SingularityCE 3.8.0

This is the first release of SingularityCE 3.8.0, the Community Edition of the Singularity container runtime hosted at https://github.com/sylabs/singularity. Documentation is available at https://sylabs.io/docs/

Changed defaults / behaviours

• The package name for this release is now singularity-ce. This name is used for the source tarball, output of an rpmbuild, and displayed in --version information.
• The name of the top level directory in the source tarball from make dist now includes the version string.

New features / functionalities

• A new overlay command allows creation and addition of writable overlays.
• Administrators can allow named users/groups to use specific CNI network configurations. Managed by directives in singularity.conf.
• The build command now honors --nv, --rocm, and --bind flags, permitting builds that require GPU access or files bound in from the host.
• A library service hostname can be specified as the first component of a library:// URL.
• Singularity is now relocatable for unprivileged installations only.

Bug Fixes

• Respect http proxy server environment variables in key operations.
• When pushing SIF images to oras:// endpoints, work around Harbor & GitLab failure to accept the SifConfigMediaType.
• Avoid a setfsuid compilation warning on some gcc versions.
• Fix a crash when silent/quiet log levels used on pulls from shub:// and http(s):// URIs.
• Wait for dm device to appear when mounting an encrypted container rootfs.

Testing / Development

Testing changes are not generally itemized. However, developers and contributors should note that this release has modified the behavior of make test for ease of use:

• make test runs limited unit and integration tests that will not require docker hub credentials.
• make testall runs the full unit/integration/e2e test suite that requires docker credentials to be set with E2E_DOCKER_USERNAME and E2E_DOCKER_PASSWORD environment variables.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Please use the singularity-ce-3.8.0.tar.gz download below to obtain and install SingularityCE 3.8.0. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Singularity 3.7.4

Singularity 3.7.4 is the most recent stable release of Singularity prior to Sylabs' fork from github.com/hpcng/singularity which will take effect from the SingularityCE 3.8.0 onward.

This is a security release that has been coordinated with HPCng. We recommend all users upgrade to this version.

The downloads provided here are identical to those provided at https://github.com/hpcng/singularity/releases/tag/v3.7.4

This release is provided for convenience to users arriving from outdated links. Future releases posted here will be made from the code-base of this Sylabs fork.

---

Security Related Fixes

CVE-2021-32635: Due to incorrect use of a default URL, singularity action commands (run/shell/exec) specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint (cloud.sylabs.io) rather than the configured remote endpoint. An attacker may be able to push a malicious container to the default remote endpoint with a URI that is identical to the URI used by a victim with a non-default remote endpoint, thus executing the malicious container.

Please see the published security advisory at github.com/sylabs/singularity/security/advisories for further detail.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Please use the singularity-3.7.4.tar.gz download below to obtain and install Singularity 3.7.4. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

SingularityCE 3.8.0 Release Candidate 2

Replaced by the 3.8.0 release: https://github.com/sylabs/singularity/releases/tag/v3.8.0

SingularityCE 3.8.0 Release Candidate 1

Replaced by RC2: https://github.com/sylabs/singularity/releases/tag/v3.8.0-rc.2

Singularity 3.7.3

Singularity 3.7.3 is the previous stable release of Singularity prior to Sylabs' fork from github.com/hpcng/singularity

The downloads provided here are identical to those provided at https://github.com/hpcng/singularity/releases/tag/v3.7.3

This release is provided for convenience to users arriving from outdated links. Future releases posted here will be made from the code-base of this Sylabs fork.

---

Singularity 3.7.3 is a security release. We recommend all users upgrade to this version.

Security Related Fixes

CVE-2021-29136: A dependency used by Singularity to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." (or "/"), when running as root. This vulnerability affects a singularity build or singularity pull as root, from a docker or OCI source, as well as the implicit build to SIF that occurs through root use of run/exec/shell against a malicious docker/OCI image URI.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/hpcng/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Please use the singularity-3.7.3.tar.gz download below to obtain and install Singularity 3.7.3. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.