openSUSE-SU-2019:2288-1

This update for singularity fixes the following issues:

singularity was updated to version 3.4.1:

This point release addresses the following issues:

• Fixes an issue where a PID namespace was always being used
• Fixes compilation on non 64-bit architectures
• Allows fakeroot builds for zypper, pacstrap, and debootstrap
• Correctly detects seccomp on OpenSUSE
• Honors GO_MODFLAGS properly in the mconfig generated makefile
• Passes the Mac hostname to the VM in MacOS Singularity builds
• Handles temporary EAGAIN failures when setting up loop devices on recent kernels.

New version 3.4.0. Many changes since 3.2.1, for the full changelog please read CHANGELOG.md

Update to version 3.2.1:

This point release fixes the following bugs:

• Allows users to join instances with non-suid workflow
• Removes false warning when seccomp is disabled on the host
• Fixes an issue in the terminal when piping output to commands
• Binds NVIDIA persistenced socket when --nv is invoked

Improve integration with SUSE Products: add support to create Singularity images with SLE.

• Newer SUSE versions use a different path for the RPM database.
• When the installation succeeds by an installation scriptlet fails zypper returns error code 107. Don't treat this as an error.
• In order to specify a repository GPG key, add support for multi line variables.
• In order to specify a list of additional repos, add support to 'indexed' variables.

• Improve handling of SUSE repositires:

  • For SLE, use SUSEConnect to get all product repos.
  • Allow to specify a repository GPG key.
  • Allow to specify additional installation repositories.

• Add group 'singularity', fix ownerships.

Updated to singularity v3.2.0

• CVE-2019-11328: Instance files are now stored in user's home directory for privacy and many checks have been added to ensure that a user can't manipulate files to change starter-suid behavior when instances are joined (many thanks to Matthias Gerstner from the SUSE security team for finding and securely reporting this vulnerability) (boo#1128598)

• New features / functionalities

  • Introduced a new basic framework for creating and managing plugins
  • Added the ability to create containers through multi-stage builds
  • Created the concept of a Sylabs Cloud 'remote' endpoint and added the ability for users and admins to set them through CLI and conf files
  • Added caching for images from Singularity Hub
  • Made it possible to compile Singularity outside of $GOPATH
  • Added a json partition to SIF files for OCI configuration when building from an OCI source
  • Full integration with Singularity desktop for MacOS code base

• New Commands

  • Introduced the plugin command group for creating and managing plugins.

• Introduced the remote command group to support management of Singularity endpoints.

• Added to the key command group to improve PGP key management.
• Added the Stage: <name> keyword to the definition file header and the from <stage name> option/argument pair to the %files section to support multistage builds

• Deprecated / removed commands

  • The --token/-t option has been deprecated in favor of the singularity remote command group

• Changed defaults / behaviors

  • Ask to confirm password on a newly generated PGP key
  • Prompt to push a key to the KeyStore when generated
  • Refuse to push an unsigned container unless overridden with --allow-unauthenticated/-U option
  • Warn and prompt when pulling an unsigned container without the --allow-unauthenticated/-U option For more information check: https://github.com/sylabs/singularity/blob/release-3.2/CHANGELOG.md

Updated to singularity v3.1.1:

• New Commands

  • New hidden buildcfg command to display compile-time parameters
  • Added support for LDFLAGS, CFLAGS, CGO_ variables in build system
  • Added --nocolor flag to Singularity client to disable color in logging

• Removed Commands

  • singularity capability <add/drop> --desc has been removed
  • singularity capability list <--all/--group/--user> flags have all been removed

• New features / functionalities

  • The --builder flag to the build command implicitly sets --remote
  • Repeated binds no longer cause Singularity to exit and fail, just warn instead
  • Corrected typos and improved docstrings throughout
  • Removed warning when CWD does not exist on the host system
  • Added support to spec file for RPM building on SLES 11

Update to singularity 3.1.0 what is reimplementaion in go so this is a complete new build and just reusing the changelog entries, following build differences were made to the upstream spec file

• build position independent executable

• build stripped executable

• Change from /var/singularity to /var/lib/singularity

• Fix warning on bash-completion file about non-executible script.

• Add bash completions directory to file list for suse_version < 1500 to keep the build checker happy.