# # Attempt to package nvidia-container-runtime in Fedora # # https://github.com/NVIDIA/nvidia-container-toolkit %bcond_without check %global __golang_extldflags -Wl,-z,lazy -Wl,--export-dynamic %global goipath github.com/NVIDIA/nvidia-container-toolkit %global tag v1.15.0 %global dgx_selinux_commit b988ea65e7b43009a705eb5e5d7e94048f916734 %global selinuxtype targeted %global container_selinux_v 2.213 %gometa -L -f %global _docdir_fmt %{name} %global golicenses LICENSE %global godocs README.md DEVELOPMENT.md CONTRIBUTING.md %global common_description %{expand: The NVIDIA Container Toolkit allows users to build and run GPU accelerated containers. The toolkit includes a container runtime library and utilities to automatically configure containers to leverage NVIDIA GPUs. } Name: nvidia-container-toolkit Version: 1.15.0 Release: %autorelease Summary: NVIDIA Container Toolkit License: Apache-2.0 URL: %{gourl} Source0: %{gosource} Source1: https://github.com/NVIDIA/dgx-selinux/archive/%{dgx_selinux_commit}/dgx-selinux-%{dgx_selinux_commit}.tar.gz Source2: nvidia-container-toolkit-selinux.README.txt Recommends: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype}) BuildRequires: selinux-policy-devel, container-selinux >= %{container_selinux_v} %description %wordwrap -v common_description %package operator-extensions Summary: NVIDIA Container Toolkit Operator Extensions License: Apache-2.0 Requires: %{name} = %{version}-%{release} %description operator-extensions %wordwrap -v common_description Provides tools for using the NVIDIA Container Toolkit with the GPU Operator %package selinux Summary: NVIDIA Container Toolkit SELinux Policy License: MIT Requires: %{name} = %{version}-%{release} BuildArch: noarch Requires: selinux-policy Requires: (container-selinux >= %{container_selinux_v} if selinux-policy-%{selinuxtype}) Requires(post): policycoreutils Requires(postun): policycoreutils %description selinux %wordwrap -v common_description SELinux policy to enable the toolkit to use the GPU. This package enables container_use_devices policy boolean and disables the boolean after removal. Defines nvidia_container_t to be added for containers needing access to the GPU in a more restrictive way than the default enabling of container_use_devices boolean. %gopkg %prep %goprep tar xf %{SOURCE1} %autopatch -p1 %generate_buildrequires %go_generate_buildrequires %build for cmd in cmd/* ; do %gobuild -o %{gobuilddir}/bin/$(basename $cmd) %{goipath}/$cmd done pushd dgx-selinux-%{dgx_selinux_commit}/src/nvidia-container-selinux make nvidia-container.pp popd %install install -m 0755 -vd %{buildroot}%{_bindir} install -m 0755 -vp %{gobuilddir}/bin/nvidia-* %{buildroot}%{_bindir}/ install -m 0644 %{SOURCE2} . install -m 0644 dgx-selinux-%{dgx_selinux_commit}/LICENSE LICENSE-dgx-selinux install -m 0644 dgx-selinux-%{dgx_selinux_commit}/src/nvidia-container-selinux/README.md dgx-selinux-README.md pushd dgx-selinux-%{dgx_selinux_commit}/src/nvidia-container-selinux install -m 0755 -vd %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/ install -m 0644 -t %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype} nvidia-container.pp popd install -m 0755 -vd %{buildroot}%{_sysconfdir}/cdi %gopkginstall %if %{with check} %check %gocheck %endif %post selinux if [ $1 -eq 1 ]; then if grep -q '0 0' /sys/fs/selinux/booleans/container_use_devices; then install -m 0755 -vd %{_localstatedir}/lib/rpm-state/%{name}/ touch %{_localstatedir}/lib/rpm-state/%{name}/managed-selinux-bool setsebool -P container_use_devices 1 fi fi %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/nvidia-container.pp %postun selinux if [ $1 -eq 0 ]; then if [ -f %{_localstatedir}/lib/rpm-state/%{name}/managed-selinux-bool ]; then setsebool -P container_use_devices 0 rm -f %{_localstatedir}/lib/rpm-state/%{name}/managed-selinux-bool rmdir %{_localstatedir}/lib/rpm-state/%{name}/ fi %selinux_modules_uninstall -s %{selinuxtype} nvidia-container fi %files %dir %{_sysconfdir}/cdi %{_bindir}/nvidia-ctk %{_bindir}/nvidia-container-runtime %{_bindir}/nvidia-container-runtime-hook %gopkgfiles %files operator-extensions %license LICENSE %{_bindir}/nvidia-container-runtime.cdi %{_bindir}/nvidia-container-runtime.legacy %files selinux %license LICENSE-dgx-selinux %doc nvidia-container-toolkit-selinux.README.txt dgx-selinux-README.md %{_datadir}/selinux/packages/%{selinuxtype}/nvidia-container.pp %changelog %autochangelog