Replace old runtime with shim

7866ee33 · Christopher Desiniotis · 600006ad · 7866ee33 · 7866ee33 · 7866ee33
7 changed file
--- a/runtime/Dockerfile.amzn
+++ b/runtime/Dockerfile.amzn
 ARG VERSION_ID
 FROM nvidia/base/amzn:${VERSION_ID}

-# runc dependencies
-RUN yum install -y \
-        pkgconfig \
-        gcc \
-        libseccomp-devel \
-        libselinux-devel && \
-    rm -rf /var/cache/yum/*
+RUN yum install -y curl

-RUN go get github.com/LK4D4/vndr
+WORKDIR $GOPATH/src/gitlab.com/nvidia/container-toolkit/nvidia-container-runtime
+RUN mkdir -p ${GOPATH}/bin

-# runc
-WORKDIR $GOPATH/src/github.com/opencontainers/runc
+RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh 

-RUN git clone https://github.com/opencontainers/runc.git .
+COPY src .
+RUN make

 # packaging
 ARG PKG_VERS
@@ -27,14 +22,7 @@ ENV RELEASE $PKG_REV
 ENV DIST_DIR=/tmp/nvidia-container-runtime-$PKG_VERS/SOURCES
 RUN mkdir -p $DIST_DIR /dist

-ARG RUNC_COMMIT
-COPY runc/$RUNC_COMMIT/ /tmp/patches/runc
-
-RUN git checkout $RUNC_COMMIT && \
-    git apply /tmp/patches/runc/* && \
-    if [ -f vendor.conf ]; then vndr; fi && \
-    make BUILDTAGS="seccomp selinux" && \
-    mv runc $DIST_DIR/nvidia-container-runtime
+RUN mv nvidia-container-runtime $DIST_DIR/nvidia-container-runtime

 WORKDIR $DIST_DIR/..
 COPY rpm .

--- a/runtime/Dockerfile.centos
+++ b/runtime/Dockerfile.centos
 ARG VERSION_ID
 FROM nvidia/base/centos:${VERSION_ID}

-# Install a more version of git (for vndr)
-RUN yum install -y \
-        gcc \
-        make \
-        gettext-devel \
-        openssl-devel \
-        perl-CPAN \
-        perl-devel \
-        zlib-devel \
-        curl-devel && \
-    rm -rf /var/cache/yum/*
+RUN yum install -y curl make

-RUN GIT_DOWNLOAD_SUM=e19d450648d6d100eb93abaa5d06ffbc778394fb502354b7026d73e9bcbc3160 && \
-    curl -fsSL https://www.kernel.org/pub/software/scm/git/git-2.13.2.tar.gz -O && \
-    echo "$GIT_DOWNLOAD_SUM  git-2.13.2.tar.gz" | sha256sum -c --strict - && \
-    tar --no-same-owner -xzf git-2.13.2.tar.gz -C /tmp && \
-    cd /tmp/git-2.13.2 && \
-    ./configure && make -j"$(nproc)" install
+WORKDIR $GOPATH/src/gitlab.com/nvidia/container-toolkit/nvidia-container-runtime
+RUN mkdir -p ${GOPATH}/bin

-# runc dependencies
-RUN yum install -y \
-        pkgconfig \
-        gcc \
-        libseccomp-devel \
-        libselinux-devel && \
-    rm -rf /var/cache/yum/*
+RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh 

-RUN go get github.com/LK4D4/vndr
-
-# runc
-WORKDIR $GOPATH/src/github.com/opencontainers/runc
-
-RUN git clone https://github.com/opencontainers/runc.git .
+COPY src .
+RUN make

 # packaging
 ARG PKG_VERS
@@ -46,14 +22,7 @@ ENV RELEASE $PKG_REV
 ENV DIST_DIR=/tmp/nvidia-container-runtime-$PKG_VERS/SOURCES
 RUN mkdir -p $DIST_DIR /dist

-ARG RUNC_COMMIT
-COPY runc/$RUNC_COMMIT/ /tmp/patches/runc
-
-RUN git checkout $RUNC_COMMIT && \
-    git apply /tmp/patches/runc/* && \
-    if [ -f vendor.conf ]; then vndr; fi && \
-    make BUILDTAGS="seccomp selinux" && \
-    mv runc $DIST_DIR/nvidia-container-runtime
+RUN mv nvidia-container-runtime $DIST_DIR/nvidia-container-runtime

 WORKDIR $DIST_DIR/..
 COPY rpm .

--- a/runtime/Dockerfile.debian
+++ b/runtime/Dockerfile.debian
@@ -3,20 +3,16 @@ FROM nvidia/base/debian:${VERSION_ID}

 # runc dependencies
 RUN apt-get update && \
-    apt-get install -t "$(lsb_release -cs)-backports" -y \
-        libseccomp-dev && \
-    apt-get install -y \
-        pkg-config \
-        libapparmor-dev \
-        libselinux1-dev && \
+    apt-get install -y curl && \
    rm -rf /var/lib/apt/lists/*

-RUN go get github.com/LK4D4/vndr
+WORKDIR $GOPATH/src/gitlab.com/nvidia/container-toolkit/nvidia-container-runtime
+RUN mkdir -p ${GOPATH}/bin

-# runc
-WORKDIR $GOPATH/src/github.com/opencontainers/runc
+RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh

-RUN git clone https://github.com/opencontainers/runc.git .
+COPY src .
+RUN make

 # packaging
 ARG PKG_VERS
@@ -31,21 +27,14 @@ ENV SECTION ""
 ENV DIST_DIR=/tmp/nvidia-container-runtime-$PKG_VERS
 RUN mkdir -p $DIST_DIR /dist

-ARG RUNC_COMMIT
-COPY runc/$RUNC_COMMIT/ /tmp/patches/runc
-
-RUN git checkout $RUNC_COMMIT && \
-    git apply /tmp/patches/runc/* && \
-    if [ -f vendor.conf ]; then vndr; fi && \
-    make BUILDTAGS="seccomp apparmor selinux" && \
-    mv runc $DIST_DIR/nvidia-container-runtime
+RUN mv nvidia-container-runtime $DIST_DIR/nvidia-container-runtime

 WORKDIR $DIST_DIR
 COPY debian ./debian

-RUN sed -i "s;@VERSION@;${REVISION#*+};" debian/changelog && \
+RUN sed -i "s;@VERSION@;${REVISION};" debian/changelog && \
    if [ "$REVISION" != "$(dpkg-parsechangelog --show-field=Version)" ]; then exit 1; fi

-CMD export DISTRIB="unstable" && \
-    debuild -eDISTRIB -eSECTION --dpkg-buildpackage-hook='sh debian/prepare' -i -us -uc -b && \
-    mv /tmp/nvidia-container-runtime_*.deb /dist
+CMD export DISTRIB="$(lsb_release -cs)" && \
+    debuild -eREVISION -eDISTRIB -eSECTION --dpkg-buildpackage-hook='sh debian/prepare' -i -us -uc -b && \
+    mv /tmp/*.deb /dist
--- a/runtime/Dockerfile.ubuntu
+++ b/runtime/Dockerfile.ubuntu
 ARG VERSION_ID
 FROM nvidia/base/ubuntu:${VERSION_ID}

-# runc dependencies
 RUN apt-get update && \
-    if [ "$(lsb_release -cs)" = "trusty" ]; then \
-        apt-get install -t "trusty-backports" -y libseccomp-dev; \
-    else \
-        apt-get install -y libseccomp-dev; \
-    fi && \
-    apt-get install -y \
-        pkg-config \
-        libapparmor-dev \
-        libselinux1-dev && \
+    apt-get install -y curl && \
    rm -rf /var/lib/apt/lists/*

-RUN go get github.com/LK4D4/vndr
+WORKDIR $GOPATH/src/gitlab.com/nvidia/container-toolkit/nvidia-container-runtime
+RUN mkdir -p ${GOPATH}/bin

-# runc
-WORKDIR $GOPATH/src/github.com/opencontainers/runc
+RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh

-RUN git clone https://github.com/opencontainers/runc.git .
+COPY src .
+RUN make

 # packaging
 ARG PKG_VERS
@@ -34,19 +26,12 @@ ENV SECTION ""
 ENV DIST_DIR=/tmp/nvidia-container-runtime-$PKG_VERS
 RUN mkdir -p $DIST_DIR /dist

-ARG RUNC_COMMIT
-COPY runc/$RUNC_COMMIT/ /tmp/patches/runc
-
-RUN git checkout $RUNC_COMMIT && \
-    git apply /tmp/patches/runc/* && \
-    if [ -f vendor.conf ]; then vndr; fi && \
-    make BUILDTAGS="seccomp apparmor selinux" && \
-    mv runc $DIST_DIR/nvidia-container-runtime
+RUN mv nvidia-container-runtime $DIST_DIR/nvidia-container-runtime

 WORKDIR $DIST_DIR
 COPY debian ./debian

-RUN sed -i "s;@VERSION@;${REVISION#*+};" debian/changelog && \
+RUN sed -i "s;@VERSION@;${REVISION};" debian/changelog && \
    if [ "$REVISION" != "$(dpkg-parsechangelog --show-field=Version)" ]; then exit 1; fi

 CMD export DISTRIB="$(lsb_release -cs)" && \

--- a/runtime/Makefile
+++ b/runtime/Makefile
@@ -3,7 +3,7 @@
 DOCKER ?= docker
 MKDIR  ?= mkdir

-VERSION := 2.0.0
+VERSION := 3.0.0
 PKG_REV := 1

 DIST_DIR  := $(CURDIR)/../dist
@@ -11,169 +11,48 @@ DIST_DIR  := $(CURDIR)/../dist
 .NOTPARALLEL:
 .PHONY: all

-all: ubuntu18.04 ubuntu16.04 ubuntu14.04 debian9 debian8 centos7 amzn2 amzn1
+all: ubuntu18.04 ubuntu16.04 ubuntu14.04 debian9 centos7 amzn2 amzn1

-ubuntu18.04: $(addsuffix -ubuntu18.04, 18.09.2 18.06.2 18.09.1 18.09.0 18.06.1 18.06.0 18.03.1 17.12.1)
-
-ubuntu16.04: $(addsuffix -ubuntu16.04, 18.09.2 18.06.2 18.09.1 18.09.0 18.06.1 18.06.0 18.03.1 18.03.0 17.12.1 17.12.0 17.09.1 17.09.0 17.06.2 17.03.2 1.13.1 1.12.6)
-
-ubuntu14.04: $(addsuffix -ubuntu14.04, 18.09.2 18.06.2 18.06.1 18.06.0 18.03.1 18.03.0 17.12.1 17.09.1 17.06.2 17.03.2)
-
-debian9: $(addsuffix -debian9, 18.09.2 18.06.2 18.09.1 18.09.0 18.06.1 18.06.0 18.03.1 18.03.0 17.12.1 17.12.0 17.09.1 17.09.0 17.06.2 17.03.2)
-
-debian8: $(addsuffix -debian8, 18.06.2 18.06.1 18.06.0 18.03.1 18.03.0 17.12.1 17.09.1 17.06.2)
-
-centos7: $(addsuffix -centos7, 18.09.2 18.06.2 18.09.1 18.09.0 18.06.1 18.06.0 18.03.1 18.03.0 17.12.1 17.12.0 17.09.1 17.09.0 17.06.2 17.03.2 1.13.1 1.12.6)
-
-amzn2: $(addsuffix -amzn2, 18.06.2 18.06.1 18.03.1 17.06.2)
-
-amzn1: $(addsuffix -amzn1, 18.06.2 18.06.1 18.03.1 17.12.1 17.09.1 17.06.2 17.03.2)
-
-18.09.2-%-runc:
-	echo "6635b4f0c6af3810594d2770f662f34ddc15b40d"
-
-18.09.1-%-runc:
-	echo "96ec2177ae841256168fcf76954f7177af9446eb"
-
-18.09.0-%-runc:
-	echo "4fc53a81fb7c994640722ac585fa9ca548971871"
-
-18.06.2-%-runc:
-	echo "6635b4f0c6af3810594d2770f662f34ddc15b40d"
-
-18.06.1-%-runc:
-	echo "69663f0bd4b60df09991c08812a60108003fa340"
-
-18.06.0-%-runc:
-	echo "69663f0bd4b60df09991c08812a60108003fa340"
-
-18.03.1-%-runc:
-	echo "4fc53a81fb7c994640722ac585fa9ca548971871"
-
-18.03.0-%-runc:
-	echo "4fc53a81fb7c994640722ac585fa9ca548971871"
-
-17.12.1-%-runc:
-	echo "9f9c96235cc97674e935002fc3d78361b696a69e"
-
-17.12.0-%-runc:
-	echo "b2567b37d7b75eb4cf325b77297b140ea686ce8f"
-
-17.09.1-%-runc 17.09.0-%-runc:
-	echo "3f2f8b84a77f73d38244dd690525642a72156c64"
-
-17.06.2-%-runc:
-	echo "810190ceaa507aa2727d7ae6f4790c76ec150bd2"
-
-17.03.2-%-runc:
-	echo "54296cf40ad8143b62dbcaa1d90e520a2136ddfe"
-
-1.13.1-%-runc:
-	echo "9df8b306d01f59d3a8029be411de015b7304dd8f"
-
-1.12.6-%-runc:
-	echo "50a19c6ff828c58e5dab13830bd3dacde268afe5"
-
-%-ubuntu18.04: ARCH := amd64
-%-ubuntu18.04:
-	runc="$(shell $(MAKE) -s $@-runc)" && \
-	$(DOCKER) build --build-arg VERSION_ID="18.04" \
-                        --build-arg RUNC_COMMIT="$${runc}" \
-                        --build-arg PKG_VERS="$(VERSION)+docker$*" \
-                        --build-arg PKG_REV="$(PKG_REV)" \
-                        -t "nvidia/runtime/ubuntu:18.04-docker$*" -f Dockerfile.ubuntu .
-	$(MKDIR) -p $(DIST_DIR)/ubuntu18.04/$(ARCH)
-	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/ubuntu:18.04-docker$*"
-	$(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/ubuntu18.04/$(ARCH)/
-	$(DOCKER) rm $$(cat $@.cid) && rm $@.cid
-
-%-ubuntu16.04: ARCH := amd64
-%-ubuntu16.04:
-	runc="$(shell $(MAKE) -s $@-runc)" && \
-	$(DOCKER) build --build-arg VERSION_ID="16.04" \
-                        --build-arg RUNC_COMMIT="$${runc}" \
-                        --build-arg PKG_VERS="$(VERSION)+docker$*" \
-                        --build-arg PKG_REV="$(PKG_REV)" \
-                        -t "nvidia/runtime/ubuntu:16.04-docker$*" -f Dockerfile.ubuntu .
-	$(MKDIR) -p $(DIST_DIR)/ubuntu16.04/$(ARCH)
-	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/ubuntu:16.04-docker$*"
-	$(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/ubuntu16.04/$(ARCH)/
-	$(DOCKER) rm $$(cat $@.cid) && rm $@.cid
-
-%-ubuntu14.04: ARCH := amd64
-%-ubuntu14.04:
-	runc="$(shell $(MAKE) -s $@-runc)" && \
-	$(DOCKER) build --build-arg VERSION_ID="14.04" \
-                        --build-arg RUNC_COMMIT="$${runc}" \
-                        --build-arg PKG_VERS="$(VERSION)+docker$*" \
-                        --build-arg PKG_REV="$(PKG_REV)" \
-                        -t "nvidia/runtime/ubuntu:14.04-docker$*" -f Dockerfile.ubuntu .
-	$(MKDIR) -p $(DIST_DIR)/ubuntu14.04/$(ARCH)
-	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/ubuntu:14.04-docker$*"
-	$(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/ubuntu14.04/$(ARCH)/
-	$(DOCKER) rm $$(cat $@.cid) && rm $@.cid
-
-%-debian9: ARCH := amd64
-%-debian9:
-	runc="$(shell $(MAKE) -s $@-runc)" && \
-	$(DOCKER) build --build-arg VERSION_ID="9" \
-                        --build-arg RUNC_COMMIT="$${runc}" \
-                        --build-arg PKG_VERS="$(VERSION)+docker$*" \
-                        --build-arg PKG_REV="$(PKG_REV)" \
-                        -t "nvidia/runtime/debian:9-docker$*" -f Dockerfile.debian .
-	$(MKDIR) -p $(DIST_DIR)/debian9/$(ARCH)
-	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/debian:9-docker$*"
-	$(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/debian9/$(ARCH)/
-	$(DOCKER) rm $$(cat $@.cid) && rm $@.cid
-
-%-debian8: ARCH := amd64
-%-debian8:
-	runc="$(shell $(MAKE) -s $@-runc)" && \
-	$(DOCKER) build --build-arg VERSION_ID="8" \
-                        --build-arg RUNC_COMMIT="$${runc}" \
-                        --build-arg PKG_VERS="$(VERSION)+docker$*" \
-                        --build-arg PKG_REV="$(PKG_REV)" \
-                        -t "nvidia/runtime/debian:8-docker$*" -f Dockerfile.debian .
-	$(MKDIR) -p $(DIST_DIR)/debian8/$(ARCH)
-	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/debian:8-docker$*"
-	$(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/debian8/$(ARCH)/
+ubuntu%: ARCH := amd64
+ubuntu%:
+	$(DOCKER) build --build-arg VERSION_ID="$*" \
+                        --build-arg PKG_VERS="$(VERSION)" \
+			--build-arg PKG_REV="$(PKG_REV)" \
+                        -t "nvidia/runtime/ubuntu:$*" -f Dockerfile.ubuntu .
+	$(MKDIR) -p "$(DIST_DIR)/ubuntu$*/$(ARCH)"
+	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/ubuntu:$*"
+	$(DOCKER) cp $$(cat $@.cid):/dist/. "$(DIST_DIR)/ubuntu$*/$(ARCH)/"
 	$(DOCKER) rm $$(cat $@.cid) && rm $@.cid

-%-centos7: ARCH := x86_64
-%-centos7:
-	runc="$(shell $(MAKE) -s $@-runc)" && \
-	$(DOCKER) build --build-arg VERSION_ID="7" \
-                        --build-arg RUNC_COMMIT="$${runc}" \
+debian%: ARCH := amd64
+debian%:
+	$(DOCKER) build --build-arg VERSION_ID="$*" \
                        --build-arg PKG_VERS="$(VERSION)" \
-                        --build-arg PKG_REV="$(PKG_REV).docker$*" \
-                        -t "nvidia/runtime/centos:7-docker$*" -f Dockerfile.centos .
-	$(MKDIR) -p $(DIST_DIR)/centos7/$(ARCH)
-	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/centos:7-docker$*"
-	$(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/centos7/$(ARCH)/
+			--build-arg PKG_REV="$(PKG_REV)" \
+                        -t "nvidia/runtime/debian:$*" -f Dockerfile.debian .
+	$(MKDIR) -p "$(DIST_DIR)/debian$*/$(ARCH)"
+	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/debian:$*"
+	$(DOCKER) cp $$(cat $@.cid):/dist/. "$(DIST_DIR)/debian$*/$(ARCH)/"
 	$(DOCKER) rm $$(cat $@.cid) && rm $@.cid

-%-amzn2: ARCH := x86_64
-%-amzn2:
-	runc="$(shell $(MAKE) -s $@-runc)" && \
-	$(DOCKER) build --build-arg VERSION_ID="2" \
-                        --build-arg RUNC_COMMIT="$${runc}" \
+centos%: ARCH := x86_64
+centos%:
+	$(DOCKER) build --build-arg VERSION_ID="$*" \
                        --build-arg PKG_VERS="$(VERSION)" \
-                        --build-arg PKG_REV="$(PKG_REV).docker$*.amzn2" \
-                        -t "nvidia/runtime/amzn:2-docker$*" -f Dockerfile.amzn .
-	$(MKDIR) -p $(DIST_DIR)/amzn2/$(ARCH)
-	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/amzn:2-docker$*"
-	$(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/amzn2/$(ARCH)/
+			--build-arg PKG_REV="$(PKG_REV)" \
+                        -t "nvidia/runtime/centos:$*" -f Dockerfile.centos .
+	$(MKDIR) -p "$(DIST_DIR)/centos$*/$(ARCH)"
+	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/centos:$*"
+	$(DOCKER) cp $$(cat $@.cid):/dist/. "$(DIST_DIR)/centos$*/$(ARCH)/"
 	$(DOCKER) rm $$(cat $@.cid) && rm $@.cid

-%-amzn1: ARCH := x86_64
-%-amzn1:
-	runc="$(shell $(MAKE) -s $@-runc)" && \
-	$(DOCKER) build --build-arg VERSION_ID="1" \
-                        --build-arg RUNC_COMMIT="$${runc}" \
+amzn%: ARCH := x86_64
+amzn%:
+	$(DOCKER) build --build-arg VERSION_ID="$*" \
                        --build-arg PKG_VERS="$(VERSION)" \
-                        --build-arg PKG_REV="$(PKG_REV).docker$*.amzn1" \
-                        -t "nvidia/runtime/amzn:1-docker$*" -f Dockerfile.amzn .
-	$(MKDIR) -p $(DIST_DIR)/amzn1/$(ARCH)
-	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/amzn:1-docker$*"
-	$(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/amzn1/$(ARCH)/
+			--build-arg PKG_REV="$(PKG_REV)" \
+                        -t "nvidia/runtime/amzn:$*" -f Dockerfile.amzn .
+	$(MKDIR) -p "$(DIST_DIR)/amzn$*/$(ARCH)"
+	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/amzn:$*"
+	$(DOCKER) cp $$(cat $@.cid):/dist/. "$(DIST_DIR)/amzn$*/$(ARCH)/"
 	$(DOCKER) rm $$(cat $@.cid) && rm $@.cid
--- a/runtime/debian/changelog
+++ b/runtime/debian/changelog
-nvidia-container-runtime (2.0.0+@VERSION@) UNRELEASED; urgency=medium
+nvidia-container-runtime (@VERSION@) UNRELEASED; urgency=medium

  * Split into nvidia-container-runtime and nvidia-container-runtime-hook


--- a/runtime/rpm/SPECS/nvidia-container-runtime.spec
+++ b/runtime/rpm/SPECS/nvidia-container-runtime.spec
@@ -14,7 +14,7 @@ License: ASL 2.0
 Source0: nvidia-container-runtime
 Source1: LICENSE

-Obsoletes: nvidia-container-runtime < 2.0.0
+Obsoletes: nvidia-container-runtime < 3.0.0
 Requires: nvidia-container-runtime-hook < 2.0.0
 Requires: libseccomp