feat: Add container runtime config files into general add-ons package

ublue-os · Feb 16, 2023 · aee628a · aee628a
1 parent c1b7334
commit aee628a
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 43 deletions.
diff --git a/Containerfile b/Containerfile
@@ -43,14 +43,19 @@ RUN NVIDIA_PACKAGE_NAME="$(cat /tmp/nvidia-package-name.txt)" \
     || \
         (cat /var/cache/akmods/${NVIDIA_PACKAGE_NAME}/${NVIDIA_VERSION}-for-${KERNEL_VERSION}.failed.log && exit 1)
 
-ADD akmods-nvidia-key.spec /tmp/akmods-nvidia-key/akmods-nvidia-key.spec
+ADD ublue-os-nvidia-addons.spec /tmp/ublue-os-nvidia-addons/ublue-os-nvidia-addons.spec
 
-RUN install -D /etc/pki/akmods/certs/public_key.der /tmp/akmods-nvidia-key/rpmbuild/SOURCES/public_key.der
+ADD https://nvidia.github.io/nvidia-docker/rhel9.0/nvidia-docker.repo \
+    /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/nvidia-container-runtime.repo
+ADD https://raw.githubusercontent.com/NVIDIA/dgx-selinux/master/bin/RHEL9/nvidia-container.pp \
+    /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/nvidia-container.pp
+
+RUN install -D /etc/pki/akmods/certs/public_key.der /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/public_key.der
 
 RUN rpmbuild -ba \
-    --define '_topdir /tmp/akmods-nvidia-key/rpmbuild' \
+    --define '_topdir /tmp/ublue-os-nvidia-addons/rpmbuild' \
     --define '%_tmppath %{_topdir}/tmp' \
-    /tmp/akmods-nvidia-key/akmods-nvidia-key.spec
+    /tmp/ublue-os-nvidia-addons/ublue-os-nvidia-addons.spec
 
 
 RUN cp /tmp/nvidia-package-name.txt /var/cache/akmods/nvidia-package-name.txt
@@ -61,13 +66,9 @@ RUN rpm -q "xorg-x11-drv-$(cat /tmp/nvidia-package-name.txt)" \
 FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION}
 
 COPY --from=builder /var/cache/akmods      /tmp/akmods
-COPY --from=builder /tmp/akmods-nvidia-key /tmp/akmods-nvidia-key
-
-ADD https://nvidia.github.io/nvidia-docker/rhel9.0/nvidia-docker.repo /etc/yum.repos.d/nvidia-container-runtime.repo
-ADD https://raw.githubusercontent.com/NVIDIA/dgx-selinux/master/bin/RHEL9/nvidia-container.pp /tmp/nvidia-container.pp
+COPY --from=builder /tmp/ublue-os-nvidia-addons /tmp/ublue-os-nvidia-addons
 
-RUN sed -i "s@gpgcheck=0@gpgcheck=1@" /etc/yum.repos.d/nvidia-container-runtime.repo && \
-    sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/fedora-{cisco-openh264,modular,updates-modular}.repo
+RUN sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/fedora-{cisco-openh264,modular,updates-modular}.repo
 
 RUN KERNEL_VERSION="$(rpm -q kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')" \
     NVIDIA_FULL_VERSION="$(cat /tmp/akmods/nvidia-full-version.txt)" \
@@ -76,16 +77,16 @@ RUN KERNEL_VERSION="$(rpm -q kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}
         rpm-ostree install \
             https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
             https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm \
+            /tmp/ublue-os-nvidia-addons/rpmbuild/RPMS/noarch/ublue-os-nvidia-addons-*.rpm \
     && \
         sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/rpmfusion-free{,-updates}.repo \
     && \
         rpm-ostree install \
             xorg-x11-drv-${NVIDIA_PACKAGE_NAME}-{,cuda-,devel-,kmodsrc-,power-}${NVIDIA_FULL_VERSION} \
             kernel-devel-${KERNEL_VERSION} nvidia-container-toolkit \
             "/tmp/akmods/${NVIDIA_PACKAGE_NAME}/kmod-${NVIDIA_PACKAGE_NAME}-${KERNEL_VERSION}-${NVIDIA_FULL_VERSION#*:}.rpm" \
-            /tmp/akmods-nvidia-key/rpmbuild/RPMS/noarch/akmods-nvidia-key-*.rpm \
     && \
-        semodule --verbose --install /tmp/nvidia-container.pp \
+        semodule --verbose --install /usr/share/selinux/packages/nvidia-container.pp \
     && \
         sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/{nvidia-container-runtime,rpmfusion-nonfree{,-updates}}.repo \
     && \

diff --git a/akmods-nvidia-key.spec b/akmods-nvidia-key.spec
diff --git a/ublue-os-nvidia-addons.spec b/ublue-os-nvidia-addons.spec
@@ -0,0 +1,44 @@
+Name:           ublue-os-nvidia-addons
+Version:        0.1
+Release:        1%{?dist}
+Summary:        Additional files for nvidia driver support
+
+License:        MIT
+URL:            https://github.com/ublue-os/nvidia
+
+BuildArch:      noarch
+Supplements:    mokutil policycoreutils
+
+Source0:        public_key.der
+Source1:        nvidia-container-runtime.repo
+Source2:        nvidia-container.pp
+
+%description
+Adds various runtime files for nvidia support. These include a key for importing with mokutil to enable secure boot for nvidia kernel modules
+
+%prep
+%setup -q -c -T
+
+
+%install
+# Have different name for *.der in case kmodgenca is needed for creating more keys
+install -Dm0644 %{SOURCE0} %{buildroot}%{_sysconfdir}/pki/akmods/certs/akmods-nvidia.der
+install -Dm0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/yum.repos.d/nvidia-container-runtime.repo
+install -Dm0644 %{SOURCE2} %{buildroot}%{_datadir}/selinux/packages/nvidia-container.pp
+
+sed -i "s@gpgcheck=0@gpgcheck=1@" %{buildroot}%{_sysconfdir}/yum.repos.d/nvidia-container-runtime.repo
+
+%files
+%attr(0644,root,root) %{_sysconfdir}/pki/akmods/certs/akmods-nvidia.der
+%attr(0644,root,root) %{_sysconfdir}/yum.repos.d/nvidia-container-runtime.repo
+%attr(0644,root,root) %{_datadir}/selinux/packages/nvidia-container.pp
+
+%changelog
+* Thu Feb 16 2023 Joshua Stone <[email protected]> - 0.2
+- Add nvidia-container-runtime repo
+- Add nvidia-container-runtime selinux policy file
+- Re-purpose into a general-purpose add-on package
+- Update URL to point to ublue-os project
+
+* Fri Feb 03 2023 Joshua Stone <[email protected]> - 0.1
+- Add key for enrolling kernel modules in alpha builds