Merge branch 'main' into cras

.circleci/config.yml

@@ -99,7 +99,6 @@ commands:
               libfuse-dev \
               libglib2.0-dev \
               libseccomp-dev \
-              libsubid-dev \
               libtool \
               pkg-config \
               squashfs-tools \

.golangci.yml

@@ -5,7 +5,6 @@ run:
     - apparmor
     - e2e_test
     - fakeroot_engine
-    - libsubid
     - seccomp
     - selinux
     - singularity_engine

.vscode/settings.json

@@ -4,7 +4,7 @@
         "--fast"
     ],
     "go.buildFlags": [
-        "-tags=apparmor,fakeroot_engine,libsubid,seccomp,selinux,singularity_engine,sylog"
+        "-tags=apparmor,fakeroot_engine,seccomp,selinux,singularity_engine,sylog"
     ],
     "go.testTags": "apparmor,fakeroot_engine,seccomp,selinux,singularity_engine,sylog,e2e_test,integration_test"
 }

CHANGELOG.md

@@ -7,12 +7,6 @@
 - Use correct username (not user's name) when computing `singularity oci` conmon
   / singularity state dir.
 
-### New Features & Functionality
-
-- Add support for libsubid. Sub[ug]id mappings will be retrieved from e.g. LDAP
-  via libsubid and sssd if Singularity is built with libsubid support (default
-  when libsubid headers are available).
-
 ## 4.2.2 \[2024-12-20\]
 
 ### Bug Fixes

CONTRIBUTORS.md

@@ -22,7 +22,6 @@ The following have contributed code and/or documentation to this repository.
 - Alexander Grund <[email protected]>
 - Amanda Duffy <[email protected]>
 - Ana Guerrero Lopez <[email protected]>
-- Andrew Bruno <[email protected]>
 - Ángel Bejarano <[email protected]>
 - Apuã Paquola <[email protected]>
 - Aron Öfjörð Jóhannesson <[email protected]>

INSTALL.md

@@ -36,12 +36,6 @@ sudo apt-get install -y \
     zlib1g-dev
 ```
 
-To include support for libsubid on Ubuntu 24.04 and above:
-
-```sh
-sudo apt-get install -y libsubid-dev
-```
-
 ### RHEL / Alma Linux / Rocky Linux 8+ and Fedora
 
 ```sh
@@ -65,16 +59,6 @@ sudo yum install -y \
     zlib-devel
 ```
 
-To include support for libsubid:
-
-```sh
-# EL
-sudo dnf --enablerepo=devel install shadow-utils-subid-devel
-
-# Fedora
-sudo dnf install shadow-utils-subid-devel
-```
-
 ### SLES / openSUSE Leap
 
 ```sh

LICENSE_THIRD_PARTY.md

@@ -292,14 +292,6 @@ The source files:
 
 Contain code from the podman project, under the Apache License, Version 2.0.
 
-## github.com/containers/storage
-
-The source file:
-
-* `internal/pkg/fakeroot/idtools_supported.go`
-
-Contains code from the podman project, under the Apache License, Version 2.0.
-
 ## github.com/containers/conmon
 
 The source files:

dist/rpm/singularity-ce.spec.in

@@ -88,12 +88,6 @@ Requires: fuse
 # FUSE 3 for squashfuse
 Requires: fuse3
 %endif
-# Libsubid on EL / OpenSuseTumbleweed
-%if "%{_target_vendor}" == "suse" && 0%{?suse_version} > 1600
-BuildRequires: libsubid-devel
-%else
-BuildRequires: shadow-utils-subid-devel
-%endif
 
 Provides: %{name}-runtime
 

go.mod

@@ -215,7 +215,7 @@ require (
 	go.opentelemetry.io/proto/otlp v1.4.0 // indirect
 	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect
 	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/net v0.32.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
 	golang.org/x/time v0.6.0 // indirect
 	google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect

go.sum

@@ -627,8 +627,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
-golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

internal/pkg/fakeroot/fakeroot.go

@@ -1,6 +1,4 @@
-// Copyright (c) 2019-2025, Sylabs Inc. All rights reserved.
-// Copyright (c) Contributors to the Apptainer project, established as
-//   Apptainer a Series of LF Projects LLC.
+// Copyright (c) 2019-2021, Sylabs Inc. All rights reserved.
 // This software is licensed under a 3-clause BSD license. Please consult the
 // LICENSE.md file distributed with the sources of this project regarding your
 // rights to use or distribute this software.
@@ -292,36 +290,29 @@ func (c *Config) DisableUser(username string) error {
 	return nil
 }
 
-// getUserEntry returns a user entry associated to a user and returns an error
-// if there is no entry for this user. If libsubid is true, entries are returned
-// from the subid file or via libsubid lookup. If libsubid is false, then
-// entries are only returned from the subid file.
-func (c *Config) getUserEntry(username string, libsubid bool) (*Entry, error) {
+// GetUserEntry returns a user entry associated to a user and returns
+// an error if there is no entry for this user.
+func (c *Config) GetUserEntry(username string) (*Entry, error) {
 	var largeRangeEntries []*Entry
 	entryCount := 0
 
 	u, err := c.getUserFn(username)
 	if err != nil {
 		return nil, fmt.Errorf("could not retrieve user information for %s: %s", username, err)
 	}
-
-	entries, err := c.getMappingEntries(u, libsubid)
-	if err != nil {
-		return nil, fmt.Errorf("failed to look up mapping entries for user %s: %w", username, err)
-	}
-
-	for _, entry := range entries {
+	for _, entry := range c.entries {
 		if entry.invalid {
 			continue
 		}
-
-		if entry.Count == validRangeCount {
-			return entry, nil
-		} else if entry.Count > validRangeCount {
-			largeRangeEntries = append(largeRangeEntries, entry)
-			continue
+		if entry.UID == u.UID {
+			if entry.Count == validRangeCount {
+				return entry, nil
+			} else if entry.Count > validRangeCount {
+				largeRangeEntries = append(largeRangeEntries, entry)
+				continue
+			}
+			entryCount++
 		}
-		entryCount++
 	}
 	var largestEntry *Entry
 
@@ -345,22 +336,14 @@ func (c *Config) getUserEntry(username string, libsubid bool) (*Entry, error) {
 	return nil, fmt.Errorf("no mapping entry found in %s for %s", c.file.Name(), username)
 }
 
-func (c *Config) GetUserEntry(username string) (*Entry, error) {
-	return c.getUserEntry(username, false)
-}
-
-func (c *Config) GetUserEntryWithLibSubid(username string) (*Entry, error) {
-	return c.getUserEntry(username, true)
-}
-
 // getPwUID is also used for mocking purpose
 var (
 	getPwUID = user.GetPwUID
 	getPwNam = user.GetPwNam
 )
 
 // GetIDRange determines UID/GID mappings based on configuration
-// file provided in path, and libsubid if compiled with support.
+// file provided in path.
 func GetIDRange(path string, uid uint32) (*specs.LinuxIDMapping, error) {
 	config, err := GetConfig(path, false, getPwNam)
 	if err != nil {
@@ -372,7 +355,7 @@ func GetIDRange(path string, uid uint32) (*specs.LinuxIDMapping, error) {
 	if err != nil {
 		return nil, fmt.Errorf("could not retrieve user with UID %d: %s", uid, err)
 	}
-	e, err := config.GetUserEntryWithLibSubid(userinfo.Name)
+	e, err := config.GetUserEntry(userinfo.Name)
 	if err != nil {
 		return nil, err
 	}