SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and secure.

Related tags

Security singularity
Overview

SingularityCE

CircleCI

SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and secure. Singularity is optimized for compute focused enterprise and HPC workloads, allowing untrusted users to run untrusted containers in a trusted way.

Check out talks about Singularity and some use cases of Singularity on our website.

Getting Started with SingularityCE

To install SingularityCE from source, see the installation instructions. For other installation options, see our guide.

System administrators can learn how to configure SingularityCE, and get an overview of its architecture and security features in the administrator guide.

For users, see the user guide for details on how to use and build Singularity containers.

Contributing to SingularityCE

Community contributions are always greatly appreciated. To start developing SingularityCE, check out the guidelines for contributing.

We also welcome contributions to our user guide and admin guide.

Support

To get help with SingularityCE, check out the community spaces detailed at our Community Portal.

See also our Support Guidelines for further information about the best place, and how, to raise different kinds of issues and questions.

For additional support, contact us to receive more information.

Citing Singularity

Kurtzer GM, Sochat V, Bauer MW (2017) Singularity: Scientific containers for mobility of compute. PLoS ONE 12(5): e0177459. https://doi.org/10.1371/journal.pone.0177459

We also have a Zenodo citation:

Kurtzer, Gregory M. et. al. Singularity - Linux application and environment
containers for science. 10.5281/zenodo.1310023

https://doi.org/10.5281/zenodo.1310023

This is an 'all versions' DOI. Follow the link to Zenodo to obtain a DOI specific to a particular version of Singularity.

License

Unless otherwise noted, this project is licensed under a 3-clause BSD license found in the license file.

Issues
  • Singularity Run Error under Docker Desktop for MacOS on Apple Silicon

    Singularity Run Error under Docker Desktop for MacOS on Apple Silicon

    Received an error running the following under Docker Desktop (3.5.2) for MacOS X (11.5.1) on Apple Silicon (MacBook Pro 13-inch, M1, 2020).

    docker run --privileged quay.io/singularity/singularity:v3.8.1 run docker://hello-world

    ERROR  : Failed to spawn stage 1
    

    However, have been successful with the following.

    docker run quay.io/singularity/singularity:v3.8.1 --version

    singularity-ce version 3.8.1
    

    Is anyone else able to reproduce this error?

    wontfix arm64 
    opened by matthewparkinsondes 20
  • Hang / freeze when failing to push to Harbor oras registry

    Hang / freeze when failing to push to Harbor oras registry

    Version of Singularity

    $ singularity version
    3.8.0
    

    Describe the bug Singularity 3.8.0 (both CE and forks) fail to catch & handle the error case where a .sif fails to push to Harbor.

    sif images continue to be pushed using oras (see below ticket)

    Relates to https://github.com/hpcng/singularity/issues/5691

    To Reproduce Steps to reproduce the behavior:

    Have Harbor 2.2+ with OIDC (not username+password auth)

    rm -rf $HOME/.singularity
    
    singularity login -u <user> -p <harbor CLI secret> oras://your.harbor.instance
    
    singularity -d push $HOME/alpine_latest.sif oras://your.harbor.instance/test/alpine:latest
    DEBUG   [U=1000,P=18264]   persistentPreRun()            Singularity version: 3.8.0
    DEBUG   [U=1000,P=18264]   persistentPreRun()            Parsing configuration file /usr/local/etc/singularity/singularity.conf
    DEBUG   [U=1000,P=18264]   handleConfDir()               /home/dsouthwi/.singularity already exists. Not creating.
    DEBUG   [U=1000,P=18264]   handleRemoteConf()            Ensuring file permission of 0600 on /home/dsouthwi/.singularity/remote.yaml
    DEBUG   [U=1000,P=18264]   Init()                        Image format detection
    DEBUG   [U=1000,P=18264]   Init()                        Check for sandbox image format
    DEBUG   [U=1000,P=18264]   Init()                        sandbox format initializer returned: not a directory image
    DEBUG   [U=1000,P=18264]   Init()                        Check for sif image format
    DEBUG   [U=1000,P=18264]   Init()                        sif image format detected
    DEBUG   [U=1000,P=18264]   UploadImage()                 ORAS push not accepted, retrying without config for registry compatibility
    
    <wait 1-1000 minutes>
     
    ^CDEBUG   [U=1000,P=18264]   func2()                       User requested cancellation with interrupt
    ^C^C^C^C^C^C^C^C^C^C^C^C
    

    program has froze/locked & unresponsive to interrupts. Reboot your session or machine.

    Expected behavior Ideally, pushing to oras harbor registry successfully. If you do fail, at least timeout or something. Anything but locking up the session.

    OS / Linux Distribution Which Linux distribution are you using? fails on centos/ubuntu/rhel in the same way.

    Installation Method bug present for both source build and RPM (EPEL, fedora, etc)

    bug needs investigation 
    opened by dcsouthwick 18
  • unsquashfs failing on CentOS7 compiled --without-suid and conda install of unsquashfs

    unsquashfs failing on CentOS7 compiled --without-suid and conda install of unsquashfs

    Version of Singularity What version of Singularity are you using? Run:

    $ singularity --version
    singularity-ce version 3.10.0
    

    Describe the bug singularity installed as unprivileged user to NFS share on CentOS7 fails while running post install test.

    edit: However, when installed as root into local filesystem the test succeeds.

    To Reproduce Steps to reproduce the behavior:

    singularity -d exec library://alpine cat /etc/alpine-release
    ...
    INFO    [U=1232,P=26117]   extractImage()                Converting SIF file to temporary sandbox...
    DEBUG   [U=1232,P=26117]   findFromConfigOrPath()        Using "unsquashfs" at "/n/projects/mec/local/miniconda3/envs/singularity-ce/bin/unsquashfs" (from singularity.conf)
    DEBUG   [U=1232,P=26117]   findFromConfigOrPath()        Using "unsquashfs" at "/n/projects/mec/local/miniconda3/envs/singularity-ce/bin/unsquashfs" (from singularity.conf)
    DEBUG   [U=1232,P=26117]   extract()                     Excluding /dev directory during root filesystem extraction (non root user)
    DEBUG   [U=1232,P=26117]   extract()                     Trying unsquashfs options: [-user-xattrs -r]
    DEBUG   [U=1232,P=26117]   unsquashfsSandboxCmd()        Calling wrapped unsquashfs: singularity [-q exec --no-home --no-nv --no-rocm -C --no-init --writable -B /tmp/rootfs-328367774:/image -B /n/projects/mec/local/miniconda3/envs/singularity-ce/bin/unsquashfs:/n/projects/mec/local/miniconda3/envs/singularity-ce/bin/unsquashfs:ro -B /usr/lib64/libpthread.so.0:/usr/lib64/libpthread.so.0:ro -B /usr/lib64/libm.so.6:/usr/lib64/libm.so.6:ro -B /n/projects/mec/local/miniconda3/envs/singularity-ce/bin/../lib/libz.so.1:/n/projects/mec/local/miniconda3/envs/singularity-ce/lib/libz.so.1:ro -B /n/projects/mec/local/miniconda3/envs/singularity-ce/bin/../lib/liblzma.so.5:/n/projects/mec/local/miniconda3/envs/singularity-ce/lib/liblzma.so.5:ro -B /n/projects/mec/local/miniconda3/envs/singularity-ce/bin/../lib/liblzo2.so.2:/n/projects/mec/local/miniconda3/envs/singularity-ce/lib/liblzo2.so.2:ro -B /n/projects/mec/local/miniconda3/envs/singularity-ce/bin/../lib/liblz4.so.1:/n/projects/mec/local/miniconda3/envs/singularity-ce/lib/liblz4.so.1:ro -B /n/projects/mec/local/miniconda3/envs/singularity-ce/bin/../lib/libzstd.so.1:/n/projects/mec/local/miniconda3/envs/singularity-ce/lib/libzstd.so.1:ro -B /usr/lib64/libc.so.6:/usr/lib64/libc.so.6:ro -B /lib64/ld-linux-x86-64.so.2:/lib64/ld-linux-x86-64.so.2:ro -B /usr/lib64/librt.so.1:/usr/lib64/librt.so.1:ro /tmp/rootfs-328367774/tmp-rootfs-613646387 /n/projects/mec/local/miniconda3/envs/singularity-ce/bin/unsquashfs -user-xattrs -r -d /image/root /image/archive-1028146708 ^(.{0}[^d]|.{1}[^e]|.{2}[^v]|.{3}[^\x2f]).*$]
    FATAL   [U=1232,P=26117]   execStarter()                 while handling /home/mec/.singularity/cache/library/sha256.77dea042db93316b7ecc65fc39f7e19e7c209e01c38a0a87418d4be753fb9d37: while extracting image: %!w(<nil>)
    

    Expected behavior the test to succeed

    OS / Linux Distribution Which Linux distribution are you using?

    $ cat /etc/os-release
     NAME="CentOS Linux"
    VERSION="7 (Core)"
    ID="centos"
    ID_LIKE="rhel fedora"
    VERSION_ID="7"
    PRETTY_NAME="CentOS Linux 7 (Core)"
    ANSI_COLOR="0;31"
    CPE_NAME="cpe:/o:centos:centos:7"
    HOME_URL="https://www.centos.org/"
    BUG_REPORT_URL="https://bugs.centos.org/"
    
    CENTOS_MANTISBT_PROJECT="CentOS-7"
    CENTOS_MANTISBT_PROJECT_VERSION="7"
    REDHAT_SUPPORT_PRODUCT="centos"
    REDHAT_SUPPORT_PRODUCT_VERSION="7"
    
    

    Installation Method

    
       make -C ./builddir install 
    

    Write here how you installed SingularityCE. Eg. RPM, source.

    From source following: https://docs.sylabs.io/guides/3.10/admin-guide/installation.html#installation-on-linux with exceptions:

    compiled --without-suid --prefix=/some/nfsmounted/network/share

    Since rpm from upstream repos is to old, compilation and testing was performed in a conda environment in which squashfs 4.4 tools was installed, viz:

    /n/projects/mec/local/miniconda3/envs/singularity-ce/bin/unsquashfs -v
    unsquashfs version 4.4 (2019/08/29)
    

    make install was performed by non-root user into NFS mounted filesystem

    Additional context Anything else which might be relevant. E.g. if the bug only occurs on a specific filesystem, or kernel version etc.

    Plenty of disk space available.

    singularity buildcfg
    PACKAGE_NAME=singularity-ce
    PACKAGE_VERSION=3.10.0
    BUILDDIR=/n/projects/mec/local/singularity-ce-3.10.0/builddir
    PREFIX=/n/projects/mec/local/singularity-ce
    EXECPREFIX=/n/projects/mec/local/singularity-ce
    BINDIR=/n/projects/mec/local/singularity-ce/bin
    SBINDIR=/n/projects/mec/local/singularity-ce/sbin
    LIBEXECDIR=/n/projects/mec/local/singularity-ce/libexec
    DATAROOTDIR=/n/projects/mec/local/singularity-ce/share
    DATADIR=/n/projects/mec/local/singularity-ce/share
    SYSCONFDIR=/n/projects/mec/local/singularity-ce/etc
    SHAREDSTATEDIR=/n/projects/mec/local/singularity-ce/com
    LOCALSTATEDIR=/n/projects/mec/local/singularity-ce/var
    RUNSTATEDIR=/n/projects/mec/local/singularity-ce/var/run
    INCLUDEDIR=/n/projects/mec/local/singularity-ce/include
    DOCDIR=/n/projects/mec/local/singularity-ce/share/doc/singularity-ce
    INFODIR=/n/projects/mec/local/singularity-ce/share/info
    LIBDIR=/n/projects/mec/local/singularity-ce/lib
    LOCALEDIR=/n/projects/mec/local/singularity-ce/share/locale
    MANDIR=/n/projects/mec/local/singularity-ce/share/man
    SINGULARITY_CONFDIR=/n/projects/mec/local/singularity-ce/etc/singularity
    SESSIONDIR=/n/projects/mec/local/singularity-ce/var/singularity/mnt/session
    PLUGIN_ROOTDIR=/n/projects/mec/local/singularity-ce/libexec/singularity/plugin
    SINGULARITY_CONF_FILE=/n/projects/mec/local/singularity-ce/etc/singularity/singularity.conf
    SINGULARITY_SUID_INSTALL=0
    
    bug needs investigation 
    opened by malcook 13
  • Add registerStringMapVar to handle --env with commas!

    Add registerStringMapVar to handle --env with commas!

    Description of the Pull Request (PR):

    There was a bug reported in slack that --env is truncating variables at commas:

    Hello, I am trying to use --env to specify an environment variable (--env clustering_threshold='100,97') but I am running into an issue with

    WARNING: Ignore environment variable "97": '=' is missing .

    I have tried to use a backslash to escape the comma but that doesn't seem to work. I am currently using singularity-ce version 3.9.0

    And I think I've seen this before? https://github.com/google/go-containerregistry/pull/1178. So because I love Go and don't get to work on enough Go projects (and this seemed like maybe a good way to engage with Singularity again) I decided to try for a fix! The bug looks to be the same here - there are just a few more layers added on top of it with the custom cmdline package provided here. To go through the changes:

    • we ultimately need to use StringToStringVarP/StringToStringVar that can handle taking a varA=varB and parsing into map[string]string. We need to do this because StringArrayVarP considers a comma an ending delimiter to separate something out into a different string. There could be a way to tweak this particular parsing, but for other projects I've found a more straight forward fix is to use a map[string]string.
    • This means that we cannot just parse the SIngularityEnvFile into SingularityEnv by appending to the list. Instead we parse the list of env directly from the file, and then check if it's already defined (by --env) or not. We issue a warning if the flag is also provided with --env and do not overwrite (--env takes precedence!)
    • Finally, when we go over the list we only skip a variable when the envName is not defined. We can technically allow an empty value for envValue because the user might be trying to unset something.

    This same type can be used for any other variables that might come up to truncate on commas!

    Apologies in advance for anything I did wrong - I'll fix things as the CI brings up errors!

    opened by vsoch 13
  • feat: non-root, non --fakeroot builds with proot

    feat: non-root, non --fakeroot builds with proot

    Description of the Pull Request (PR):

    Non-root users can now build from a definition file, on systems that do not support --fakeroot. This requires the statically built proot command (https://proot-me.github.io/) to be available on the user PATH.

    These builds:

    • Do not support arch / debootstrap / yum / zypper bootstraps. Use localimage, library, oras, or one of the docker/oci sources.
    • Do not support %pre and %setup sections.
    • Run the %post sections of a build in the container as an emulated root user.
    • Run the %test section of a build as the non-root user, like singularity test.
    • Are subject to any restrictions imposed in singularity.conf.
    • Incur a performance penalty due to proot's ptrace based interception of syscalls.
    • May fail if the %post and %test scripts require privileged operations that proot cannot emulate.

    This fixes or addresses the following GitHub issues:

    • Fixes #880

    Before submitting a PR, make sure you have done the following:

    ci:e2e 
    opened by dtrudg 11
  • Environment variables are not (always?) passed during `singularity exec`

    Environment variables are not (always?) passed during `singularity exec`

    Version of Singularity What version of Singularity are you using? Run:

    $ singularity --version
    singularity-ce version 3.9.1
    

    Describe the bug Environment variables are passed to the container when it's run interactively, but not when run with singularity exec python testEnv.py. I can give a concise example:

    I have a singularity image that's based on a docker image. In the docker image, there is an env variable set:

    I have no [email protected]:~$ echo $LMDFIT_BUILD_PATH/
    /mnt/work/LuminosityFit/build/
    

    On the system I'm running this image, this variable is set to something else:

    [email protected]:~$ echo $LMDFIT_BUILD_PATH
    /home/roklasen/LuminosityFit/build
    

    Which is what I want. I noticed Singularity passes these environment variables to the container automatically, which is okay (I want this here too):

    [email protected]:~$ singularity run lmdfit-mini.sif
    INFO:    Converting SIF file to temporary sandbox...
    Singularity> echo $LMDFIT_BUILD_PATH/
    /home/roklasen/LuminosityFit/build/
    Singularity>
    

    So far so good. Now, I want to read that environment variable with python. I have this very basic python script:

    #!/usr/bin/env python
    import os
    lmd_build_path = os.environ["LMDFIT_BUILD_PATH"]
    print(f'lmd build path: {lmd_build_path}')
    print(f'AND: {os.system("echo $LMDFIT_BUILD_PATH")}')
    

    When I enter the container manually and execute this script, the variable is set correctly:

    [email protected]:~$ singularity run lmdfit-mini.sif
    INFO:    Converting SIF file to temporary sandbox...
    Singularity> python testEnv.py
    lmd build path: /home/roklasen/LuminosityFit/build
    /home/roklasen/LuminosityFit/build
    AND: 0
    Singularity> exit
    

    But when I run this script via singularity directly, the variable is NOT set to the current one, but instead the very old one from the first docker container, which I thought was overridden:

    [email protected]:~$ singularity run lmdfit-mini.sif python testEnv.py
    INFO:    Converting SIF file to temporary sandbox...
    lmd build path: /mnt/work/LuminosityFit/build
    /mnt/work/LuminosityFit/build
    AND: 0
    INFO:    Cleaning up image...
    

    Expected behavior

    So it seems if I run singularity exec python testEnv.py, the environment variables are NOT correctly passed to the container.

    *OS / Linux Distribution

    Which Linux distribution are you using?

    The host system is

    $ cat /etc/os-release
    [email protected]:~$ cat /etc/os-release
    NAME="AlmaLinux"
    VERSION="8.5 (Arctic Sphynx)"
    ID="almalinux"
    ID_LIKE="rhel centos fedora"
    VERSION_ID="8.5"
    PLATFORM_ID="platform:el8"
    PRETTY_NAME="AlmaLinux 8.5 (Arctic Sphynx)"
    

    The guest system is the Debian 10 docker image with python3 installed.

    Installation Method Write here how you installed SingularityCE. Eg. RPM, source.

    It is provided to me on a cluster system by the HPC team, I don't know how they installed it.

    Additional context

    I can build some minimal docker image and singularity image to reproduce this, if that's required. But I don't think this issue is from my image or python. Maybe I'm missing how python handles environment variables?

    question 
    opened by rklasen 11
  •  /usr/local/bin/unsquashfs: error while loading shared libraries: libz.so.1: cannot open shared object file: No such file or directory #6139

    /usr/local/bin/unsquashfs: error while loading shared libraries: libz.so.1: cannot open shared object file: No such file or directory #6139

    Version of Singularity What version of Singularity are you using? Run:

    $ singularity version
    singularity-ce version 3.8.2
    

    Describe the bug I cannot run the example from the documentation, i.e.

    sudo singularity build lolcow.sif library://lolcow

    the output:

    INFO:    Starting build...
    INFO:    Using cached image
    INFO:    Verifying bootstrap image /root/.singularity/cache/library/sha256.2175ac94c763b1b3e0982cff4d0c9f73e8586d9e226c5311faa43629578f57b8
    ERROR:   unpackSIF failed: root filesystem extraction failed: extract command failed: WARNING: Skipping mount /etc/hosts [binds]: /etc/hosts doesn't exist in container
    WARNING: Skipping mount /etc/localtime [binds]: /etc/localtime doesn't exist in container
    WARNING: Skipping mount proc [kernel]: /proc doesn't exist in container
    WARNING: Skipping mount /usr/local/var/singularity/mnt/session/tmp [tmp]: /tmp doesn't exist in container
    WARNING: Skipping mount /usr/local/var/singularity/mnt/session/var/tmp [tmp]: /var/tmp doesn't exist in container
    WARNING: Skipping mount /usr/local/var/singularity/mnt/session/etc/resolv.conf [files]: /etc/resolv.conf doesn't exist in container
    /usr/local/bin/unsquashfs: error while loading shared libraries: libz.so.1: cannot open shared object file: No such file or directory
    : exit status 127
    FATAL:   While performing build: packer failed to pack: root filesystem extraction failed: extract command failed: WARNING: Skipping mount /etc/hosts [binds]: /etc/hosts doesn't exist in container
    WARNING: Skipping mount /etc/localtime [binds]: /etc/localtime doesn't exist in container
    WARNING: Skipping mount proc [kernel]: /proc doesn't exist in container
    WARNING: Skipping mount /usr/local/var/singularity/mnt/session/tmp [tmp]: /tmp doesn't exist in container
    WARNING: Skipping mount /usr/local/var/singularity/mnt/session/var/tmp [tmp]: /var/tmp doesn't exist in container
    WARNING: Skipping mount /usr/local/var/singularity/mnt/session/etc/resolv.conf [files]: /etc/resolv.conf doesn't exist in container
    /usr/local/bin/unsquashfs: error while loading shared libraries: libz.so.1: cannot open shared object file: No such file or directory
    : exit status 127
    

    To Reproduce sudo singularity build lolcow.sif library://lolcow

    OS / Linux Distribution Which Linux distribution are you using?

    $ cat /etc/os-release
    NAME="Ubuntu"
    VERSION="20.04.2 LTS (Focal Fossa)"
    ID=ubuntu
    ID_LIKE=debian
    PRETTY_NAME="Ubuntu 20.04.2 LTS"
    VERSION_ID="20.04"
    HOME_URL="https://www.ubuntu.com/"
    SUPPORT_URL="https://help.ubuntu.com/"
    BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
    PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
    VERSION_CODENAME=focal
    UBUNTU_CODENAME=focal
    

    Installation Method Installation from source, following this: https://sylabs.io/guides/3.8/user-guide/quick_start.html#download-singularityce-from-a-release

    $ ./mconfig && \
        make -C builddir && \
        sudo make -C builddir install
    

    Additional context

    I tried:

    • [x] sudo apt-get install zlib1g; the library was already installed
    • [x] ( unset LD_LIBRARY_PATH ; sudo singularity build lolcow.sif library://sylabs-jms/testing/lolcow ) (following issue https://github.com/hpcng/singularity/issues/5666)
    • [x] Changing LD_LIBRARY_PATH to use another location for libz.so.1.
    • [x] Testing different versions of unsquashfs (4.5, 4.4)

    I also opened an issue here → https://github.com/hpcng/singularity/issues/6139

    bug 
    opened by ctroupin 11
  • test: use `T.TempDir` to create temporary test directory

    test: use `T.TempDir` to create temporary test directory

    Description of the Pull Request (PR):

    A testing cleanup.

    This pull request replaces ioutil.TempDir with t.TempDir. We can use the T.TempDir function from the testing package to create temporary directory. The directory created by T.TempDir is automatically removed when the test and all its subtests complete.

    This saves us at least 2 lines (error check, and cleanup) on every instance, or in some cases adds cleanup that we forgot.

    Reference: https://pkg.go.dev/testing#T.TempDir

    func TestFoo(t *testing.T) {
    	// before
    	tmpDir, err := ioutil.TempDir("", "")
    	if err != nil {
    		t.Fatal(err)
    	}
    	defer os.RemoveAll(tmpDir)
    
    	// now
    	tmpDir := t.TempDir()
    }
    

    This fixes or addresses the following GitHub issues:

    Before submitting a PR, make sure you have done the following:

    opened by Juneezee 9
  • start of work to add DOCKER_HOST environment

    start of work to add DOCKER_HOST environment

    Description of the Pull Request (PR):

    This seems to be the basic to add support for a custom docker host as an envar or command line option. Some questions I have:

    1. How/where to test?
    2. Should the default value be set to something instead of empty string? If we use the dockerclient library we can just set the default to dockerclient.DockerDaemonHost which will populate based on the host-type (here is unix https://github.com/moby/moby/blob/a6919e12b103aab6eb95a67450b2a487bfec1097/client/client_unix.go) - but I figured it would be OK to test with the default not set since the struct would do the same if we didn't define it!

    Signed-off-by: vsoch [email protected]

    This fixes or addresses the following GitHub issues:

    • Fixes #805
    • Fixes #878

    Note that I decided to open these together because full support for DOCKER_HOST would not work without the second.

    opened by vsoch 9
  • adding support for test to have a custom shell

    adding support for test to have a custom shell

    Akin to start and run, a user might want a test file to use a custom hashbang. This was basically all ready to go and just needed to be extended to the test script! I was not sure where to write tests so I will wait for guidance on that.

    This request came from Twitter! https://twitter.com/ifndef_define/status/1536689964225908737 As I noted above I still need to add a test, and will do so with further guidance. I indeed have tested manually/locally and it looks good! :partying_face:

    image

    Signed-off-by: vsoch [email protected]

    ci:e2e 
    opened by vsoch 9
  • Debian's own packaging causes loss of environment variables when pulling docker image

    Debian's own packaging causes loss of environment variables when pulling docker image

    Version of Singularity:

    The problem occurs with singularity-ce version 3.9.9+ds1 ; reproducable on both a Ubuntu2022 and Debian machine.

    Using singularity-ce version 3.9.4 gives the right result.

    Expected behavior

    I'm using a Docker image that has PYTHONPATH set using an ENV cmd, as well as some other env vars. When we pull it with Singularity 3.9.4, the variables get set. When we pull it with Singularity 3.9.9, it does not get set. Example:

    The expected behaviour (as shown by 3.9.4) is:

    singularity pull --name astronrd_linc.sif docker://astronrd/linc
    singularity exec --contain --cleanenv astronrd_linc.sif bash
    Singularity> echo $PYTHONPATH
    /usr/local/bin
    Singularity> echo $LINC_DATA_ROOT
    /usr/local/share/linc
    

    Actual behavior

    3.9.9 shows:

    singularity pull --name astronrd_linc.sif docker://astronrd/linc
    singularity exec --contain --cleanenv astronrd_linc.sif bash
    Singularity> echo $PYTHONPATH
    
    Singularity> echo $LINC_DATA_ROOT
    
    Singularity>
    

    This seems to be an issue in the "pull" command. When we pull the container using 3.9.4, and then exec it in 3.9.9, it works as expected. Changing the pull to a build does not fix the issue.

    What OS/distro are you running

    Appears both on this:

    Linux bookworm/sid"
    NAME="Debian GNU/Linux"
    ID=debian
    HOME_URL="https://www.debian.org/"
    SUPPORT_URL="https://www.debian.org/support"
    BUG_REPORT_URL="https://bugs.debian.org/"
    

    and on this:

    $ cat /etc/os-release
    PRETTY_NAME="Ubuntu 22.04 LTS"
    NAME="Ubuntu"
    VERSION_ID="22.04"
    VERSION="22.04 LTS (Jammy Jellyfish)"
    VERSION_CODENAME=jammy
    ID=ubuntu
    ID_LIKE=debian
    HOME_URL="https://www.ubuntu.com/"
    SUPPORT_URL="https://help.ubuntu.com/"
    BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
    PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
    UBUNTU_CODENAME=jammy
    

    How did you install Singularity

    From the Debian/Ubuntu packages.

    (The 3.9.4 version that does work runs on a different machine)

    opened by aroffringa 9
  • Attempting to push an image to sylabs returns fatal error decoding entity: invalid OjbectId in JSON:

    Attempting to push an image to sylabs returns fatal error decoding entity: invalid OjbectId in JSON: "username"

    Version of Singularity What version of Singularity are you using? Run:

    $ singularity --version
    singularity version 3.0.3-1
    

    Describe the bug Running on Windows in a vagrant VM, after building a singularity image file from a definition, attempting to push it to the sylabs server returns an unexpected error decoding the library URI. An access token had been generated and added to "~/.singularity/sylabs-token".

    [email protected]:~$ singularity push RNAFramework.sif library://patbohn/rna/rnaframework:v1
    FATAL:   error decoding entity: invalid ObjectId in JSON: "patbohn"
    

    To Reproduce Steps to reproduce the behavior:

    1. Install singularity on Windows 10 via vagrant as described here: https://docs.sylabs.io/guides/3.0/user-guide/installation.html#install-on-windows-or-mac
    2. Build image from a definition file
    3. Create an account on sylab via github, generate an access token and add it to the local ~/.singularity/sylabs-token file
    4. run 'singularity push container.sif library://username/project/container:tag'

    Expected behavior The image should be uploaded to the public sylabs container library.

    OS / Linux Distribution Which Linux distribution are you using?

    $ cat /etc/os-release
    
    NAME="Ubuntu"
    VERSION="18.04.3 LTS (Bionic Beaver)"
    ID=ubuntu
    ID_LIKE=debian
    PRETTY_NAME="Ubuntu 18.04.3 LTS"
    VERSION_ID="18.04"
    HOME_URL="https://www.ubuntu.com/"
    SUPPORT_URL="https://help.ubuntu.com/"
    BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
    PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
    VERSION_CODENAME=bionic
    UBUNTU_CODENAME=bionic
    

    Installation Method Via Vagrant, as described here: https://docs.sylabs.io/guides/3.0/user-guide/installation.html#install-on-windows-or-mac

    bug 
    opened by patbohn 1
  • include WSL2 in the installations docus

    include WSL2 in the installations docus

    Is your feature request related to a problem? Please describe. Include Windows WSL2 in the installation documentation (https://docs.sylabs.io/guides/3.10/admin-guide/installation.html#installation-on-windows-or-mac)

    Describe the solution you'd like installation example of SingularityCE from the CUDA blogpost https://sylabs.io/2022/03/wsl2-gpu/

    Describe alternatives you've considered using the Blogpost as the installation option

    enhancement 
    opened by effenkeith 0
  • build(deps): bump github.com/containerd/containerd from 1.6.7 to 1.6.8

    build(deps): bump github.com/containerd/containerd from 1.6.7 to 1.6.8

    Bumps github.com/containerd/containerd from 1.6.7 to 1.6.8.

    Release notes

    Sourced from github.com/containerd/containerd's releases.

    containerd 1.6.8

    Welcome to the v1.6.8 release of containerd!

    The eighth patch release for containerd 1.6 fixes a regression in the release build binaries which limited the environments they could be run in.

    See the changelog for complete list of changes

    Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

    Contributors

    • Akihiro Suda
    • Derek McGowan
    • Samuel Karp
    • Phil Estes

    Changes

    • [release/1.6] Prepare release notes for v1.6.8 (#7263)
    • [release/1.6] release workflow: increase timeout to 30 minutes & remove Go setup action (#7261)
      • 390920429 release workflow: remove Go setup action
      • cf48ba6e8 release workflow: increase timeout to 30 minutes
    • [release/1.6] release: rollback Ubuntu to 18.04 (except for riscv64) (#7260)
      • 57873e652 release: rollback Ubuntu to 18.04 (except for riscv64)

    Dependency Changes

    This release has no dependency changes

    Previous release can be found at v1.6.7

    Commits
    • 9cd3357 Merge pull request #7263 from dmcgowan/prepare-1.6.8
    • 3364f41 Prepare release notes for v1.6.8
    • a76f3c8 Merge pull request #7261 from samuelkarp/release-workflow/1.6
    • 3909204 release workflow: remove Go setup action
    • cf48ba6 release workflow: increase timeout to 30 minutes
    • 76f5db4 Merge pull request #7260 from samuelkarp/fix-7255/1.6
    • 57873e6 release: rollback Ubuntu to 18.04 (except for riscv64)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • build(deps): bump github.com/containerd/containerd from 1.6.7 to 1.6.8

    build(deps): bump github.com/containerd/containerd from 1.6.7 to 1.6.8

    Bumps github.com/containerd/containerd from 1.6.7 to 1.6.8.

    Release notes

    Sourced from github.com/containerd/containerd's releases.

    containerd 1.6.8

    Welcome to the v1.6.8 release of containerd!

    The eighth patch release for containerd 1.6 fixes a regression in the release build binaries which limited the environments they could be run in.

    See the changelog for complete list of changes

    Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

    Contributors

    • Akihiro Suda
    • Derek McGowan
    • Samuel Karp
    • Phil Estes

    Changes

    • [release/1.6] Prepare release notes for v1.6.8 (#7263)
    • [release/1.6] release workflow: increase timeout to 30 minutes & remove Go setup action (#7261)
      • 390920429 release workflow: remove Go setup action
      • cf48ba6e8 release workflow: increase timeout to 30 minutes
    • [release/1.6] release: rollback Ubuntu to 18.04 (except for riscv64) (#7260)
      • 57873e652 release: rollback Ubuntu to 18.04 (except for riscv64)

    Dependency Changes

    This release has no dependency changes

    Previous release can be found at v1.6.7

    Commits
    • 9cd3357 Merge pull request #7263 from dmcgowan/prepare-1.6.8
    • 3364f41 Prepare release notes for v1.6.8
    • a76f3c8 Merge pull request #7261 from samuelkarp/release-workflow/1.6
    • 3909204 release workflow: remove Go setup action
    • cf48ba6 release workflow: increase timeout to 30 minutes
    • 76f5db4 Merge pull request #7260 from samuelkarp/fix-7255/1.6
    • 57873e6 release: rollback Ubuntu to 18.04 (except for riscv64)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • conmon binary in source tar ball

    conmon binary in source tar ball

    singularity 3.10.? The tar balls on the release page contain a binary of conman build for x86_64. So any build for non x86_64 arches will have this binary and so be invalid. So all tar-balls must be packaged again without this binary (most likely run a make clean before creating the tar ball)

    bug 
    opened by mslacken 1
  • Automatic PROOT_NO_SECCOMP

    Automatic PROOT_NO_SECCOMP

    Is your feature request related to a problem? Please describe.

    In certain circumstances, proot may not operate correctly. E.g. newest RHEL 7 kernels, without setting the env var PROOT_NO_SECCOMP.

    Describe the solution you'd like

    Following on from #879 we should aim to streamline the process of using proot by setting the environment variable PROOT_NO_SECCOMP if an initial execution of proot fails.

    We could either:

    • use a canary execution with proot, e.g. running /bin/true through proot before we run def file scripts, to ascertain whether PROOT_NO_SECCOMP should be used -or-
    • just retry executing with PROOT_NO_SECCOMP if the def file script execution fails with an appropriate error code.

    The first (canary) approach is encouraged, as it avoids the def file execution returning an error that could be confused for a proot failure.

    We should not set PROOT_NO_SECCOMP by default, as seccomp support provides significant performance improvements for proot.

    Additional context

    See https://github.com/sylabs/singularity/pull/879#issuecomment-1163741726 for some discussion.

    See the changes in PR #879 in the build code for the location in which proot is used, and this PROOT_NO_SECCOMP handling needs to take effect.

    enhancement good first issue 
    opened by dtrudg 0
Releases(v3.10.2)
  • v3.10.2(Jul 25, 2022)

    SingularityCE 3.10.2 is a patch release in the 3.10 series. It introduces release packages for EL 9 distributions (RHEL, CentOS Stream, AlmaLinux, Rocky Linux) that are built on AlmaLinux 9. It also fixes a bug in the default runscript for converted OCI containers.

    The OCI runscript issue, discovered by the Apptainer project on importing 3.10 series changes from SingularityCE, impacts containers that are directly pulled or built from an OCI source without a custom %runscript. SingularityCE 3.10.0 and 3.10.1 generated a default runscript that could not always be executed by other tools. While execution of these containers with recent versions of SingularityCE is not impacted, we advise upgrading so that all containers built are compatible with other tools.

    New features / functionalities

    • Added EL9 package builds to CI for GitHub releases.

    Bug Fixes

    • Ensure no empty if branch is present in generated OCI image runscripts. Would prevent execution of container by other tools that are not using mvdan.cc/sh.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Source Code

    Please use the singularity-ce-3.10.2.tar.gz download below to obtain and install SingularityCE 3.10.2. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Packages

    RPM / DEB packages are provided for:

    • Ubuntu 18.04 (bionic)
    • Ubuntu 20.04 (focal)
    • Ubuntu 22.04 (jammy)
    • RHEL/CentOS 7 (el7)
    • RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
    • RHEL/CentOS/AlmaLinux/Rocky 9 (el9)

    These packages were built with Go 1.18.4

    Source code(tar.gz)
    Source code(zip)
    sha256sums(723 bytes)
    singularity-ce-3.10.2-1.el7.x86_64.rpm(36.87 MB)
    singularity-ce-3.10.2-1.el8.x86_64.rpm(36.88 MB)
    singularity-ce-3.10.2-1.el9.x86_64.rpm(26.98 MB)
    singularity-ce-3.10.2.tar.gz(12.07 MB)
    singularity-ce_3.10.2-bionic_amd64.deb(24.69 MB)
    singularity-ce_3.10.2-focal_amd64.deb(24.68 MB)
    singularity-ce_3.10.2-jammy_amd64.deb(26.10 MB)
  • v3.10.1(Jul 18, 2022)

    SingularityCE 3.10.1 is a patch release in the 3.10 series, with changes detailed below.

    Note - Binary packages released via GitHub for 3.10.1 were built with Go 1.18.4, which addresses a number of CVEs present in earlier versions of Go. Although these are not critically applicable to SingularityCE, you may wish to update if you use the binary packages, or recompile if you build from source.

    New features / functionalities

    • Debug output can now be enabled by setting the SINGULARITY_DEBUG env var.
    • Debug output is now shown for nested singularity calls, in wrapped unsquashfs image extraction, and build stages.

    Bug Fixes

    • Fix test code that implied %test -c <shell> was supported - it is not.
    • Fix compilation on mipsel.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Source Code

    Please use the singularity-ce-3.10.1.tar.gz download below to obtain and install SingularityCE 3.10.1. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Packages

    RPM / DEB packages are provided for:

    • Ubuntu 18.04 (bionic)
    • Ubuntu 20.04 (focal)
    • Ubuntu 22.04 (jammy)
    • RHEL/CentOS 7 (el7)
    • RHEL/CentOS/Alma/Rocky 8 (el8)

    These packages were built with Go 1.18.4

    Source code(tar.gz)
    Source code(zip)
    sha256sums(695 bytes)
    singularity-ce-3.10.1-1.el7.x86_64.rpm(36.87 MB)
    singularity-ce-3.10.1-1.el8.x86_64.rpm(36.88 MB)
    singularity-ce-3.10.1.tar.gz(11.76 MB)
    singularity-ce_3.10.1-bionic_amd64.deb(24.69 MB)
    singularity-ce_3.10.1-focal_amd64.deb(24.68 MB)
    singularity-ce_3.10.1-jammy_amd64.deb(26.10 MB)
  • v3.10.0(May 17, 2022)

    SingularityCE 3.10.0 is the first release in the 3.10 series, with changes, new features, and bug fixes detailed below.

    Please note that some dependencies have changed, the master develop branch has been renamed to main, and you should now use --recurse-submodules when git cloning the SingularityCE source code repository, or checking out a branch / release. See the INSTALL.md or admin guide for details.

    Changed defaults / behaviours

    • master branch of GitHub repository has been renamed to main.
    • oci mount sets Process.Terminal: true when creating an OCI config.json, so that oci run provides expected interactive behavior by default.
    • Default hostname for oci mount containers is now singularity instead of mrsdalloway.
    • systemd is now supported and used as the default cgroups manager. Set systemd cgroups = no in singularity.conf to manage cgroups directly via the cgroupfs.
    • The singularity oci command group now uses runc to manage containers.
    • The singularity oci commands use conmon which is built from a git submodule, unless --without-conmon is specified as an argument to mconfig, in which case Singularity will search PATH for conmon. Version >=2.0.24 of conmon is required.
    • The singularity oci flags --sync-socket, --empty-process, and --timeout have been removed.
    • Don't prompt for y/n to overwrite an existing file when build is called from a non-interactive environment. Fail with an error.
    • Plugins must be compiled from inside the SingularityCE source directory, and will use the main SingularityCE go.mod file. Required for Go 1.18 support.
    • seccomp support is not disabled automatically in the absence of seccomp headers at build time. Run mconfig using --without-seccomp and --without-conmon to disable seccomp support and building of conmon (which requires seccomp headers).
    • SingularityCE now requires squashfs-tools >=4.3, which is satisfied by current EL / Ubuntu / Debian and other distributions.
    • Added --no-eval to the list of flags set by the OCI/Docker --compat mode (see below).

    New features / functionalities

    • Updated seccomp support allows use of seccomp profiles that set an error return code with errnoRet and defaultErrnoRet. Previously EPERM was hard coded. The example etc/seccomp-profiles/default.json has been updated.
    • Native cgroups v2 resource limits can be specified using the [unified] key in a cgroups toml file applied via --apply-cgroups.
    • The --no-mount flag & SINGULARITY_NO_MOUNT env var can now be used to disable a bind path entry from singularity.conf by specifying the absolute path to the destination of the bind.
    • Non-root users can now use --apply-cgroups with run/shell/exec to limit container resource usage on a system using cgroups v2 and the systemd cgroups manager.
    • Added --cpu*, --blkio*, --memory*, --pids-limit flags to apply cgroups resource limits to a container directly.
    • Allow experimental direct mount of SIF images with squashfuse in user-namespace / no-setuid mode.
    • New action flag --no-eval which:
      • Prevents shell evaluation of SINGULARITYENV_ / --env / --env-file environment variables as they are injected in the container, to match OCI behavior. Applies to all containers.
      • Prevents shell evaluation of the values of CMD / ENTRYPOINT and command line arguments for containers run or built directly from an OCI/Docker source. Applies to newly built containers only, use singularity inspect to check version that container was built with.
    • Add support for %files section in remote builds, when a compatible remote is used.

    Bug Fixes

    • Allow newgidmap / newuidmap that use capabilities instead of setuid root.
    • Corrected key search output for results from some servers, and keys with multiple names.
    • Pass through a literal \n in host environment variables to container.
    • Address 401 error pulling from private library:// projects.
    • Correctly launch CleanupHost process only when needed in --sif-fuse flow.
    • Add specific error for unreadable image / overlay file.
    • Ensure cgroups device limits are default allow per past behavior.
    • Improve error message when remote build server does not support the %files section.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Source Code

    Please use the singularity-ce-3.10.0.tar.gz download below to obtain and install SingularityCE 3.10.0. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Packages

    RPM / DEB packages are provided for:

    • Ubuntu 18.04 (bionic)
    • Ubuntu 20.04 (focal)
    • Ubuntu 22.04 (jammy)
    • RHEL/CentOS 7 (el7)
    • RHEL/CentOS/Alma/Rocky 8 (el8)

    These packages were built with Go 1.18.2

    Source code(tar.gz)
    Source code(zip)
    sha256sums(618 bytes)
    singularity-ce-3.10.0-1.el7.x86_64.rpm(36.77 MB)
    singularity-ce-3.10.0-1.el8.x86_64.rpm(36.78 MB)
    singularity-ce-3.10.0.tar.gz(12.23 MB)
    singularity-ce_3.10.0-bionic_amd64.deb(24.72 MB)
    singularity-ce_3.10.0-focal_amd64.deb(24.72 MB)
    singularity-ce_3.10.0-jammy_amd64.deb(26.14 MB)
  • v3.10.0-rc.2(May 11, 2022)

    This is the second release candidate for the upcoming SingularityCE 3.10 release.

    The following changes are present in addition to those introduced in RC1 (https://github.com/sylabs/singularity/releases/tag/v3.10.0-rc.1)

    New features / functionalities

    • Add support for %files section in remote builds, when a compatible remote is used.

    Bug Fixes

    • Correctly launch CleanupHost process only when needed in --sif-fuse flow.
    • Add specific error for unreadable image / overlay file.
    • Ensure cgroups device limits are default allow per past behavior.
    • Improve error message when remote build server does not support the %files section.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Source Code

    Please use the singularity-ce-3.10.0-rc.2.tar.gz download below to obtain and install SingularityCE 3.10.0-rc.2. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Packages

    RPM / DEB packages are provided for:

    • Ubuntu 18.04 (bionic)
    • Ubuntu 20.04 (focal)
    • Ubuntu 22.04 (jammy)
    • RHEL/CentOS 7 (el7)
    • RHEL/CentOS/Alma/Rocky 8 (el8)

    These packages were built with Go 1.18.2

    Source code(tar.gz)
    Source code(zip)
    sha256sums(648 bytes)
    singularity-ce-3.10.0-rc.2.tar.gz(12.23 MB)
    singularity-ce-3.10.0.rc.2-1.el7.x86_64.rpm(36.74 MB)
    singularity-ce-3.10.0.rc.2-1.el8.x86_64.rpm(36.76 MB)
    singularity-ce_3.10.0-rc.2-bionic_amd64.deb(24.71 MB)
    singularity-ce_3.10.0-rc.2-focal_amd64.deb(24.70 MB)
    singularity-ce_3.10.0-rc.2-jammy_amd64.deb(26.10 MB)
  • v3.10.0-rc.1(May 4, 2022)

    This is the first release candidate for the upcoming SingularityCE 3.10 release.

    We would be grateful for any testing you can perform, and all feedback you can give. As this is a pre-release, you may not want to install it on a production system

    Changed defaults / behaviours

    • oci mount sets Process.Terminal: true when creating an OCI config.json, so that oci run provides expected interactive behavior by default.
    • Default hostname for oci mount containers is now singularity instead of mrsdalloway.
    • systemd is now supported and used as the default cgroups manager. Set systemd cgroups = no in singularity.conf to manage cgroups directly via the cgroupfs.
    • The singularity oci command group now uses runc to manage containers.
    • The singularity oci commands use conmon which is built from a git submodule, unless --without-conmon is specified as an argument to mconfig, in which case Singularity will search PATH for conmon. Version >=2.0.24 of conmon is required.
    • The singularity oci flags --sync-socket, --empty-process, and --timeout have been removed.
    • Don't prompt for y/n to overwrite an existing file when build is called from a non-interactive environment. Fail with an error.
    • Plugins must be compiled from inside the SingularityCE source directory, and will use the main SingularityCE go.mod file. Required for Go 1.18 support.
    • seccomp support is not disabled automatically in the absence of seccomp headers at build time. Run mconfig using --without-seccomp and --without-conmon to disable seccomp support and building of conmon (which requires seccomp headers).
    • SingularityCE now requires squashfs-tools >=4.3, which is satisfied by current EL / Ubuntu / Debian and other distributions.
    • Added --no-eval to the list of flags set by the OCI/Docker --compat mode (see below).

    New features / functionalities

    • Updated seccomp support allows use of seccomp profiles that set an error return code with errnoRet and defaultErrnoRet. Previously EPERM was hard coded. The example etc/seccomp-profiles/default.json has been updated.
    • Native cgroups v2 resource limits can be specified using the [unified] key in a cgroups toml file applied via --apply-cgroups.
    • The --no-mount flag & SINGULARITY_NO_MOUNT env var can now be used to disable a bind path entry from singularity.conf by specifying the absolute path to the destination of the bind.
    • Non-root users can now use --apply-cgroups with run/shell/exec to limit container resource usage on a system using cgroups v2 and the systemd cgroups manager.
    • Added --cpu*, --blkio*, --memory*, --pids-limit flags to apply cgroups resource limits to a container directly.
    • Allow experimental direct mount of SIF images with squashfuse in user-namespace / no-setuid mode.
    • New action flag --no-eval which:
      • Prevents shell evaluation of SINGULARITYENV_ / --env / --env-file environment variables as they are injected in the container, to match OCI behavior. Applies to all containers.
      • Prevents shell evaluation of the values of CMD / ENTRYPOINT and command line arguments for containers run or built directly from an OCI/Docker source. Applies to newly built containers only, use singularity inspect to check version that container was built with.

    Bug Fixes

    • Allow newgidmap / newuidmap that use capabilities instead of setuid root.
    • Corrected key search output for results from some servers, and keys with multiple names.
    • Pass through a literal \n in host environment variables to container.
    • Address 401 error pulling from private library:// projects.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Source Code

    Please use the singularity-ce-3.10.0-rc.1.tar.gz download below to obtain and install SingularityCE 3.10.0. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Packages

    RPM / DEB packages are provided for:

    • Ubuntu 18.04 (bionic)
    • Ubuntu 20.04 (focal)
    • Ubuntu 22.04 (jammy)
    • RHEL/CentOS 7 (el7)
    • RHEL/CentOS/Alma/Rocky 8 (el8)

    These packages were built with Go 1.18.1

    Source code(tar.gz)
    Source code(zip)
    sha256sums(648 bytes)
    singularity-ce-3.10.0-rc.1.tar.gz(12.27 MB)
    singularity-ce-3.10.0.rc.1-1.el7.x86_64.rpm(36.56 MB)
    singularity-ce-3.10.0.rc.1-1.el8.x86_64.rpm(36.57 MB)
    singularity-ce_3.10.0-rc.1-bionic_amd64.deb(24.54 MB)
    singularity-ce_3.10.0-rc.1-focal_amd64.deb(24.54 MB)
    singularity-ce_3.10.0-rc.1-jammy_amd64.deb(25.96 MB)
  • v3.9.9(Apr 22, 2022)

    SingularityCE 3.9.9 is a bugfix / packaging release, with the following changes:

    Bug Fixes

    • Use HEAD request when checking digest of remote OCI image sources, with GET as a fall-back. Greatly reduces Singularity's impact on Docker Hub API limits.

    New features / functionalities

    • Add package build for Ubuntu 22.04 LTS.

    Known Issues

    • When built with Go 1.18, some plugins fail to load (more detail available here). This will be fixed in the next minor release (3.10.x). Users utilizing plugins with SingularityCE 3.9.x should use version 1.17.x of the Go toolchain.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Source Code

    Please use the singularity-ce-3.9.9.tar.gz download below to obtain and install SingularityCE 3.9.9. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Packages

    RPM / DEB packages are provided for:

    • Ubuntu 18.04 (bionic)
    • Ubuntu 20.04 (focal)
    • Ubuntu 22.04 (jammy)
    • RHEL/CentOS 7 (el7)
    • RHEL/CentOS/Alma/Rocky 8 (el8)

    These packages were built with Go 1.17.9

    Source code(tar.gz)
    Source code(zip)
    sha256sums(612 bytes)
    singularity-ce-3.9.9-1.el7.x86_64.rpm(38.45 MB)
    singularity-ce-3.9.9-1.el8.x86_64.rpm(38.47 MB)
    singularity-ce-3.9.9.tar.gz(11.83 MB)
    singularity-ce_3.9.9-bionic_amd64.deb(26.69 MB)
    singularity-ce_3.9.9-focal_amd64.deb(26.68 MB)
    singularity-ce_3.9.9-jammy_amd64.deb(28.68 MB)
  • v3.9.8(Apr 7, 2022)

    SingularityCE 3.9.8 is a bugfix release, with the following changes:

    In accordance with our Go version compatibility policy, SingularityCE now targets Go 1.17 and Go 1.18. You may need to upgrade from an older Go version to build SingularityCE.

    Bug fixes

    • Do not truncate environment variables with commas when using --env.
    • Fix error when pushing to host-less library:// URIs

    Known Issues

    • When built with Go 1.18, some plugins fail to load (more detail available here). This will be fixed in the next minor release (3.10.x). Users utilizing plugins with SingularityCE 3.9.x should use version 1.17.x of the Go toolchain.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Source Code

    Please use the singularity-ce-3.9.8.tar.gz download below to obtain and install SingularityCE 3.9.8. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Packages

    RPM / DEB packages are provided for:

    • Ubuntu 18.04 (bionic)
    • Ubuntu 20.04 (focal)
    • RHEL/CentOS 7 (el7)
    • RHEL/CentOS/Alma/Rocky 8 (el8)

    These packages were built with Go 1.17.8

    Source code(tar.gz)
    Source code(zip)
    sha256sums(509 bytes)
    singularity-ce-3.9.8-1.el7.x86_64.rpm(37.37 MB)
    singularity-ce-3.9.8-1.el8.x86_64.rpm(37.38 MB)
    singularity-ce-3.9.8.tar.gz(11.83 MB)
    singularity-ce_3.9.8-bionic_amd64.deb(26.13 MB)
    singularity-ce_3.9.8-focal_amd64.deb(26.13 MB)
  • v3.9.7(Mar 23, 2022)

    SingularityCE 3.9.7 is a bugfix release, with the following changes:

    Bug fixes

    • Support nvidia-container-cli v1.8.0 and above, via fix to capability set.
    • Avoid cleanup panic when invalid file specified for --apply-cgroups.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Source Code

    Please use the singularity-ce-3.9.7.tar.gz download below to obtain and install SingularityCE 3.9.7. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Packages

    RPM / DEB packages are provided for:

    • Ubuntu 18.04 (bionic)
    • Ubuntu 20.04 (focal)
    • RHEL/CentOS 7 (el7)
    • RHEL/CentOS/Alma/Rocky 8 (el8)

    These packages were built with Go 1.17.8

    Source code(tar.gz)
    Source code(zip)
    sha256sums(509 bytes)
    singularity-ce-3.9.7-1.el7.x86_64.rpm(37.35 MB)
    singularity-ce-3.9.7-1.el8.x86_64.rpm(37.37 MB)
    singularity-ce-3.9.7.tar.gz(11.98 MB)
    singularity-ce_3.9.7-bionic_amd64.deb(26.19 MB)
    singularity-ce_3.9.7-focal_amd64.deb(26.18 MB)
  • v3.9.6(Mar 10, 2022)

    SingularityCE 3.9.6 is an architecture support / bugfix release, with the following changes:

    New features / functionalities

    • SingularityCE now supports the riscv64 architecture.

    Bug fixes

    • Correct library bindings for unsquashfs containment. Fixes errors where resolved library filename does not match library filename in binary (e.g. EL8, POWER9 with glibc-hwcaps).

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Source Code

    Please use the singularity-ce-3.9.6.tar.gz download below to obtain and install SingularityCE 3.9.6. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Packages

    RPM / DEB packages are provided for:

    • Ubuntu 18.04 (bionic)
    • Ubuntu 20.04 (focal)
    • RHEL/CentOS 7 (el7)
    • RHEL/CentOS/Alma/Rocky 8 (el8)

    These packages were built with Go 1.17.7

    Source code(tar.gz)
    Source code(zip)
    sha256sums(509 bytes)
    singularity-ce-3.9.6-1.el7.x86_64.rpm(37.31 MB)
    singularity-ce-3.9.6-1.el8.x86_64.rpm(37.33 MB)
    singularity-ce-3.9.6.tar.gz(11.98 MB)
    singularity-ce_3.9.6-bionic_amd64.deb(26.17 MB)
    singularity-ce_3.9.6-focal_amd64.deb(26.17 MB)
  • v3.9.5(Feb 4, 2022)

    SingularityCE 3.9.5 is a bugfix release, with the following changes:

    Changed defaults / behaviours

    • make install now installs man pages. A separate make man is not required.

    Bug fixes

    • GitHub .deb packages correctly include man pages.
    • Update dependency to correctly unset variables in container startup environment processing. Fixes regression in v3.9.2 affecting precedence of host/container environment variables.
    • Remove subshell overhead when processing large environments on container startup. Reduces container startup time by >25x for a 5000 variable, 500KiB environment.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Source Code

    Please use the singularity-ce-3.9.5.tar.gz download below to obtain and install SingularityCE 3.9.5. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Packages

    RPM / DEB packages are provided for:

    • Ubuntu 18.04 (bionic)
    • Ubuntu 20.04 (focal)
    • RHEL/CentOS 7 (el7)
    • RHEL/CentOS/Alma/Rocky 8 (el8)

    These packages were built with Go 1.17.6

    Source code(tar.gz)
    Source code(zip)
    sha256sums(509 bytes)
    singularity-ce-3.9.5-1.el7.x86_64.rpm(37.28 MB)
    singularity-ce-3.9.5-1.el8.x86_64.rpm(37.30 MB)
    singularity-ce-3.9.5.tar.gz(11.65 MB)
    singularity-ce_3.9.5-bionic_amd64.deb(26.13 MB)
    singularity-ce_3.9.5-focal_amd64.deb(26.13 MB)
  • v3.9.4(Jan 19, 2022)

    Bug fixes

    • Address timeout in library pull single stream download.

    This release includes a single bugfix to address context timeout errors that may be experienced when pulling larger images, or small images over a slow connection, from the recently updated Sylabs Cloud or Singularity Enterprise 2.x Library.

    The errors affect SingularityCE >=3.9.0

    If you pull images from the Sylabs Cloud or Singularity Enterprise 2.x Library, the new 3.9.4 release provides an immediate fix for the problem.

    Separately, Sylabs is working to design and implement a server-side mitigation for the issue. If it is possible, this would mitigate the issue without the need to upgrade your SingularityCE installation.

    We sincerely apologize for the recent inconvenience following updates to the Sylabs Cloud. We are working to resolve all remaining issues, and will conduct a review to identify process improvements for the future.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Source Code

    Please use the singularity-ce-3.9.4.tar.gz download below to obtain and install SingularityCE 3.9.4. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Packages

    RPM / DEB packages are provided for:

    • Ubuntu 18.04 (bionic)
    • Ubuntu 20.04 (focal)
    • RHEL/CentOS 7 (el7)
    • RHEL/CentOS/Alma/Rocky 8 (el8)

    These packages were built with Go 1.17.6

    Source code(tar.gz)
    Source code(zip)
    sha256sums(509 bytes)
    singularity-ce-3.9.4-1.el7.x86_64.rpm(36.90 MB)
    singularity-ce-3.9.4-1.el8.x86_64.rpm(36.92 MB)
    singularity-ce-3.9.4.tar.gz(11.57 MB)
    singularity-ce_3.9.4-bionic_amd64.deb(25.90 MB)
    singularity-ce_3.9.4-focal_amd64.deb(25.91 MB)
  • v3.9.3(Jan 11, 2022)

    Bug fixes

    • Ensure MIGs are visible with --nvccli in non-contained mode, to match the legacy GPU binding behaviour.
    • Avoid fd leak in loop device transient error path.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Source Code

    Please use the singularity-ce-3.9.3.tar.gz download below to obtain and install SingularityCE 3.9.3. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Packages

    RPM / DEB packages are provided for:

    • Ubuntu 18.04 (bionic)
    • Ubuntu 20.04 (focal)
    • RHEL/CentOS 7 (el7)
    • RHEL/CentOS/Alma/Rocky 8 (el8)

    These packages were built with Go 1.17.5

    Source code(tar.gz)
    Source code(zip)
    sha256sums(509 bytes)
    singularity-ce-3.9.3-1.el7.x86_64.rpm(36.90 MB)
    singularity-ce-3.9.3-1.el8.x86_64.rpm(36.92 MB)
    singularity-ce-3.9.3.tar.gz(11.53 MB)
    singularity-ce_3.9.3-bionic_amd64.deb(25.90 MB)
    singularity-ce_3.9.3-focal_amd64.deb(25.90 MB)
  • v3.9.2(Dec 10, 2021)

    Bug fixes

    • Ensure gengodep in build uses vendor dir when present.
    • Fix source of a script on PATH and scoping of environment variables in definition files (via dependency update).
    • Ensure a local build does not fail unnecessarily if a keyserver config cannot be retrieved from the remote endpoint.
    • Correct documentation for sign command r.e. source of key index.
    • Restructure loop device discovery to address an issue where a transient EBUSY error could lead to failure under Arvados. Also greedily try for a working loop device, rather than perform delayed retries on encountering EAGAIN, since we hold an exclusive lock which can block other processes.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Source Code

    Please use the singularity-ce-3.9.2.tar.gz download below to obtain and install SingularityCE 3.9.2. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Packages

    RPM / DEB packages are provided for:

    • Ubuntu 18.04 (bionic)
    • Ubuntu 20.04 (focal)
    • RHEL/CentOS 7 (el7)
    • RHEL/CentOS/Alma/Rocky 8 (el8)

    These packages were built with Go 1.17.5

    Source code(tar.gz)
    Source code(zip)
    sha256sums(509 bytes)
    singularity-ce-3.9.2-1.el7.x86_64.rpm(36.88 MB)
    singularity-ce-3.9.2-1.el8.x86_64.rpm(36.90 MB)
    singularity-ce-3.9.2.tar.gz(11.49 MB)
    singularity-ce_3.9.2-bionic_amd64.deb(25.90 MB)
    singularity-ce_3.9.2-focal_amd64.deb(25.88 MB)
  • v3.9.1(Nov 22, 2021)

    This is a security release for SingularityCE 3.9, addressing a security issue in SingularityCE's dependencies.

    Security Related Fixes

    • CVE-2021-41190 / GHSA-77vh-xpmg-72qh: OCI specifications allow ambiguous documents that contain both "manifests" and "layers" fields. Interpretation depends on the presence / value of a Content-Type header. SingularityCE dependencies handling the retrieval of OCI images have been updated to versions that reject ambiguous documents.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Source Code

    Please use the singularity-ce-3.9.1.tar.gz download below to obtain and install SingularityCE 3.9.0. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Packages

    :warning: These packages were built with a Go version (1.17.3) vulnerable to CVE-2021-44717. This is a Go issue, rather than a problem in the SingularityCE code. No direct exploit for SingularityCE has been identified at this time, however ForkExec calls are performed for multiple tasks, and users are encouraged to use updated packages.

    RPM / DEB packages are provided for:

    • Ubuntu 18.04 (bionic)
    • Ubuntu 20.04 (focal)
    • RHEL/CentOS 7 (el7)
    • RHEL/CentOS/Alma/Rocky 8 (el8)

    Note: the +6.g38b50cb version suffix is introduced by packaging automation added after the 3.9.1 release. There are no code/functionality changes vs the 3.9.1 source code.

    Source code(tar.gz)
    Source code(zip)
    sha256sums(559 bytes)
    singularity-ce-3.9.1+6.g38b50cb-1.el7.x86_64.rpm(36.89 MB)
    singularity-ce-3.9.1+6.g38b50cbc5-1.el8.x86_64.rpm(36.90 MB)
    singularity-ce-3.9.1.tar.gz(11.77 MB)
    singularity-ce_3.9.1+6-g38b50cbc5-bionic_amd64.deb(25.87 MB)
    singularity-ce_3.9.1+6-g38b50cbc5-focal_amd64.deb(25.88 MB)
  • v3.9.0(Nov 16, 2021)

    This is the first release of SingularityCE 3.9, the Community Edition of the Singularity container runtime hosted at https://github.com/sylabs/singularity.

    Changed defaults / behaviours

    • Building SingularityCE 3.9.0 requires go >=1.16. We now aim to support the two most recent stable versions of Go. This corresponds to the Go Release Maintenance Policy and Security Policy, ensuring critical bug fixes and security patches are available for all supported language versions.
    • LABELs from Docker/OCI images are now inherited. This fixes a longstanding regression from Singularity 2.x. Note that you will now need to use --force in a build to override a label that already exists in the source Docker/OCI container.
    • The source paths for %files lines in a definition file are no longer interpreted by a shell. This means that environment variable substitution is not performed. Previously, environment variables were substituted for source paths, but not destination paths, leading to unexpected copy behaviour. Globbing for source files will now follow the Go filepath.Match pattern syntax.
    • Removed --nonet flag, which was intended to disable networking for in-VM execution, but has no effect.
    • --nohttps flag has been deprecated in favour of --no-https. The old flag is still accepted, but will display a deprecation warning.
    • Paths for cryptsetup, go, ldconfig, mksquashfs, nvidia-container-cli, unsquashfs are now found at build time by mconfig and written into singularity.conf. The path to these executables can be overridden by changing the value in singularity.conf.
    • When calling ldconfig to find GPU libraries, singularity will not fall back to /sbin/ldconfig if the configured ldconfig errors. If installing in a Guix/Nix on environment on top of a standard host distribution you must set ldconfig path = /sbin/ldconfig to use the host distribution ldconfig to find GPU libraries.
    • --nv will not call nvidia-container-cli to find host libraries, unless the new experimental GPU setup flow that employs nvidia-container-cli for all GPU related operations is enabled (see below).
    • If a container is run with --nvcli and --contain, only GPU devices specified via the NVIDIA_VISIBLE_DEVICES environment variable will be exposed within the container. Use NVIDIA_VISIBLE_DEVICES=all to access all GPUs inside a container run with --nvccli.
    • Example log-plugin rewritten as a CLI callback that can log all commands executed, instead of only container execution, and has access to command arguments.
    • The bundled reference CNI plugins are updated to v1.0.1. The flannel plugin is no longer included, as it is maintained as a separate plugin at: https://github.com/flannel-io/cni-plugin. If you use the flannel CNI plugin you should install it from this repository.
    • Instances are no longer created with an IPC namespace by default. An IPC namespace can be specified with the -i|--ipc flag.
    • The behaviour of the allow container directives in singularity.conf has been modified, to support more intuitive limitations on the usage of SIF and non-SIF container images. If you use these directives, you may need to make changes to singularity.conf to preserve behaviour.
      • A new allow container sif directive permits or denies usage of unencrypted SIF images, irrespective of the filesystem(s) inside the SIF.
      • The allow container encrypted directive permits or denies usage of SIF images with an encrypted root filesystem.
      • The allow container squashfs/extfs directives in singularity.conf permit or deny usage of bare SquashFS and EXT image files only.
      • The effect of the allow container dir directive is unchanged.

    New features / functionalities

    • --writable-tmpfs can be used with singularity build to run the %test section of the build with a ephemeral tmpfs overlay, permitting tests that write to the container filesystem.
    • The --compat flag for actions is a new short-hand to enable a number of options that increase OCI/Docker compatibility. Infers --containall, --no-init, --no-umask, --writable-tmpfs. Does not use user, uts, or network namespaces as these may not be supported on many installations.
    • remote add --insecure may be used to configure endpoints that are only accessible via http.
    • The experimental --nvccli flag will use nvidia-container-cli to setup the container for Nvidia GPU operation. SingularityCE will not bind GPU libraries itself. Environment variables that are used with Nvidia's docker-nvidia runtime to configure GPU visibility / driver capabilities & requirements are parsed by the --nvccli flag from the environment of the calling user. By default, the compute and utility GPU capabilities are configured. The use nvidia-container-cli option in singularity.conf can be set to yes to always use nvidia-container-cli when supported. Note that in a setuid install, nvidia-container-cli will be run as root with required ambient capabilities. --nvccli is not currently supported in the hybrid fakeroot (setuid install + --fakeroot) workflow. Please see documentation for more details.
    • The --apply-cgroups flag can be used to apply cgroups resource and device restrictions on a system using the v2 unified cgroups hierarchy. The resource restrictions must still be specified in the v1 / OCI format, which will be translated into v2 cgroups resource restrictions, and eBPF device restrictions.
    • A new --mount flag and SINGULARITY_MOUNT environment variable can be used to specify bind mounts in type=bind,source=<src>,destination=<dst>[,options...] format. This improves CLI compatibility with other runtimes, and allows binding paths containing : and , characters (using CSV style escaping).
    • Perform concurrent multi-part downloads for library:// URIs. Uses 3 concurrent downloads by default, and is configurable in singularity.conf or via environment variables.

    Bug fixes

    • The oci commands will operate on systems that use the v2 unified cgroups hierarchy.
    • Ensure invalid values passed to config global --set cannot lead to an empty configuration file being written.
    • An invalid remote build source (bootstrap) will be identified before attempting to submit the build.
    • --no-https now applies to connections made to library services specified in library://<hostname>/... URIs.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Please use the singularity-ce-3.9.0.tar.gz download below to obtain and install SingularityCE 3.9.0. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Source code(tar.gz)
    Source code(zip)
    sha256sums(94 bytes)
    singularity-ce-3.9.0.tar.gz(11.73 MB)
  • v3.9.0-rc.3(Nov 5, 2021)

    This is the third release candidate for the upcoming SingularityCE 3.9.0. We'd be grateful for all testing, bug reports, and comments, as we look forward to a stable 3.9.0 release. Please carefully review the release notes below, and refer to the 'master branch (unreleased)' documentation at https://sylabs.io/docs/

    This is a release candidate for SingularityCE 3.9.0

    Changed defaults / behaviours

    • The behaviour of the allow container directives in singularity.conf has been modified, to support more intuitive limitations on the usage of SIF and non-SIF container images. If you use these directives, you may need to make changes to singularity.conf to preserve behaviour.
      • A new allow container sif directive permits or denies usage of unencrypted SIF images, irrespective of the filesystem(s) inside the SIF.
      • The allow container encrypted directive permits or denies usage of SIF images with an encrypted root filesystem.
      • The allow container squashfs/extfs directives in singularity.conf permit or deny usage of bare SquashFS and EXT image files only.
      • The effect of the allow container dir directive is unchanged.

    New features

    • Perform concurrent multi-part downloads for library:// URIs. Uses 3 concurrent downloads by default, and is configurable in singularity.conf or via environment variables.

    Bug fixes

    • Ensure invalid values passed to config global --set cannot lead to an empty configuration file being written.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Please use the singularity-ce-3.9.0-rc.3.tar.gz download below to obtain and install SingularityCE 3.9.0-rc.3. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Source code(tar.gz)
    Source code(zip)
    sha256sums(99 bytes)
    singularity-ce-3.9.0-rc.3.tar.gz(11.84 MB)
  • v3.9.0-rc.2(Oct 28, 2021)

    This is the second release candidate for the upcoming SingularityCE 3.9.0. We'd be grateful for all testing, bug reports, and comments, as we look forward to a stable 3.9.0 release. Please carefully review the release notes below, and refer to the 'master branch (unreleased)' documentation at https://sylabs.io/docs/

    Security related fixes

    • Due to trusting a path to an executable that was incorrectly generated in code that could be manipulated by an unprivileged user, privilege escalation was possible when using the new --nvccli GPU configuration option. This vulnerability affected the 3.9.0-rc.1 release candidate only. Stable releases of SingularityCE are not impacted.

      All users who have installed 3.9.0-rc.1 should update to 3.9.0-rc.2

      Thanks to @cclerget for reporting this issue.

    Changed defaults / behaviours

    • The location of the cryptsetup, ldconfig and nvidia-container-cli binaries are always taken from singularity.conf. No $PATH search is performed.

    Bug fixes

    • Ensure a build with --nvccli runs using nvidia-container-cli and not the legacy gpu support.
    • Advise on limitations and provide workaround for inability to run %test in --fakeroot --nvccli builds.

    Additionally, this RC includes fixes introduced in SingularityCE 3.8.4

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Please use the singularity-ce-3.9.0-rc.2.tar.gz download below to obtain and install SingularityCE 3.9.0-rc.2. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Source code(tar.gz)
    Source code(zip)
    sha256sums(99 bytes)
    singularity-ce-3.9.0-rc.2.tar.gz(8.51 MB)
  • v3.8.4(Oct 28, 2021)

    This is a bugfix release of SingularityCE, the Community Edition of the Singularity container runtime hosted at https://github.com/sylabs/singularity. Documentation is available at https://sylabs.io/docs/.

    Bug fixes

    • Update oras-go dependency to address push failures to some registry configurations.
    • Implement context cancellation when a signal is received in several CLI commands.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Please use the singularity-ce-3.8.4.tar.gz download below to obtain and install SingularityCE 3.8.4. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Source code(tar.gz)
    Source code(zip)
    sha256sums(94 bytes)
    singularity-ce-3.8.4.tar.gz(7.98 MB)
  • v3.9.0-rc.1(Oct 14, 2021)

    This is the first release candidate for the upcoming SingularityCE 3.9.0. We'd be grateful all testing, bug reports, and comments, as we look forward to a stable 3.9.0 release.

    Various behavior changes and new features have been introduced. Please carefully review the release notes below, and refer to the 'master branch (unreleased)' documentation at https://sylabs.io/docs/

    Changed defaults / behaviours

    • Building SingularityCE 3.9.0 requires go >=1.16. We now aim to support the two most recent stable versions of Go. This corresponds to the Go Release Maintenance Policy and Security Policy, ensuring critical bug fixes and security patches are available for all supported language versions.
    • LABELs from Docker/OCI images are now inherited. This fixes a longstanding regression from Singularity 2.x. Note that you will now need to use --force in a build to override a label that already exists in the source Docker/OCI container.
    • The source paths for %files lines in a definition file are no longer interpreted by a shell. This means that environment variable substitution is not performed. Previously, environment variables were substituted for source paths, but not destination paths, leading to unexpected copy behaviour. Globbing for source files will now follow the Go filepath.Match pattern syntax.
    • Removed --nonet flag, which was intended to disable networking for in-VM execution, but has no effect.
    • --nohttps flag has been deprecated in favour of --no-https. The old flag is still accepted, but will display a deprecation warning.
    • Paths for cryptsetup, go, ldconfig, mksquashfs, nvidia-container-cli, unsquashfs are now found at build time by mconfig and written into singularity.conf. The path to these executables can be overridden by changing the value in singularity.conf. If the path is not set in singularity.conf then the the executable will be found by searching $PATH.
    • When calling ldconfig to find GPU libraries, singularity will not fall back to /sbin/ldconfig if the ldconfig on $PATH errors. If installing in a Guix/Nix on environment on top of a standard host distribution you must set ldconfig path = /sbin/ldconfig to use the host distribution ldconfig to find GPU libraries.
    • --nv will not call nvidia-container-cli to find host libraries, unless the new experimental GPU setup flow that employs nvidia-container-cli for all GPU related operations is enabled (see below).
    • If a container is run with --nvcli and --contain, only GPU devices specified via the NVIDIA_VISIBLE_DEVICES environment variable will be exposed within the container. Use NVIDIA_VISIBLE_DEVICES=all to access all GPUs inside a container run with --nvccli.
    • Example log-plugin rewritten as a CLI callback that can log all commands executed, instead of only container execution, and has access to command arguments.
    • An invalid remote build source (bootstrap) will be identified before attempting to submit the build.
    • The bundled reference CNI plugins are updated to v1.0.1. The flannel plugin is no longer included, as it is maintained as a separate plugin at: https://github.com/flannel-io/cni-plugin. If you use the flannel CNI plugin you should install it from this repository.
    • Instances are no longer created with an IPC namespace by default. An IPC namespace can be specified with the -i|--ipc flag.

    New features / functionalities

    • --writable-tmpfs can be used with singularity build to run the %test section of the build with a ephemeral tmpfs overlay, permitting tests that write to the container filesystem.
    • --compat flag for actions is a new short-hand to enable a number of options that increase OCI/Docker compatibility. Infers --containall, --no-init, --no-umask, --writable-tmpfs. Does not use user, uts, or network namespaces as these may not be supported on many installations.
    • --no-https now applies to connections made to library services specified in --library://<hostname>/... URIs.
    • remote add --insecure may be used to configure endpoints that are only accessible via http.
    • The experimental --nvccli flag will use nvidia-container-cli to setup the container for Nvidia GPU operation. SingularityCE will not bind GPU libraries itself. Environment variables that are used with Nvidia's docker-nvidia runtime to configure GPU visibility / driver capabilities & requirements are parsed by the --nvccli flag from the environment of the calling user. By default, the compute and utility GPU capabilities are configured. The use nvidia-container-cli option in singularity.conf can be set to yes to always use nvidia-container-cli when supported. Note that in a setuid install, nvidia-container-cli will be run as root with required ambient capabilities. --nvccli is not currently supported in the hybrid fakeroot (setuid install + --fakeroot) workflow. Please see documentation for more details.
    • The --apply-cgroups flag can be used to apply cgroups resource and device restrictions on a system using the v2 unified cgroups hierarchy. The resource restrictions must still be specified in the v1 / OCI format, which will be translated into v2 cgroups resource restrictions, and eBPF device restrictions.
    • A new --mount flag and SINGULARITY_MOUNT environment variable can be used to specify bind mounts in type=bind,source=<src>,destination=<dst>[,options...] format. This improves CLI compatibility with other runtimes, and allows binding paths containing : and , characters (using CSV style escaping).

    Bug fixes

    • The oci commands will operate on systems that use the v2 unified cgroups hierarchy.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Please use the singularity-ce-3.9.0-rc.1.tar.gz download below to obtain and install SingularityCE 3.9.0-rc.1. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Source code(tar.gz)
    Source code(zip)
    sha256sums(99 bytes)
    singularity-ce-3.9.0-rc.1.tar.gz(8.50 MB)
  • v3.8.3(Sep 1, 2021)

    This is a bugfix release of SingularityCE, the Community Edition of the Singularity container runtime hosted at https://github.com/sylabs/singularity. Documentation is available at https://sylabs.io/docs/.

    Bug fixes

    • Fix regression when files sourced from %environment contain \ escaped shell builtins (fixes issue with source of conda profile.d script).

    Additional changes include dependency updates for the SIF module (to v2.0.0), and migration to maintained versions of other modules. There is no change to functionality, on-disk SIF format etc.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Please use the singularity-ce-3.8.3.tar.gz download below to obtain and install SingularityCE 3.8.3. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Source code(tar.gz)
    Source code(zip)
    sha256sums(94 bytes)
    singularity-ce-3.8.3.tar.gz(8.01 MB)
  • v3.8.2(Aug 19, 2021)

    This is a bugfix release of SingularityCE, the Community Edition of the Singularity container runtime hosted at https://github.com/sylabs/singularity. Documentation is available at https://sylabs.io/docs/.

    Bug Fixes

    • singularity delete will use the correct library service when the hostname is specified in the library:// URI.
    • singularity build will use the correct library service when the hostname is specified in the library:// URI / definition file.
    • Fix download of default pacman.conf in arch bootstrap.
    • Call debootstrap with correct Debian arch when it is not identical to the value of runtime.GOARCH. E.g. ppc64el -> ppc64le.
    • When destination is ommitted in %files entry in definition file, ensure globbed files are copied to correct resolved path.
    • Return an error if --tokenfile used for remote login to an OCI registry, as this is not supported.
    • Ensure repeated remote login to same URI does not create duplicate entries in ~/.singularity/remote.yaml.
    • Avoid panic when mountinfo line has a blank field.
    • Properly escape single quotes in Docker CMD / ENTRYPOINT translation.
    • Use host uid when choosing unsquashfs flags, to avoid selinux xattr errors with --fakeroot on non-EL/Fedora distributions with recent squashfs-tools.

    Additionally, dependencies have been updated and some testing changes have been applied.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Please use the singularity-ce-3.8.2.tar.gz download below to obtain and install SingularityCE 3.8.2. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Source code(tar.gz)
    Source code(zip)
    sha256sums(94 bytes)
    singularity-ce-3.8.2.tar.gz(7.64 MB)
  • v3.8.1(Jul 20, 2021)

    This is a patch release of SingularityCE, the Community Edition of the Singularity container runtime hosted at https://github.com/sylabs/singularity. Documentation is available at https://sylabs.io/docs/.

    Bug Fixes

    • Allow escaped \$ in a SINGULARITYENV_ var to set a literal $ in a container env var.
    • Handle absolute symlinks correctly in multi-stage build %copy from blocks.
    • Fix incorrect reference in sandbox restrictive permissions warning.

    Additionally, dependencies have been updated and some testing & markdown file changes have been applied.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Please use the singularity-ce-3.8.1.tar.gz download below to obtain and install SingularityCE 3.8.1. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Source code(tar.gz)
    Source code(zip)
    sha256sums(94 bytes)
    singularity-ce-3.8.1.tar.gz(7.59 MB)
  • v3.8.0(May 26, 2021)

    This is the first release of SingularityCE 3.8.0, the Community Edition of the Singularity container runtime hosted at https://github.com/sylabs/singularity. Documentation is available at https://sylabs.io/docs/

    Changed defaults / behaviours

    • The package name for this release is now singularity-ce. This name is used for the source tarball, output of an rpmbuild, and displayed in --version information.
    • The name of the top level directory in the source tarball from make dist now includes the version string.

    New features / functionalities

    • A new overlay command allows creation and addition of writable overlays.
    • Administrators can allow named users/groups to use specific CNI network configurations. Managed by directives in singularity.conf.
    • The build command now honors --nv, --rocm, and --bind flags, permitting builds that require GPU access or files bound in from the host.
    • A library service hostname can be specified as the first component of a library:// URL.
    • Singularity is now relocatable for unprivileged installations only.

    Bug Fixes

    • Respect http proxy server environment variables in key operations.
    • When pushing SIF images to oras:// endpoints, work around Harbor & GitLab failure to accept the SifConfigMediaType.
    • Avoid a setfsuid compilation warning on some gcc versions.
    • Fix a crash when silent/quiet log levels used on pulls from shub:// and http(s):// URIs.
    • Wait for dm device to appear when mounting an encrypted container rootfs.

    Testing / Development

    Testing changes are not generally itemized. However, developers and contributors should note that this release has modified the behavior of make test for ease of use:

    • make test runs limited unit and integration tests that will not require docker hub credentials.
    • make testall runs the full unit/integration/e2e test suite that requires docker credentials to be set with E2E_DOCKER_USERNAME and E2E_DOCKER_PASSWORD environment variables.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Please use the singularity-ce-3.8.0.tar.gz download below to obtain and install SingularityCE 3.8.0. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Source code(tar.gz)
    Source code(zip)
    sha256sums(94 bytes)
    singularity-ce-3.8.0.tar.gz(7.58 MB)
  • v3.7.4(May 26, 2021)

    Singularity 3.7.4 is the most recent stable release of Singularity prior to Sylabs' fork from github.com/hpcng/singularity which will take effect from the SingularityCE 3.8.0 onward.

    This is a security release that has been coordinated with HPCng. We recommend all users upgrade to this version.

    The downloads provided here are identical to those provided at https://github.com/hpcng/singularity/releases/tag/v3.7.4

    This release is provided for convenience to users arriving from outdated links. Future releases posted here will be made from the code-base of this Sylabs fork.


    Security Related Fixes

    CVE-2021-32635: Due to incorrect use of a default URL, singularity action commands (run/shell/exec) specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint (cloud.sylabs.io) rather than the configured remote endpoint. An attacker may be able to push a malicious container to the default remote endpoint with a URI that is identical to the URI used by a victim with a non-default remote endpoint, thus executing the malicious container.

    Please see the published security advisory at github.com/sylabs/singularity/security/advisories for further detail.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Please use the singularity-3.7.4.tar.gz download below to obtain and install Singularity 3.7.4. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Source code(tar.gz)
    Source code(zip)
    sha256sums(91 bytes)
    singularity-3.7.4.tar.gz(6.14 MB)
  • v3.8.0-rc.2(May 18, 2021)

  • v3.8.0-rc.1(May 18, 2021)

  • v3.7.3(May 10, 2021)

    Singularity 3.7.3 is the previous stable release of Singularity prior to Sylabs' fork from github.com/hpcng/singularity

    The downloads provided here are identical to those provided at https://github.com/hpcng/singularity/releases/tag/v3.7.3

    This release is provided for convenience to users arriving from outdated links. Future releases posted here will be made from the code-base of this Sylabs fork.


    Singularity 3.7.3 is a security release. We recommend all users upgrade to this version.

    Security Related Fixes

    CVE-2021-29136: A dependency used by Singularity to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." (or "/"), when running as root. This vulnerability affects a singularity build or singularity pull as root, from a docker or OCI source, as well as the implicit build to SIF that occurs through root use of run/exec/shell against a malicious docker/OCI image URI.

    Thanks / Reporting Bugs

    Thanks to our contributors for code, feedback and, testing efforts!

    As always, please report any bugs to: https://github.com/hpcng/singularity/issues/new

    If you think that you've discovered a security vulnerability please report it to: [email protected]

    Have fun!

    Downloads

    Please use the singularity-3.7.3.tar.gz download below to obtain and install Singularity 3.7.3. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

    Source code(tar.gz)
    Source code(zip)
    sha256sums(91 bytes)
    singularity-3.7.3.tar.gz(6.14 MB)
Owner
Sylabs Inc.
Singularity containers and tools to empower secure, portable compute
Sylabs Inc.
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Minify and Secure Docker containers (free and open source!) Don't change anything in your Docker container image and minify it by up to 30x making it

docker-slim 14.7k Aug 8, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Jul 31, 2022
mesh-kridik is an open-source security scanner that performs various security checks on a Kubernetes cluster with istio service mesh and is leveraged by OPA (Open Policy Agent) to enforce security rules.

mesh-kridik Enhance your Kubernetes service mesh security !! mesh-kridik is an open-source security scanner that performs various security checks on a

chenk 22 Jul 22, 2022
go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data.

go-opa-validate go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data. Installation Usage Cont

chenk 5 Feb 5, 2022
An open source platform for inter-operable smart contracts which automatically execute

CHT ❗️ For issue disclosure, check out SECURITY.md ❗️ Juno is an open source platform for inter-operable smart contracts which automatically execute,

null 0 May 19, 2022
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple to

ProjectDiscovery 2.4k Aug 4, 2022
XXTEA is a fast and secure encryption algorithm.

XXTEA Golang Introduction xxtea is a fast and secure encryption algorithm. This project is the Golang implementation of the xxtea encryption algorithm

yanheng 2 Aug 3, 2022
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

age age is a simple, modern and secure file encryption tool, format, and library. It features small explicit keys, no config options, and UNIX-style c

Filippo Valsorda 11.1k Aug 11, 2022
Open Source Web Application Firewall

DEPRECATED This repository started as a good idea but I didn't have enough time or desire to work on it. So, it's left here for historical / education

Ahmet Salih 182 Aug 4, 2022
crowdsec 5.4k Aug 9, 2022
A Go Module to interact with Passbolt, a Open source Password Manager for Teams

go-passbolt A Go Module to interact with Passbolt, a Open source Password Manager for Teams This Module tries to Support the Latest Passbolt Community

Samuel Lorch 10 May 13, 2022
BluePhish: Open-Source Phishing Toolkit (Direct Fork of GoPhish)

BluePhish BluePhish: Open-Source Phishing Toolkit (Direct Fork of GoPhish) Gophish is an open-source phishing toolkit designed for businesses and pene

BlueStone AG 4 Jun 1, 2022
Gitrob: Putting the Open Source in OSINT

Gitrob: Putting the Open Source in OSINT Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github. Gitrob wil

Michael Henriksen 5.4k Aug 9, 2022
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

SourcePoint SourcePoint is a polymorphic C2 profile generator for Cobalt Strike C2s, written in Go. SourcePoint allows unique C2 profiles to be genera

Tylous 638 Jul 31, 2022
Serpscan is a powerfull php script designed to allow you to leverage the power of dorking straight from the comfort of your command line.

SerpScan Serpscan is a powerful PHP tool designed to allow you to leverage the power of dorking straight from the comfort of your command line. Table

Alaa Abdulridha 50 Jul 9, 2022
Simple container orchestration

Metis Super simple orchestration for stateless HTTP containers. This is a personal project I developed in an attempt to understand how a container orc

Oisín Aylward 2 Dec 3, 2021
coyim - a safe and secure chat client

CoyIM - a safe and secure chat client CoyIM is a new client for the XMPP protocol. It is built upon https://github.com/agl/xmpp-client and https://git

CoyIM messenger client 561 Aug 7, 2022