Overview On June 30th, 2024, CentOS 7 will reach end of life. Red Hat has already discontinued CentOS 8, replacing it with CentOS Stream. Going forward, organizations currently on either operating system should plan to transition to alternative open-source options...
SingularityPRO 3.9-7 is a bugfix and packaging release for SingularityPRO 3.9.
- SingularityPRO 3.9-7 is now packaged for and supported on RHEL / AlmaLinux / Rocky Linux 9 across AMD64 / ARM64 / POWER architectures.
- Packages now contain a CycloneDX format Software Bill of Materials (SBOM).
- SingularityPRO 3.9-7 is built with Go 1.18.4. This release of Go addresses multiple CVEs in earlier versions of Go, used to build prior SingularityPRO releases. These CVEs are denial of service issues, not critically applicable to SingularityPRO. However administrators may wish to update.
New features / functionalities
- Debug output can now be enabled by setting the SINGULARITY_DEBUG env var.
- Debug output is now shown for nested singularity calls, in wrapped unsquashfs image extraction, and build stages.
- Add support for %files section in remote builds, when a compatible remote is used.
Software Bill of Materials
A Software Bill of Materials (SBOM) is a complete inventory of a codebase. It can be used to audit the content of a software package, and to identify any known vulnerabilities in those components.
SingularityPRO 3.9 packages contain a CycloneDX SBOM file listing the components used in the codebase. The file is installed to the default package documentation location of your Linux distribution.
Singularity uses a number of strategies to provide safety and ease-of-use on both single-user and shared systems. Notable security features include:
- The user inside a container is the same as the user who ran the container. This means access to files and devices from the container is easily controlled with standard POSIX permissions.
- Container filesystems are mounted
nosuidand container applications run with the
PR_NO_NEW_PRIVSflag set. This means that applications in a container cannot gain additional privileges. A regular user cannot
sudoor otherwise gain root privilege on the host via a container.
- The Singularity Image Format (SIF) supports encryption of containers, as well as cryptographic signing and verification of their content.
- SIF containers are immutable and their payload is run directly, without extraction to disk. This means that the container can always be verified, even at runtime, and encrypted content is not exposed on disk.
- Restrictions can be configured to limit the ownership, location, and cryptographic signatures of containers that are permitted to be run.
If you have any questions about this release, or require assistance with installation or upgrades please contact your reseller or Sylabs support via firstname.lastname@example.org
Sign up for the Sylabs newsletter at: https://sylabs.staging.sycloud.io/newsletter-sign-up/
Or contact Sylabs at https://sylabs.staging.sycloud.io/contact-us/
Join Our Mailing List
Sylabs Partners With Carahsoft to Deliver Advanced Software Container Technology Services to the Public Sector
Advanced Container Technology to be Utilized for Collaboration in Sensitive Government SettingsSylabs, the global leader in providing professional tools and services for high performance container technologies, is pleased to announce its partnership with Carahsoft...
Overview In the rapidly evolving world of containerization, where efficient software deployment and scalability are paramount, having a robust infrastructure to manage and distribute container images is crucial. OCI (Open Container Initiative) registries, the backbone...