Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/master' into release-3.8
Browse files Browse the repository at this point in the history
  • Loading branch information
dtrudg committed May 26, 2021
2 parents 1a98ffa + 8960f2b commit 673570c
Show file tree
Hide file tree
Showing 9 changed files with 113 additions and 33 deletions.
8 changes: 4 additions & 4 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ executors:
password: $CIRCLE_CI_DOCKER_PASSWORD
macos-machine:
macos:
xcode: "10.2.0"
xcode: 12.4.0
ubuntu-machine:
working_directory: ~/go/singularity
machine:
Expand Down Expand Up @@ -119,10 +119,10 @@ jobs:
name: Check Module Tidiness
command: git diff --exit-code -- go.mod go.sum

check-stretch:
check-debian:
executor:
name: golang
variant: stretch
variant: buster
steps:
- checkout
- install-deps-apt:
Expand Down Expand Up @@ -226,7 +226,7 @@ workflows:
build_and_test:
jobs:
- check-go-mod
- check-stretch
- check-debian
- check-alpine
- check-darwin
- short-unit-tests
Expand Down
2 changes: 1 addition & 1 deletion .github/RELEASE_PROCEDURE.md
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ bug(s), and well covered by tests.
4. Modify the `README.md`, `INSTALL.md`, `CHANGELOG.md` via PR against
the release branch, so that they reflect the version to be released.
5. Apply an annotated tag via `git tag -a -m "SingularityCE v3.8.0" v3.8.0`.
6. Push the tag via `git push upstream v3.8.0-rc.1`.
6. Push the tag via `git push upstream v3.8.0`.
7. Create a tarball via `mconfig -v && make dist`.
8. Test intallation from the tarball.
9. Compute the sha256sum of the tarball e.g. `sha256sum *.tar.gz > sha256sums`.
Expand Down
25 changes: 20 additions & 5 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# SingularityCE Changelog

## v3.8.0-rc.2 [2021-05-18]
## v3.8.0 [2021-05-26]

This is the second release candidate for SingularityCE 3.8.0, the Community
This is the first release of SingularityCE 3.8.0, the Community
Edition of the Singularity container runtime hosted at
https://github.com/sylabs/singularity.

Expand Down Expand Up @@ -55,11 +55,26 @@ of `make test` for ease of use:

----

## v3.7.3 - [2021-04-06]
## v3.7.4 - [2021-05-26]

**Singularity 3.7.4 is the most recent stable release of Singularity prior to Sylabs' fork from https://github.com/hpcng/singularity**

**Singularity 3.7.3 is the most recent stable release of Singularity prior to Sylabs' fork from https://github.com/hpcng/singularity**
The 3.7.4 release is identical to https://github.com/hpcng/singularity/releases/tag/v3.7.4 and is provided for convenience to users arriving from outdated links.

### Security Related Fixes

The 3.7.3 release is identical to https://github.com/hpcng/singularity/releases/tag/v3.7.3 and is provided for convenience to users arriving from outdated links.
- [CVE-2021-32635](https://github.com/sylabs/singularity/security/advisories/GHSA-5mv9-q7fq-9394):
Due to incorrect use of a default URL, singularity action commands
(run/shell/exec) specifying a container using a library:// URI will
always attempt to retrieve the container from the default remote
endpoint (cloud.sylabs.io) rather than the configured remote
endpoint. An attacker may be able to push a malicious container to
the default remote endpoint with a URI that is identical to the URI
used by a victim with a non-default remote endpoint, thus executing
the malicious container.


## v3.7.3 - [2021-04-06]

### Security Related Fixes

Expand Down
9 changes: 2 additions & 7 deletions INSTALL.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,5 @@
# Installing SingularityCE

**NOTE:** *This installation guide has been updated for the release candidate of
SingularityCE 3.8.0. The `3.8.0-rc2` version that will be installed is a
pre-release of SingularityCE. To install the latest stable version,
substitute the version `3.7.3` in the instructions below. See the `release-3.7` branch for the current stable codebase.*

Since you are reading this from the SingularityCE source code, it will be assumed
that you are building/compiling from source.

Expand Down Expand Up @@ -87,7 +82,7 @@ $ mkdir -p ${GOPATH}/src/github.com/sylabs && \
To build a specific version of SingularityCE, check out a [release tag](https://github.com/sylabs/singularity/tags) before compiling:

```
$ git checkout v3.8.0-rc.2
$ git checkout v3.8.0
```

## Compiling SingularityCE
Expand Down Expand Up @@ -130,7 +125,7 @@ as shown above. Then download the latest
and use it to install the RPM like this:

```
$ export VERSION=3.8.0-rc.2 # this is the singularity version, change as you need
$ export VERSION=3.8.0 # this is the singularity version, change as you need
$ wget https://github.com/sylabs/singularity/releases/download/v${VERSION}/singularity-ce-${VERSION}.tar.gz && \
rpmbuild -tb singularity-ce-${VERSION}.tar.gz && \
Expand Down
4 changes: 1 addition & 3 deletions cmd/internal/cli/actions.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ import (
"github.com/sylabs/singularity/internal/pkg/client/oci"
"github.com/sylabs/singularity/internal/pkg/client/oras"
"github.com/sylabs/singularity/internal/pkg/client/shub"
"github.com/sylabs/singularity/internal/pkg/remote/endpoint"
"github.com/sylabs/singularity/internal/pkg/util/uri"
"github.com/sylabs/singularity/pkg/sylog"
)
Expand Down Expand Up @@ -80,11 +79,10 @@ func handleLibrary(ctx context.Context, imgCache *cache.Handle, pullFrom string)
return "", err
}

// Default "" = use current remote endpoint
var libraryURI string
if r.Host != "" {
libraryURI = "https://" + r.Host
} else {
libraryURI = endpoint.SCSDefaultLibraryURI
}

c, err := getLibraryClientConfig(libraryURI)
Expand Down
3 changes: 3 additions & 0 deletions e2e/actions/actions.go
Original file line number Diff line number Diff line change
Expand Up @@ -2198,6 +2198,8 @@ func E2ETests(env e2e.TestEnv) testhelper.Tests {
env: env,
}

np := testhelper.NoParallel

return testhelper.Tests{
"action URI": c.RunFromURI, // action_URI
"exec": c.actionExec, // singularity exec
Expand Down Expand Up @@ -2230,5 +2232,6 @@ func E2ETests(env e2e.TestEnv) testhelper.Tests {
"bind image": c.bindImage, // test bind image
"umask": c.actionUmask, // test umask propagation
"no-mount": c.actionNoMount, // test --no-mount
"invalidRemote": np(c.invalidRemote), // GHSA-5mv9-q7fq-9394
}
}
66 changes: 66 additions & 0 deletions e2e/actions/regressions.go
Original file line number Diff line number Diff line change
Expand Up @@ -616,3 +616,69 @@ func (c actionTests) issue5690(t *testing.T) {
e2e.ExpectExit(0),
)
}

// If an invalid remote is set, we should not pull a container from the default
// library.
// GHSA-5mv9-q7fq-9394
func (c actionTests) invalidRemote(t *testing.T) {
testEndpoint := "invalid"
testEndpointURI := "https://cloud.example.com"
testImage := "library://alpine"

// Exec library image from the default remote... ensure it succeeds
argv := []string{testImage, "/bin/true"}
c.env.RunSingularity(
t,
e2e.AsSubtest("exec default"),
e2e.WithProfile(e2e.UserProfile),
e2e.WithCommand("exec"),
e2e.WithArgs(argv...),
e2e.ExpectExit(0),
)

// Add another endpoint
argv = []string{"add", "--no-login", testEndpoint, testEndpointURI}
c.env.RunSingularity(
t,
e2e.AsSubtest("remote add"),
e2e.WithProfile(e2e.UserProfile),
e2e.WithCommand("remote"),
e2e.WithArgs(argv...),
e2e.ExpectExit(0),
)
// Remove test remote when we are done here
defer func(t *testing.T) {
argv := []string{"remove", testEndpoint}
c.env.RunSingularity(
t,
e2e.AsSubtest("remote remove"),
e2e.WithProfile(e2e.UserProfile),
e2e.WithCommand("remote"),
e2e.WithArgs(argv...),
e2e.ExpectExit(0),
)
}(t)

// Set as default
argv = []string{"use", testEndpoint}
c.env.RunSingularity(
t,
e2e.AsSubtest("remote use"),
e2e.WithProfile(e2e.UserProfile),
e2e.WithCommand("remote"),
e2e.WithArgs(argv...),
e2e.ExpectExit(0),
)

// Exec library image from the invalid remote, should fail
argv = []string{testImage, "/bin/true"}
c.env.RunSingularity(
t,
e2e.AsSubtest("exec invalid"),
e2e.WithProfile(e2e.UserProfile),
e2e.WithCommand("exec"),
e2e.WithArgs(argv...),
e2e.ExpectExit(255),
)

}
8 changes: 4 additions & 4 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,11 @@ require (
github.com/bugsnag/bugsnag-go v1.5.1 // indirect
github.com/bugsnag/panicwrap v1.2.0 // indirect
github.com/containerd/cgroups v1.0.1
github.com/containerd/containerd v1.5.1
github.com/containerd/containerd v1.5.2
github.com/containernetworking/cni v0.8.1
github.com/containernetworking/plugins v0.9.1
github.com/containers/image/v5 v5.12.0
github.com/fatih/color v1.11.0
github.com/fatih/color v1.12.0
github.com/garyburd/redigo v1.6.0 // indirect
github.com/go-log/log v0.2.0
github.com/godbus/dbus v4.1.0+incompatible // indirect
Expand Down Expand Up @@ -51,7 +51,7 @@ require (
github.com/sylabs/sif v1.2.3
github.com/urfave/cli v1.22.5 // indirect
github.com/vbauerster/mpb/v4 v4.12.2
github.com/vbauerster/mpb/v6 v6.0.3
github.com/vbauerster/mpb/v6 v6.0.4
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/yvasiyarov/go-metrics v0.0.0-20150112132944-c25f46c4b940 // indirect
github.com/yvasiyarov/gorelic v0.0.6 // indirect
Expand All @@ -60,7 +60,7 @@ require (
golang.org/x/crypto v0.0.0-20210503195802-e9a32991a82e
golang.org/x/net v0.0.0-20210510120150-4163338589ed // indirect
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
golang.org/x/sys v0.0.0-20210511113859-b0526f3d8744
golang.org/x/sys v0.0.0-20210514084401-e8d321eab015
google.golang.org/genproto v0.0.0-20210510173355-fb37daa5cd7a // indirect
google.golang.org/grpc v1.37.0 // indirect
gopkg.in/yaml.v2 v2.4.0
Expand Down
21 changes: 12 additions & 9 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -71,8 +71,9 @@ github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbt
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
github.com/adigunhammedolalekan/registry-auth v0.0.0-20200730122110-8cde180a3a60 h1:1IG6ye8dellBRE2uqvG0EzQScRqjsH/n5xOw+n0OGec=
Expand Down Expand Up @@ -179,8 +180,8 @@ github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo
github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI=
github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
github.com/containerd/containerd v1.5.0-rc.3/go.mod h1:kYiJ+LvywDUKzyax6+UKCk5xwQNCfcGR6KsSdShdg5U=
github.com/containerd/containerd v1.5.1 h1:xWHPAoe6VkUiI9GAvndJM7s/0MTrmwX3AQiYTr3olf0=
github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
github.com/containerd/containerd v1.5.2 h1:MG/Bg1pbmMb61j3wHCFWPxESXHieiKr2xG64px/k8zQ=
github.com/containerd/containerd v1.5.2/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
Expand Down Expand Up @@ -318,8 +319,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
github.com/fatih/color v1.11.0 h1:l4iX0RqNnx/pU7rY2DB/I+znuYY0K3x6Ywac6EIr0PA=
github.com/fatih/color v1.11.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
github.com/fatih/color v1.12.0 h1:mRhaKNwANqRgUBGKmnI5ZxEk7QXmjQeCcuYFMX2bfcc=
github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
Expand Down Expand Up @@ -551,8 +552,9 @@ github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOA
github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-runewidth v0.0.10 h1:CoZ3S2P7pvtP45xOtBw+/mDL2z0RKI576gSkzRRpdGg=
github.com/mattn/go-runewidth v0.0.10/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
github.com/mattn/go-runewidth v0.0.12 h1:Y41i/hVW3Pgwr8gV+J23B9YEY0zxjptBuCWEaxmAOow=
github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
github.com/mattn/go-shellwords v1.0.11 h1:vCoR9VPpsk/TZFW2JwK5I9S0xdrtUq2bph6/YjEPnaw=
github.com/mattn/go-shellwords v1.0.11/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
Expand Down Expand Up @@ -830,8 +832,9 @@ github.com/vbatts/go-mtree v0.5.0/go.mod h1:7JbaNHyBMng+RP8C3Q4E+4Ca8JnGQA2R/MB+
github.com/vbatts/tar-split v0.11.1/go.mod h1:LEuURwDEiWjRjwu46yU3KVGuUdVv/dcnpcEPSzR8z6g=
github.com/vbauerster/mpb/v4 v4.12.2 h1:TsBs1nWRYF0m8cUH13pxNhOUqY6yKcOr2PeSYxp2L3I=
github.com/vbauerster/mpb/v4 v4.12.2/go.mod h1:LVRGvMch8T4HQO3eg2pFPsACH9kO/O6fT/7vhGje3QE=
github.com/vbauerster/mpb/v6 v6.0.3 h1:j+twHHhSUe8aXWaT/27E98G5cSBeqEuJSVCMjmLg0PI=
github.com/vbauerster/mpb/v6 v6.0.3/go.mod h1:5luBx4rDLWxpA4t6I5sdeeQuZhqDxc+wr5Nqf35+tnM=
github.com/vbauerster/mpb/v6 v6.0.4 h1:h6J5zM/2wimP5Hj00unQuV8qbo5EPcj6wbkCqgj7KcY=
github.com/vbauerster/mpb/v6 v6.0.4/go.mod h1:a/+JT57gqh6Du0Ay5jSR+uBMfXGdlR7VQlGP52fJxLM=
github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852 h1:cPXZWzzG0NllBLdjWoD1nDfaqu98YMv+OneaKc8sPOA=
Expand Down Expand Up @@ -1039,8 +1042,8 @@ golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210511113859-b0526f3d8744 h1:yhBbb4IRs2HS9PPlAg6DMC6mUOKexJBNsLf4Z+6En1Q=
golang.org/x/sys v0.0.0-20210511113859-b0526f3d8744/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210514084401-e8d321eab015 h1:hZR0X1kPW+nwyJ9xRxqZk1vx5RUObAPBdKVvXPDUH/E=
golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20191110171634-ad39bd3f0407/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
Expand Down

0 comments on commit 673570c

Please sign in to comment.