Skip to content

SingularityCE 4.5.0

Latest
Latest

Choose a tag to compare

View all tags
@dtrudg dtrudg released this 25 Jun 10:59
· 2 commits to main since this release
Immutable release. Only release title and notes can be modified.
v4.5.0
4824860
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

SingularityCE 4.5.0 contains mostly internal code changes and defense-in-depth hardening. The majority of the changes made since release 4.4.2 do not alter behaviour, with the exception of specific points highlighted below.

Like many other open source projects, SingularityCE is increasingly the target of LLM driven analysis. The changes in 4.5.0 aim to minimise false positives, reduce maintainer burden, and provide defense-in-depth in areas where it is appropriate.

If you are a security researcher working on SingularityCE, please see the new AGENTS.md and SECURITY.md content.

If you are a developer, intending to contribute to SingularityCE, please review the LLM policy in CONTRIBUTING.md.

Behaviour Changes

  • In setuid mode, root-ownership checks on singularity.conf and the capabilities / ecl configuration now assert that these files are not writable except by the root owner. Management of these files by an administrator group is no longer possible. The files cannot be relocated by symlink.
  • External helper binaries executed with elevated privileges must also be root-owned, regular executable files that are not writable by group or others.
  • The majority of files that may be created by SingularityCE (e.g. remote configuration, pulled images), can no longer be created through a dangling symlink.
  • If ecl.toml is missing, SIF execution is rejected rather than assuming an inactive ECL configuration. The default install ships an activated = false template, so standard installations are unaffected; sites with custom or partial installs must ensure ecl.toml is present and valid.

Developer / API

  • The following have been removed:
    • UpdateDefinitionRaw() from pkg/build/types.
    • OptSysCtx() from pkg/ocibundle/native/bundle_linux.go
    • CreateLoop() from pkg/ocibundle/tools/loop.go
    • pkg/util/copy
    • pkg/util/sysctl
    • pkg/util/unix
  • The pkg/build/types and pkg/build/types/parser packages can now be used in programs built without cgo. An os.user fallback for i/p/util/user lookups is used when CGO is not available.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Source Code

Please use the singularity-ce-4.5.0.tar.gz download below to obtain and install SingularityCE 4.5.0. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Packages

RPM / DEB packages are provided for:

  • Ubuntu 22.04 (jammy)
  • Ubuntu 24.04 (noble)
  • RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
  • RHEL/CentOS/AlmaLinux/Rocky 9 (el9)
  • RHEL/CentOS/AlmaLinux/Rocky 10 (el10)

These packages were built with Go 1.26.4

Upload-time immutable digests are now provided for release downloads by GitHub. A separate sha256sums file will no longer be provided.

Assets 9
Loading
0 Join discussion