From 7866ee338a7848ef9ebd22f2bc67cebb4b8ad926 Mon Sep 17 00:00:00 2001 From: Christopher Desiniotis Date: Thu, 18 Jul 2019 11:06:48 -0700 Subject: [PATCH] Replace old runtime with shim --- runtime/Dockerfile.amzn | 26 +-- runtime/Dockerfile.centos | 45 +---- runtime/Dockerfile.debian | 33 +-- runtime/Dockerfile.ubuntu | 31 +-- runtime/Makefile | 191 ++++-------------- runtime/debian/changelog | 2 +- .../rpm/SPECS/nvidia-container-runtime.spec | 2 +- 7 files changed, 70 insertions(+), 260 deletions(-) diff --git a/runtime/Dockerfile.amzn b/runtime/Dockerfile.amzn index 1d952b1..f3bdafd 100644 --- a/runtime/Dockerfile.amzn +++ b/runtime/Dockerfile.amzn @@ -1,20 +1,15 @@ ARG VERSION_ID FROM nvidia/base/amzn:${VERSION_ID} -# runc dependencies -RUN yum install -y \ - pkgconfig \ - gcc \ - libseccomp-devel \ - libselinux-devel && \ - rm -rf /var/cache/yum/* +RUN yum install -y curl -RUN go get github.com/LK4D4/vndr +WORKDIR $GOPATH/src/gitlab.com/nvidia/container-toolkit/nvidia-container-runtime +RUN mkdir -p ${GOPATH}/bin -# runc -WORKDIR $GOPATH/src/github.com/opencontainers/runc +RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh -RUN git clone https://github.com/opencontainers/runc.git . +COPY src . +RUN make # packaging ARG PKG_VERS @@ -27,14 +22,7 @@ ENV RELEASE $PKG_REV ENV DIST_DIR=/tmp/nvidia-container-runtime-$PKG_VERS/SOURCES RUN mkdir -p $DIST_DIR /dist -ARG RUNC_COMMIT -COPY runc/$RUNC_COMMIT/ /tmp/patches/runc - -RUN git checkout $RUNC_COMMIT && \ - git apply /tmp/patches/runc/* && \ - if [ -f vendor.conf ]; then vndr; fi && \ - make BUILDTAGS="seccomp selinux" && \ - mv runc $DIST_DIR/nvidia-container-runtime +RUN mv nvidia-container-runtime $DIST_DIR/nvidia-container-runtime WORKDIR $DIST_DIR/.. COPY rpm . diff --git a/runtime/Dockerfile.centos b/runtime/Dockerfile.centos index 234bd19..47198e3 100644 --- a/runtime/Dockerfile.centos +++ b/runtime/Dockerfile.centos @@ -1,39 +1,15 @@ ARG VERSION_ID FROM nvidia/base/centos:${VERSION_ID} -# Install a more version of git (for vndr) -RUN yum install -y \ - gcc \ - make \ - gettext-devel \ - openssl-devel \ - perl-CPAN \ - perl-devel \ - zlib-devel \ - curl-devel && \ - rm -rf /var/cache/yum/* +RUN yum install -y curl make -RUN GIT_DOWNLOAD_SUM=e19d450648d6d100eb93abaa5d06ffbc778394fb502354b7026d73e9bcbc3160 && \ - curl -fsSL https://www.kernel.org/pub/software/scm/git/git-2.13.2.tar.gz -O && \ - echo "$GIT_DOWNLOAD_SUM git-2.13.2.tar.gz" | sha256sum -c --strict - && \ - tar --no-same-owner -xzf git-2.13.2.tar.gz -C /tmp && \ - cd /tmp/git-2.13.2 && \ - ./configure && make -j"$(nproc)" install +WORKDIR $GOPATH/src/gitlab.com/nvidia/container-toolkit/nvidia-container-runtime +RUN mkdir -p ${GOPATH}/bin -# runc dependencies -RUN yum install -y \ - pkgconfig \ - gcc \ - libseccomp-devel \ - libselinux-devel && \ - rm -rf /var/cache/yum/* +RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh -RUN go get github.com/LK4D4/vndr - -# runc -WORKDIR $GOPATH/src/github.com/opencontainers/runc - -RUN git clone https://github.com/opencontainers/runc.git . +COPY src . +RUN make # packaging ARG PKG_VERS @@ -46,14 +22,7 @@ ENV RELEASE $PKG_REV ENV DIST_DIR=/tmp/nvidia-container-runtime-$PKG_VERS/SOURCES RUN mkdir -p $DIST_DIR /dist -ARG RUNC_COMMIT -COPY runc/$RUNC_COMMIT/ /tmp/patches/runc - -RUN git checkout $RUNC_COMMIT && \ - git apply /tmp/patches/runc/* && \ - if [ -f vendor.conf ]; then vndr; fi && \ - make BUILDTAGS="seccomp selinux" && \ - mv runc $DIST_DIR/nvidia-container-runtime +RUN mv nvidia-container-runtime $DIST_DIR/nvidia-container-runtime WORKDIR $DIST_DIR/.. COPY rpm . diff --git a/runtime/Dockerfile.debian b/runtime/Dockerfile.debian index 396f879..f81b047 100644 --- a/runtime/Dockerfile.debian +++ b/runtime/Dockerfile.debian @@ -3,20 +3,16 @@ FROM nvidia/base/debian:${VERSION_ID} # runc dependencies RUN apt-get update && \ - apt-get install -t "$(lsb_release -cs)-backports" -y \ - libseccomp-dev && \ - apt-get install -y \ - pkg-config \ - libapparmor-dev \ - libselinux1-dev && \ + apt-get install -y curl && \ rm -rf /var/lib/apt/lists/* -RUN go get github.com/LK4D4/vndr +WORKDIR $GOPATH/src/gitlab.com/nvidia/container-toolkit/nvidia-container-runtime +RUN mkdir -p ${GOPATH}/bin -# runc -WORKDIR $GOPATH/src/github.com/opencontainers/runc +RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh -RUN git clone https://github.com/opencontainers/runc.git . +COPY src . +RUN make # packaging ARG PKG_VERS @@ -31,21 +27,14 @@ ENV SECTION "" ENV DIST_DIR=/tmp/nvidia-container-runtime-$PKG_VERS RUN mkdir -p $DIST_DIR /dist -ARG RUNC_COMMIT -COPY runc/$RUNC_COMMIT/ /tmp/patches/runc - -RUN git checkout $RUNC_COMMIT && \ - git apply /tmp/patches/runc/* && \ - if [ -f vendor.conf ]; then vndr; fi && \ - make BUILDTAGS="seccomp apparmor selinux" && \ - mv runc $DIST_DIR/nvidia-container-runtime +RUN mv nvidia-container-runtime $DIST_DIR/nvidia-container-runtime WORKDIR $DIST_DIR COPY debian ./debian -RUN sed -i "s;@VERSION@;${REVISION#*+};" debian/changelog && \ +RUN sed -i "s;@VERSION@;${REVISION};" debian/changelog && \ if [ "$REVISION" != "$(dpkg-parsechangelog --show-field=Version)" ]; then exit 1; fi -CMD export DISTRIB="unstable" && \ - debuild -eDISTRIB -eSECTION --dpkg-buildpackage-hook='sh debian/prepare' -i -us -uc -b && \ - mv /tmp/nvidia-container-runtime_*.deb /dist +CMD export DISTRIB="$(lsb_release -cs)" && \ + debuild -eREVISION -eDISTRIB -eSECTION --dpkg-buildpackage-hook='sh debian/prepare' -i -us -uc -b && \ + mv /tmp/*.deb /dist diff --git a/runtime/Dockerfile.ubuntu b/runtime/Dockerfile.ubuntu index 3292077..3c507b9 100644 --- a/runtime/Dockerfile.ubuntu +++ b/runtime/Dockerfile.ubuntu @@ -1,25 +1,17 @@ ARG VERSION_ID FROM nvidia/base/ubuntu:${VERSION_ID} -# runc dependencies RUN apt-get update && \ - if [ "$(lsb_release -cs)" = "trusty" ]; then \ - apt-get install -t "trusty-backports" -y libseccomp-dev; \ - else \ - apt-get install -y libseccomp-dev; \ - fi && \ - apt-get install -y \ - pkg-config \ - libapparmor-dev \ - libselinux1-dev && \ + apt-get install -y curl && \ rm -rf /var/lib/apt/lists/* -RUN go get github.com/LK4D4/vndr +WORKDIR $GOPATH/src/gitlab.com/nvidia/container-toolkit/nvidia-container-runtime +RUN mkdir -p ${GOPATH}/bin -# runc -WORKDIR $GOPATH/src/github.com/opencontainers/runc +RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh -RUN git clone https://github.com/opencontainers/runc.git . +COPY src . +RUN make # packaging ARG PKG_VERS @@ -34,19 +26,12 @@ ENV SECTION "" ENV DIST_DIR=/tmp/nvidia-container-runtime-$PKG_VERS RUN mkdir -p $DIST_DIR /dist -ARG RUNC_COMMIT -COPY runc/$RUNC_COMMIT/ /tmp/patches/runc - -RUN git checkout $RUNC_COMMIT && \ - git apply /tmp/patches/runc/* && \ - if [ -f vendor.conf ]; then vndr; fi && \ - make BUILDTAGS="seccomp apparmor selinux" && \ - mv runc $DIST_DIR/nvidia-container-runtime +RUN mv nvidia-container-runtime $DIST_DIR/nvidia-container-runtime WORKDIR $DIST_DIR COPY debian ./debian -RUN sed -i "s;@VERSION@;${REVISION#*+};" debian/changelog && \ +RUN sed -i "s;@VERSION@;${REVISION};" debian/changelog && \ if [ "$REVISION" != "$(dpkg-parsechangelog --show-field=Version)" ]; then exit 1; fi CMD export DISTRIB="$(lsb_release -cs)" && \ diff --git a/runtime/Makefile b/runtime/Makefile index 69a6237..853b4d4 100644 --- a/runtime/Makefile +++ b/runtime/Makefile @@ -3,7 +3,7 @@ DOCKER ?= docker MKDIR ?= mkdir -VERSION := 2.0.0 +VERSION := 3.0.0 PKG_REV := 1 DIST_DIR := $(CURDIR)/../dist @@ -11,169 +11,48 @@ DIST_DIR := $(CURDIR)/../dist .NOTPARALLEL: .PHONY: all -all: ubuntu18.04 ubuntu16.04 ubuntu14.04 debian9 debian8 centos7 amzn2 amzn1 +all: ubuntu18.04 ubuntu16.04 ubuntu14.04 debian9 centos7 amzn2 amzn1 -ubuntu18.04: $(addsuffix -ubuntu18.04, 18.09.2 18.06.2 18.09.1 18.09.0 18.06.1 18.06.0 18.03.1 17.12.1) - -ubuntu16.04: $(addsuffix -ubuntu16.04, 18.09.2 18.06.2 18.09.1 18.09.0 18.06.1 18.06.0 18.03.1 18.03.0 17.12.1 17.12.0 17.09.1 17.09.0 17.06.2 17.03.2 1.13.1 1.12.6) - -ubuntu14.04: $(addsuffix -ubuntu14.04, 18.09.2 18.06.2 18.06.1 18.06.0 18.03.1 18.03.0 17.12.1 17.09.1 17.06.2 17.03.2) - -debian9: $(addsuffix -debian9, 18.09.2 18.06.2 18.09.1 18.09.0 18.06.1 18.06.0 18.03.1 18.03.0 17.12.1 17.12.0 17.09.1 17.09.0 17.06.2 17.03.2) - -debian8: $(addsuffix -debian8, 18.06.2 18.06.1 18.06.0 18.03.1 18.03.0 17.12.1 17.09.1 17.06.2) - -centos7: $(addsuffix -centos7, 18.09.2 18.06.2 18.09.1 18.09.0 18.06.1 18.06.0 18.03.1 18.03.0 17.12.1 17.12.0 17.09.1 17.09.0 17.06.2 17.03.2 1.13.1 1.12.6) - -amzn2: $(addsuffix -amzn2, 18.06.2 18.06.1 18.03.1 17.06.2) - -amzn1: $(addsuffix -amzn1, 18.06.2 18.06.1 18.03.1 17.12.1 17.09.1 17.06.2 17.03.2) - -18.09.2-%-runc: - echo "6635b4f0c6af3810594d2770f662f34ddc15b40d" - -18.09.1-%-runc: - echo "96ec2177ae841256168fcf76954f7177af9446eb" - -18.09.0-%-runc: - echo "4fc53a81fb7c994640722ac585fa9ca548971871" - -18.06.2-%-runc: - echo "6635b4f0c6af3810594d2770f662f34ddc15b40d" - -18.06.1-%-runc: - echo "69663f0bd4b60df09991c08812a60108003fa340" - -18.06.0-%-runc: - echo "69663f0bd4b60df09991c08812a60108003fa340" - -18.03.1-%-runc: - echo "4fc53a81fb7c994640722ac585fa9ca548971871" - -18.03.0-%-runc: - echo "4fc53a81fb7c994640722ac585fa9ca548971871" - -17.12.1-%-runc: - echo "9f9c96235cc97674e935002fc3d78361b696a69e" - -17.12.0-%-runc: - echo "b2567b37d7b75eb4cf325b77297b140ea686ce8f" - -17.09.1-%-runc 17.09.0-%-runc: - echo "3f2f8b84a77f73d38244dd690525642a72156c64" - -17.06.2-%-runc: - echo "810190ceaa507aa2727d7ae6f4790c76ec150bd2" - -17.03.2-%-runc: - echo "54296cf40ad8143b62dbcaa1d90e520a2136ddfe" - -1.13.1-%-runc: - echo "9df8b306d01f59d3a8029be411de015b7304dd8f" - -1.12.6-%-runc: - echo "50a19c6ff828c58e5dab13830bd3dacde268afe5" - -%-ubuntu18.04: ARCH := amd64 -%-ubuntu18.04: - runc="$(shell $(MAKE) -s $@-runc)" && \ - $(DOCKER) build --build-arg VERSION_ID="18.04" \ - --build-arg RUNC_COMMIT="$${runc}" \ - --build-arg PKG_VERS="$(VERSION)+docker$*" \ - --build-arg PKG_REV="$(PKG_REV)" \ - -t "nvidia/runtime/ubuntu:18.04-docker$*" -f Dockerfile.ubuntu . - $(MKDIR) -p $(DIST_DIR)/ubuntu18.04/$(ARCH) - $(DOCKER) run --cidfile $@.cid "nvidia/runtime/ubuntu:18.04-docker$*" - $(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/ubuntu18.04/$(ARCH)/ - $(DOCKER) rm $$(cat $@.cid) && rm $@.cid - -%-ubuntu16.04: ARCH := amd64 -%-ubuntu16.04: - runc="$(shell $(MAKE) -s $@-runc)" && \ - $(DOCKER) build --build-arg VERSION_ID="16.04" \ - --build-arg RUNC_COMMIT="$${runc}" \ - --build-arg PKG_VERS="$(VERSION)+docker$*" \ - --build-arg PKG_REV="$(PKG_REV)" \ - -t "nvidia/runtime/ubuntu:16.04-docker$*" -f Dockerfile.ubuntu . - $(MKDIR) -p $(DIST_DIR)/ubuntu16.04/$(ARCH) - $(DOCKER) run --cidfile $@.cid "nvidia/runtime/ubuntu:16.04-docker$*" - $(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/ubuntu16.04/$(ARCH)/ - $(DOCKER) rm $$(cat $@.cid) && rm $@.cid - -%-ubuntu14.04: ARCH := amd64 -%-ubuntu14.04: - runc="$(shell $(MAKE) -s $@-runc)" && \ - $(DOCKER) build --build-arg VERSION_ID="14.04" \ - --build-arg RUNC_COMMIT="$${runc}" \ - --build-arg PKG_VERS="$(VERSION)+docker$*" \ - --build-arg PKG_REV="$(PKG_REV)" \ - -t "nvidia/runtime/ubuntu:14.04-docker$*" -f Dockerfile.ubuntu . - $(MKDIR) -p $(DIST_DIR)/ubuntu14.04/$(ARCH) - $(DOCKER) run --cidfile $@.cid "nvidia/runtime/ubuntu:14.04-docker$*" - $(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/ubuntu14.04/$(ARCH)/ - $(DOCKER) rm $$(cat $@.cid) && rm $@.cid - -%-debian9: ARCH := amd64 -%-debian9: - runc="$(shell $(MAKE) -s $@-runc)" && \ - $(DOCKER) build --build-arg VERSION_ID="9" \ - --build-arg RUNC_COMMIT="$${runc}" \ - --build-arg PKG_VERS="$(VERSION)+docker$*" \ - --build-arg PKG_REV="$(PKG_REV)" \ - -t "nvidia/runtime/debian:9-docker$*" -f Dockerfile.debian . - $(MKDIR) -p $(DIST_DIR)/debian9/$(ARCH) - $(DOCKER) run --cidfile $@.cid "nvidia/runtime/debian:9-docker$*" - $(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/debian9/$(ARCH)/ - $(DOCKER) rm $$(cat $@.cid) && rm $@.cid - -%-debian8: ARCH := amd64 -%-debian8: - runc="$(shell $(MAKE) -s $@-runc)" && \ - $(DOCKER) build --build-arg VERSION_ID="8" \ - --build-arg RUNC_COMMIT="$${runc}" \ - --build-arg PKG_VERS="$(VERSION)+docker$*" \ - --build-arg PKG_REV="$(PKG_REV)" \ - -t "nvidia/runtime/debian:8-docker$*" -f Dockerfile.debian . - $(MKDIR) -p $(DIST_DIR)/debian8/$(ARCH) - $(DOCKER) run --cidfile $@.cid "nvidia/runtime/debian:8-docker$*" - $(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/debian8/$(ARCH)/ +ubuntu%: ARCH := amd64 +ubuntu%: + $(DOCKER) build --build-arg VERSION_ID="$*" \ + --build-arg PKG_VERS="$(VERSION)" \ + --build-arg PKG_REV="$(PKG_REV)" \ + -t "nvidia/runtime/ubuntu:$*" -f Dockerfile.ubuntu . + $(MKDIR) -p "$(DIST_DIR)/ubuntu$*/$(ARCH)" + $(DOCKER) run --cidfile $@.cid "nvidia/runtime/ubuntu:$*" + $(DOCKER) cp $$(cat $@.cid):/dist/. "$(DIST_DIR)/ubuntu$*/$(ARCH)/" $(DOCKER) rm $$(cat $@.cid) && rm $@.cid -%-centos7: ARCH := x86_64 -%-centos7: - runc="$(shell $(MAKE) -s $@-runc)" && \ - $(DOCKER) build --build-arg VERSION_ID="7" \ - --build-arg RUNC_COMMIT="$${runc}" \ +debian%: ARCH := amd64 +debian%: + $(DOCKER) build --build-arg VERSION_ID="$*" \ --build-arg PKG_VERS="$(VERSION)" \ - --build-arg PKG_REV="$(PKG_REV).docker$*" \ - -t "nvidia/runtime/centos:7-docker$*" -f Dockerfile.centos . - $(MKDIR) -p $(DIST_DIR)/centos7/$(ARCH) - $(DOCKER) run --cidfile $@.cid "nvidia/runtime/centos:7-docker$*" - $(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/centos7/$(ARCH)/ + --build-arg PKG_REV="$(PKG_REV)" \ + -t "nvidia/runtime/debian:$*" -f Dockerfile.debian . + $(MKDIR) -p "$(DIST_DIR)/debian$*/$(ARCH)" + $(DOCKER) run --cidfile $@.cid "nvidia/runtime/debian:$*" + $(DOCKER) cp $$(cat $@.cid):/dist/. "$(DIST_DIR)/debian$*/$(ARCH)/" $(DOCKER) rm $$(cat $@.cid) && rm $@.cid -%-amzn2: ARCH := x86_64 -%-amzn2: - runc="$(shell $(MAKE) -s $@-runc)" && \ - $(DOCKER) build --build-arg VERSION_ID="2" \ - --build-arg RUNC_COMMIT="$${runc}" \ +centos%: ARCH := x86_64 +centos%: + $(DOCKER) build --build-arg VERSION_ID="$*" \ --build-arg PKG_VERS="$(VERSION)" \ - --build-arg PKG_REV="$(PKG_REV).docker$*.amzn2" \ - -t "nvidia/runtime/amzn:2-docker$*" -f Dockerfile.amzn . - $(MKDIR) -p $(DIST_DIR)/amzn2/$(ARCH) - $(DOCKER) run --cidfile $@.cid "nvidia/runtime/amzn:2-docker$*" - $(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/amzn2/$(ARCH)/ + --build-arg PKG_REV="$(PKG_REV)" \ + -t "nvidia/runtime/centos:$*" -f Dockerfile.centos . + $(MKDIR) -p "$(DIST_DIR)/centos$*/$(ARCH)" + $(DOCKER) run --cidfile $@.cid "nvidia/runtime/centos:$*" + $(DOCKER) cp $$(cat $@.cid):/dist/. "$(DIST_DIR)/centos$*/$(ARCH)/" $(DOCKER) rm $$(cat $@.cid) && rm $@.cid -%-amzn1: ARCH := x86_64 -%-amzn1: - runc="$(shell $(MAKE) -s $@-runc)" && \ - $(DOCKER) build --build-arg VERSION_ID="1" \ - --build-arg RUNC_COMMIT="$${runc}" \ +amzn%: ARCH := x86_64 +amzn%: + $(DOCKER) build --build-arg VERSION_ID="$*" \ --build-arg PKG_VERS="$(VERSION)" \ - --build-arg PKG_REV="$(PKG_REV).docker$*.amzn1" \ - -t "nvidia/runtime/amzn:1-docker$*" -f Dockerfile.amzn . - $(MKDIR) -p $(DIST_DIR)/amzn1/$(ARCH) - $(DOCKER) run --cidfile $@.cid "nvidia/runtime/amzn:1-docker$*" - $(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/amzn1/$(ARCH)/ + --build-arg PKG_REV="$(PKG_REV)" \ + -t "nvidia/runtime/amzn:$*" -f Dockerfile.amzn . + $(MKDIR) -p "$(DIST_DIR)/amzn$*/$(ARCH)" + $(DOCKER) run --cidfile $@.cid "nvidia/runtime/amzn:$*" + $(DOCKER) cp $$(cat $@.cid):/dist/. "$(DIST_DIR)/amzn$*/$(ARCH)/" $(DOCKER) rm $$(cat $@.cid) && rm $@.cid diff --git a/runtime/debian/changelog b/runtime/debian/changelog index 6380cd4..d8ba8d6 100644 --- a/runtime/debian/changelog +++ b/runtime/debian/changelog @@ -1,4 +1,4 @@ -nvidia-container-runtime (2.0.0+@VERSION@) UNRELEASED; urgency=medium +nvidia-container-runtime (@VERSION@) UNRELEASED; urgency=medium * Split into nvidia-container-runtime and nvidia-container-runtime-hook diff --git a/runtime/rpm/SPECS/nvidia-container-runtime.spec b/runtime/rpm/SPECS/nvidia-container-runtime.spec index 2a7fafd..65cfd6a 100644 --- a/runtime/rpm/SPECS/nvidia-container-runtime.spec +++ b/runtime/rpm/SPECS/nvidia-container-runtime.spec @@ -14,7 +14,7 @@ License: ASL 2.0 Source0: nvidia-container-runtime Source1: LICENSE -Obsoletes: nvidia-container-runtime < 2.0.0 +Obsoletes: nvidia-container-runtime < 3.0.0 Requires: nvidia-container-runtime-hook < 2.0.0 Requires: libseccomp -- GitLab