Description:

udocker 1.3.17

udocker is a basic user tool to execute simple docker containers in user
space without requiring root privileges. Enables download and execution
of docker containers by non-privileged users in Linux systems where
docker is not available. It can be used to pull and execute docker
containers in Linux batch systems and interactive clusters that are
managed by other entities such as grid infrastructures or externally
managed batch or interactive systems.
udocker does not require any type of privileges nor the deployment of
services by system administrators. It can be downloaded and executed
entirely by the end user. The limited root functionality provided by
some of the udocker execution modes is either simulated or provided
via user namespaces.
udocker is a wrapper around several tools and libraries to mimic a
subset of the docker capabilities including pulling images and running
containers with minimal functionality.
**Important notice: We have changed the udocker tools location as of udocker 1.3.17.
This affects the configuration option conf['tarball'] and environment variable
UDOCKER_TARBALL, so if you are using udocker <= 1.3.16, make sure to:
export UDOCKER_TARBALL=https://download.a.incd.pt/udocker/udocker-englib-1.2.11.tar.gz.
Documentation
The full documentation is available at:

udocker documentation
Installation manual
User manual
Reference card

How does it work
udocker is written in Python, it has a minimal set of dependencies so
that can be executed in a wide range of Linux systems.
udocker does not make use of docker nor requires its presence.
udocker "executes" the containers by simply providing a chroot like
environment over the extracted container. The current implementation
supports different methods to mimic chroot thus enabling execution of
containers under a chroot like environment without requiring privileges.
udocker transparently supports several methods to execute the containers
based on external tools and libraries such as:

PRoot
Fakechroot
runc
crun
Singularity

With the exception of Singularity the tools and libraries to support
execution are downloaded and deployed by udocker during the installation
process. This installation is performed in the user home directory
and does not require privileges. The udocker related files such as
libraries, executables, documentation, licenses, container images and
extracted directory trees are placed by default under $HOME/.udocker.
Advantages

Can be deployed by the end-user
Does not require privileges for installation
Does not require privileges for execution
Does not require compilation, just transfer the Python code
Encapsulates several tools and execution methods
Includes the required tools already statically compiled to work
across systems
Provides a docker like command line interface
Supports a subset of docker commands:
search, pull, import, export, load, save, login, logout, create and run
Understands docker container metadata
Allows loading of docker and OCI containers
Supports NVIDIA GPGPU applications
Can execute in systems and environments where Linux namespaces
support is unavailable
Runs both on new and older Linux distributions including:
CentOS 6, CentOS 7, CentOS 8, Ubuntu 14, Ubuntu 16, Ubuntu 18, Ubuntu 20,
Ubuntu 21, Alpine, Fedora, etc

Python 2 and Python 3
Since v1.3.0, udocker supports Python 2.7 and Python >= 3.6.
The original udocker v1.1.x for Python 2 is no longer maintained
but is still available
here.
Syntax
Commands:
search <repo/expression> :Search dockerhub for container images
pull <repo/image:tag> :Pull container image from dockerhub
create <repo/image:tag> :Create container from a pulled image
run <container> :Execute container
run <repo/image:tag> :Pull, create and execute container

images -l :List container images
ps -m -s :List created containers
name <container_id> <name> :Give name to container
rmname <name> :Delete name from container
rename <name> <new_name> :Change container name
clone <container_id> :Duplicate container
rm <container-id> :Delete container
rmi <repo/image:tag> :Delete image
tag <repo/image:tag> <repo2/image2:tag2> :Tag image

import <tar> <repo/image:tag> :Import tar file (exported by docker)
import - <repo/image:tag> :Import from stdin (exported by docker)
export -o <tar> <container> :Export container directory tree
export - <container> :Export container directory tree
load -i <imagefile> :Load image from file (saved by docker)
load :Load image from stdin (saved by docker)
save -o <imagefile> <repo/image:tag> :Save image with layers to file

inspect <repo/image:tag> :Return low level information on image
inspect -p <container> :Return path to container location
verify <repo/image:tag> :Verify a pulled or loaded image
manifest inspect <repo/image:tag> :Print manifest metadata

protect <repo/image:tag> :Protect repository
unprotect <repo/image:tag> :Unprotect repository
protect <container> :Protect container
unprotect <container> :Unprotect container

mkrepo <top-repo-dir> :Create another repository in location
setup :Change container execution settings
login :Login into docker repository
logout :Logout from docker repository

help :This help
run --help :Command specific help
version :Shows udocker version

Options common to all commands must appear before the command:
-D :Debug
--quiet :Less verbosity
--repo=<directory> :Use repository at directory
--insecure :Allow insecure non authenticated https
--allow-root :Allow execution by root NOT recommended

Examples
Some examples of usage:
Search container images in dockerhub and listing tags.
udocker search fedora
udocker search ubuntu
udocker search debian

udocker search --list-tags ubuntu

Pull from dockerhub and list the pulled images.
udocker pull fedora:39
udocker pull busybox
udocker pull iscampos/openqcd
udocker images

Pull from a registry other than dockerhub.
udocker search quay.io/bio
udocker search --list-tags quay.io/biocontainers/scikit-bio
udocker pull quay.io/biocontainers/scikit-bio:0.2.3--np112py35_0
udocker images

Pull a different architecture such as arm64 instead of amd64.
udocker manifest inspect centos/centos8
udocker pull --platform=linux/arm64 centos/centos8
udocker tag centos/centos8 mycentos/centos8:arm64

Create a container from a pulled image, assign a name to the created
container and run it. A created container can be run multiple times
until it is explicitly removed. Files modified or added to the container
remain available across executions until the container is removed.
udocker create --name=myfed fedora:29
udocker run myfed cat /etc/redhat-release

The three steps of pulling, creating and running can be also achieved
in a single command, however this will be much slower for multiple
invocations of the same container, as a new container will be created
for each invocation. This approach will also consume more storage space.
The following example creates a new container for each invocation.
udocker run fedora:29 cat /etc/redhat-release

Execute mounting the host /home/u457 into the container directory /home/cuser.
Notice that you can "mount" any host directory inside the container.
Depending on the execution mode the "mount" is implemented differently and
may have restrictions.
udocker run -v /home/u457:/home/cuser -w /home/user myfed /bin/bash
udocker run -v /var -v /proc -v /sys -v /tmp myfed /bin/bash

Place a script in your host /tmp and execute it in the container. Notice
that the behavior of --entrypoint changed from the previous versions
for better compatibility with docker.
udocker run -v /tmp --entrypoint="" myfed /bin/bash -c 'cd /tmp; ./myscript.sh'

udocker run -v /tmp --entrypoint=/bin/bash myfed -c 'cd /tmp; ./myscript.sh'

Execute mounting the host /var, /proc, /sys and /tmp in the same container
directories. Notice that the content of these container directories will
be obfuscated by the host files.
udocker run -v /var -v /proc -v /sys -v /tmp myfed /bin/bash

Install software inside the container.
udocker run --user=root myfed yum install -y firefox pulseaudio gnash-plugin

Run as some user. The usernames should exist in the container.
udocker run --user 1000:1001 myfed /bin/id
udocker run --user root myfed /bin/id
udocker run --user jorge myfed /bin/id

Running Firefox.
udocker run --bindhome --hostauth --hostenv \
-v /sys -v /proc -v /var/run -v /dev --user=jorge --dri myfed firefox

Change execution engine mode from PRoot to Fakechroot and run.
udocker setup --execmode=F3 myfed

udocker run --bindhome --hostauth --hostenv \
-v /sys -v /proc -v /var/run -v /dev --user=jorge --dri myfed firefox

Change execution engine mode to accelerated PRoot.
udocker setup --execmode=P1 myfed

Change execution engine to runc.
udocker setup --execmode=R1 myfed

Change execution engine to Singularity. Requires the availability of
Singularity in the host system.
./udocker setup --execmode=S1 myfed

Install software running as root emulation in Singularity:
udocker setup --execmode=S1 myfed
udocker run --user=root myfed yum install -y firefox pulseaudio gnash-plugin

Change execution to enable nvidia ready applications. Requires that
the nvidia drivers are installed in the host system.
udocker setup --nvidia mytensorflow

Security
By default udocker via PRoot offers the emulation of the root user. This
emulation mimics a real root user (e.g getuid will return 0). This is just
an emulation no root privileges are involved. This feature makes possible
the execution of some tools that do not require actual privileges but which
refuse to work if the username or id are not root or 0. This enables for
instance software installation using rpm, yum or dnf inside the container.
udocker does not offer robust isolation features such as the ones offered
by docker. Therefore if the containers content is not trusted then these
containers should not be executed with udocker as they will run inside the
user environment. For this reason udocker should not be run by privileged
users.
Container images and filesystems will be unpacked and stored in the user
home directory under $HOME/.udocker or other location of choice. Therefore
the containers data will be subjected to the same filesystem protections as
other files owned by the user. If the containers have sensitive information
the files and directories should be adequately protected by the user.
udocker does not require privileges and runs under the identity of the user
invoking it. Users can downloaded udocker and execute it without requiring
system administrators intervention.
udocker also provides execution with runc, crun and Singularity, these modes
make use of rootless namespaces and enable a normal user to execute as root
with the limitations that apply to user namespaces and to these tools.
When executed by normal unprivileged users, udocker limits privilege
escalation issues since it does not use or require system privileges.
General Limitations
Since root privileges are not involved any operation that really
requires such privileges will not be possible. The following are
examples of operations that are not possible:

accessing host protected devices and files
listening on TCP/IP privileged ports (range below 1024)
mount file-systems
the su command will not work
change the system time
changing routing tables, firewall rules, or network interfaces

If the containers require such privilege capabilities then docker
should be used instead.
udocker is not meant to create containers. Creation of containers
is better performed using docker and dockerfiles.
udocker does not provide all the docker features, and is not intended
as a docker replacement.
udocker is mainly oriented at providing a run-time environment for
containers execution in user space. udocker is particularly suited to
run user applications encapsulated in docker containers.
Debugging or using strace with the PRoot engine will not work as both
the debuggers and PRoot use the same tracing mechanism.
Execution mode specific limitations
udocker offers multiple execution modes leveraging several external tools
such as PRoot (P mode), Fakechroot (F mode), runC (R mode), crun (R mode)
and Singularity (S mode).
When using execution Fakechroot modes such as F2, F3 and F4 the created
containers cannot be moved across hosts. In this case convert back to a Pn
mode before transfer.
This is not needed if the hosts are part of an homogeneous cluster where
the mount points and directory structure is the same. This limitation
applies whenever the absolute realpath to the container directory changes.
The default accelerated mode of PRoot (mode P1) may exhibit problems in Linux
kernels above 4.0 due to kernel changes and upstream issues, in this case use
mode P2 or any of the other execution modes.
./udocker setup --execmode=P2 my-container-id

The Fakechroot modes (Fn modes) require shared libraries compiled against
the libc shipped with the container. udocker provides these libraries for
several Linux distributions, these shared libraries are installed by
udocker under:
$HOME/.udocker/lib/libfakechroot-*

The runc and crun modes (R modes) require a kernel with user namespaces enabled.
The singularity mode (S mode) requires the availability of Singularity in
the host system. Singularity is not shipped with udocker.
Metadata generation
The codemeta.json metadata file was initially generated with codemetapy
package:
codemetapy udocker --with-orcid --affiliation "LIP Lisbon" \
--buildInstructions "https://https://github.com/indigo-dc/udocker/blob/master/docs/installation_manual.md#3-source-code-and-build" \
--citation "https://doi.org/10.1016/j.cpc.2018.05.021" \
--codeRepository "https://github.com/indigo-dc/udocker" \
--contIntegration "https://jenkins.eosc-synergy.eu/job/indigo-dc/job/udocker/job/master/" --contributor "Mario David" \
--copyrightHolder "LIP" --copyrightYear "2016" --creator "Jorge Gomes" \
--dateCreated "2021-05-26" --maintainer "Jorge Gomes" \
--readme "https://github.com/indigo-dc/udocker/blob/master/README.md" \
--referencePublication "https://doi.org/10.1016/j.cpc.2018.05.021" \
--releaseNotes "https://github.com/indigo-dc/udocker/blob/master/changelog" \
-O codemeta.json

Further updates may be needed to add the correct values in the metadata file.
Contributing
See: Contributing
Citing
See: Citing
When citing udocker please use the following:

Jorge Gomes, Emanuele Bagnaschi, Isabel Campos, Mario David,
Luís Alves, João Martins, João Pina, Alvaro López-García, Pablo Orviz,
Enabling rootless Linux Containers in multi-user environments: The udocker
tool, Computer Physics Communications, Available online 6 June 2018,
ISSN 0010-4655, https://doi.org/10.1016/j.cpc.2018.05.021

Licensing
Redistribution, commercial use and code changes must regard all licenses
shipped with udocker. These include the udocker license and the
individual licences of the external tools and libraries packaged for use
with udocker. For further information see the
software licenses section
of the installation manual.
Acknowledgements

Docker https://www.docker.com/
PRoot https://proot-me.github.io/
Fakechroot https://github.com/dex4er/fakechroot/wiki
Patchelf https://github.com/NixOS/patchelf
runC https://runc.io/
crun https://github.com/containers/crun
Singularity https://www.sylabs.io/
Open Container Initiative https://www.opencontainers.org/
INDIGO DataCloud https://www.indigo-datacloud.eu
DEEP-Hybrid-DataCloud https://deep-hybrid-datacloud.eu
EOSC-hub https://eosc-hub.eu
EGI-ACE https://www.egi.eu/projects/egi-ace/
EOSC-Synergy https://www.eosc-synergy.eu/
DT-Geo https://dtgeo.eu/
LIP https://www.lip.pt
INCD https://www.incd.pt

This work was performed in the framework of the H2020 project INDIGO-Datacloud
(RIA 653549) and further developed with co-funding by the projects EOSC-hub
(Horizon 2020) under Grant number 777536, DEEP-Hybrid-DataCloud
(Horizon 2020) under Grant number 777435, DT-Geo (Horizon Europe) under Grant
number 101058129. Software Quality Assurance is performed with the support of
by the project EOSC-Synergy (Horizon 2020).
The authors wish to acknowleadge the support of INCD-Infraestrutura Nacional de
Computação Distribuída (funded by FCT, P2020, Lisboa2020, COMPETE and FEDER
under the project number 22153-01/SAICT/2016).
Changelog
udocker (1.3.17) - 2024-08-28

Update docker tools url location

udocker (1.3.16) - 2024-04-09

Fix unit tests: remove called_with and called_once_with as invalid assertion
introduced in python 3.12
This version is the same as 1.3.14

udocker (1.3.14) - 2024-04-04

Support for runsc as engine for execution mode R1: closes #414
New option login --password-stdin: closes #168
New option run --pull=reuse to be used with --name= and with
and image name as argument. Instead of always pulling and creating
a new container --pull=reuse allows to execute an existing container
and only pull+create if the container does not exist
New option run --httpproxy=<proxy>: closes #418
Improve handling of registry names in login: closes #168
Improve handling of image names in pull: closes #168
Improve handling of mount point removal: closes #406, #399
Support for AWS ECR registries: closes #168
Remove pycurl dependency on unit tests
Documentation fixes

udocker (1.3.13) - 2024-02-05

udocker improve binary executables selection
udocker fix fakechroot parsing of so, exec_path and add cmd subst
udocker implement minor pylint compliance improvements
udocker mode Pn make links2symlinks disabled by default in config: closes #412
New udockertools 1.2.11 tarball
udockertools mode Fn glibc fix dladdr(), dlopen(), dlmopen(), dl_iterate_phdr()
udockertools mode Fn glibc add dladdr1()
udockertools mode Fn glibc add execvpe(), execveat()
udockertools mode Fn glibc add getauxval()
udockertools mode Fn glibc add scandirat(), scandirat64()
udockertools mode Fn glibc change stat64(), lstat64(), stat()
udockertools mode Fn glibc add narrowing of program_invocation_name
udockertools mode Fn glibc improve command substitution
udockertools mode Fn musl fix dladdr(), dlopen(), dlmopen(), dl_iterate_phdr()
udockertools mode Fn musl execvpe()
udockertools mode Fn musl improve command substitution
udockertools mode Fn added support for Alpine 3.19 (x86_64)
udockertools mode Fn added support for Fedora 39 (x86_64, aarch64, ppc64le)
udockertools mode Rn include runc 1.1.12

udocker (1.3.12) - 2023-11-02

Fix unit tests, no modifications w.r.t. 1.3.11

udocker (1.3.11) - 2023-10-23

Add support for hard link to symbolic link conversion in Pn modes
as hard links cannot be created by unprivileged users: partially
addresses #388
Check of availability of network extensions for port mapping and
netcoop in Pn modes and only use them if supported by the proot
engine being invoked.
Improve image metadata generated by udocker on import: closes #398

udocker (1.3.10) - 2023-07-03

Improved handling of container platform information
Added support for QEMU on Pn modes enabling execution of containers
with architectures different than the host
Selection of executable for Sn mode now defaults to apptainer and
in second place to singularity
The new command manifest inspect allows display of image manifests
therefore enabling access to the catalogue of platforms supported by
a given image
The new command tag enables changing the name of an existing image
New option pull --platform=os/architecture enables pulling of images
of a given architecture possibly different from the host
New option run --platform=os/architecture enables pull and run of
images of a given architecture possibly different from the host
New option import --platform=os/architecture enables to specify
an architecture for the image
New option ps -p enables list of the architectures of containers
New option images -p enables list of the architectures of containers
Build udockertools 1.2.10 and set it as default
The udockertools support for Fn now includes Ubuntu 23:04, Fedora 38,
Alpine 3.17 and 3.18.
Experimental support for native Fn execution on arm64 for Fedora 36,
Fedora 37, Fedora 38, CentOS 7, AlmaLinux 8, AlmaLinux 9 and Ubuntu 22,
Ubuntu 20, Ubuntu 18 and similar.
Experimental support for native Fn execution on ppc64le for CentOS 7,
AlmaLinux 8, AlmaLinux 9, Ubuntu 22, Ubuntu 20, Ubuntu 18 and similar.
Experimental support for runc in arm64 and ppc64le
Updated version of Pn engines for x86, x86_64, arm64: addresses #393

udocker (1.3.9) - 2023-06-07

Add support to access non-config metadata from containers
Added support for multiplatform manifests and indices: closes #392, #355

udocker (1.3.8) - 2023-03-24

Build udockertools 1.2.9 and set it as default
Add Fn support for Ubuntu:22
Remove files to be installed
Set Fn preference to use runc

udocker (1.3.7) - 2023-01-24

Remove deprecated unit tests. udocker is the same as version 1.3.6

udocker (1.3.6) - 2023-01-19

Re-implement udocker namespace: closes #380
Login fails all the time: closes #379
Ignore image loading if already exists: closes #378

udocker (1.3.5) - 2022-10-21

Fix python backwards compatibility issues: closes #374
Fix incorrectly reported errors by image verification
Fix image search returning empty results
Fix issue with logical links in the udocker executable path
Add check to verify if container name exists before creation
or cloning
Add --force option to create and clone to allow creation
of container even if the intended name given by --name exists
Prevent closing of file descriptors upon engine invocation
improves PMI process management interface interoperability
Fix issues in import and export while using pipes.
Fix image name parsing where "library" component is missing: closes #359

udocker (1.3.4) - 2022-08-26

Fix 2 unit tests

udocker (1.3.3) - 2022-08-23

Image list does not truncate long names: closes #349
Fix conditional warning in verify image
Fix and improve udocker high level tests

udocker (1.3.2) - 2022-08-17

Fix missing f (format) for string
Fix bugs with dict .items()
Solving several pylint issues
Remove use2to3: closes #358

udocker (1.3.1) - 2021-06-24

Add --entrypoint to run --help
Set docker hub registry registry-1.docker.io
Fix repository name in search --list-tags
Improve tests: udocker_test.sh and udocker_test-run.sh
Documentation revision and improvements
Add licenses and licenses notice to documentation
Add test instructions
Issues with --allow-root in Python 3.8
Add security policy SECURITY.md
Remove old Python 2 tests
Fix configuration hierarchy, configuration files
Update documentation: README, user and install manuals
Fix sqa and config

udocker (1.3.0) - 2021-06-05

Prepare to move the stable code for Python 3 and Python 2 >= 2.6 to master
Installation procedure changed since 1.1.x series see the installation_manual
Improve user and installation documentation
Extract documentation upon installation
Add codemeta.json, metadata for the software
Add support for faccessat2() in Pn and Fn execution modes
Fix support for newfstatat() in Pn execution modes
Add Fn libraries for Fedora 34 and Ubuntu 21.04
Remove broken links in FileUtil.remove()
Update minimum udocker tools tarball to 1.2.8
Cmd and entrypoint metadata and arguments processing changed to mimic docker
Improve removal of files and links in install and filebind restore
Add follow location option to GetURL()
Implement use of --entrypoint=<cmd> to force execution of command: closes #306
Implement use of --entrypoint="" to bypass entrypoint in metadata: closes #306

udocker (1.2.9) - 2021-05-24

Method Unshare.unshare os.strerror() takes one argument: closes #254
Add unit test for #254
Method chown udocker.utils.fileutil FileUtil: closes #276
Several fixes of unit tests and pylint
Fix confusion between exit code 0 and inferred False
Dereference on safe_prefixes
untar exclude dev
Fix rmi for referenced layers
Set default for PROOT_TMP_DIR
sysdir mountpoint not found and set tmpdir
Update installation instructions
Improve oskernel_isgreater()
Improve osinfo()
Fix repository login/logout
Improve keystore logic
Fix pull /v2

udocker (1.2.8b2) - 2021-05-04

Fix Rn modes to enable containers execution from readonly dirs
Documentation centralized installation and readonly setups
Fix handling of dockerhub repository names in /v2
Improve documentation and align with 1.1.8b2
Add credits
Fix delete of paths with symlinks: closes #267, #265
Fix issues with login credentials: closes #310
Fix pull images from docker hub in Termux: closes #307
Fix issues on running udocker in googlecolab: closes #286
Fix execution with Pn modes in alternate /tmp: closes #284
Add conditional delay-directory-restore to untar layers
Add exclude of whiteouts on layer untar
Add --nobanner to udocker run

udocker (1.2.7) - 2021-01-26

Major restructuring of the code
Major restructuring of the unit tests
Porting to Python 3, still supports python 2.7
All fixes up to previous 1.1.7 version have been applied
Added scripts tests udocker: utils/udocker_test.sh utils/udocker_test-run.sh

udocker (1.1.8) - 2021-06-16

Last 1.1.x release
Fix Rn modes to enable containers execution from readonly dirs
Documentation centralized installation and readonly setups

udocker (1.1.7) - 2021-02-21

Fix P1 when Linux 4.8.0 SECCOMP is backported, affects newer CentOS 7: closes #282
Check for file ownership on remove wrongly follows symlinks: closes #266, #267
udocker unexpectedly uses P1 exec mode instead of P2: closes #274
Allow passing of PROOT_TMP_DIR environment variable: closes #284

udocker (1.1.6)

Complete fix for of ELF paths in modes Fn for "ORIGIN:ORIGIN": closes #255

udocker (1.1.5)

Preliminary fix for of ELF paths in modes Fn for ORIGIN:ORIGIN
Add Fn libraries for Ubuntu20, Fedora32, Fedora33
Add Fn libraries for Alpine 3.12, 3.13

udocker (1.1.4-1) - 2020-01-10

Fix run --location
Fix udocker integrated help
Fix naming of containers
Improve parsing of image names
Documentation improvements
os._exit from Unshare.unshare()
Disable FAKECHROOT_DISALLOW_ENV_CHANGES in F4 mode

udocker (1.1.4) - 2020-01-07

Use hub.docker.com as default registry
Search using v1 and v2 APIs
Implement API /v2/search/repositories
Adjust search results to screen size
List container size with ps -s
List container execution modes with ps -m
Added support for nameat() and statx() in Pn and Fn modes
Added Fn libraries for Ubuntu18, Ubuntu19, Fedora29, Fedora30, Fedora31, CentOS8
Added Fn libraries for Alpine 3.8, 3.9, 3.10, 3.11
Added support for sha512 hashes
Added support for opaque whiteouts
Added search --list-tags to available tags for a given repository
Add CLI support for image names in format host/repository:tag
Support for fake root in Sn execution modes via --user=root
Improve verify of loaded/pulled images
Improve handling of mountpoints
Added --containerauth to enable direct use of the container passwd and group
Added support for file mount bindings in singularity
Added UDOCKER_USE_PROOT_EXECUTABLE env var to select proot location
Added UDOCKER_USE_RUNC_EXECUTABLE env var to select runc location
Added UDOCKER_USE_SINGULARITY_EXECUTABLE env var to select singularity
Added UDOCKER_DEFAULT_EXECUTION_MODE env var to select default execution mode
Added R2 and R3 execution modes for PRoot overlay execution in runc
Added setup --purge for cleanup of mountpoints and files
Added setup --fixperms to fix container file permissions
Added run --env-file= to load file with environment variables
Improve file and directory binding support for Singularity and runc
Add command rename for renaming of containers
Create processes without shell context
Safer parsing of config files and removal of directories
Improve installation
Improved fix of SECCOMP accelerated mode for P1 mode
Added loading and handling of container images in OCI format
Fixes for udocker in ARM aarch64
Fix processing of --dri in Sn mode: closes #241
Improve handling of container and host authentication: addresses #239
Fixes to address authentication and redirects in pull: closes #225, #230
Added minimal support to load OCI images: closes #111
Added Pn support for newer distributions: closes #192
Improve the installation of udockertools: closes #220, #228
Add --env-file= - to read environment variables from file: closes #212
Prepare for pypy: closes #211
Fixes for verification of container images: closes #209
Fix command line processing for "-" in argument: closes #202
Fix file protections on extraction making files u+r : closes #202, #206
Fix comparison of kernel versions having non-integers: closes #183
Support for both manifest V2 schema 1 and schema 2: closes #218, #225
Further improved pathname translation in Fn modes: closes #160
Implement save images in docker format: closes #74
useradd and groupadd not working in containers: closes #141
fix return code when exporting to stdin: closes #202

udocker (1.1.3) - 2018-11-01

Support for nvidia drivers on ubuntu: closes #162
Installation improvements: closes #166
Fix issue on Fn mode symlink conversion: addresses #160

udocker (1.1.2) - 2018-10-29

Improve parsing of quotes in the command line: closes #98
Fix version command to exit with 0: closes #107
Add kill-on-exit to proot on Pn modes
Improve download of udocker utils
Handle authentication headers when pulling: closes #110
Handle of redirects when pulling
Fix registries table
Support search quay.io
Fix auth header when no standard Docker registry is used
Add registry detection on image name
Add --version option
Force python2 as interpreter: closes #131
Fix handling of volumes in metadata
Handle empty metadata
Fix http proxy functionality: closes #115
Ignore --no-trunc and --all in the images command: closes #108
Implement verification of layers in manifest
Add --nvidia to support GPUs and related drivers
Send download messages to stderr
Enable override of curl executable
Fix building on CentOS 6: closes #157
Mitigation for upstream limitation in runC without tty: closes #132
Fix detection of executable with symlinks in container: closes #118
Updated runC to v1.0.0-rc5
Experimental support for Alpine in Fn modes
Improve pathname translation in Fn modes for mounted dirs: addresses #160

udocker (1.1.1) - 2017-11-24

New execution engine using singularity
Updated documentation with OpenMPI information and examples
Additional unit tests
Redirect messages to stderr
Improved parsing of quotes in the command line: closes #87
Allow override of the HOME environment variable
Allow override of libfakechroot.so at the container level
Automatic selection of libfakechroot.so from container info
Improve automatic install
Enable resetting prefix paths in Fn modes in remote hosts
Do not set AF_UNIX_PATH in Fn modes when the host /tmp is a volume
Export containers in both docker and udocker format
Import containers docker and udocker format
Load, import and export to/from stdin/stdout
Clone existing containers
Support for TCP/IP port remap in execution modes Pn
Fix run with basenames failing: closes #89
Allow run as root flag: closes #91

udocker (1.1.0) - 2017-09-30

Support image names prefixed by registry similarly to docker
Add execution engine selection logic
Add fr execution engine based on shared library interception
Add rc execution engine based on rootless namespaces
Improve proot tmp files cleanup on non ext filesystems
Improve search returning empty on Docker repositories
Improve runC execution portability
Add environment variable UDOCKER_KEYSTORE: closes #75
Prevent creation of .udocker when UDOCKER_KEYSTORE is used: closes #75

udocker (1.0.4) - 2017-09-26

Documentation fixes

udocker (1.0.3) - 2017-03-30

Support for import Docker containers in newer metadata structure
Improve the command line parsing
Improve temporary file handling and removal
Support for additional execution engines to be provided in the future
Improved parsing of entrypoint and cmd metadata: closes #53
Increase name alias length: closes #52
Add support for change dir into volume directories: closes #51
Fix deletion of files upon container import: closes #50
Fix exporting of host environment variables to the containers: closes #48
Change misleading behavior of import tarball from move to copy: closes #44
Fix validation of volumes specification: closes #43

udocker (1.0.2) - 2017-02-13

Improve download on repositories that fail authentication on /v2
Improve run verification of binaries with recursive symbolic links
Improve accelerated seccomp on kernels >= 4.8.0 : closes #40

udocker (1.0.1) - 2017-01-31

Minor bugfixes
Executable name changed from udocker.py to udocker
Added support for login into docker repositories
Added support for private repositories
Added support for listing of v2 repositories catalog
Added checksum verification for sha256 layers
Improved download handling for v1 and v2 repositories
Improved installation tarball structure
Insecure flag fixed
Address seccomp change introduced on kernels >= 4.8.0
Utilities for packaging
Improved verbose levels, messaging and output: closes #24, #23
Fully implement support for registry selection --registry parameter: closes #29
Provide support for private repositories e.g. gitlab registries: closes #30
Provide --insecure command line parameter for SSL requests: closes #31

udocker (1.0.0) - 2016-06-06

Initial version

License

For personal and professional use. You cannot resell or redistribute these repositories in their original state.

Share

• Share on Facebook
• Share on Twitter