Skip to content

SingularityCE 4.2.0
Compare
Choose a tag to compare
@dtrudg dtrudg released this 04 Sep 14:59
· 103 commits to main since this release
v4.2.0
073fb24
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

SingularityCE 4.2.0 is the first release in the 4.2 series, including various new features.

New Features & Functionality

  • It is now possible to use multiple environment variable files using the --env-file flag, files can be specified as a comma-separated list or by using the flag multiple times. Variables defined in later files take
    precedence.
  • singularity.conf now accepts setting new options regarding namespaces:
    • allow ipc ns : disable the use of the --ipc flag.
    • allow user ns : disable creation of user namespaces. This will prevent execution of containers with the --userns or --fakeroot flags, and unprivileged installations of SingularityCE.
    • allow uts ns : invalidate the use of the --uts and --hostname flags.
  • A new singularity data package command allows files and directories to be packaged into an OCI-SIF data container.
  • A new --layer-format flag for singularity push allows layers in an OCI-SIF image to be pushed to library:// and docker:// registries in squashfs (default) or tar format. Images pushed with --layer-format tar can be pulled and run by other OCI runtimes.
  • A writable overlay can be added to an OCI-SIF file with the singularity overlay create command. The overlay will be applied read-only, by default, when executing the OCI-SIF. To write changes to the container into the overlay, use the --writable flag.
  • A writable overlay is added to an OCI-SIF file as an ext3 format layer, appended to the encapsulated OCI image. After the overlay has been modified, use the singularity overlay sync command to synchronize the OCI digests with the overlay content.
  • A new singularity overlay seal command converts a writable overlay inside an OCI-SIF image into a read-only squashfs layer. This seals changes made to the image via the overlay, so that they are permanent.
  • Added a new instance run command that will execute the runscript when an instance is initiated instead of executing the startscript.
  • The new --netns-path flag takes a path to a network namespace to join when starting a container. The root user may join any network namespace. An unprivileged user can only join a network namespace specified in the new allowed netns paths directive in singularity.conf, if they are also listed in allowed net users / allowed net groups. Not currently supported with --fakeroot, or in --oci mode.

Requirements

  • Requires a minimum of Go 1.21.5 to build due to dependency updates.
  • OCI-SIF embedded writable overlay functionality requires fuse2fs >= 1.46.6.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: [email protected]

Have fun!

Downloads

Source Code

Please use the singularity-ce-4.2.0.tar.gz download below to obtain and install SingularityCE 4.2.0. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Packages

RPM / DEB packages are provided for:

  • Ubuntu 20.04 (focal)
  • Ubuntu 22.04 (jammy)
  • Ubuntu 24.04 (noble)
  • RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
  • RHEL/CentOS/AlmaLinux/Rocky 9 (el9)

These packages were built with Go 1.22.6

Assets 9
Loading
0 Join discussion