<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
    <channel>
        <title>singularityware.github.io</title>
        <description>Singularity allows a non-privileged user to 'swap out' the operating system on the host for one they control. So if the host system is running RHEL6 but your application runs in Ubuntu, you can create an Ubuntu image, install your applications into that image, copy the image to another host, and run your application on that host in it's native Ubuntu environment! Singularity also allows you to leverage the resources of whatever host you are on. This includes HPC interconnects, resource managers, file systems, GPUs and/or accelerators, etc.</description>
        <link>http://singularityware.github.io/</link>
        <atom:link href="http://singularityware.github.io/feed.xml" rel="self" type="application/rss+xml"/>
        <pubDate>Tue, 15 Feb 2022 17:17:19 +0000</pubDate>
        <lastBuildDate>Tue, 15 Feb 2022 17:17:19 +0000</lastBuildDate>
        <generator>Jekyll v3.9.0</generator>
        
        <item>
            <title>Singularity 2.5.2 Release</title>
            <description>&lt;p&gt;This release contains fixes for a &lt;em&gt;high severity&lt;/em&gt; security issue affecting Singularity 2.3.0 through 2.5.1 on kernels that support overlay file systems (CVE-2018-12021). A malicious user with network access to the host system (e.g. ssh) could exploit this vulnerability to access sensitive information on disk and bypass directory image restrictions like those preventing the root file system from being mounted into the container.&lt;/p&gt;

&lt;p&gt;Singularity 2.5.2 should be installed immediately, and all previous versions of Singularity should be removed. The vulnerability addressed in this release affects kernels that support overlayfs. If you are unable to upgrade immediately, you should set &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;enable overlay = no&lt;/code&gt; in &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;singularity.conf&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;In addition, this release contains a large number of bug fixes.  Details follow:&lt;/p&gt;

&lt;h2 id=&quot;security-related-fixes&quot;&gt;&lt;a href=&quot;https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12021&quot;&gt;Security related fixes&lt;/a&gt;&lt;/h2&gt;
&lt;ul&gt;
  &lt;li&gt;Removed the option to use overlay images with &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;singularity mount&lt;/code&gt;.  This
flaw could allow a malicious user accessing the host system to access
sensitive information when coupled with persistent ext3 overlay.&lt;/li&gt;
  &lt;li&gt;Fixed a race condition that might allow a malicious user to bypass directory
image restrictions, like mounting the host root filesystem as a container
image&lt;/li&gt;
&lt;/ul&gt;

&lt;h2 id=&quot;bug-fixes&quot;&gt;Bug fixes&lt;/h2&gt;
&lt;ul&gt;
  &lt;li&gt;Fix an error in malloc allocation #1620&lt;/li&gt;
  &lt;li&gt;Honor debug flag when pulling from docker hub #1556&lt;/li&gt;
  &lt;li&gt;Fix a bug with passwd abort #1580&lt;/li&gt;
  &lt;li&gt;Allow user to override singularity.conf “mount home = no” with –home option
#1496&lt;/li&gt;
  &lt;li&gt;Improve debugging output #1535&lt;/li&gt;
  &lt;li&gt;Fix some bugs in bind mounting #1525&lt;/li&gt;
  &lt;li&gt;Define PR_(S|G)ET_NO_NEW_PRIVS in user space so that these features will
work with kernels that implement them (like Cray systems) #1506&lt;/li&gt;
  &lt;li&gt;Create /dev/fd and standard streams symlinks in /dev when using minimal dev
mount or when specifying -c/-C/–contain option #1420&lt;/li&gt;
  &lt;li&gt;Fixed * expansion during app runscript creation #1486&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;For the full release announcement and downloads, please see &lt;a target=&quot;_blank&quot; href=&quot;https://github.com/singularityware/singularity/releases/tag/2.5.2&quot;&gt;the release on GitHub&lt;/a&gt;.&lt;/p&gt;
</description>
            <pubDate>Tue, 03 Jul 2018 00:00:00 +0000</pubDate>
            <link>http://singularityware.github.io/release-2-5-2</link>
            <guid isPermaLink="true">http://singularityware.github.io/release-2-5-2</guid>
            
            
        </item>
        
        <item>
            <title>Singularity 2.5.1 Release</title>
            <description>&lt;p&gt;This is a bug fix point release to the 2.5 feature branch.&lt;/p&gt;

&lt;h2 id=&quot;bug-fixes&quot;&gt;Bug fixes&lt;/h2&gt;
&lt;ul&gt;
  &lt;li&gt;Corrected a permissions error when attempting to run Singularity from a
directory on NFS with root_squash enabled&lt;/li&gt;
  &lt;li&gt;Fixed a bug that closed a socket early, preventing correct container
execution on hosts using identity services like SSSD&lt;/li&gt;
  &lt;li&gt;Fixed a regression that broke the debootstrap agent&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;And as always, report any bugs to:
&lt;a href=&quot;https://github.com/singularityware/singularity/issues/new&quot;&gt;https://github.com/singularityware/singularity/issues/new&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;For the full release announcement and downloads, please see &lt;a target=&quot;_blank&quot; href=&quot;https://github.com/singularityware/singularity/releases/tag/2.5.1&quot;&gt;the release on GitHub&lt;/a&gt;.&lt;/p&gt;
</description>
            <pubDate>Thu, 03 May 2018 00:00:00 +0000</pubDate>
            <link>http://singularityware.github.io/release-2-5-1</link>
            <guid isPermaLink="true">http://singularityware.github.io/release-2-5-1</guid>
            
            
        </item>
        
        <item>
            <title>Singularity 2.5.0 Release</title>
            <description>&lt;p&gt;This release includes fixes for several high and medium severity security issues. It also contains a whole slew of bug fixes including the much awaited docker aufs whiteout file fix. It’s a new release instead of a point release because it adds a new dependency to handle this bug, includes some new (albeit minor) feature enhancements, and changes the behavior of a few environment variables (see below).&lt;/p&gt;

&lt;p&gt;Singularity 2.5 should be installed immediately and all previous versions of Singularity should be removed. Many of the vulnerabilities fixed in this release are expected to affect all Linux distributions regardless of whether they implement overlayfs. There are no mitigations or workarounds for these issues outside of updating Singularity.&lt;/p&gt;

&lt;p&gt;Additionally, Singularity 2.5 drops support for hosts that do not support the prctl() function PR_SET_NO_NEW_PRIVS. The PR_SET_NO_NEW_PRIVS feature was added to prctl() in the Linux 3.5 kernel. Various distributions have since backported this feature to currently maintained kernels (for example, Red Hat added this feature to RHEL 6.7 with the 2.6.32-504.16.2 kernel). Kernels that do not have this feature are inherently insecure in many ways. They do not implement container runtimes securely. Blocks have therefore been put in place to prevent Singularity 2.5 from building or running on vulnerable kernels.&lt;/p&gt;

&lt;h2 id=&quot;security-related-fixes&quot;&gt;Security related fixes&lt;/h2&gt;
&lt;p&gt;Patches are provided to prevent a malicious user with the ability to log in to
the host system and use the Singularity container runtime from carrying out any
of the following actions:&lt;/p&gt;

&lt;ul&gt;
  &lt;li&gt;Create world writable files in root-owned directories on the host system by
manipulating symbolic links and bind mounts&lt;/li&gt;
  &lt;li&gt;Create folders outside of the container by manipulating symbolic links in
conjunction with the –nv option or by bypassing check_mounted function
with relative symlinks&lt;/li&gt;
  &lt;li&gt;Bypass the enable overlay = no option in the singularity.conf
configuration file by setting an environment variable&lt;/li&gt;
  &lt;li&gt;Exploit buffer overflows in src/util/daemon.c and/or
src/lib/image/ext3/init.c (reported by Erik Sjölund (DBB, Stockholm
University, Sweden))&lt;/li&gt;
  &lt;li&gt;Forge of the pid_path to join any Singularity namespace (reported by Erik
Sjölund (DBB, Stockholm University, Sweden))&lt;/li&gt;
&lt;/ul&gt;

&lt;h2 id=&quot;implemented-enhancements&quot;&gt;Implemented enhancements&lt;/h2&gt;
&lt;ul&gt;
  &lt;li&gt;Restore docker-extract aufs whiteout handling that implements correct
extraction of docker container layers. This adds libarchive-devel as a
build time dep. At runtime libarchive is needed for whiteout handling. If
libarchive is not available at runtime will fall back to previous
extraction method.&lt;/li&gt;
  &lt;li&gt;Changed behavior of SINGULARITYENV_PATH to overwrite container PATH and
added SINGULARITYENV_PREPEND_PATH and SINGULARITYENV_APPEND_PATH for users
wanting to prepend or append to the container PATH at runtime&lt;/li&gt;
&lt;/ul&gt;

&lt;h2 id=&quot;bug-fixes&quot;&gt;Bug fixes&lt;/h2&gt;
&lt;ul&gt;
  &lt;li&gt;Support pulls from the NVIDIA cloud docker registry (fix by Justin Riley,
Harvard)&lt;/li&gt;
  &lt;li&gt;Close socket file descriptors in fd_cleanup&lt;/li&gt;
  &lt;li&gt;Fix conflict between –nv and –contain options&lt;/li&gt;
  &lt;li&gt;Throw errors at build and runtime if NO_NEW_PRIVS is not present and working&lt;/li&gt;
  &lt;li&gt;Reset umask to 0022 at start to correct several errors&lt;/li&gt;
  &lt;li&gt;Verify docker layers after download with sha256 checksum&lt;/li&gt;
  &lt;li&gt;Do not make excessive requests for auth tokens to docker registries&lt;/li&gt;
  &lt;li&gt;Fixed stripping whitespaces and empty new lines for the app commands (fix by
Rafal Gumienny, Biozentrum, Basel)&lt;/li&gt;
  &lt;li&gt;Improved the way that working directory is mounted
Fixed an out of bounds array in src/lib/image/ext3/init.c&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;And as always, report any bugs to:
&lt;a href=&quot;https://github.com/singularityware/singularity/issues/new&quot;&gt;https://github.com/singularityware/singularity/issues/new&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;For the full release announcement and downloads, please see &lt;a target=&quot;_blank&quot; href=&quot;https://github.com/singularityware/singularity/releases/tag/2.5.0&quot;&gt;the release on GitHub&lt;/a&gt;.&lt;/p&gt;
</description>
            <pubDate>Fri, 27 Apr 2018 00:00:00 +0000</pubDate>
            <link>http://singularityware.github.io/release-2-5-0</link>
            <guid isPermaLink="true">http://singularityware.github.io/release-2-5-0</guid>
            
            
        </item>
        
        <item>
            <title>Singularity 2.4.6 Release</title>
            <description>&lt;p&gt;This release addresses a high severity security issue with bind mounts on hosts using overlayfs. This fixes a vulnerability that could allow a malicious user to create files and directories outside of a Singularity container. Special thanks to Lars Viklund (HPC2N, Umeå University, Sweden) for identifying and helping test fixes for this bug.&lt;/p&gt;

&lt;p&gt;But fixes include:&lt;/p&gt;

&lt;ul&gt;
  &lt;li&gt;Fix for check_mounted() to check parent directories #1436&lt;/li&gt;
  &lt;li&gt;Free strdupped temporary variable in joinpath #1438
Please note that this release is being made with minimal community testing to allow administrators to expedite the patch process. Without full community testing, this release may not be completely stable. It’s up to administrators to decide if they value stability or security when choosing whether to install 2.4.6.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;And as always, report any bugs to:
&lt;a href=&quot;https://github.com/singularityware/singularity/issues/new&quot;&gt;https://github.com/singularityware/singularity/issues/new&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;For the full release announcement and downloads, please see &lt;a target=&quot;_blank&quot; href=&quot;https://github.com/singularityware/singularity/releases/tag/2.4.6&quot;&gt;the release on GitHub&lt;/a&gt;.&lt;/p&gt;
</description>
            <pubDate>Fri, 06 Apr 2018 00:00:00 +0000</pubDate>
            <link>http://singularityware.github.io/release-2-4-6</link>
            <guid isPermaLink="true">http://singularityware.github.io/release-2-4-6</guid>
            
            
        </item>
        
        <item>
            <title>Singularity 2.4.5 Release</title>
            <description>&lt;p&gt;This is a security-related point release, bringing the following fix thanks to Justin Riley (&lt;a href=&quot;https://github.com/jtriley&quot; target=&quot;_blank&quot;&gt;@jtriley&lt;/a&gt;):&lt;/p&gt;

&lt;p&gt;PR&lt;a class=&quot;no-after&quot; target=&quot;_blank&quot; href=&quot;https://github.com/singularityware/singularity/pull/1387&quot;&gt;1387&lt;/a&gt;/&lt;a target=&quot;_blank&quot; class=&quot;no-after&quot; href=&quot;https://github.com/singularityware/singularity/pull/1397&quot;&gt;1397&lt;/a&gt; - python: strip “Authorization” header on (urllib) redirects to different domains&lt;/p&gt;

&lt;p&gt;The security fix prevents Singularity from leaking credentials if:&lt;/p&gt;
&lt;ul&gt;
  &lt;li&gt;You are logging in to a Docker registry with credentials&lt;/li&gt;
  &lt;li&gt;The registry redirects you to a 3rd party host (e.g. S3 for download of layers)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The fix ensures that in this situation the HTTP “Authorization” header is stripped from the redirected request, to prevent leaking of registry credentials to the 3rd party.&lt;/p&gt;

&lt;p&gt;For the full release announcement and downloads, please see &lt;a target=&quot;_blank&quot; href=&quot;https://github.com/singularityware/singularity/releases/tag/2.4.5&quot;&gt;the release on GitHub&lt;/a&gt;.&lt;/p&gt;
</description>
            <pubDate>Mon, 19 Mar 2018 00:00:00 +0000</pubDate>
            <link>http://singularityware.github.io/release-2-4-5</link>
            <guid isPermaLink="true">http://singularityware.github.io/release-2-4-5</guid>
            
            
        </item>
        
        <item>
            <title>Singularity 2.4.2 Release</title>
            <description>&lt;p&gt;Singularity 2.4.2 is released with minor bug fixes to the original 2.4. Important notes include the following:&lt;/p&gt;

&lt;ul&gt;
  &lt;li&gt;We fixed an issue for support of older distributions and kernels with regards to the &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;setns()&lt;/code&gt; function.&lt;/li&gt;
  &lt;li&gt;Also fixed autofs bug path (lost during merge)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;For the full release announcement and downloads, please see &lt;a target=&quot;_blank&quot; href=&quot;https://github.com/singularityware/singularity/releases/tag/2.4.2&quot;&gt;the release on GitHub&lt;/a&gt;.&lt;/p&gt;
</description>
            <pubDate>Tue, 05 Dec 2017 00:00:00 +0000</pubDate>
            <link>http://singularityware.github.io/release-2-4-2</link>
            <guid isPermaLink="true">http://singularityware.github.io/release-2-4-2</guid>
            
            
        </item>
        
        <item>
            <title>Singularity 2.4 Release</title>
            <description>&lt;p&gt;Singularity 2.4 is released, and here are the important notes for you to know about!&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/posts/releases/singularity-egg-easy.png&quot; /&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Singularity Build&lt;/strong&gt;
Building an image is now more intuitive with the introduction of our &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;build&lt;/code&gt; command. You don’t need to worry about using &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;create&lt;/code&gt;, or &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;bootstrap&lt;/code&gt;, you just build. It looks like this:&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;sudo singularity build container.simg Singularity
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;If you are tired of needing to estimate your image size, that issue goes away with build. The default format for a Singularity image base is now a smaller, compressed file format called &lt;strong&gt;SquashFS&lt;/strong&gt;.  This format is also a much better fit for reproducible containers, as it is immutable. For more details, see our &lt;a href=&quot;/docs-build-container&quot;&gt;build&lt;/a&gt; documentation.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Build Bases&lt;/strong&gt;
We originally supported just using an existing distribution package or docker as a base for building images. With 2.4, we have extended that set to include another Singularity image (&lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;localimage&lt;/code&gt;), or a Singularity Hub or Registry image (&lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;shub&lt;/code&gt;).&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Instance Support&lt;/strong&gt;
Singularity now has support for instances, which means services! Images instances can be started, stopped, and listed. Along with instances comes &lt;strong&gt;Network Namespace Isolation&lt;/strong&gt;. We are excited to see the kinds of use cases that this will afford for our users.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Singularity Registry&lt;/strong&gt;
If you want to host your own Registry, we listened and you are in luck! Singularity &lt;a href=&quot;https://www.github.com/singularityhub/sregistry&quot;&gt;Registry&lt;/a&gt; is ready for your use, along with a &lt;a href=&quot;https://singularityhub.github.io/containers&quot;&gt;portal&lt;/a&gt; for you to “register your registry” to make it easier to share your images. Singularity Hub, along with improved building and updated builders, will follow this release.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Internal Modularity&lt;/strong&gt;
This release includes support for the &lt;a href=&quot;/docs-apps&quot;&gt;Standard Container Integration Format (SCI-F)&lt;/a&gt; that makes it easy for you to produce single, internally modular and programmatically discoverable containers. More information is provided on it’s &lt;a href=&quot;https://containers-ftw.github.io/SCI-F/&quot;&gt;main site&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Better Documentation&lt;/strong&gt;
We’ve added an entire page on the different customizations you can do to the &lt;a href=&quot;/build-environment&quot;&gt;build environment&lt;/a&gt;, including changing the cache and specifying credentials for Docker. We now also have new sidebars for the Image and Instances command groups.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Deprecated&lt;/strong&gt;
We are deprecating the original &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;create&lt;/code&gt; command to be replaced with &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;image.create&lt;/code&gt;, along with &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;bootstrap&lt;/code&gt; in favor with build. These commands will still work for 2.4, however we recommend you start testing the updated ones.&lt;/p&gt;

&lt;p&gt;In addition, here are some tiny changes for your information!&lt;/p&gt;

&lt;ul&gt;
  &lt;li&gt;Persistent Overlay&lt;/li&gt;
  &lt;li&gt;Container checks&lt;/li&gt;
  &lt;li&gt;Tests for instance support&lt;/li&gt;
  &lt;li&gt;Wrapper for create&lt;/li&gt;
  &lt;li&gt;Group instance commands&lt;/li&gt;
  &lt;li&gt;Group image commands&lt;/li&gt;
  &lt;li&gt;Bash completion updates&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;For the full release announcement and downloads, please see &lt;a target=&quot;_blank&quot; href=&quot;https://github.com/singularityware/singularity/releases/tag/2.4&quot;&gt;the release on GitHub&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Wowee, way to go team, contributors, and the community! Please report any issues or questions that you might have to &lt;a href=&quot;https://github.com/singularityware/singularity/issues/new&quot; target=&quot;_blank&quot;&gt;our issue board&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Thank you!&lt;/p&gt;
</description>
            <pubDate>Mon, 02 Oct 2017 00:00:00 +0000</pubDate>
            <link>http://singularityware.github.io/release-2-4</link>
            <guid isPermaLink="true">http://singularityware.github.io/release-2-4</guid>
            
            
        </item>
        
        <item>
            <title>Scientific Filesystem (SCIF) Final Draft</title>
            <description>&lt;p&gt;Hi Singularity Community!&lt;/p&gt;

&lt;p&gt;Thanks to everyone that provided comments on the early draft for SCIF. The goals were initially:&lt;/p&gt;

&lt;ul&gt;
  &lt;li&gt;write specification draft (this was done via a Google Doc)&lt;/li&gt;
  &lt;li&gt;implement into Singularity (now in &lt;a href=&quot;https://github.com/singularityware/singularityware.github.io/blob/docs/2.4/pages/docs/user-docs/docs-apps.md&quot;&gt;development branch&lt;/a&gt;)&lt;/li&gt;
  &lt;li&gt;get feedback on both, adjust implementation and draft&lt;/li&gt;
  &lt;li&gt;do several (N=4) implemented use cases for SCIF, write ups (&lt;a href=&quot;https://sci-f.github.io/apps/category/#Example&quot;&gt;available here&lt;/a&gt;)&lt;/li&gt;
  &lt;li&gt;make an interactive, open source repository to contribute and share SCI-F apps &lt;a href=&quot;https://sci-f.github.io/apps/&quot;&gt;https://sci-f.github.io/apps/&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;write up the final draft formally &lt;a href=&quot;https://sci-f.github.io/&quot;&gt;https://sci-f.github.io&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;I’m (&lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;@vsoch&lt;/code&gt;) happy to report that I’ve finished the above, and I’d like to ask the following:&lt;/p&gt;

&lt;ul&gt;
  &lt;li&gt;if you contributed, please check the AUTHORS file in the SCI-F repository to make sure that I added you, and spelled your name correctly (apologies in advance).&lt;/li&gt;
  &lt;li&gt;Any further suggestions, additions, or entire new contributions can be added to the draft by way of pull request. I’m not in any rush, and if you have a good contribution, I want to help.&lt;/li&gt;
  &lt;li&gt;If you have not contributed yet and would like to, see the ideas linked on the &lt;a href=&quot;https://sci-f.github.io/&quot;&gt;specification&lt;/a&gt;.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The plan is (as of now) to submit this no later than the end of October, and I want to make sure everyone that wants to contribute has had ample chance. Indeed, with Singularity there are many ways to cook your container, and SCIF definitely exemplifies that.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/images/logo/three-ways.png&quot; alt=&quot;egg&quot; /&gt;&lt;/p&gt;

&lt;p&gt;Thanks again everyone!&lt;/p&gt;

</description>
            <pubDate>Tue, 26 Sep 2017 00:00:00 +0000</pubDate>
            <link>http://singularityware.github.io/2017-scif-contribute</link>
            <guid isPermaLink="true">http://singularityware.github.io/2017-scif-contribute</guid>
            
            
        </item>
        
        <item>
            <title>Singularity 2.3.2 Quick Fix Release</title>
            <description>&lt;p&gt;&lt;a target=&quot;_blank&quot; href=&quot;https://github.com/singularityware/singularity/releases/tag/2.3.2&quot;&gt;Release 2.3.2 &lt;/a&gt; This dot release includes a fix for a change that Docker implemented to their registry RESTful API which broke compatibility with Singularity (among several other low minor fixes).&lt;/p&gt;

&lt;h2 id=&quot;what-happened&quot;&gt;What happened?&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Where does Docker image metadata come from?&lt;/strong&gt;
The Docker Registry serves metadata about images via manifests, where each image has a manifest that tells Singularity important information like environment, labels, and entrypoints and running command. Importantly, the image manifest serves the actual layers that should be obtained to create the image. The manifests come in different flavors, or schema versions. Version 1 serves the primary load of metadata (labels, environment) while the first release of version 2 served layers, and had the addition of size. This addition made it possible to pull an image with Singularity and calculate the size on the fly for images generated with support for this manifest.&lt;/p&gt;

&lt;p&gt;Singularity had an old default to retrieve the version 2 (done by way of a header asking for it), and ask it for layers. If the remote registry could only offer version 1, we were still able to obtain a list of layers (under a different key, &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;fsLayers&lt;/code&gt; instead of &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;layers&lt;/code&gt;) and metadata via the older (schema 1) manifest. However, with the update, the API version 2 schema can now return a &lt;a href=&quot;https://docs.docker.com/registry/spec/manifest-v2-2/#manifest-list&quot;&gt; list of manifests&lt;/a&gt;. This meant that when we checked the response for the keys &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;layers&lt;/code&gt; or &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;fslayers&lt;/code&gt;, they wouldn’t be found, because we needed to look under &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;manifests&lt;/code&gt;, and then do a second call to retrieve the manifest of interest based on a system architecture and OS. This of course broke most &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;import&lt;/code&gt;, &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;shell&lt;/code&gt;, &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;pull&lt;/code&gt;, &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;exec&lt;/code&gt;, because all of these commands require retrieving the layers.&lt;/p&gt;

&lt;h2 id=&quot;the-patch&quot;&gt;The Patch&lt;/h2&gt;
&lt;p&gt;A super quick fix would have been to fall back to the version 1 manifest, always, but then we would lose the automatic calculation of size, which is important to many users. The “better” fix is obvious - the code needs to:&lt;/p&gt;

&lt;ul&gt;
  &lt;li&gt;check for a &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;manifests&lt;/code&gt; key&lt;/li&gt;
  &lt;li&gt;if found, select a default manifest to use&lt;/li&gt;
  &lt;li&gt;retrieve it, and continue!&lt;/li&gt;
  &lt;li&gt;if not found, fall back to version 1&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This means that we’ve added environment variables &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;SINGULARITY_DOCKER_OS&lt;/code&gt; and &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;SINGULARITY_DOCKER_ARCHITECTURE&lt;/code&gt; to specify this choice, with defaults &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;linux&lt;/code&gt; and &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;amd64&lt;/code&gt;. This is a pretty exciting change, because it means down the line you (as a user!) can specify the specifics of the layers you want returned, given an image that has this metadata available. We can see the fix running as follows:&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;DEBUG 
*** STARTING DOCKER IMPORT PYTHON  ****
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;This is the initialization of the Docker client, it’s parsing the image name provided&lt;/p&gt;
&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;DEBUG Starting Docker IMPORT, includes env, runscript, and metadata.
VERBOSE Docker image: ubuntu:14.04
VERBOSE2 Specified Docker ENTRYPOINT as %runscript.
DEBUG Headers found: Content-Type,Accept
VERBOSE Registry: index.docker.io
VERBOSE Namespace: library
VERBOSE Repo Name: ubuntu
VERBOSE Repo Tag: 14.04
VERBOSE Version: None
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;The initial poke to Docker hub asks for tags, to determine if we need some kind of token&lt;/p&gt;
&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;VERBOSE Obtaining tags: https://index.docker.io/v2/library/ubuntu/tags/list
DEBUG GET https://index.docker.io/v2/library/ubuntu/tags/list
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;401 means that we do, and with the response the API sends back the scope and other details we need to make to request it&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;DEBUG Http Error with code 401
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;Here we are requesting it&lt;/p&gt;
&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;DEBUG GET https://auth.docker.io/token?service=registry.docker.io&amp;amp;expires_in=9000&amp;amp;scope=repository:library/ubuntu:pull
DEBUG Headers found: Content-Type,Authorization,Accept
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;And here is the new bit. Instead of blindly doing one call, we have a function to update two versions of the manifest - the older (with metadata) and some version of the newer (with layers and size) with a fallback to use the version 1&lt;/p&gt;
&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;DEBUG Updating manifests.

# Here is version 2+
DEBUG MANIFEST (Primary): not found, making initial call.
VERBOSE Obtaining manifest: https://index.docker.io/v2/library/busybox/manifests/latest
DEBUG GET https://index.docker.io/v2/library/busybox/manifests/latest

# Here is version 1 (Metadata)
DEBUG MANIFEST (Metadata): not found, making initial call.
VERBOSE Obtaining manifest: https://index.docker.io/v2/library/busybox/manifests/latest
DEBUG GET https://index.docker.io/v2/library/busybox/manifests/latest
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;Notice that the two calls are the same - that’s because the headers are actually different, to request different ones.&lt;/p&gt;

&lt;p&gt;And here is the (new) indication that we found a list&lt;/p&gt;
&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;DEBUG Image manifest version 2.2 list found.
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;Here is the default architecture / os&lt;/p&gt;
&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;DEBUG Obtaining architecture: amd64, OS: linux
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;And the specific call to get it&lt;/p&gt;
&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;VERBOSE Obtaining manifest: https://index.docker.io/v2/library/busybox/manifests/sha256:030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af
DEBUG GET https://index.docker.io/v2/library/busybox/manifests/sha256:030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;With this fix - we can again use &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;pull&lt;/code&gt;/&lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;import&lt;/code&gt;, etc, and also have a working &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;singularity pull docker://busybox&lt;/code&gt; that estimates the size automatically.&lt;/p&gt;

&lt;p&gt;Please report any additional bugs to &lt;a target=&quot;_blank&quot; href=&quot;https://github.com/singularityware/singularity/issues/new&quot;&gt;our issues board.&lt;/a&gt;&lt;/p&gt;
</description>
            <pubDate>Fri, 15 Sep 2017 00:00:00 +0000</pubDate>
            <link>http://singularityware.github.io/release-2-3-2</link>
            <guid isPermaLink="true">http://singularityware.github.io/release-2-3-2</guid>
            
            
        </item>
        
        <item>
            <title>Announcement: Problem downloading from Docker Hub to be resolved soon</title>
            <description>&lt;p&gt;To all Singularity users,&lt;/p&gt;

&lt;p&gt;On Tuesday September 12, Docker released a new version of Docker image metadata.  This means that any new images built on Docker Hub cannot currently be downloaded using a singularity &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;pull&lt;/code&gt; or other commands like &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;shell&lt;/code&gt;, &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;exec&lt;/code&gt;, and &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;bootstrap&lt;/code&gt; when updated Docker registries are queried.&lt;/p&gt;

&lt;p&gt;Vanessa (&lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;@v&lt;/code&gt;) has created an interim fix for the problem and we have merged it into the development branch.  Pending further testing we plan to merge this fix into master and create a new minor release (2.3.2).  We will make another announcement as soon as it is ready to install.&lt;/p&gt;

&lt;p&gt;Thanks for your patience!&lt;/p&gt;

&lt;p&gt;The Singularity team&lt;/p&gt;

</description>
            <pubDate>Wed, 13 Sep 2017 00:00:00 +0000</pubDate>
            <link>http://singularityware.github.io/2017-docker-problem</link>
            <guid isPermaLink="true">http://singularityware.github.io/2017-docker-problem</guid>
            
            
        </item>
        
    </channel>
</rss>
