Skip to content

Releases: sylabs/singularity

SingularityCE 4.2.2

20 Dec 15:48
cf0f9a3
Compare
Choose a tag to compare

SingularityCE 4.2.2 is a bugfix release in the 4.2 series.

Bug Fixes

  • Fix regression from 4.1.5 that overwrites source image runscript, environment etc. in build from local image.
  • Fall back to $TMPDIR as singularity-buildkitd root directory if ~/.singularity is on a filesystem that does not fully support overlay.
  • Add more intuitive error message for rootless build --oci when required XDG_RUNTIME_DIR env var is not set.
  • Avoid error in CNI network setup with newer versions of iptables that include a setuid caller check.

New Features & Functionality

  • In OCI-Mode, accommodate systems configured so that they do not create a /run/user session directory. OCI-Mode will now attempt to use $TMPDIR/singularity-oci-<uid> for runtime state on systems where $XDG_RUNTIME_DIR is not set and the default user session path of /run/user/<uid> does not exist. Note that the $TMPDIR/singularity-oci-<uid> directory is shared between concurrent --oci mode invocations, and will not be removed on exit - an empty directory will remain.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Source Code

Please use the singularity-ce-4.2.2.tar.gz download below to obtain and install SingularityCE 4.2.2. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Packages

RPM / DEB packages are provided for:

  • Ubuntu 20.04 (focal)
  • Ubuntu 22.04 (jammy)
  • Ubuntu 24.04 (noble)
  • RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
  • RHEL/CentOS/AlmaLinux/Rocky 9 (el9)

These packages were built with Go 1.23.4

SingularityCE 4.2.1

13 Sep 15:57
2723ab6
Compare
Choose a tag to compare

SingularityCE 4.2.1 is a bugfix release in the 4.2 series.

Bug Fixes

  • Fix regression that led to an empty shell field in the /etc/passwd file.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Source Code

Please use the singularity-ce-4.2.1.tar.gz download below to obtain and install SingularityCE 4.2.1. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Packages

RPM / DEB packages are provided for:

  • Ubuntu 20.04 (focal)
  • Ubuntu 22.04 (jammy)
  • Ubuntu 24.04 (noble)
  • RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
  • RHEL/CentOS/AlmaLinux/Rocky 9 (el9)

These packages were built with Go 1.22.7

SingularityCE 4.2.0

04 Sep 14:59
073fb24
Compare
Choose a tag to compare

SingularityCE 4.2.0 is the first release in the 4.2 series, including various new features.

New Features & Functionality

  • It is now possible to use multiple environment variable files using the --env-file flag, files can be specified as a comma-separated list or by using the flag multiple times. Variables defined in later files take
    precedence.
  • singularity.conf now accepts setting new options regarding namespaces:
    • allow ipc ns : disable the use of the --ipc flag.
    • allow user ns : disable creation of user namespaces. This will prevent execution of containers with the --userns or --fakeroot flags, and unprivileged installations of SingularityCE.
    • allow uts ns : invalidate the use of the --uts and --hostname flags.
  • A new singularity data package command allows files and directories to be packaged into an OCI-SIF data container.
  • A new --layer-format flag for singularity push allows layers in an OCI-SIF image to be pushed to library:// and docker:// registries in squashfs (default) or tar format. Images pushed with --layer-format tar can be pulled and run by other OCI runtimes.
  • A writable overlay can be added to an OCI-SIF file with the singularity overlay create command. The overlay will be applied read-only, by default, when executing the OCI-SIF. To write changes to the container into the overlay, use the --writable flag.
  • A writable overlay is added to an OCI-SIF file as an ext3 format layer, appended to the encapsulated OCI image. After the overlay has been modified, use the singularity overlay sync command to synchronize the OCI digests with the overlay content.
  • A new singularity overlay seal command converts a writable overlay inside an OCI-SIF image into a read-only squashfs layer. This seals changes made to the image via the overlay, so that they are permanent.
  • Added a new instance run command that will execute the runscript when an instance is initiated instead of executing the startscript.
  • The new --netns-path flag takes a path to a network namespace to join when starting a container. The root user may join any network namespace. An unprivileged user can only join a network namespace specified in the new allowed netns paths directive in singularity.conf, if they are also listed in allowed net users / allowed net groups. Not currently supported with --fakeroot, or in --oci mode.

Requirements

  • Requires a minimum of Go 1.21.5 to build due to dependency updates.
  • OCI-SIF embedded writable overlay functionality requires fuse2fs >= 1.46.6.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Source Code

Please use the singularity-ce-4.2.0.tar.gz download below to obtain and install SingularityCE 4.2.0. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Packages

RPM / DEB packages are provided for:

  • Ubuntu 20.04 (focal)
  • Ubuntu 22.04 (jammy)
  • Ubuntu 24.04 (noble)
  • RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
  • RHEL/CentOS/AlmaLinux/Rocky 9 (el9)

These packages were built with Go 1.22.6

SingularityCE 4.1.5

14 Aug 15:02
bd9dab5
Compare
Choose a tag to compare

SingularityCE 4.1.5 is a patch release in the 4.1 series, including various bug fixes.

Bug Fixes

  • Fix fall-back to temporary sandbox rootfs bundle in OCI-Mode for OCI URIs (docker://) etc.
  • Fix confusing error messages / incorrect fall-back attempt when explicit execution of an OCI-SIF fails.
  • Fix failing builds from local images that have symbolic links for paths that are part of the base container environment (e.g. /var/tmp -> /tmp).
  • Fix issue where --platform / --arch did not apply when pulling an OCI image to native SIF via image manifest, rather than image index.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Source Code

Please use the singularity-ce-4.1.5.tar.gz download below to obtain and install SingularityCE 4.1.5. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Packages

RPM / DEB packages are provided for:

  • Ubuntu 20.04 (focal)
  • Ubuntu 22.04 (jammy)
  • Ubuntu 24.04 (noble)
  • RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
  • RHEL/CentOS/AlmaLinux/Rocky 9 (el9)

These packages were built with Go 1.22.6

v4.2.0-rc.1

13 Aug 09:39
aad1afe
Compare
Choose a tag to compare
v4.2.0-rc.1 Pre-release
Pre-release

This is the first release candidate for the upcoming 4.2 series of SingularityCE. We welcome all feedback and testing. Please continue to use the latest 4.1 release for production systems.

New Features & Functionality

  • It is now possible to use multiple environment variable files using the --env-file flag, files can be specified as a comma-separated list or by using the flag multiple times. Variables defined in later files take precedence.
  • singularity.conf now accepts setting new options regarding namespaces:
    • allow ipc ns : disable the use of the --ipc flag.
    • allow user ns : disable creation of user namespaces. This will prevent execution of containers with the --userns or --fakeroot flags, and unprivileged installations of SingularityCE.
    • allow uts ns : invalidate the use of the --uts and --hostname flags.
  • A new singularity data package command allows files and directories to be packaged into an OCI-SIF data container.
  • A new --layer-format flag for singularity push allows layers in an OCI-SIF image to be pushed to library:// and docker:// registries in squashfs (default) or tar format. Images pushed with --layer-format tar can be pulled and run by other OCI runtimes.
  • A writable overlay can be added to an OCI-SIF file with the singularity overlay create command. The overlay will be applied read-only, by default, when executing the OCI-SIF. To write changes to the container into the overlay, use the --writable flag.
  • A writable overlay is added to an OCI-SIF file as an ext3 format layer, appended to the encapsulated OCI image. After the overlay has been modified, use the singularity overlay sync command to synchronize the OCI digests with the overlay content.
  • A new singularity overlay seal command converts a writable overlay inside an OCI-SIF image into a read-only squashfs layer. This seals changes made to the image via the overlay, so that they are permanent.
  • Added a new instance run command that will execute the runscript when an instance is initiated instead of executing the startscript.
  • The new --netns-path flag takes a path to a network namespace to join when starting a container. The root user may join any network namespace. An unprivileged user can only join a network namespace specified in the new allowed netns paths directive in singularity.conf, if they are also listed in allowed net users / allowed net groups. Not currently supported with --fakeroot, or in --oci mode.

Bug Fixes

  • Fix fall-back to temporary sandbox rootfs bundle in OCI-Mode for OCI URIs (docker://) etc.
  • Fix confusing error messages / incorrect fall-back attempt when explicit execution of an OCI-SIF fails.
  • Fix failing builds from local images that have symbolic links for paths that are part of the base container environment (e.g. /var/tmp -> /tmp).
  • Fix issue where --platform / --arch did not apply when pulling an OCI image to native SIF via image manifest, rather than image index.

Requirements

  • Requires a minimum of Go 1.21.5 to build due to dependency updates.
  • OCI-SIF embedded writable overlay functionality requires fuse2fs >= 1.46.6.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Source Code

Please use the singularity-ce-4.2.0-rc.1.tar.gz download below to obtain and install SingularityCE 4.2.0-rc.1. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Packages

RPM / DEB packages are provided for:

  • Ubuntu 20.04 (focal)
  • Ubuntu 22.04 (jammy)
  • Ubuntu 24.04 (noble)
  • RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
  • RHEL/CentOS/AlmaLinux/Rocky 9 (el9)

These packages were built with Go 1.22.6

SingularityCE 4.1.4

28 Jun 15:48
65106af
Compare
Choose a tag to compare

SingularityCE 4.1.4 is a patch release in the 4.1 series, including various bug fixes.

Bug Fixes

  • Use ABI 3 for Apparmor profile on Ubuntu <23.10.
  • Avoid unnecessary copying / extraction of OCI images and Docker tarballs into a layout directory when they are directly accessible as a local file / directory.
  • Avoid unnecessary intermediate temporary image layout when building from Dockerfile to OCI-SIF.
  • %files from in a definition file will now correctly copy symlinks that point to a target above the destination directory, but inside the destination stage rootfs.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Source Code

Please use the singularity-ce-4.1.4.tar.gz download below to obtain and install SingularityCE 4.1.4. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Packages

RPM / DEB packages are provided for:

  • Ubuntu 20.04 (focal)
  • Ubuntu 22.04 (jammy)
  • Ubuntu 24.04 (noble)
  • RHEL/CentOS 7 (el7)
  • RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
  • RHEL/CentOS/AlmaLinux/Rocky 9 (el9)

These packages were built with Go 1.22.4

SingularityCE 4.1.3

08 May 13:52
53e19ae
Compare
Choose a tag to compare

SingularityCE 4.1.3 is a patch release in the 4.1 series, including various bug fixes.

Packages provided with this release now include a .deb for Ubuntu 24.04 (noble).

Requirements

  • Requires a minimum of Go 1.21 to build. Go 1.20 is end-of-life.

Note - compilation with Go 1.22 currently causes an issue when using the PID namespace on distributions using older versions of glibc. We recommend using Go 1.21 at this time.

Bug Fixes

  • Set default PATH in container run in OCI-Mode when image does not set PATH.
  • Fix storage of credentials for docker.io to behave the same as for index.docker.io.
  • Improve documentation for remote list command.
  • Don't fail with lack of descriptor capacity when writing OCI images with many layers to OCI-SIF.
  • Ensure a fixed number of spare descriptors is present in the OCI-SIF when pulling an OCI image.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Source Code

Please use the singularity-ce-4.1.3.tar.gz download below to obtain and install SingularityCE 4.1.3. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Packages

RPM / DEB packages are provided for:

  • Ubuntu 20.04 (focal)
  • Ubuntu 22.04 (jammy)
  • Ubuntu 24.04 (noble)
  • RHEL/CentOS 7 (el7)
  • RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
  • RHEL/CentOS/AlmaLinux/Rocky 9 (el9)

These packages were built with Go 1.21.10

SingularityCE 4.1.2

05 Mar 16:15
c6d148a
Compare
Choose a tag to compare

SingularityCE 4.1.2 is a patch release in the 4.1 series, including various bug fixes.

Bug Fixes

  • Set OCI runtime-spec annotations that are required by the documented image-spec conversion process.
  • In --oci mode always set inner ID map based on host user, not USER in OCI container. Fixes incorrect permissions for files owned by USER in the container.
  • Provide warning / info message for OCI image-spec features (volumes, exposed ports) that are not supported by singularity.
  • Honor WORKDIR by default for OCI images in --oci mode, as required by OCI image-spec.
  • Restore previous --writable behaviour when running a container image from SIF/SquashFS in user namepace mode. The image will be extracted to a temporary sandbox, which is writable at runtime. Note that any changes are not made to the original image.
  • Fix target: no such file or directory error in native mode when extracting layers from certain OCI images that manipulate hard links across layers.
  • Fix extraction of OCI layers when run in a root mapped user namespace (e.g.. unshare -r).
  • Use user namespace for wrapping of unsquashfs when singularity is run with --userns / -uflag. Fixes temporary sandbox extraction of images in non-root mapped user namespace (e.g.unshare -c`).

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Source Code

Please use the singularity-ce-4.1.2.tar.gz download below to obtain and install SingularityCE 4.1.2. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Packages

RPM / DEB packages are provided for:

  • Ubuntu 20.04 (focal)
  • Ubuntu 22.04 (jammy)
  • RHEL/CentOS 7 (el7)
  • RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
  • RHEL/CentOS/AlmaLinux/Rocky 9 (el9)

These packages were built with Go 1.21.7

SingularityCE 4.1.1

01 Feb 11:42
6be0318
Compare
Choose a tag to compare

SingularityCE 4.1.1 is a patch release in the 4.1 series, including security and bug fixes.

Security Related Fixes

  • Update github.com/moby/buildkit dependency, used for --oci Dockerfile builds, addressing the following upstream CVEs:
    • CVE-2024-23650 Possible panic when incorrect parameters sent from frontend
    • CVE-2024-23651 Possible race condition with accessing subpaths from cache mounts.
    • CVE-2024-23652 Possible host system access from mount stub cleaner.
    • CVE-2024-23653 Interactive containers API does not validate entitlements check.

Note also that in OCI-Mode, SingularityCE may call out to runc versions vulnerable to CVE-2024-21626. runc is not bundled with SingularityCE, and should be updated via your Linux distribution's package manager, or manually.

Bug Fixes

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Source Code

Please use the singularity-ce-4.1.1.tar.gz download below to obtain and install SingularityCE 4.1.1. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Packages

RPM / DEB packages are provided for:

  • Ubuntu 20.04 (focal)
  • Ubuntu 22.04 (jammy)
  • RHEL/CentOS 7 (el7)
  • RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
  • RHEL/CentOS/AlmaLinux/Rocky 9 (el9)

These packages were built with Go 1.21.6

SingularityCE 4.1.0

25 Jan 13:50
fa76f54
Compare
Choose a tag to compare

SingularityCE 4.1.0 is the first release in the 4.1 series, introducing Dockerfile builds, multi-layer OCI-SIF images, and many other improvements. See the release notes below, and the user and admin guides for more information:

Changed defaults / behaviours

  • --oci mode containers and native mode instances can now be successfully started as a non-root user on cgroups v2 systems when both:

    • The system configuration / environment does not provide the correct information necessary to communicate with systemd via dbus.
    • Resource limits (e.g. --cpus) have not been requested.

    The container / instance will be started in the current cgroup, and information about the configuration issue displayed to the user as warnings.

  • In native mode, SIF/SquashFS container images will now be mounted with squashfuse when kernel mounts are disabled in singularity.conf, or cannot be used (non-setuid / user namespace workflow). If the FUSE mount fails, Singularity will fall back to extracting the container to a temporary sandbox in order to run it.

  • In native mode, bare extfs container images will now be mounted with fuse2fs when kernel mounts are disabled in singularity.conf, or cannot be used (non-setuid / user namespace workflow).

New Features & Functionality

  • The registry login and registry logout commands now support a --authfile <path> flag, which causes the OCI credentials to be written to / removed from a custom file located at <path> instead of the default location ($HOME/.singularity/docker-config.json). The commands pull, push, run, exec, shell, and instance start can now also be passed a --authfile <path> option, to read OCI registry credentials from this custom file.
  • A new --keep-layers flag, for the pull and run/shell/exec/instance startcommands, allows individual layers to be preserved when an OCI-SIF image is created from an OCI source. Multi layer OCI-SIF images can be run with SingularityCE 4.1 and later.
  • Singularity will now build OCI-SIF images from Dockerfiles, if the --oci flag is used with the build command. Provide a Dockerfile as the final argument to build, instead of a Singularity definition (.def) file. Supports --build-arg / --build-arg-file options, --arch for cross-architecture builds, --authfile and other authentication options, and more. See the user guide for more information.
  • Docker-style SCIF containers (https://sci-f.github.io/tutorial-preview-install) are now supported. If the entrypoint of an OCI container is the scif executable, then the run / exec / shell commands in --oci mode can be given the --app <appname> flag, and will automatically invoke the relevant SCIF command.
  • A new --tmp-sandbox flag has been added to the run / shell / exec / instance start commands. This will force Singularity to extract a container to a temporary sandbox before running it, when it would otherwise perform a kernel or FUSE mount.

Bug Fixes

  • Added missing tmp sandbox directive to singularity.conf template.

Deprecated Functionality

  • The experimental --sif-fuse flag, and sif fuse directive in singularity.conf are deprecated. The flag and directive were used to enable experimental mounting of SIF/SquashFS container images with FUSE in prior versions of Singularity. From 4.1, FUSE mounts are used automatically when kernel mounts are disabled / not available.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Source Code

Please use the singularity-ce-4.1.0.tar.gz download below to obtain and install SingularityCE 4.1.0. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Packages

RPM / DEB packages are provided for:

  • Ubuntu 20.04 (focal)
  • Ubuntu 22.04 (jammy)
  • RHEL/CentOS 7 (el7)
  • RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
  • RHEL/CentOS/AlmaLinux/Rocky 9 (el9)

These packages were built with Go 1.21.6