Merge branch 'replace-runtime' into 'master'

Replace runtime See merge request nvidia/container-toolkit/nvidia-container-runtime!3

Merge branch 'replace-runtime' into 'master'
Replace runtime See merge request nvidia/container-toolkit/nvidia-container-runtime!3
8626efd2 · Rajat Chopra · 50436d07 · 7866ee33 · 8626efd2 · 8626efd2
21 changed file
--- a/runtime/Dockerfile.amzn
+++ b/runtime/Dockerfile.amzn
 ARG VERSION_ID
 FROM nvidia/base/amzn:${VERSION_ID}

-# runc dependencies
-RUN yum install -y \
-        pkgconfig \
-        gcc \
-        libseccomp-devel \
-        libselinux-devel && \
-    rm -rf /var/cache/yum/*
+RUN yum install -y curl

-RUN go get github.com/LK4D4/vndr
+WORKDIR $GOPATH/src/gitlab.com/nvidia/container-toolkit/nvidia-container-runtime
+RUN mkdir -p ${GOPATH}/bin

-# runc
-WORKDIR $GOPATH/src/github.com/opencontainers/runc
+RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh 

-RUN git clone https://github.com/opencontainers/runc.git .
+COPY src .
+RUN make

 # packaging
 ARG PKG_VERS
@@ -27,14 +22,7 @@ ENV RELEASE $PKG_REV
 ENV DIST_DIR=/tmp/nvidia-container-runtime-$PKG_VERS/SOURCES
 RUN mkdir -p $DIST_DIR /dist

-ARG RUNC_COMMIT
-COPY runc/$RUNC_COMMIT/ /tmp/patches/runc
-
-RUN git checkout $RUNC_COMMIT && \
-    git apply /tmp/patches/runc/* && \
-    if [ -f vendor.conf ]; then vndr; fi && \
-    make BUILDTAGS="seccomp selinux" && \
-    mv runc $DIST_DIR/nvidia-container-runtime
+RUN mv nvidia-container-runtime $DIST_DIR/nvidia-container-runtime

 WORKDIR $DIST_DIR/..
 COPY rpm .

--- a/runtime/Dockerfile.centos
+++ b/runtime/Dockerfile.centos
 ARG VERSION_ID
 FROM nvidia/base/centos:${VERSION_ID}

-# Install a more version of git (for vndr)
-RUN yum install -y \
-        gcc \
-        make \
-        gettext-devel \
-        openssl-devel \
-        perl-CPAN \
-        perl-devel \
-        zlib-devel \
-        curl-devel && \
-    rm -rf /var/cache/yum/*
+RUN yum install -y curl make

-RUN GIT_DOWNLOAD_SUM=e19d450648d6d100eb93abaa5d06ffbc778394fb502354b7026d73e9bcbc3160 && \
-    curl -fsSL https://www.kernel.org/pub/software/scm/git/git-2.13.2.tar.gz -O && \
-    echo "$GIT_DOWNLOAD_SUM  git-2.13.2.tar.gz" | sha256sum -c --strict - && \
-    tar --no-same-owner -xzf git-2.13.2.tar.gz -C /tmp && \
-    cd /tmp/git-2.13.2 && \
-    ./configure && make -j"$(nproc)" install
+WORKDIR $GOPATH/src/gitlab.com/nvidia/container-toolkit/nvidia-container-runtime
+RUN mkdir -p ${GOPATH}/bin

-# runc dependencies
-RUN yum install -y \
-        pkgconfig \
-        gcc \
-        libseccomp-devel \
-        libselinux-devel && \
-    rm -rf /var/cache/yum/*
+RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh 

-RUN go get github.com/LK4D4/vndr
-
-# runc
-WORKDIR $GOPATH/src/github.com/opencontainers/runc
-
-RUN git clone https://github.com/opencontainers/runc.git .
+COPY src .
+RUN make

 # packaging
 ARG PKG_VERS
@@ -46,14 +22,7 @@ ENV RELEASE $PKG_REV
 ENV DIST_DIR=/tmp/nvidia-container-runtime-$PKG_VERS/SOURCES
 RUN mkdir -p $DIST_DIR /dist

-ARG RUNC_COMMIT
-COPY runc/$RUNC_COMMIT/ /tmp/patches/runc
-
-RUN git checkout $RUNC_COMMIT && \
-    git apply /tmp/patches/runc/* && \
-    if [ -f vendor.conf ]; then vndr; fi && \
-    make BUILDTAGS="seccomp selinux" && \
-    mv runc $DIST_DIR/nvidia-container-runtime
+RUN mv nvidia-container-runtime $DIST_DIR/nvidia-container-runtime

 WORKDIR $DIST_DIR/..
 COPY rpm .

--- a/runtime/Dockerfile.debian
+++ b/runtime/Dockerfile.debian
@@ -3,20 +3,16 @@ FROM nvidia/base/debian:${VERSION_ID}

 # runc dependencies
 RUN apt-get update && \
-    apt-get install -t "$(lsb_release -cs)-backports" -y \
-        libseccomp-dev && \
-    apt-get install -y \
-        pkg-config \
-        libapparmor-dev \
-        libselinux1-dev && \
+    apt-get install -y curl && \
    rm -rf /var/lib/apt/lists/*

-RUN go get github.com/LK4D4/vndr
+WORKDIR $GOPATH/src/gitlab.com/nvidia/container-toolkit/nvidia-container-runtime
+RUN mkdir -p ${GOPATH}/bin

-# runc
-WORKDIR $GOPATH/src/github.com/opencontainers/runc
+RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh

-RUN git clone https://github.com/opencontainers/runc.git .
+COPY src .
+RUN make

 # packaging
 ARG PKG_VERS
@@ -31,21 +27,14 @@ ENV SECTION ""
 ENV DIST_DIR=/tmp/nvidia-container-runtime-$PKG_VERS
 RUN mkdir -p $DIST_DIR /dist

-ARG RUNC_COMMIT
-COPY runc/$RUNC_COMMIT/ /tmp/patches/runc
-
-RUN git checkout $RUNC_COMMIT && \
-    git apply /tmp/patches/runc/* && \
-    if [ -f vendor.conf ]; then vndr; fi && \
-    make BUILDTAGS="seccomp apparmor selinux" && \
-    mv runc $DIST_DIR/nvidia-container-runtime
+RUN mv nvidia-container-runtime $DIST_DIR/nvidia-container-runtime

 WORKDIR $DIST_DIR
 COPY debian ./debian

-RUN sed -i "s;@VERSION@;${REVISION#*+};" debian/changelog && \
+RUN sed -i "s;@VERSION@;${REVISION};" debian/changelog && \
    if [ "$REVISION" != "$(dpkg-parsechangelog --show-field=Version)" ]; then exit 1; fi

-CMD export DISTRIB="unstable" && \
-    debuild -eDISTRIB -eSECTION --dpkg-buildpackage-hook='sh debian/prepare' -i -us -uc -b && \
-    mv /tmp/nvidia-container-runtime_*.deb /dist
+CMD export DISTRIB="$(lsb_release -cs)" && \
+    debuild -eREVISION -eDISTRIB -eSECTION --dpkg-buildpackage-hook='sh debian/prepare' -i -us -uc -b && \
+    mv /tmp/*.deb /dist
--- a/runtime/Dockerfile.ubuntu
+++ b/runtime/Dockerfile.ubuntu
 ARG VERSION_ID
 FROM nvidia/base/ubuntu:${VERSION_ID}

-# runc dependencies
 RUN apt-get update && \
-    if [ "$(lsb_release -cs)" = "trusty" ]; then \
-        apt-get install -t "trusty-backports" -y libseccomp-dev; \
-    else \
-        apt-get install -y libseccomp-dev; \
-    fi && \
-    apt-get install -y \
-        pkg-config \
-        libapparmor-dev \
-        libselinux1-dev && \
+    apt-get install -y curl && \
    rm -rf /var/lib/apt/lists/*

-RUN go get github.com/LK4D4/vndr
+WORKDIR $GOPATH/src/gitlab.com/nvidia/container-toolkit/nvidia-container-runtime
+RUN mkdir -p ${GOPATH}/bin

-# runc
-WORKDIR $GOPATH/src/github.com/opencontainers/runc
+RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh

-RUN git clone https://github.com/opencontainers/runc.git .
+COPY src .
+RUN make

 # packaging
 ARG PKG_VERS
@@ -34,19 +26,12 @@ ENV SECTION ""
 ENV DIST_DIR=/tmp/nvidia-container-runtime-$PKG_VERS
 RUN mkdir -p $DIST_DIR /dist

-ARG RUNC_COMMIT
-COPY runc/$RUNC_COMMIT/ /tmp/patches/runc
-
-RUN git checkout $RUNC_COMMIT && \
-    git apply /tmp/patches/runc/* && \
-    if [ -f vendor.conf ]; then vndr; fi && \
-    make BUILDTAGS="seccomp apparmor selinux" && \
-    mv runc $DIST_DIR/nvidia-container-runtime
+RUN mv nvidia-container-runtime $DIST_DIR/nvidia-container-runtime

 WORKDIR $DIST_DIR
 COPY debian ./debian

-RUN sed -i "s;@VERSION@;${REVISION#*+};" debian/changelog && \
+RUN sed -i "s;@VERSION@;${REVISION};" debian/changelog && \
    if [ "$REVISION" != "$(dpkg-parsechangelog --show-field=Version)" ]; then exit 1; fi

 CMD export DISTRIB="$(lsb_release -cs)" && \

--- a/runtime/Makefile
+++ b/runtime/Makefile
@@ -3,7 +3,7 @@
 DOCKER ?= docker
 MKDIR  ?= mkdir

-VERSION := 2.0.0
+VERSION := 3.0.0
 PKG_REV := 1

 DIST_DIR  := $(CURDIR)/../dist
@@ -11,169 +11,48 @@ DIST_DIR  := $(CURDIR)/../dist
 .NOTPARALLEL:
 .PHONY: all

-all: ubuntu18.04 ubuntu16.04 ubuntu14.04 debian9 debian8 centos7 amzn2 amzn1
+all: ubuntu18.04 ubuntu16.04 ubuntu14.04 debian9 centos7 amzn2 amzn1

-ubuntu18.04: $(addsuffix -ubuntu18.04, 18.09.2 18.06.2 18.09.1 18.09.0 18.06.1 18.06.0 18.03.1 17.12.1)
-
-ubuntu16.04: $(addsuffix -ubuntu16.04, 18.09.2 18.06.2 18.09.1 18.09.0 18.06.1 18.06.0 18.03.1 18.03.0 17.12.1 17.12.0 17.09.1 17.09.0 17.06.2 17.03.2 1.13.1 1.12.6)
-
-ubuntu14.04: $(addsuffix -ubuntu14.04, 18.09.2 18.06.2 18.06.1 18.06.0 18.03.1 18.03.0 17.12.1 17.09.1 17.06.2 17.03.2)
-
-debian9: $(addsuffix -debian9, 18.09.2 18.06.2 18.09.1 18.09.0 18.06.1 18.06.0 18.03.1 18.03.0 17.12.1 17.12.0 17.09.1 17.09.0 17.06.2 17.03.2)
-
-debian8: $(addsuffix -debian8, 18.06.2 18.06.1 18.06.0 18.03.1 18.03.0 17.12.1 17.09.1 17.06.2)
-
-centos7: $(addsuffix -centos7, 18.09.2 18.06.2 18.09.1 18.09.0 18.06.1 18.06.0 18.03.1 18.03.0 17.12.1 17.12.0 17.09.1 17.09.0 17.06.2 17.03.2 1.13.1 1.12.6)
-
-amzn2: $(addsuffix -amzn2, 18.06.2 18.06.1 18.03.1 17.06.2)
-
-amzn1: $(addsuffix -amzn1, 18.06.2 18.06.1 18.03.1 17.12.1 17.09.1 17.06.2 17.03.2)
-
-18.09.2-%-runc:
-	echo "6635b4f0c6af3810594d2770f662f34ddc15b40d"
-
-18.09.1-%-runc:
-	echo "96ec2177ae841256168fcf76954f7177af9446eb"
-
-18.09.0-%-runc:
-	echo "4fc53a81fb7c994640722ac585fa9ca548971871"
-
-18.06.2-%-runc:
-	echo "6635b4f0c6af3810594d2770f662f34ddc15b40d"
-
-18.06.1-%-runc:
-	echo "69663f0bd4b60df09991c08812a60108003fa340"
-
-18.06.0-%-runc:
-	echo "69663f0bd4b60df09991c08812a60108003fa340"
-
-18.03.1-%-runc:
-	echo "4fc53a81fb7c994640722ac585fa9ca548971871"
-
-18.03.0-%-runc:
-	echo "4fc53a81fb7c994640722ac585fa9ca548971871"
-
-17.12.1-%-runc:
-	echo "9f9c96235cc97674e935002fc3d78361b696a69e"
-
-17.12.0-%-runc:
-	echo "b2567b37d7b75eb4cf325b77297b140ea686ce8f"
-
-17.09.1-%-runc 17.09.0-%-runc:
-	echo "3f2f8b84a77f73d38244dd690525642a72156c64"
-
-17.06.2-%-runc:
-	echo "810190ceaa507aa2727d7ae6f4790c76ec150bd2"
-
-17.03.2-%-runc:
-	echo "54296cf40ad8143b62dbcaa1d90e520a2136ddfe"
-
-1.13.1-%-runc:
-	echo "9df8b306d01f59d3a8029be411de015b7304dd8f"
-
-1.12.6-%-runc:
-	echo "50a19c6ff828c58e5dab13830bd3dacde268afe5"
-
-%-ubuntu18.04: ARCH := amd64
-%-ubuntu18.04:
-	runc="$(shell $(MAKE) -s $@-runc)" && \
-	$(DOCKER) build --build-arg VERSION_ID="18.04" \
-                        --build-arg RUNC_COMMIT="$${runc}" \
-                        --build-arg PKG_VERS="$(VERSION)+docker$*" \
-                        --build-arg PKG_REV="$(PKG_REV)" \
-                        -t "nvidia/runtime/ubuntu:18.04-docker$*" -f Dockerfile.ubuntu .
-	$(MKDIR) -p $(DIST_DIR)/ubuntu18.04/$(ARCH)
-	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/ubuntu:18.04-docker$*"
-	$(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/ubuntu18.04/$(ARCH)/
-	$(DOCKER) rm $$(cat $@.cid) && rm $@.cid
-
-%-ubuntu16.04: ARCH := amd64
-%-ubuntu16.04:
-	runc="$(shell $(MAKE) -s $@-runc)" && \
-	$(DOCKER) build --build-arg VERSION_ID="16.04" \
-                        --build-arg RUNC_COMMIT="$${runc}" \
-                        --build-arg PKG_VERS="$(VERSION)+docker$*" \
-                        --build-arg PKG_REV="$(PKG_REV)" \
-                        -t "nvidia/runtime/ubuntu:16.04-docker$*" -f Dockerfile.ubuntu .
-	$(MKDIR) -p $(DIST_DIR)/ubuntu16.04/$(ARCH)
-	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/ubuntu:16.04-docker$*"
-	$(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/ubuntu16.04/$(ARCH)/
-	$(DOCKER) rm $$(cat $@.cid) && rm $@.cid
-
-%-ubuntu14.04: ARCH := amd64
-%-ubuntu14.04:
-	runc="$(shell $(MAKE) -s $@-runc)" && \
-	$(DOCKER) build --build-arg VERSION_ID="14.04" \
-                        --build-arg RUNC_COMMIT="$${runc}" \
-                        --build-arg PKG_VERS="$(VERSION)+docker$*" \
-                        --build-arg PKG_REV="$(PKG_REV)" \
-                        -t "nvidia/runtime/ubuntu:14.04-docker$*" -f Dockerfile.ubuntu .
-	$(MKDIR) -p $(DIST_DIR)/ubuntu14.04/$(ARCH)
-	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/ubuntu:14.04-docker$*"
-	$(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/ubuntu14.04/$(ARCH)/
-	$(DOCKER) rm $$(cat $@.cid) && rm $@.cid
-
-%-debian9: ARCH := amd64
-%-debian9:
-	runc="$(shell $(MAKE) -s $@-runc)" && \
-	$(DOCKER) build --build-arg VERSION_ID="9" \
-                        --build-arg RUNC_COMMIT="$${runc}" \
-                        --build-arg PKG_VERS="$(VERSION)+docker$*" \
-                        --build-arg PKG_REV="$(PKG_REV)" \
-                        -t "nvidia/runtime/debian:9-docker$*" -f Dockerfile.debian .
-	$(MKDIR) -p $(DIST_DIR)/debian9/$(ARCH)
-	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/debian:9-docker$*"
-	$(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/debian9/$(ARCH)/
-	$(DOCKER) rm $$(cat $@.cid) && rm $@.cid
-
-%-debian8: ARCH := amd64
-%-debian8:
-	runc="$(shell $(MAKE) -s $@-runc)" && \
-	$(DOCKER) build --build-arg VERSION_ID="8" \
-                        --build-arg RUNC_COMMIT="$${runc}" \
-                        --build-arg PKG_VERS="$(VERSION)+docker$*" \
-                        --build-arg PKG_REV="$(PKG_REV)" \
-                        -t "nvidia/runtime/debian:8-docker$*" -f Dockerfile.debian .
-	$(MKDIR) -p $(DIST_DIR)/debian8/$(ARCH)
-	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/debian:8-docker$*"
-	$(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/debian8/$(ARCH)/
+ubuntu%: ARCH := amd64
+ubuntu%:
+	$(DOCKER) build --build-arg VERSION_ID="$*" \
+                        --build-arg PKG_VERS="$(VERSION)" \
+			--build-arg PKG_REV="$(PKG_REV)" \
+                        -t "nvidia/runtime/ubuntu:$*" -f Dockerfile.ubuntu .
+	$(MKDIR) -p "$(DIST_DIR)/ubuntu$*/$(ARCH)"
+	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/ubuntu:$*"
+	$(DOCKER) cp $$(cat $@.cid):/dist/. "$(DIST_DIR)/ubuntu$*/$(ARCH)/"
 	$(DOCKER) rm $$(cat $@.cid) && rm $@.cid

-%-centos7: ARCH := x86_64
-%-centos7:
-	runc="$(shell $(MAKE) -s $@-runc)" && \
-	$(DOCKER) build --build-arg VERSION_ID="7" \
-                        --build-arg RUNC_COMMIT="$${runc}" \
+debian%: ARCH := amd64
+debian%:
+	$(DOCKER) build --build-arg VERSION_ID="$*" \
                        --build-arg PKG_VERS="$(VERSION)" \
-                        --build-arg PKG_REV="$(PKG_REV).docker$*" \
-                        -t "nvidia/runtime/centos:7-docker$*" -f Dockerfile.centos .
-	$(MKDIR) -p $(DIST_DIR)/centos7/$(ARCH)
-	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/centos:7-docker$*"
-	$(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/centos7/$(ARCH)/
+			--build-arg PKG_REV="$(PKG_REV)" \
+                        -t "nvidia/runtime/debian:$*" -f Dockerfile.debian .
+	$(MKDIR) -p "$(DIST_DIR)/debian$*/$(ARCH)"
+	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/debian:$*"
+	$(DOCKER) cp $$(cat $@.cid):/dist/. "$(DIST_DIR)/debian$*/$(ARCH)/"
 	$(DOCKER) rm $$(cat $@.cid) && rm $@.cid

-%-amzn2: ARCH := x86_64
-%-amzn2:
-	runc="$(shell $(MAKE) -s $@-runc)" && \
-	$(DOCKER) build --build-arg VERSION_ID="2" \
-                        --build-arg RUNC_COMMIT="$${runc}" \
+centos%: ARCH := x86_64
+centos%:
+	$(DOCKER) build --build-arg VERSION_ID="$*" \
                        --build-arg PKG_VERS="$(VERSION)" \
-                        --build-arg PKG_REV="$(PKG_REV).docker$*.amzn2" \
-                        -t "nvidia/runtime/amzn:2-docker$*" -f Dockerfile.amzn .
-	$(MKDIR) -p $(DIST_DIR)/amzn2/$(ARCH)
-	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/amzn:2-docker$*"
-	$(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/amzn2/$(ARCH)/
+			--build-arg PKG_REV="$(PKG_REV)" \
+                        -t "nvidia/runtime/centos:$*" -f Dockerfile.centos .
+	$(MKDIR) -p "$(DIST_DIR)/centos$*/$(ARCH)"
+	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/centos:$*"
+	$(DOCKER) cp $$(cat $@.cid):/dist/. "$(DIST_DIR)/centos$*/$(ARCH)/"
 	$(DOCKER) rm $$(cat $@.cid) && rm $@.cid

-%-amzn1: ARCH := x86_64
-%-amzn1:
-	runc="$(shell $(MAKE) -s $@-runc)" && \
-	$(DOCKER) build --build-arg VERSION_ID="1" \
-                        --build-arg RUNC_COMMIT="$${runc}" \
+amzn%: ARCH := x86_64
+amzn%:
+	$(DOCKER) build --build-arg VERSION_ID="$*" \
                        --build-arg PKG_VERS="$(VERSION)" \
-                        --build-arg PKG_REV="$(PKG_REV).docker$*.amzn1" \
-                        -t "nvidia/runtime/amzn:1-docker$*" -f Dockerfile.amzn .
-	$(MKDIR) -p $(DIST_DIR)/amzn1/$(ARCH)
-	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/amzn:1-docker$*"
-	$(DOCKER) cp $$(cat $@.cid):/dist/. $(DIST_DIR)/amzn1/$(ARCH)/
+			--build-arg PKG_REV="$(PKG_REV)" \
+                        -t "nvidia/runtime/amzn:$*" -f Dockerfile.amzn .
+	$(MKDIR) -p "$(DIST_DIR)/amzn$*/$(ARCH)"
+	$(DOCKER) run --cidfile $@.cid "nvidia/runtime/amzn:$*"
+	$(DOCKER) cp $$(cat $@.cid):/dist/. "$(DIST_DIR)/amzn$*/$(ARCH)/"
 	$(DOCKER) rm $$(cat $@.cid) && rm $@.cid
--- a/runtime/debian/changelog
+++ b/runtime/debian/changelog
-nvidia-container-runtime (2.0.0+@VERSION@) UNRELEASED; urgency=medium
+nvidia-container-runtime (@VERSION@) UNRELEASED; urgency=medium

  * Split into nvidia-container-runtime and nvidia-container-runtime-hook


--- a/runtime/rpm/SPECS/nvidia-container-runtime.spec
+++ b/runtime/rpm/SPECS/nvidia-container-runtime.spec
@@ -14,7 +14,7 @@ License: ASL 2.0
 Source0: nvidia-container-runtime
 Source1: LICENSE

-Obsoletes: nvidia-container-runtime < 2.0.0
+Obsoletes: nvidia-container-runtime < 3.0.0
 Requires: nvidia-container-runtime-hook < 2.0.0
 Requires: libseccomp


--- a/runtime/runc/3f2f8b84a77f73d38244dd690525642a72156c64/0001-Add-prestart-hook-nvidia-container-runtime-hook-to-t.patch
+++ b/runtime/runc/3f2f8b84a77f73d38244dd690525642a72156c64/0001-Add-prestart-hook-nvidia-container-runtime-hook-to-t.patch
-From 3f520de8ae5b5107811261734c15ee99b35ecb74 Mon Sep 17 00:00:00 2001
-From: Felix Abecassis <fabecassis@nvidia.com>
-Date: Wed, 3 Jan 2018 11:50:02 -0800
-Subject: [PATCH] Add prestart hook nvidia-container-runtime-hook to the config
-
-Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
---
- utils.go | 26 ++++++++++++++++++++++++++
- 1 file changed, 26 insertions(+)
-
-diff --git a/utils.go b/utils.go
-index 8ed1a88..7fa486b 100644
--- a/utils.go
-+++ b/utils.go
-@@ -3,6 +3,7 @@ package main
- import (
- 	"fmt"
- 	"os"
-+	"os/exec"
- 	"path/filepath"
- 
- 	"github.com/opencontainers/runtime-spec/specs-go"
-@@ -52,6 +53,26 @@ func fatal(err error) {
- 	os.Exit(1)
- }
- 
-+func addNVIDIAHook(context *cli.Context, spec *specs.Spec) error {
-+	path, err := exec.LookPath("nvidia-container-runtime-hook")
-+	if err != nil {
-+		return err
-+	}
-+	args := []string{path}
-+	if context.GlobalBool("debug") {
-+		args = append(args, "-debug")
-+	}
-+	if spec.Hooks == nil {
-+		spec.Hooks = &specs.Hooks{}
-+	}
-+	spec.Hooks.Prestart = append(spec.Hooks.Prestart, specs.Hook{
-+		Path: path,
-+		Args: append(args, "prestart"),
-+	})
-+
-+	return nil
-+}
-+
- // setupSpec performs initial setup based on the cli.Context for the container
- func setupSpec(context *cli.Context) (*specs.Spec, error) {
- 	bundle := context.String("bundle")
-@@ -64,6 +85,11 @@ func setupSpec(context *cli.Context) (*specs.Spec, error) {
- 	if err != nil {
- 		return nil, err
- 	}
-+
-+	if err = addNVIDIAHook(context, spec); err != nil {
-+		return nil, err
-+	}
-+
- 	return spec, nil
- }
- 
-- 
-2.7.4
-
--- a/runtime/runc/4fc53a81fb7c994640722ac585fa9ca548971871
+++ b/runtime/runc/4fc53a81fb7c994640722ac585fa9ca548971871
-9f9c96235cc97674e935002fc3d78361b696a69e
\ No newline at end of file
--- a/runtime/runc/50a19c6ff828c58e5dab13830bd3dacde268afe5/0001-Fix-setup-cgroup-before-prestart-hook.patch
+++ b/runtime/runc/50a19c6ff828c58e5dab13830bd3dacde268afe5/0001-Fix-setup-cgroup-before-prestart-hook.patch
-From 7d357d021d53831c7acb01e5ae85e7d46f6620c9 Mon Sep 17 00:00:00 2001
-From: Felix Abecassis <fabecassis@nvidia.com>
-Date: Wed, 28 Jun 2017 14:18:45 -0700
-Subject: [PATCH 1/2] Fix setup cgroup before prestart hook
-
---
- libcontainer/process_linux.go | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go
-index 5b81317..c3293b4 100644
--- a/libcontainer/process_linux.go
-+++ b/libcontainer/process_linux.go
-@@ -287,9 +287,6 @@ loop:
- 		}
- 		switch procSync.Type {
- 		case procReady:
-			if err := p.manager.Set(p.config.Config); err != nil {
-				return newSystemErrorWithCause(err, "setting cgroup config for ready process")
-			}
- 			// set oom_score_adj
- 			if err := setOomScoreAdj(p.config.Config.OomScoreAdj, p.pid()); err != nil {
- 				return newSystemErrorWithCause(err, "setting oom score for ready process")
-@@ -301,6 +298,9 @@ loop:
- 			}
- 			// call prestart hooks
- 			if !p.config.Config.Namespaces.Contains(configs.NEWNS) {
-+				if err := p.manager.Set(p.config.Config); err != nil {
-+					return newSystemErrorWithCause(err, "setting cgroup config for ready process")
-+				}
- 				if p.config.Config.Hooks != nil {
- 					s := configs.HookState{
- 						Version: p.container.config.Version,
-@@ -321,6 +321,9 @@ loop:
- 			}
- 			sentRun = true
- 		case procHooks:
-+			if err := p.manager.Set(p.config.Config); err != nil {
-+				return newSystemErrorWithCause(err, "setting cgroup config for procHooks process")
-+			}
- 			if p.config.Config.Hooks != nil {
- 				s := configs.HookState{
- 					Version:    p.container.config.Version,
-- 
-2.7.4
-
--- a/runtime/runc/50a19c6ff828c58e5dab13830bd3dacde268afe5/0002-Add-prestart-hook-nvidia-container-runtime-hook-to-t.patch
+++ b/runtime/runc/50a19c6ff828c58e5dab13830bd3dacde268afe5/0002-Add-prestart-hook-nvidia-container-runtime-hook-to-t.patch
-From 5bbacdd06e1725e4a93a9d7b08c9c510c38cb548 Mon Sep 17 00:00:00 2001
-From: Felix Abecassis <fabecassis@nvidia.com>
-Date: Wed, 3 Jan 2018 13:01:26 -0800
-Subject: [PATCH 2/2] Add prestart hook nvidia-container-runtime-hook to the
- config
-
-Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
---
- utils.go | 23 +++++++++++++++++++++++
- 1 file changed, 23 insertions(+)
-
-diff --git a/utils.go b/utils.go
-index 55a7e9d..d6f9739 100644
--- a/utils.go
-+++ b/utils.go
-@@ -3,6 +3,7 @@ package main
- import (
- 	"fmt"
- 	"os"
-+	"os/exec"
- 
- 	"github.com/Sirupsen/logrus"
- 	"github.com/opencontainers/runtime-spec/specs-go"
-@@ -18,6 +19,23 @@ func fatal(err error) {
- 	os.Exit(1)
- }
- 
-+func addNVIDIAHook(context *cli.Context, spec *specs.Spec) error {
-+	path, err := exec.LookPath("nvidia-container-runtime-hook")
-+	if err != nil {
-+		return err
-+	}
-+	args := []string{path}
-+	if context.GlobalBool("debug") {
-+		args = append(args, "-debug")
-+	}
-+	spec.Hooks.Prestart = append(spec.Hooks.Prestart, specs.Hook{
-+		Path: path,
-+		Args: append(args, "prestart"),
-+	})
-+
-+	return nil
-+}
-+
- // setupSpec performs inital setup based on the cli.Context for the container
- func setupSpec(context *cli.Context) (*specs.Spec, error) {
- 	bundle := context.String("bundle")
-@@ -30,6 +48,11 @@ func setupSpec(context *cli.Context) (*specs.Spec, error) {
- 	if err != nil {
- 		return nil, err
- 	}
-+
-+	if err = addNVIDIAHook(context, spec); err != nil {
-+		return nil, err
-+	}
-+
- 	notifySocket := os.Getenv("NOTIFY_SOCKET")
- 	if notifySocket != "" {
- 		setupSdNotify(spec, notifySocket)
-- 
-2.7.4
-
--- a/runtime/runc/54296cf40ad8143b62dbcaa1d90e520a2136ddfe
+++ b/runtime/runc/54296cf40ad8143b62dbcaa1d90e520a2136ddfe
-9df8b306d01f59d3a8029be411de015b7304dd8f
\ No newline at end of file
--- a/runtime/runc/6635b4f0c6af3810594d2770f662f34ddc15b40d
+++ b/runtime/runc/6635b4f0c6af3810594d2770f662f34ddc15b40d
-96ec2177ae841256168fcf76954f7177af9446eb
\ No newline at end of file
--- a/runtime/runc/69663f0bd4b60df09991c08812a60108003fa340
+++ b/runtime/runc/69663f0bd4b60df09991c08812a60108003fa340
-4fc53a81fb7c994640722ac585fa9ca548971871
\ No newline at end of file
--- a/runtime/runc/810190ceaa507aa2727d7ae6f4790c76ec150bd2/0001-Fix-setup-cgroup-before-prestart-hook.patch
+++ b/runtime/runc/810190ceaa507aa2727d7ae6f4790c76ec150bd2/0001-Fix-setup-cgroup-before-prestart-hook.patch
-From f1db2f8c3ee6026460e152990bb5d8676869aa92 Mon Sep 17 00:00:00 2001
-From: Wentao Zhang <zhangwentao234@huawei.com>
-Date: Tue, 20 Dec 2016 06:21:10 -0500
-Subject: [PATCH 1/2] Fix setup cgroup before prestart hook
-
-* User Case:
-User could use prestart hook to add block devices to container. so the
-hook should have a way to set the permissions of the devices.
-
-Just move cgroup config operation before prestart hook will work.
-
-Signed-off-by: Wentao Zhang <zhangwentao234@huawei.com>
---
- libcontainer/process_linux.go | 12 +++++++++---
- 1 file changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go
-index bfe9955..323ba72 100644
--- a/libcontainer/process_linux.go
-+++ b/libcontainer/process_linux.go
-@@ -280,9 +280,6 @@ func (p *initProcess) start() error {
- 	ierr := parseSync(p.parentPipe, func(sync *syncT) error {
- 		switch sync.Type {
- 		case procReady:
-			if err := p.manager.Set(p.config.Config); err != nil {
-				return newSystemErrorWithCause(err, "setting cgroup config for ready process")
-			}
- 			// set rlimits, this has to be done here because we lose permissions
- 			// to raise the limits once we enter a user-namespace
- 			if err := setupRlimits(p.config.Rlimits, p.pid()); err != nil {
-@@ -290,6 +287,11 @@ func (p *initProcess) start() error {
- 			}
- 			// call prestart hooks
- 			if !p.config.Config.Namespaces.Contains(configs.NEWNS) {
-+				// Setup cgroup before prestart hook, so that the prestart hook could apply cgroup permissions.
-+				if err := p.manager.Set(p.config.Config); err != nil {
-+					return newSystemErrorWithCause(err, "setting cgroup config for ready process")
-+				}
-+
- 				if p.config.Config.Hooks != nil {
- 					s := configs.HookState{
- 						Version: p.container.config.Version,
-@@ -310,6 +312,10 @@ func (p *initProcess) start() error {
- 			}
- 			sentRun = true
- 		case procHooks:
-+			// Setup cgroup before prestart hook, so that the prestart hook could apply cgroup permissions.
-+			if err := p.manager.Set(p.config.Config); err != nil {
-+				return newSystemErrorWithCause(err, "setting cgroup config for procHooks process")
-+			}
- 			if p.config.Config.Hooks != nil {
- 				s := configs.HookState{
- 					Version: p.container.config.Version,
-- 
-2.7.4
-
--- a/runtime/runc/810190ceaa507aa2727d7ae6f4790c76ec150bd2/0002-Add-prestart-hook-nvidia-container-runtime-hook-to-t.patch
+++ b/runtime/runc/810190ceaa507aa2727d7ae6f4790c76ec150bd2/0002-Add-prestart-hook-nvidia-container-runtime-hook-to-t.patch
-From 2d8dcf0bb7f2c66bba46c1b7ebd4abe61b639144 Mon Sep 17 00:00:00 2001
-From: Felix Abecassis <fabecassis@nvidia.com>
-Date: Wed, 3 Jan 2018 11:50:02 -0800
-Subject: [PATCH 2/2] Add prestart hook nvidia-container-runtime-hook to the
- config
-
-Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
---
- utils.go | 26 ++++++++++++++++++++++++++
- 1 file changed, 26 insertions(+)
-
-diff --git a/utils.go b/utils.go
-index 98f93a4..e3b7df4 100644
--- a/utils.go
-+++ b/utils.go
-@@ -3,6 +3,7 @@ package main
- import (
- 	"fmt"
- 	"os"
-+	"os/exec"
- 	"path/filepath"
- 
- 	"github.com/Sirupsen/logrus"
-@@ -51,6 +52,26 @@ func fatal(err error) {
- 	os.Exit(1)
- }
- 
-+func addNVIDIAHook(context *cli.Context, spec *specs.Spec) error {
-+	path, err := exec.LookPath("nvidia-container-runtime-hook")
-+	if err != nil {
-+		return err
-+	}
-+	args := []string{path}
-+	if context.GlobalBool("debug") {
-+		args = append(args, "-debug")
-+	}
-+	if spec.Hooks == nil {
-+		spec.Hooks = &specs.Hooks{}
-+	}
-+	spec.Hooks.Prestart = append(spec.Hooks.Prestart, specs.Hook{
-+		Path: path,
-+		Args: append(args, "prestart"),
-+	})
-+
-+	return nil
-+}
-+
- // setupSpec performs initial setup based on the cli.Context for the container
- func setupSpec(context *cli.Context) (*specs.Spec, error) {
- 	bundle := context.String("bundle")
-@@ -63,6 +84,11 @@ func setupSpec(context *cli.Context) (*specs.Spec, error) {
- 	if err != nil {
- 		return nil, err
- 	}
-+
-+	if err = addNVIDIAHook(context, spec); err != nil {
-+		return nil, err
-+	}
-+
- 	return spec, nil
- }
- 
-- 
-2.7.4
-
--- a/runtime/runc/96ec2177ae841256168fcf76954f7177af9446eb/0001-Add-prestart-hook-nvidia-container-runtime-hook-to-t.patch
+++ b/runtime/runc/96ec2177ae841256168fcf76954f7177af9446eb/0001-Add-prestart-hook-nvidia-container-runtime-hook-to-t.patch
-From e2f8af42d9d0f8d7afc236323994a9ebe6bb0c3b Mon Sep 17 00:00:00 2001
-From: Felix Abecassis <fabecassis@nvidia.com>
-Date: Wed, 3 Jan 2018 11:50:02 -0800
-Subject: [PATCH] Add prestart hook nvidia-container-runtime-hook to the config
-
-Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
---
- utils.go | 26 ++++++++++++++++++++++++++
- 1 file changed, 26 insertions(+)
-
-diff --git a/utils.go b/utils.go
-index 5165336..5cdd11e 100644
--- a/utils.go
-+++ b/utils.go
-@@ -3,6 +3,7 @@ package main
- import (
- 	"fmt"
- 	"os"
-+	"os/exec"
- 	"path/filepath"
- 	"strconv"
- 	"strings"
-@@ -54,6 +55,26 @@ func fatal(err error) {
- 	os.Exit(1)
- }
- 
-+func addNVIDIAHook(context *cli.Context, spec *specs.Spec) error {
-+	path, err := exec.LookPath("nvidia-container-runtime-hook")
-+	if err != nil {
-+		return err
-+	}
-+	args := []string{path}
-+	if context.GlobalBool("debug") {
-+		args = append(args, "-debug")
-+	}
-+	if spec.Hooks == nil {
-+		spec.Hooks = &specs.Hooks{}
-+	}
-+	spec.Hooks.Prestart = append(spec.Hooks.Prestart, specs.Hook{
-+		Path: path,
-+		Args: append(args, "prestart"),
-+	})
-+
-+	return nil
-+}
-+
- // setupSpec performs initial setup based on the cli.Context for the container
- func setupSpec(context *cli.Context) (*specs.Spec, error) {
- 	bundle := context.String("bundle")
-@@ -66,6 +87,11 @@ func setupSpec(context *cli.Context) (*specs.Spec, error) {
- 	if err != nil {
- 		return nil, err
- 	}
-+
-+	if err = addNVIDIAHook(context, spec); err != nil {
-+		return nil, err
-+	}
-+
- 	return spec, nil
- }
- 
-- 
-2.7.4
-
--- a/runtime/runc/9df8b306d01f59d3a8029be411de015b7304dd8f/0001-Fix-setup-cgroup-before-prestart-hook.patch
+++ b/runtime/runc/9df8b306d01f59d3a8029be411de015b7304dd8f/0001-Fix-setup-cgroup-before-prestart-hook.patch
-From 98539c2e82c3f02edd1d3fe8893a2bbd6a8e6f99 Mon Sep 17 00:00:00 2001
-From: Felix Abecassis <fabecassis@nvidia.com>
-Date: Wed, 28 Jun 2017 14:18:45 -0700
-Subject: [PATCH 1/2] Fix setup cgroup before prestart hook
-
---
- libcontainer/process_linux.go | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go
-index 4b54e4b..d892701 100644
--- a/libcontainer/process_linux.go
-+++ b/libcontainer/process_linux.go
-@@ -287,9 +287,6 @@ loop:
- 		}
- 		switch procSync.Type {
- 		case procReady:
-			if err := p.manager.Set(p.config.Config); err != nil {
-				return newSystemErrorWithCause(err, "setting cgroup config for ready process")
-			}
- 			// set oom_score_adj
- 			if err := setOomScoreAdj(p.config.Config.OomScoreAdj, p.pid()); err != nil {
- 				return newSystemErrorWithCause(err, "setting oom score for ready process")
-@@ -301,6 +298,9 @@ loop:
- 			}
- 			// call prestart hooks
- 			if !p.config.Config.Namespaces.Contains(configs.NEWNS) {
-+				if err := p.manager.Set(p.config.Config); err != nil {
-+					return newSystemErrorWithCause(err, "setting cgroup config for ready process")
-+				}
- 				if p.config.Config.Hooks != nil {
- 					s := configs.HookState{
- 						Version: p.container.config.Version,
-@@ -321,6 +321,9 @@ loop:
- 			}
- 			sentRun = true
- 		case procHooks:
-+			if err := p.manager.Set(p.config.Config); err != nil {
-+				return newSystemErrorWithCause(err, "setting cgroup config for procHooks process")
-+			}
- 			if p.config.Config.Hooks != nil {
- 				s := configs.HookState{
- 					Version:    p.container.config.Version,
-- 
-2.7.4
-
--- a/runtime/runc/9df8b306d01f59d3a8029be411de015b7304dd8f/0002-Add-prestart-hook-nvidia-container-runtime-hook-to-t.patch
+++ b/runtime/runc/9df8b306d01f59d3a8029be411de015b7304dd8f/0002-Add-prestart-hook-nvidia-container-runtime-hook-to-t.patch
-From f5e0e09d64f945d2089efebe725cc647382d59f8 Mon Sep 17 00:00:00 2001
-From: Felix Abecassis <fabecassis@nvidia.com>
-Date: Wed, 3 Jan 2018 13:50:50 -0800
-Subject: [PATCH 2/2] Add prestart hook nvidia-container-runtime-hook to the
- config
-
-Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
---
- utils.go | 23 +++++++++++++++++++++++
- 1 file changed, 23 insertions(+)
-
-diff --git a/utils.go b/utils.go
-index b3de006..e93172d 100644
--- a/utils.go
-+++ b/utils.go
-@@ -3,6 +3,7 @@ package main
- import (
- 	"fmt"
- 	"os"
-+	"os/exec"
- 
- 	"github.com/Sirupsen/logrus"
- 	"github.com/opencontainers/runtime-spec/specs-go"
-@@ -18,6 +19,23 @@ func fatal(err error) {
- 	os.Exit(1)
- }
- 
-+func addNVIDIAHook(context *cli.Context, spec *specs.Spec) error {
-+	path, err := exec.LookPath("nvidia-container-runtime-hook")
-+	if err != nil {
-+		return err
-+	}
-+	args := []string{path}
-+	if context.GlobalBool("debug") {
-+		args = append(args, "-debug")
-+	}
-+	spec.Hooks.Prestart = append(spec.Hooks.Prestart, specs.Hook{
-+		Path: path,
-+		Args: append(args, "prestart"),
-+	})
-+
-+	return nil
-+}
-+
- // setupSpec performs initial setup based on the cli.Context for the container
- func setupSpec(context *cli.Context) (*specs.Spec, error) {
- 	bundle := context.String("bundle")
-@@ -30,6 +48,11 @@ func setupSpec(context *cli.Context) (*specs.Spec, error) {
- 	if err != nil {
- 		return nil, err
- 	}
-+
-+	if err = addNVIDIAHook(context, spec); err != nil {
-+		return nil, err
-+	}
-+
- 	notifySocket := os.Getenv("NOTIFY_SOCKET")
- 	if notifySocket != "" {
- 		setupSdNotify(spec, notifySocket)
-- 
-2.7.4
-
--- a/runtime/runc/9f9c96235cc97674e935002fc3d78361b696a69e
+++ b/runtime/runc/9f9c96235cc97674e935002fc3d78361b696a69e
-b2567b37d7b75eb4cf325b77297b140ea686ce8f
\ No newline at end of file
--- a/runtime/runc/b2567b37d7b75eb4cf325b77297b140ea686ce8f
+++ b/runtime/runc/b2567b37d7b75eb4cf325b77297b140ea686ce8f
-3f2f8b84a77f73d38244dd690525642a72156c64
\ No newline at end of file