Skip to content

Commit

Permalink
refactor: move ucore addons builds here (#219)
Browse files Browse the repository at this point in the history
  • Loading branch information
@bsherman
bsherman authored Jul 21, 2024
1 parent 7c3a5d8 commit a7027b9
Show file tree
Hide file tree
Showing 8 changed files with 153 additions and 20 deletions.
10 changes: 8 additions & 2 deletions Containerfile.common
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,22 @@ COPY --from=kernel_cache /tmp/rpms /tmp/kernel_cache

# files for akmods
COPY ublue-os-akmods-addons.spec /tmp/ublue-os-akmods-addons/ublue-os-akmods-addons.spec
COPY ublue-os-ucore-addons.spec /tmp/ublue-os-ucore-addons/ublue-os-ucore-addons.spec
ADD https://copr.fedorainfracloud.org/coprs/ublue-os/akmods/repo/fedora-${FEDORA_MAJOR_VERSION}/ublue-os-akmods-fedora-${FEDORA_MAJOR_VERSION}.repo \
/tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/_copr_ublue-os-akmods.repo
ADD https://negativo17.org/repos/fedora-multimedia.repo \
/tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/negativo17-fedora-multimedia.repo

RUN --mount=type=cache,dst=/var/cache/dnf \
/tmp/build-prep.sh && \
if [[ "${KERNEL_FLAVOR}" =~ "coreos" ]]; then \
/tmp/build-ublue-os-ucore-addons.sh && \
cp /tmp/ublue-os-ucore-addons/rpmbuild/RPMS/noarch/ublue-os-ucore-addons*.rpm \
/var/cache/rpms/ucore/ \
; fi && \
/tmp/build-ublue-os-akmods-addons.sh && \
cp /tmp/ublue-os-akmods-addons/rpmbuild/RPMS/noarch/ublue-os-akmods-addons*.rpm \
/var/cache/rpms/ublue-os/ && \
if grep -qv "surface" <<< "${KERNEL_FLAVOR}"; then \
export KERNEL_NAME="kernel" \
; else \
Expand All @@ -49,8 +57,6 @@ RUN --mount=type=cache,dst=/var/cache/dnf \
/tmp/build-kmod-xpadneo.sh && \
/tmp/build-kmod-xone.sh && \
/tmp/dual-sign.sh && \
cp /tmp/ublue-os-akmods-addons/rpmbuild/RPMS/noarch/ublue-os-akmods-addons*.rpm \
/var/cache/rpms/ublue-os/ && \
for RPM in $(find /var/cache/akmods/ -type f -name \*.rpm); do \
cp "${RPM}" /var/cache/rpms/kmods/; \
done && \
Expand Down
12 changes: 10 additions & 2 deletions Containerfile.nvidia
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,23 +25,31 @@ COPY --from=kernel_cache /tmp/rpms /tmp/kernel_cache

# files for nvidia
COPY ublue-os-nvidia-addons.spec /tmp/ublue-os-nvidia-addons/ublue-os-nvidia-addons.spec
COPY ublue-os-ucore-nvidia.spec /tmp/ublue-os-ucore-nvidia/ublue-os-ucore-nvidia.spec
COPY files/etc/sway/environment /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/environment
COPY files/usr/lib/systemd/system/ublue-nvctk-cdi.service /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/ublue-nvctk-cdi.service
COPY files/usr/lib/systemd/system/ublue-nvctk-cdi.service /tmp/ublue-os-ucore-nvidia/rpmbuild/SOURCES/ublue-nvctk-cdi.service
COPY files/usr/lib/systemd/system-preset/70-ublue-nvctk-cdi.preset /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/70-ublue-nvctk-cdi.preset
COPY files/usr/lib/systemd/system-preset/70-ublue-nvctk-cdi.preset /tmp/ublue-os-ucore-nvidia/rpmbuild/SOURCES/70-ublue-nvctk-cdi.preset


RUN --mount=type=cache,dst=/var/cache/dnf \
/tmp/build-prep.sh && \
if [[ "${KERNEL_FLAVOR}" =~ "coreos" ]]; then \
/tmp/build-ublue-os-ucore-nvidia.sh && \
cp /tmp/ublue-os-ucore-nvidia/rpmbuild/RPMS/noarch/ublue-os-ucore-nvidia*.rpm \
/var/cache/rpms/ucore/ \
; fi && \
/tmp/build-ublue-os-nvidia-addons.sh && \
cp /tmp/ublue-os-nvidia-addons/rpmbuild/RPMS/noarch/ublue-os-nvidia-addons*.rpm \
/var/cache/rpms/ublue-os/ && \
if grep -qv "surface" <<< "${KERNEL_FLAVOR}"; then \
export KERNEL_NAME="kernel" \
; else \
export KERNEL_NAME="kernel-surface" \
; fi && \
/tmp/build-kmod-nvidia.sh 550 && \
/tmp/dual-sign.sh && \
cp /tmp/ublue-os-nvidia-addons/rpmbuild/RPMS/noarch/ublue-os-nvidia-addons*.rpm \
/var/cache/rpms/ublue-os/ && \
for RPM in $(find /var/cache/akmods/ -type f -name \*.rpm); do \
cp "${RPM}" /var/cache/rpms/kmods/; \
done && \
Expand Down
2 changes: 1 addition & 1 deletion build-prep.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,4 +93,4 @@ fi
chmod 1777 /tmp /var/tmp

# create directories for later copying resulting artifacts
mkdir -p /var/cache/rpms/{kmods,ublue-os}
mkdir -p /var/cache/rpms/{kmods,ublue-os,ucore}
10 changes: 10 additions & 0 deletions build-ublue-os-ucore-addons.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/sh

set -oeux pipefail

### BUILD UCORE-ADDONS RPM
install -D /etc/pki/akmods/certs/public_key.der /tmp/ublue-os-ucore-addons/rpmbuild/SOURCES/public_key.der
rpmbuild -ba \
--define '_topdir /tmp/ublue-os-ucore-addons/rpmbuild' \
--define '%_tmppath %{_topdir}/tmp' \
/tmp/ublue-os-ucore-addons/ublue-os-ucore-addons.spec
19 changes: 19 additions & 0 deletions build-ublue-os-ucore-nvidia.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#!/bin/sh

set -oeux pipefail

### SETUP nvidia container stuffs

mkdir -p /tmp/ublue-os-ucore-nvidia/rpmbuild/SOURCES/

curl -L https://nvidia.github.io/libnvidia-container/stable/rpm/nvidia-container-toolkit.repo \
-o /tmp/ublue-os-ucore-nvidia/rpmbuild/SOURCES/nvidia-container-toolkit.repo
sed -i "s@gpgcheck=0@gpgcheck=1@" /tmp/ublue-os-ucore-nvidia/rpmbuild/SOURCES/nvidia-container-toolkit.repo

curl -L https://raw.githubusercontent.com/NVIDIA/dgx-selinux/master/bin/RHEL9/nvidia-container.pp \
-o /tmp/ublue-os-ucore-nvidia/rpmbuild/SOURCES/nvidia-container.pp

rpmbuild -ba \
--define '_topdir /tmp/ublue-os-ucore-nvidia/rpmbuild' \
--define '%_tmppath %{_topdir}/tmp' \
/tmp/ublue-os-ucore-nvidia/ublue-os-ucore-nvidia.spec
30 changes: 15 additions & 15 deletions ublue-os-nvidia-addons.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,18 @@ Release: 1%{?dist}
Summary: Additional files for nvidia driver support

License: MIT
URL: https://github.com/ublue-os/nvidia
URL: https://github.com/ublue-os/akmods

BuildArch: noarch
Supplements: mokutil policycoreutils

Source0: nvidia-container-toolkit.repo
Source1: eyecantcu-supergfxctl.repo
Source2: nvidia-container.pp
Source3: environment
Source4: ublue-nvctk-cdi.service
Source5: 70-ublue-nvctk-cdi.preset
Source6: negativo17-fedora-nvidia.repo
Source1: nvidia-container.pp
Source2: ublue-nvctk-cdi.service
Source3: 70-ublue-nvctk-cdi.preset
Source4: environment
Source5: negativo17-fedora-nvidia.repo
Source6: eyecantcu-supergfxctl.repo

%description
Adds various runtime files for nvidia support.
Expand All @@ -25,21 +25,21 @@ Adds various runtime files for nvidia support.


%build
install -Dm0644 %{SOURCE6} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/negativo17-fedora-nvidia.repo
install -Dm0644 %{SOURCE0} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo
install -Dm0644 %{SOURCE1} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/eyecantcu-supergfxctl.repo
install -Dm0644 %{SOURCE2} %{buildroot}%{_datadir}/ublue-os/%{_datadir}/selinux/packages/nvidia-container.pp
install -Dm0644 %{SOURCE3} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/sway/environment
install -Dm0644 %{SOURCE4} %{buildroot}%{_datadir}/ublue-os/%{_unitdir}/ublue-nvctk-cdi.service
install -Dm0644 %{SOURCE5} %{buildroot}%{_presetdir}/70-ublue-nvctk-cdi.preset
install -Dm0644 %{SOURCE1} %{buildroot}%{_datadir}/ublue-os/%{_datadir}/selinux/packages/nvidia-container.pp
install -Dm0644 %{SOURCE2} %{buildroot}%{_datadir}/ublue-os/%{_unitdir}/ublue-nvctk-cdi.service
install -Dm0644 %{SOURCE3} %{buildroot}%{_presetdir}/70-ublue-nvctk-cdi.preset
install -Dm0644 %{SOURCE4} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/sway/environment
install -Dm0644 %{SOURCE5} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/negativo17-fedora-nvidia.repo
install -Dm0644 %{SOURCE6} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/eyecantcu-supergfxctl.repo

sed -i 's@enabled=1@enabled=0@g' %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/eyecantcu-supergfxctl.repo
sed -i 's@enabled=1@enabled=0@g' %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/negativo17-fedora-nvidia.repo
sed -i 's@enabled=1@enabled=0@g' %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo
sed -i 's@enabled=1@enabled=0@g' %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/eyecantcu-supergfxctl.repo

install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/negativo17-fedora-nvidia.repo %{buildroot}%{_sysconfdir}/yum.repos.d/negativo17-fedora-nvidia.repo
install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo %{buildroot}%{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo
install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/eyecantcu-supergfxctl.repo %{buildroot}%{_sysconfdir}/yum.repos.d/eyecantcu-supergfxctl.repo
install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo %{buildroot}%{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo
install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_datadir}/selinux/packages/nvidia-container.pp %{buildroot}%{_datadir}/selinux/packages/nvidia-container.pp
install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_unitdir}/ublue-nvctk-cdi.service %{buildroot}%{_unitdir}/ublue-nvctk-cdi.service

Expand Down
33 changes: 33 additions & 0 deletions ublue-os-ucore-addons.spec
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
Name: ublue-os-ucore-addons
Version: 0.1
Release: 1%{?dist}
Summary: Signing key for ucore kmods

License: MIT
URL: https://github.com/ublue-os/ucore-kmods

BuildArch: noarch
Supplements: mokutil policycoreutils

Source0: public_key.der

%description
Adds the signing key for importing with mokutil to enable secure boot for kernel modules.

%prep
%setup -q -c -T


%build
# Have different name for *.der in case kmodgenca is needed for creating more keys
install -Dm0644 %{SOURCE0} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/pki/akmods/certs/akmods-ublue.der

install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/pki/akmods/certs/akmods-ublue.der %{buildroot}%{_sysconfdir}/pki/akmods/certs/akmods-ublue.der

%files
%attr(0644,root,root) %{_datadir}/ublue-os/%{_sysconfdir}/pki/akmods/certs/akmods-ublue.der
%attr(0644,root,root) %{_sysconfdir}/pki/akmods/certs/akmods-ublue.der

%changelog
* Sat Dec 30 2023 Benjamin Sherman <[email protected]> - 0.1
- Add key for enrolling ucore kernel modules for secure boot
57 changes: 57 additions & 0 deletions ublue-os-ucore-nvidia.spec
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
Name: ublue-os-ucore-nvidia
Version: 0.3
Release: 1%{?dist}
Summary: Additional files for nvidia driver support on CoreOS

License: MIT
URL: https://github.com/ublue-os/akmods

BuildArch: noarch
Supplements: mokutil policycoreutils

Source0: nvidia-container-toolkit.repo
Source1: nvidia-container.pp
Source2: ublue-nvctk-cdi.service
Source3: 70-ublue-nvctk-cdi.preset

%description
Adds various runtime files for nvidia support on Fedora CoreOS.

%prep
%setup -q -c -T


%build
install -Dm0644 %{SOURCE0} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo
install -Dm0644 %{SOURCE1} %{buildroot}%{_datadir}/ublue-os/%{_datadir}/selinux/packages/nvidia-container.pp
install -Dm0644 %{SOURCE2} %{buildroot}%{_datadir}/ublue-os/%{_unitdir}/ublue-nvctk-cdi.service
install -Dm0644 %{SOURCE3} %{buildroot}%{_presetdir}/70-ublue-nvctk-cdi.preset

sed -i 's@enabled=1@enabled=0@g' %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo

install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo %{buildroot}%{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo
install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_datadir}/selinux/packages/nvidia-container.pp %{buildroot}%{_datadir}/selinux/packages/nvidia-container.pp
install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_unitdir}/ublue-nvctk-cdi.service %{buildroot}%{_unitdir}/ublue-nvctk-cdi.service

%files
%attr(0644,root,root) %{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo
%attr(0644,root,root) %{_datadir}/ublue-os/%{_datadir}/selinux/packages/nvidia-container.pp
%attr(0644,root,root) %{_datadir}/ublue-os/%{_unitdir}/ublue-nvctk-cdi.service
%attr(0644,root,root) %{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo
%attr(0644,root,root) %{_datadir}/selinux/packages/nvidia-container.pp
%attr(0644,root,root) %{_unitdir}/ublue-nvctk-cdi.service
%attr(0644,root,root) %{_presetdir}/70-ublue-nvctk-cdi.preset

%changelog
* Fri Oct 6 2023 Benjamin Sherman <[email protected]> - 0.3
- add ublue-nvctk-cdi service to auto-generate NVIDIA CDI GPU definitions

* Wed Oct 04 2023 Benjamin Sherman <[email protected]> - 0.2
- use newer nvidia-container-toolkit repo
- repo provides newer toolkit, no longer requires config.toml

* Sat Aug 19 2023 Benjamin Sherman <[email protected]> - 0.1
First release for Fedora CoreOS based on ublue-os-nvidia-addons includes:
- nvidia-container-runtime repo
- nvidia-container-runtime rootless config
- nvidia-container-runtime selinux policy file

0 comments on commit a7027b9

Please sign in to comment.