to add -trimpath to the build of libnvidia-container-go.so, so it doesn't
trigger buildpaths QA warnings.
Signed-off-by: Matt Madison <matt@madison.systems>
to fix a problem with inconsistent results from the symlink chain resolver
used to set up the hooks to create symlinks.
Signed-off-by: Matt Madison <matt@madison.systems>
With the updated toolkit/runtime setup, the toolkit is run at boot time to generate the
configuration file used by the container runtime. To allow for a read-only rootfs setup,
we place the generated config.toml under /run. We need to install a symlink in the
normal /etc/nvidia-container-runtime directory to point to that generated config, so the
container runtime can find it.
Signed-off-by: Matt Madison <matt@madison.systems>
* Added patch to support location of files in the container-passthrough tree
* Added systemd service to generate the config.toml file for the container
runtime during boot, so we can add the location of the passthrough tree.
Signed-off-by: Ilies CHERGUI <ichergui@nvidia.com>
Signed-off-by: Matt Madison <matt@madison.systems>
* Dropped libnvidia-container-jetson recipe, which is now obsoloete
Signed-off-by: Ilies CHERGUI <ichergui@nvidia.com>
Signed-off-by: Matt Madison <matt@madison.systems>
* No more 'S = "${WORKDIR}"', which is not permitted
* All ${WORKDIR} references for local files updated to ${UNPACKDIR}
* Custom do_unpack for the recipes that are in the public_sources
archive in the BSP adjusted for the new unpacking approach
* Some SRC_URIs updated with 'destsuffix=' parameters where needed
Signed-off-by: Matt Madison <matt@madison.systems>
The original problem with compatibility with newer version of libtirpc was
resolved, so we don't need the workaround any longer.
Also drop runtime dependencies that have been moved to the main libnvidia-container
recipe. This package can't be used on its own, anyway, as it's called on
by the nvidia-container-cli tool built in the libnvidia-container recipe.
Signed-off-by: Matt Madison <matt@madison.systems>
* Refresh the build patch to have nvcgo built, so the library can be used
with cgroupsv2 (for 'auto' and 'csv' modes)
* Move some runtime dependencies from libnvidia-container-jetson to
this recipe, as they're needed here
* Patch the toolkit to implement 'alternate roots' for locating files to be
passed through from the host, to support our tegra-container-passthrough tree
* Provide our own config file, rather than modifying the one from the source tree
on the fly
This enables us to support 'csv' mode in the toolkit for our builds, instead
of requring 'legacy' mode. With 'csv' mode, host passthrough mounts are injected
into the container when it is created, rather than using the legacy method of
adding a prestart hook to run nvidia-container-cli to set them up.
The 'legacy' mode can still be used, if needed, as long as your target system
is configured to support cgroupsv1.
Signed-off-by: Matt Madison <matt@madison.systems>
This brings container support recipes up to the versions used in
L4T R35.4.1/JetPack 5.1.2.
* Rename libnvidia-container-tools recipe to the more accurate 'libnvidia-container', and
update to v1.10.0 (with patch consolidiation and refresh)
* Fix the makefiles for libnvidia-container and libnvidia-container-jetson to eliminate
the build paths that were getting embedded in the RPC files
* Include the full set of DEBUG_PREFIX_MAP flags when building libnvidia-container, which fixes
more embedded build paths
* Update nvidia-container-toolkit to v1.11.0
* Switch to static linking for nvidia-container-toolkit to work around panic on startup
in nvidia-ctk
* Hard-code the toolkit configuration to "legacy" mode, which uses the older prestart hook
method for mapping the paths in the CSV file, until our hacks for the passthrough tree
and for mapping the Debian/Ubuntu multi-arch library paths to the normal host paths
get migrated to the Go code in nvidia-container-toolkit.
* Update nvidia-docker to v2.11.0
Signed-off-by: Matt Madison <matt@madison.systems>
nvidia-container-cli requires access to the host ldconfig at runtime, so
have it as a runtime dependency explicitly.
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
docker-ce is deprecated, with docker-moby now set as the default
docker recipe, so switch over the bbappend to fix up the kernel
module dependencies for that recipe.
Signed-off-by: Matt Madison <matt@madison.systems>
to add a patch that supports the use of tree of files to be directly
exported to containers, overriding any files that reside in the normal
host rootfs. This allows us to export NVIDIA's prebuilt binary userland
libraries to NVIDIA's containers, to ensure compatibility with the library
versions (notably glibc's) that are inside the container.
Signed-off-by: Matt Madison <matt@madison.systems>
- export -ffile-prefix-map to be used in nvidia-modprobe.mk, this will
be used for reproducible binaries
- thanks matt@madison.systems for inputs on this
Signed-off-by: Atharva Nandanwar <anandanwar@sighthound.com>
as the provided binary is now built from nvidia-container-toolkit.
Also drop the l4t.csv file, which we'll extract from the BSP instead.
Signed-off-by: Matt Madison <matt@madison.systems>
* libnvidia-container-jetson supplies just the Jetson-specific
library, updated to version 0.11. This library is dynamically
loaded by the nvidia-container-cli tool.
* libnvidia-container-tools supplies the generic libnvidia-container
library (which is at SONAME v1 instead of v0) and the CLI tool.
This is updated to version 1.9.0.
Signed-off-by: Matt Madison <matt@madison.systems>
The latest git release adds ownership checks on the git tree when
a git command is invoked from pseudo context, so when the
makefiles are processed during the do_install task, an error is
reported.
Fix this by adding a REVISION variable setting to EXTRA_OEMAKE, and
also include a COMPILER setting to override shell callout to
extract the compiler path.
Signed-off-by: Matt Madison <matt@madison.systems>
to include a setting of SRCREV_FORMAT, to work around a problem
with its sstate packages failing to setscene because the SRCPV
variable gets copied, even though we don't use SRCPV in the
recipe.
Signed-off-by: Matt Madison <matt@madison.systems>
Update the LICENSE setting to more accurately reflect
what is included in the package, removing GPLv3
and adding MIT. The files in the source repository
are somewhat misleading.
Also update LIC_FILES_CHKSUM to reference files
reflective of the specified license types.
Signed-off-by: Matt Madison <matt@madison.systems>
Carry forward the patch previously applied to 0.9.0 that
switches to linking against a patched version of libtirpc
to fix segfaults during container startup.
Signed-off-by: Matt Madison <matt@madison.systems>
Allow the user to select either docker-moby or docker-ce as the default
docker provider (docker.inc, used by both docker-moby and docker-ce has
the required rprovides logic for the common docker package).
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
* Ran convert-overrides.py to generate the initial changes
* Manual cleanup afterwards (which was a lot, due to our
extensive use of overrides).
Signed-off-by: Matt Madison <matt@madison.systems>
With recent systemd versions, process limits on the number of open files
have been raised by a couple of orders of magnitude (K to G). The libtirpc
library, which is unfortunately used by libnvidia-container-tools to implement
some inter-process communication, allocates some arrays of tracking structures based
on the open-files limit (e.g., dtablesze) - leading to memory allocation failures
as it tries to allocate multi-GiB arrays off the heap.
Add a modified patch, back-ported from libtirpc 1.3.2, that caps the array sizes
back down to 1K, to work around this problem for now. The original patch only
handled the svc client; the modification also limits the array size for the
server side.
Signed-off-by: Matt Madison <matt@madison.systems>
to address the segmentation fault reported during container
startup. There's still an error getting reported that needs
to be addressed, though.
Signed-off-by: Matt Madison <matt@madison.systems>
to build this older version of libtirpc as a static library, specifically
for use by libnvidia-container-tools.
Signed-off-by: Matt Madison <matt@madison.systems>
The latest go in OE-Core uses go module support by default,
so we need to explicitly disable it to build this version
of nvidia-container-toolkit.
Signed-off-by: Matt Madison <matt@madison.systems>
The latest go in OE-Core uses go module support by default,
so we need to explicitly disable it to build this version
of nvidia-container-runtime.
Signed-off-by: Matt Madison <matt@madison.systems>
tini has been updated to 0.19.0 in meta-virtualization, and
the recipe now includes the SECURITY_FLAGS setting were were
making.
Signed-off-by: Matt Madison <matt@madison.systems>
Patch the makefile and update the recipe to alter how the compiled-in
build information is generated. This should fix failures on certain
build hosts and better support reproducible builds.
Signed-off-by: Matt Madison <matt@madison.systems>
