overlays.

  • Administrators can allow named users/groups to use specific CNI network configurations. Managed by directives in singularity.conf.

  • The build command now honors --nv, --rocm, and --bind flags, permitting builds that require GPU access or files bound in from the host.

  • A library service hostname can be specified as the first component of a library:// URL.

  • Singularity is now relocatable for unprivileged installations only.

Bug Fixes


  • Respect http proxy server environment variables in key operations.

  • When pushing SIF images to oras:// endpoints, work around Harbor & GitLab failure to accept the SifConfigMediaType.

  • Avoid a setfsuid compilation warning on some gcc versions.

  • Fix a crash when silent/quiet log levels used on pulls from shub:// and http(s):// URIs.

  • Wait for dm device to appear when mounting an encrypted container rootfs.
  • Accommodate ppc64le pageSize in TestCgroups and disable -race.
  • Fix Debian packaging.

Testing/Development

  • make test runs limited unit and integration tests that will not require docker hub credentials.

  • make testall runs the full unit/integration/e2e test suite that requires docker credentials to be set with E2E_DOCKER_USERNAME and E2E_DOCKER_PASSWORD environment variables.



Krishna Muriki

unread,
Aug 16, 2021, 6:45:32 PM8/16/21
to singu...@lbl.gov
Singularity 3.8.1 is now available

https://github.com/hpcng/singularity/releases/tag/v3.8.1

We are pleased to announce the release of Singularity 3.8.1. This is a new bug fix release over the last v3.8.0 release. Please read the release notes below carefully. As always, please report any bugs to: https://github.com/hpcng/singularity/issues/new


If you think that you've discovered a security vulnerability please report it to singularit...@hpcng.org.

Bug Fixes

  • Allow escaped \$ in a SINGULARITYENV_ var to set a literal $ in a container env var. Also allow escaped commas and colons in the source bind path.
  • Handle absolute symlinks correctly in multi-stage build %copy from blocks.
  • Fix incorrect reference in sandbox restrictive permissions warning.
  • Prevent garbage collection from closing the container image file descriptor.
  • Update to Arch Linux pacman.conf URL and remove file size verification.

Krishna Muriki

unread,
Sep 1, 2021, 2:27:58 PM9/1/21
to singu...@lbl.gov

Singularity 3.8.2 is now available

https://github.com/hpcng/singularity/releases/tag/v3.8.2

We are pleased to announce the release of Singularity 3.8.2. This is a new bug fix release over the last v3.8.1 release. Please read the release notes below carefully. As always, please report any bugs to: https://github.com/hpcng/singularity/issues/new


If you think that you've discovered a security vulnerability please report it to singularit...@hpcng.org.

Bug Fixes

  • Fix regression when files sourced from %environment contain \ escaped shell builtins (fixes issue with source of conda profile.d script).
  • singularity delete will use the correct library service when the hostname is specified in the library:// URI.
  • singularity build will use the correct library service when the hostname is specified in the library:// URI / definition file.
  • Call debootstrap with correct Debian arch when it is not identical to the value of runtime.GOARCH. E.g. ppc64el -> ppc64le.
  • When destination is ommitted in %files entry in definition file, ensure globbed files are copied to correct resolved path.
  • Return an error if --tokenfile used for remote login to an OCI registry, as this is not supported.
  • Ensure repeated remote login to same URI does not create duplicate entries in ~/.singularity/remote.yaml.
  • Properly escape single quotes in Docker CMD / ENTRYPOINT translation.
  • Use host uid when choosing unsquashfs flags, to avoid selinux xattr errors with --fakeroot on non-EL/Fedora distributions with recent squashfs-tools.
  • Updated the modified golang-x-crypto module with the latest upstream version.

Krishna Muriki

unread,
Nov 9, 2021, 6:55:28 PM11/9/21
to singu...@lbl.gov

Singularity 3.8.4 is now available

https://github.com/hpcng/singularity/releases/tag/v3.8.4

We are pleased to announce the release of Singularity 3.8.4. This is a minor release over the last v3.8.3 release. Please read the release notes below carefully. As always, please report any bugs to: https://github.com/hpcng/singularity/issues/new


If you think that you've discovered a security vulnerability please report it to singularit...@hpcng.org.

Bug Fixes

  • Fix the oras contexts to avoid hangs upon failed pushes to Harbor registry.

Enhancements

  • Added seccomp, cryptsetup, devscripts & correct go version test to debian packaging.

Krishna Muriki

unread,
Nov 29, 2021, 7:11:24 PM11/29/21
to singu...@lbl.gov

Singularity 3.8.5 is now available

https://github.com/hpcng/singularity/releases/tag/v3.8.5

We are pleased to announce the release of Singularity 3.8.5. This is a minor security release over the last v3.8.4 release. Please read the release notes below carefully. As always, please report any bugs to: https://github.com/hpcng/singularity/issues/new


If you think that you've discovered a security vulnerability please report it to singularit...@hpcng.org.

Security Related Fixes

  • CVE-2021-41190 / GHSA-77vh-xpmg-72qh:
    OCI specifications allow ambiguous documents that contain both "manifests"
    and "layers" fields. Interpretation depends on the presence / value of a
    Content-Type header. Dependencies handling the retrieval of OCI images
    have been updated to versions that reject ambiguous documents.

Changed defaults / behaviours

  • Building Singularity from source requires go >=1.16. We now aim to support
    the two most recent stable versions of Go. This corresponds to the Go
    Release Maintenance Policy and Security Policy,
    ensuring critical bug fixes and security patches are available for all supported language
    versions. However, rpm packaging applies a patch to support older native go installations.

Bug fixes

  • Sourcing a script based on PATH is now permitted, fixing a regression introduced in 3.6.0.
  • Environment variables in container definition files are properly scoped, fixing a regression introduced in 3.8.0.

Reply all
Reply to author
Forward
0 new messages