From 014d687c353fa838e1c7227e5085788dfdf6537b Mon Sep 17 00:00:00 2001
From: Benjamin Sherman <benjamin@holyarmy.org>
Date: Thu, 5 Oct 2023 00:54:09 -0500
Subject: [PATCH] feat: update to new repo for nvidia-container-toolkit (#6)

This enables us to get a newer nvidia container toolkit version 1.14
which now provides root and rootless podman modes without configuration
files, plus CDI.

Added some links to docs.
---
 Containerfile                                 |  4 +--
 README.md                                     |  4 ++-
 build-kmod-nvidia.sh                          |  2 --
 build-ublue-nvidia.sh                         |  8 +++--
 .../config-rootless.toml                      | 34 -------------------
 ublue-os-ucore-nvidia.spec                    | 27 +++++++--------
 6 files changed, 22 insertions(+), 57 deletions(-)
 delete mode 100644 files/etc/nvidia-container-runtime/config-rootless.toml

diff --git a/Containerfile b/Containerfile
index 05e0681..7d3365b 100644
--- a/Containerfile
+++ b/Containerfile
@@ -8,15 +8,13 @@ ARG COREOS_VERSION="${COREOS_VERSION:-stable}"
 
 COPY build*.sh /tmp
 COPY certs /tmp/certs
-ADD files/etc/nvidia-container-runtime/config-rootless.toml \
-    /tmp/ublue-os-ucore-nvidia/rpmbuild/SOURCES/config-rootless.toml
 ADD ublue-os-ucore-nvidia.spec \
     /tmp/ublue-os-ucore-nvidia/ublue-os-ucore-nvidia.spec
 
 RUN /tmp/build-prep.sh
 
-RUN /tmp/build-kmod-nvidia.sh
 RUN /tmp/build-ublue-nvidia.sh
+RUN /tmp/build-kmod-nvidia.sh
 RUN /tmp/build-kmod-zfs.sh
 
 RUN for RPM in $(find /var/cache/akmods/ -type f -name \*.rpm); do \
diff --git a/README.md b/README.md
index d0f15e8..ef6ab8a 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,9 @@ A layer for adding extra kernel modules to your Fedora CoreOS image.
 Feel free to PR more kmod build scripts into this repo!
 
 - [nvidia](https://negativo17.org/nvidia-driver) - latest driver (currently version 535) built from negativo17's akmod package
-- ublue-os-ucore-nvidia - RPM with nvidia container runtime repo and selinux policy
+- ublue-os-ucore-nvidia - RPM with nvidia container toolkit repo and selinux policy
+    - [nvidia container selinux policy](https://github.com/NVIDIA/dgx-selinux/tree/master/src/nvidia-container-selinux) - uses RHEL9 policy as the closest match
+    - [nvidia-container-tookkit repo](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html#installing-with-yum-or-dnf) - version 1.14.2 (and newer) provide CDI for podman use of nvidia gpus
 - [zfs](https://github.com/openzfs/zfs) - OpenZFS advanced file system and volume manager
 
 
diff --git a/build-kmod-nvidia.sh b/build-kmod-nvidia.sh
index cb66761..7c4c0f2 100755
--- a/build-kmod-nvidia.sh
+++ b/build-kmod-nvidia.sh
@@ -30,8 +30,6 @@ KERNEL_VERSION=${KERNEL_VERSION}
 RELEASE=${RELEASE}
 NVIDIA_AKMOD_VERSION=${NVIDIA_AKMOD_VERSION}
 EOF
-#NVIDIA_FULL_VERSION=${NVIDIA_FULL_VERSION}
-#NVIDIA_LIB_VERSION=${NVIDIA_LIB_VERSION}
 
 mv /var/cache/akmods/nvidia/*.rpm \
    /var/cache/rpms/kmods/nvidia/
diff --git a/build-ublue-nvidia.sh b/build-ublue-nvidia.sh
index 0b1274d..b6827fc 100755
--- a/build-ublue-nvidia.sh
+++ b/build-ublue-nvidia.sh
@@ -6,9 +6,11 @@ set -oeux pipefail
 
 #install -D /etc/pki/akmods/certs/public_key.der /tmp/ublue-os-ucore-nvidia/rpmbuild/SOURCES/public_key.der
 
-curl -L https://nvidia.github.io/nvidia-docker/rhel9.0/nvidia-docker.repo \
-    -o /tmp/ublue-os-ucore-nvidia/rpmbuild/SOURCES/nvidia-container-runtime.repo 
-sed -i "s@gpgcheck=0@gpgcheck=1@" /tmp/ublue-os-ucore-nvidia/rpmbuild/SOURCES/nvidia-container-runtime.repo
+mkdir -p /tmp/ublue-os-ucore-nvidia/rpmbuild/SOURCES/
+
+curl -L https://nvidia.github.io/libnvidia-container/stable/rpm/nvidia-container-toolkit.repo \
+    -o /tmp/ublue-os-ucore-nvidia/rpmbuild/SOURCES/nvidia-container-toolkit.repo
+sed -i "s@gpgcheck=0@gpgcheck=1@" /tmp/ublue-os-ucore-nvidia/rpmbuild/SOURCES/nvidia-container-toolkit.repo
 
 curl -L https://raw.githubusercontent.com/NVIDIA/dgx-selinux/master/bin/RHEL9/nvidia-container.pp \
     -o /tmp/ublue-os-ucore-nvidia/rpmbuild/SOURCES/nvidia-container.pp
diff --git a/files/etc/nvidia-container-runtime/config-rootless.toml b/files/etc/nvidia-container-runtime/config-rootless.toml
deleted file mode 100644
index 4b796e5..0000000
--- a/files/etc/nvidia-container-runtime/config-rootless.toml
+++ /dev/null
@@ -1,34 +0,0 @@
-disable-require = false
-#swarm-resource = "DOCKER_RESOURCE_GPU"
-#accept-nvidia-visible-devices-envvar-when-unprivileged = true
-#accept-nvidia-visible-devices-as-volume-mounts = false
-
-[nvidia-container-cli]
-#root = "/run/nvidia/driver"
-#path = "/usr/bin/nvidia-container-cli"
-environment = []
-#debug = "/var/log/nvidia-container-toolkit.log"
-#ldcache = "/etc/ld.so.cache"
-load-kmods = true
-#no-cgroups = false
-no-cgroups = true
-#user = "root:video"
-ldconfig = "@/sbin/ldconfig"
-
-[nvidia-container-runtime]
-#debug = "/var/log/nvidia-container-runtime.log"
-debug = "~/.local/nvidia-container-runtime.log"
-log-level = "info"
-
-# Specify the runtimes to consider. This list is processed in order and the PATH
-# searched for matching executables unless the entry is an absolute path.
-runtimes = [
-    "docker-runc",
-    "runc",
-]
-
-mode = "auto"
-
-    [nvidia-container-runtime.modes.csv]
-
-    mount-spec-path = "/etc/nvidia-container-runtime/host-files-for-container.d"
diff --git a/ublue-os-ucore-nvidia.spec b/ublue-os-ucore-nvidia.spec
index b3a5f13..5ac290e 100644
--- a/ublue-os-ucore-nvidia.spec
+++ b/ublue-os-ucore-nvidia.spec
@@ -1,5 +1,5 @@
 Name:           ublue-os-ucore-nvidia
-Version:        0.1
+Version:        0.2
 Release:        1%{?dist}
 Summary:        Additional files for nvidia driver support on CoreOS
 
@@ -9,9 +9,8 @@ URL:            https://github.com/ublue-os/ucore-kmods
 BuildArch:      noarch
 Supplements:    mokutil policycoreutils
 
-Source0:        nvidia-container-runtime.repo
-Source1:        config-rootless.toml
-Source2:        nvidia-container.pp
+Source0:        nvidia-container-toolkit.repo
+Source1:        nvidia-container.pp
 
 %description
 Adds various runtime files for nvidia support on Fedora CoreOS.
@@ -21,25 +20,25 @@ Adds various runtime files for nvidia support on Fedora CoreOS.
 
 
 %build
-install -Dm0644 %{SOURCE0} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-runtime.repo
-install -Dm0644 %{SOURCE1} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/nvidia-container-runtime/config-rootless.toml
-install -Dm0644 %{SOURCE2} %{buildroot}%{_datadir}/ublue-os/%{_datadir}/selinux/packages/nvidia-container.pp
+install -Dm0644 %{SOURCE0} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo
+install -Dm0644 %{SOURCE1} %{buildroot}%{_datadir}/ublue-os/%{_datadir}/selinux/packages/nvidia-container.pp
 
-sed -i 's@enabled=1@enabled=0@g' %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-runtime.repo
+sed -i 's@enabled=1@enabled=0@g' %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo
 
-install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-runtime.repo     %{buildroot}%{_sysconfdir}/yum.repos.d/nvidia-container-runtime.repo
-install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/nvidia-container-runtime/config-rootless.toml %{buildroot}%{_sysconfdir}/nvidia-container-runtime/config-rootless.toml
+install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo     %{buildroot}%{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo
 install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_datadir}/selinux/packages/nvidia-container.pp             %{buildroot}%{_datadir}/selinux/packages/nvidia-container.pp
 
 %files
-%attr(0644,root,root) %{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-runtime.repo
-%attr(0644,root,root) %{_datadir}/ublue-os/%{_sysconfdir}/nvidia-container-runtime/config-rootless.toml
+%attr(0644,root,root) %{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo
 %attr(0644,root,root) %{_datadir}/ublue-os/%{_datadir}/selinux/packages/nvidia-container.pp
-%attr(0644,root,root) %{_sysconfdir}/yum.repos.d/nvidia-container-runtime.repo
-%attr(0644,root,root) %{_sysconfdir}/nvidia-container-runtime/config-rootless.toml
+%attr(0644,root,root) %{_sysconfdir}/yum.repos.d/nvidia-container-toolkit.repo
 %attr(0644,root,root) %{_datadir}/selinux/packages/nvidia-container.pp
 
 %changelog
+* Wed Oct 04 2023 Benjamin Sherman <benjamin@holyarmy.org> - 0.2
+- use newer nvidia-container-toolkit repo
+- repo provides newer toolkit, no longer requires config.toml
+
 * Sat Aug 19 2023 Benjamin Sherman <benjamin@holyarmy.org> - 0.1
 First release for Fedora CoreOS based on ublue-os-nvidia-addons includes:
 - nvidia-container-runtime repo