From 879a604234f82a21d6072478737d7f9e21e94c63 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 24 Aug 2023 22:27:25 -0500 Subject: [PATCH 1/4] feat: switch to akmods repo provided nvidia kmod This removes the akmod build process for nvidia drivers and the build of ublue-os-nvidia-addons from this repo, and instead installs said RPMs which are now built in the ublue-os/akmods repo. --- .github/workflows/build.yml | 169 ------------------ Containerfile | 20 +++ build.Containerfile | 39 ---- build.sh | 62 ------- certs/private_key.priv | 0 certs/private_key.priv.test | 28 --- certs/public_key.der | Bin 1528 -> 0 bytes certs/public_key.der.test | Bin 875 -> 0 bytes .../config-rootless.toml | 34 ---- files/etc/sway/environment | 27 --- generate-akmods-key | 26 --- install.Containerfile | 21 --- install.sh | 11 +- post-install.sh | 2 + ublue-os-nvidia-addons.spec | 78 -------- 15 files changed, 26 insertions(+), 491 deletions(-) create mode 100644 Containerfile delete mode 100644 build.Containerfile delete mode 100755 build.sh delete mode 100644 certs/private_key.priv delete mode 100644 certs/private_key.priv.test delete mode 100755 certs/public_key.der delete mode 100644 certs/public_key.der.test delete mode 100644 files/etc/nvidia-container-runtime/config-rootless.toml delete mode 100644 files/etc/sway/environment delete mode 100755 generate-akmods-key delete mode 100644 install.Containerfile delete mode 100644 ublue-os-nvidia-addons.spec diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d7a9e5a..e5b8327 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,163 +9,8 @@ env: IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} jobs: - build-akmods: - name: Build akmods package - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: write - id-token: write - strategy: - fail-fast: false - matrix: - major_version: [37, 38] - driver_version: [470, 535] - exclude: - - driver_version: 530 - major_version: 38 - - driver_version: 530 - major_version: 37 - steps: - # Checkout push-to-registry action GitHub repository - - name: Checkout Push to Registry action - uses: actions/checkout@v3 - - - name: Matrix Variables - run: | - REPO=${{ github.repository }} - echo "IMAGE_NAME=akmods-${REPO##*/}" >> $GITHUB_ENV - - name: Generate tags - id: generate-tags - shell: bash - run: | - # Generate a timestamp for creating an image version history - TIMESTAMP="$(date +%Y%m%d)" - VARIANT="${{ matrix.major_version }}-${{ matrix.driver_version }}" - - COMMIT_TAGS=() - BUILD_TAGS=() - - # Have tags for tracking builds during pull request - SHA_SHORT="${GITHUB_SHA::7}" - COMMIT_TAGS+=("pr-${{ github.event.number }}-${VARIANT}") - COMMIT_TAGS+=("${SHA_SHORT}-${VARIANT}") - - BUILD_TAGS=("${VARIANT}" "${VARIANT}-${TIMESTAMP}") - - if [[ "${{ github.event_name }}" == "pull_request" ]]; then - echo "Generated the following commit tags: " - for TAG in "${COMMIT_TAGS[@]}"; do - echo "${TAG}" - done - - alias_tags=("${COMMIT_TAGS[@]}") - else - alias_tags=("${BUILD_TAGS[@]}") - fi - - echo "Generated the following build tags: " - for TAG in "${BUILD_TAGS[@]}"; do - echo "${TAG}" - done - - echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT - - - name: Retrieve akmods signing key - run: | - mkdir -p certs - if [[ "${{ github.event_name }}" == "pull_request" ]]; then - echo "Using test signing key" - else - echo "${{ secrets.AKMOD_PRIVKEY_20230518 }}" > certs/private_key.priv - fi - # DEBUG: get character count of key - wc -c certs/private_key.priv - - # Build metadata - - name: Image Metadata - uses: docker/metadata-action@v4 - id: meta - with: - images: | - ${{ env.IMAGE_NAME }} - labels: | - org.opencontainers.image.title=${{ env.IMAGE_NAME }} - org.opencontainers.image.description=ublue-os ${{ env.IMAGE_NAME }} with akmods-nvidia packages pre-built - io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md - io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/1728152?s=200&v=4 - - # Build image using Buildah action - - name: Build Image - id: build_image - uses: redhat-actions/buildah-build@v2 - with: - containerfiles: | - ./build.Containerfile - image: ${{ env.IMAGE_NAME }} - tags: | - ${{ steps.generate-tags.outputs.alias_tags }} - build-args: | - IMAGE_NAME=base - FEDORA_MAJOR_VERSION=${{ matrix.major_version }} - NVIDIA_MAJOR_VERSION=${{ matrix.driver_version }} - labels: ${{ steps.meta.outputs.labels }} - oci: false - - # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. - # https://github.com/macbre/push-to-ghcr/issues/12 - - name: Lowercase Registry - id: registry_case - uses: ASzc/change-string-case-action@v5 - with: - string: ${{ env.IMAGE_REGISTRY }} - - # Push the image to GHCR (Image Registry) - - name: Push To GHCR - uses: redhat-actions/push-to-registry@v2 - if: github.event_name != 'pull_request' - id: push - env: - REGISTRY_USER: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ github.token }} - with: - image: ${{ steps.build_image.outputs.image }} - tags: ${{ steps.build_image.outputs.tags }} - registry: ${{ steps.registry_case.outputs.lowercase }} - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} - extra-args: | - --disable-content-trust - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - if: github.event_name != 'pull_request' - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Sign container - - uses: sigstore/cosign-installer@v3.1.1 - if: github.event_name != 'pull_request' - - - name: Sign container image - if: github.event_name != 'pull_request' - run: | - cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS} - env: - TAGS: ${{ steps.push.outputs.digest }} - COSIGN_EXPERIMENTAL: false - COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} - - - name: Echo outputs - if: github.event_name != 'pull_request' - run: | - echo "${{ toJSON(steps.push.outputs) }}" - push-ghcr: name: Build and push image - needs: build-akmods runs-on: ubuntu-22.04 permissions: contents: read @@ -253,10 +98,8 @@ jobs: done alias_tags=("${COMMIT_TAGS[@]}") - echo "AKMODS_VERSION=pr-${{ github.event.number }}-${{ matrix.major_version }}" >> $GITHUB_ENV else alias_tags=("${BUILD_TAGS[@]}") - echo "AKMODS_VERSION=${{ matrix.major_version }}" >> $GITHUB_ENV fi echo "Generated the following build tags: " @@ -266,17 +109,6 @@ jobs: echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT - - name: Retrieve akmods signing key - run: | - mkdir -p certs - if [[ "${{ github.event_name }}" == "pull_request" ]]; then - echo "Using test signing key" - else - echo "${{ secrets.AKMOD_PRIVKEY }}" > certs/private_key.priv - fi - # DEBUG: get character count of key - wc -c certs/private_key.priv - - name: Get current version id: labels run: | @@ -309,7 +141,6 @@ jobs: ${{ steps.generate-tags.outputs.alias_tags }} build-args: | IMAGE_NAME=${{ matrix.image_name }} - AKMODS_VERSION=${{ env.AKMODS_VERSION }} FEDORA_MAJOR_VERSION=${{ matrix.major_version }} NVIDIA_MAJOR_VERSION=${{ matrix.driver_version }} labels: ${{ steps.meta.outputs.labels }} diff --git a/Containerfile b/Containerfile new file mode 100644 index 0000000..47a9033 --- /dev/null +++ b/Containerfile @@ -0,0 +1,20 @@ +ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}" +ARG BASE_IMAGE="ghcr.io/ublue-os/${IMAGE_NAME}-main" +ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-37}" + +FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} + +ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}" +ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-37}" +ARG NVIDIA_MAJOR_VERSION="${NVIDIA_MAJOR_VERSION:-535}" + +COPY install.sh /tmp/install.sh +COPY post-install.sh /tmp/post-install.sh + +COPY --from=ghcr.io/ublue-os/akmods:${FEDORA_MAJOR_VERSION} /rpms /tmp/akmods-rpms + +RUN /tmp/install.sh +RUN /tmp/post-install.sh +RUN rm -rf /tmp/* /var/* +RUN ostree container commit +RUN mkdir -p /var/tmp && chmod -R 1777 /tmp /var/tmp diff --git a/build.Containerfile b/build.Containerfile deleted file mode 100644 index 44bb357..0000000 --- a/build.Containerfile +++ /dev/null @@ -1,39 +0,0 @@ -ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}" -ARG BASE_IMAGE="ghcr.io/ublue-os/${IMAGE_NAME}-main" -ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-38}" - -FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} AS builder - -ARG NVIDIA_MAJOR_VERSION="${NVIDIA_MAJOR_VERSION:-535}" -ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION}" - -RUN ln -s /usr/bin/rpm-ostree /usr/bin/dnf - -COPY build.sh /tmp/build.sh - -ADD certs /tmp/certs - -ADD ublue-os-nvidia-addons.spec /tmp/ublue-os-nvidia-addons/ublue-os-nvidia-addons.spec - -ADD https://nvidia.github.io/nvidia-docker/rhel9.0/nvidia-docker.repo \ - /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/nvidia-container-runtime.repo -ADD https://copr.fedorainfracloud.org/coprs/eyecantcu/supergfxctl/repo/fedora-${FEDORA_MAJOR_VERSION}/eyecantcu-supergfxctl-fedora-${FEDORA_MAJOR_VERSION}.repo \ - /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/eyecantcu-supergfxctl.repo - -ADD https://nvidia.github.io/nvidia-docker/rhel9.0/nvidia-docker.repo \ - /etc/yum.repos.d/nvidia-container-runtime.repo - -ADD files/etc/nvidia-container-runtime/config-rootless.toml \ - /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/config-rootless.toml -ADD https://raw.githubusercontent.com/NVIDIA/dgx-selinux/master/bin/RHEL9/nvidia-container.pp \ - /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/nvidia-container.pp -ADD files/etc/sway/environment /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/environment - -RUN /tmp/build.sh - -RUN rpm -ql /tmp/ublue-os-nvidia-addons/rpmbuild/RPMS/*/*.rpm - -FROM scratch - -COPY --from=builder /var/cache /var/cache -COPY --from=builder /tmp/ublue-os-nvidia-addons /tmp/ublue-os-nvidia-addons diff --git a/build.sh b/build.sh deleted file mode 100755 index 2edb38d..0000000 --- a/build.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/sh - -set -oeux pipefail - -RELEASE="$(rpm -E '%fedora.%_arch')" - -sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/fedora-{cisco-openh264,modular,updates-modular}.repo - -# nvidia 520.xxx and newer currently don't have a -$VERSIONxx suffix in their -# package names -if [[ "${NVIDIA_MAJOR_VERSION}" -ge 520 ]]; then - NVIDIA_PACKAGE_NAME="nvidia" -else - NVIDIA_PACKAGE_NAME="nvidia-${NVIDIA_MAJOR_VERSION}xx" -fi - -rpm-ostree install \ - akmod-${NVIDIA_PACKAGE_NAME}*:${NVIDIA_MAJOR_VERSION}.*.fc${RELEASE} \ - xorg-x11-drv-${NVIDIA_PACKAGE_NAME}-{,cuda,devel,kmodsrc,power}*:${NVIDIA_MAJOR_VERSION}.*.fc${RELEASE} \ - mock - -# alternatives cannot create symlinks on its own during a container build -ln -s /usr/bin/ld.bfd /etc/alternatives/ld && ln -s /etc/alternatives/ld /usr/bin/ld - -if [[ ! -s "/tmp/certs/private_key.priv" ]]; then - echo "WARNING: Using test signing key. Run './generate-akmods-key' for production builds." - cp /tmp/certs/private_key.priv{.test,} - cp /tmp/certs/public_key.der{.test,} -fi - -install -Dm644 /tmp/certs/public_key.der /etc/pki/akmods/certs/public_key.der -install -Dm644 /tmp/certs/private_key.priv /etc/pki/akmods/private/private_key.priv - -# Either successfully build and install the kernel modules, or fail early with debug output -KERNEL_VERSION="$(rpm -q kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')" -NVIDIA_AKMOD_VERSION="$(basename "$(rpm -q "akmod-${NVIDIA_PACKAGE_NAME}" --queryformat '%{VERSION}-%{RELEASE}')" ".fc${RELEASE%%.*}")" -NVIDIA_LIB_VERSION="$(basename "$(rpm -q "xorg-x11-drv-${NVIDIA_PACKAGE_NAME}" --queryformat '%{VERSION}-%{RELEASE}')" ".fc${RELEASE%%.*}")" -NVIDIA_FULL_VERSION="$(rpm -q "xorg-x11-drv-${NVIDIA_PACKAGE_NAME}" --queryformat '%{EPOCH}:%{VERSION}-%{RELEASE}.%{ARCH}')" - -akmods --force --kernels "${KERNEL_VERSION}" --kmod "${NVIDIA_PACKAGE_NAME}" - -modinfo /usr/lib/modules/${KERNEL_VERSION}/extra/${NVIDIA_PACKAGE_NAME}/nvidia{,-drm,-modeset,-peermem,-uvm}.ko.xz > /dev/null || \ -(cat /var/cache/akmods/${NVIDIA_PACKAGE_NAME}/${NVIDIA_AKMOD_VERSION}-for-${KERNEL_VERSION}.failed.log && exit 1) - -sed -i "s@gpgcheck=0@gpgcheck=1@" /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/nvidia-container-runtime.repo - -install -D /etc/pki/akmods/certs/public_key.der /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/public_key.der - -rpmbuild -ba \ - --define '_topdir /tmp/ublue-os-nvidia-addons/rpmbuild' \ - --define '%_tmppath %{_topdir}/tmp' \ - /tmp/ublue-os-nvidia-addons/ublue-os-nvidia-addons.spec - -cat < /var/cache/akmods/nvidia-vars -KERNEL_VERSION=${KERNEL_VERSION} -RELEASE=${RELEASE} -NVIDIA_PACKAGE_NAME=${NVIDIA_PACKAGE_NAME} -NVIDIA_MAJOR_VERSION=${NVIDIA_MAJOR_VERSION} -NVIDIA_FULL_VERSION=${NVIDIA_FULL_VERSION} -NVIDIA_AKMOD_VERSION=${NVIDIA_AKMOD_VERSION} -NVIDIA_LIB_VERSION=${NVIDIA_LIB_VERSION} -EOF diff --git a/certs/private_key.priv b/certs/private_key.priv deleted file mode 100644 index e69de29..0000000 diff --git a/certs/private_key.priv.test b/certs/private_key.priv.test deleted file mode 100644 index 5e2efda..0000000 --- a/certs/private_key.priv.test +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDMaUcd1e4fYogO -N/cYZc22xmzsAetfhgVLvHNkKb/mNHywkGK4T7vPwvpQCxFGUufmRxYlGJra/QCn -WjYd4/thBWoU/K7RBcLJJpuHFBODls5eBdXGXXpeTYmRKqcT6qBEJf4p21N2BqMz -Mmh242TUKFOJ3rWWKXxWb8peNC+aMfIMKICLYSQvoonjHQm1ShMjkgTiOZQIaVLB -zjfNewdaNCHOMh49xQrQxquTXJuNU6Y7LvPGSIdxShwotGi/E+Z3Y4kvUCapo0os -wjhXXbhuj/XTH7gF+15mvHD9k1RPyVACLgmLyzM9LSOr80/rslj0nQf1KF8jW+bq -tze3bZ17AgMBAAECggEABG8GJV4GB7U96T0KhYNzxlKgezABeHVyOPXR9Oq46Ffc -GoJPOds04ilC/6h1y/YxZHvHPa++cCCLupWI1fYjdjPFXMYsTolW88D8H55uW+zR -9hUfUWmmpVP+N2Fa9WIh7sh6LlM9CLLVKF+gB3AgOD/VrAhiHOsycLeFBq0QGUKR -IkG7pKrF7CX1oal9WOnPo0r2oNUdP4yYCyEa7e7APTUwGbuihtixdnrYyiwEmpp0 -rfZPfBgh+3ACqeUO12gIdtjd85/3UsQ2kLt9/9m2q7Fa6aEcYQVz6nznLKuY4EVm -zoYzAXfC2KsGol2V6eNY4MNBuvzY4DDJnpyjzicOEQKBgQDX4vd+t7ygUyZmGu6V -CsF6uDSRHvHYJvJp2fR5spz6eRj7WXMkCTnyjzpDkMvbxtvjlEBntixlQicXsytW -u2oayYPHl7ppGIEddcKlHsWUFqsAOATkQy3Bs5DCfzliELApGv5zoXJJC/A/iaiD -GXVDJ0+FdSldetpMGw//rItoqwKBgQDyZHcrt0sVY6oxW2JpEVZXNSOoNMjBQQgL -+7lQyFpfXl9wfOXUkcqFc0m5UWPbTrI9OBZbXYcvI1eV/Xbtu3gdGiOv2sYauO1Z -HgAS2B3yNGllzj8dNucELFCSNLwthTGhYO03bWflV7XbsG9O8SrZF2LaEglL2V8m -wqPP5aE+cQKBgQCu7kp9c4R0pOvIcKpCOqTsO7bcoKZ275geDW377q8khlunz6Ns -380EruoXNYz6WPh0P/ywDP2MTz4+BgBoFxSy//a4FEoIPsLgjDtccMLIbFXDp6DP -FWBORKJX958Xx033ANiN+ZQRfIr/8RuKn2ZVM9VL3tPV22ZnpMYh9j5AYQKBgF36 -+gGnJaN7aweMCRH3uORDJDoZjSTw0+/hf66EoBWN/68bnfjXNhCb7J+/oNntH0qB -LpnqH3n1WAY9qhjusNmHwwJx7pF51fzRlvG3fZTlIWBpoSrwmI2TqQGnFLcJh36s -mAz/jGLtqQMu21leRGC7ooYurBAOjcf3e5Al1mjhAoGAT0L02oGzce1vbwfqHCRK -PexrY8GvNU6/Bml70P9n6FX3jQwt6Dhh1JkZZofv+wJWjOj4zV/Z0tj1uB1Ax9nR -Z+87Pu7iYuNaYFGT9s76q+sbQtiUu5Gwlg6CyRSwbKdL15UBWf+Bt22Tp3NfbEoh -OevJKeniH2GYy+ME5XxXb14= ------END PRIVATE KEY----- diff --git a/certs/public_key.der b/certs/public_key.der deleted file mode 100755 index 98507ab7602836a1866c07b492516cde8894cfd3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1528 zcmXqLV*O&!#C&G~GZP~dlZbep&9kCgDcioN>laV@x+LG`T$`BzFB_*;n@8JsUPeZ4 zRtAH{DTd+(qHN5eEL=Q%p?R5QsYS(!ISNiWrKyJeK*c}_ZXUM8?A-j6VnbB}Ww>rm zMlrFh{G#+!z2wB=lA?Tv^xVYE9KGcHTti+1Zje599u~j+yi^#M1Ipz#-~`FC2{T1R z7>XH)fH=%NyroG%D-|FXDHzC!^BNf&m>OCb85mm{nnj888iTl|Q0`!Lb`z5lasV^3 zGB7tW@iQ1SF>x_9F)=b6ZfBq3>H25+!fx^JvG*KSF)aHi-L^$5c=h@%mzzK4u6&>A zy6^TP=1xzu0TPUFpRK!R=4CJZuPK zyc^SWOhD+W?AFER^H-$@Y4oz6Pu=S%c75MR0i{zS)3%=#Q%K&scZaR{uAG8K$_AlCG|di;w=E zy4&5$J7$E-EPLC%Ea;haO4!CHucPKaNbzkwd&{*#(tznq;?y5Er))o{uAJgFV; z7~9qruL^8FWGC|X{Tu5ZJ3XU6Tc*BU(y~v>cG+L`^HrzMY~FLZc#U(Z(*@;%tzKK_ ztA{QA9#}24M1S`0AB8;^AMZQSb7XnciBF+E`St4q<{U_QvfPw2;8^{Ug|W%Lyk{3Y zaQLUytPmJt+|*f*o?El864Bnm$o5NfLVCf;#pYX|-a6ZNZ%ypNtMlDftq5m(K37uoyYlwT zy-I(CKTJ>N`?R$pWr_itm$=7cR<~JmM2fa@WF+n?5Da>E@huZGBLm}N8v`o?9$>PU z6=r1o&%$KD0M0M6{46ZYOzaH?vLGow7BLo)6IFMTx{qr=o_+G?2G?EY9&e%(o+GC( zU`}4}LHR+ckq$7Q977B_zw3@!kK5F9IeZDQyj(b=px`c1ke0o<( zRP9THl<9M=R#(%a`(}*+r+!)9jxB!oK>Gdk%=JIsGnq~h-JNpGAo;bT$gvRX`xEEo z$|ZWNd@1?)@uu^szv|BE33aExdp2)3GpFXO(4s{bo$PY_@9)25JAc{%Q_D~6yzit6 z!j*qq4c+uT?{f5K>rHny-I%@M@xI=;Nmbj}{JnDua-xNAKVHmsYm3l~Or@T{!(Xml z^$-n65Ze|kZ1`nieWqObKl{4F5AA|9KOd~yTPWuzx2Etb=k-<7elF+_P5HCulf&$* z=QNoNZgv>^88J=pvi$IB9k=T(`AsL5%Gr2{?KN!q(;iSQSX{@jwbNl@gXuvPg__8+ z$(4H7Po^Ht=CYV?C-7#QlAl2C^bg!pM-7eFaL%xaSLQfSIsNF&4h|uC&vkxfv9=T5 zsfjIODBkp8!cI#;)6;hDm$oz5##c<1I?nKExAE*ZCEv|Cw=6v7ETJN4dh$x+VOx{L zu-uwi>fP_E&fD(1es#^YE5}rx%g)=uHP^N#+{)tAx&GaOH6{{M>@X zyh;V1k`x04ab6>110y2?0~13tL&GQuej`JmfT58&RDdeBG%+e6JD!o1fw_s1pTVGs zk&CH`k&)p{rn~Ibck)RceCFRJQqOKXmh*=3b$lDE_nzVu&Hc|zYBo$r+Tp+Z{Gnd~ z+=6aF&!4%AsY=Yc^_O9Jl$q?~--)bQB7fFhWIc3JZFakeaPzctajaL5#a6}nc23k< zF8peNi|Rkk+redQi;ayk${wd&(FpFmw{@CkO<4Y^I1~L@hM#ye8oCoz^cQtLmgU^) zC9FJ&<&otSj?AEg=giMmvqzaIo->lOJ<4_A*y_nKvwMS=S?hg1=Fwj0C8Mz=W54jT z^5jna0JW8iy>t#)gvaj4>;HOLeh2ICxU@Y5eGhQ{kOxUCvq%_-HDFi34^kk^$oQXy)qojDAqP7!%>aX)ks+{bsl8^ybK}~Ri@OW& za345nVWaNUm0Z$s=i7pd)t_qR<+5UCUaZ{y(7L(io0Wv=)mHw#FWV06lhJH(c-skE3o%Z%Zr!CwLYJ|TKj8u#>N&Sy?=W>JD+XVJm$5? z!a+oK(^j)bbGBt_KEA=9;{L$xim<%cPA8_UyD6_@|6g3fC!Rf7Xlec2Z#T|ay9I1m znECFZ*19jw3#`~yznz@*e9gJ-ZKrhRr3l(_KfKcrqUW@V#br$|--OST5=&?OTfbNQ z%gn!Tf|tKJ^`I)?rTKpD9YrdO9y~c^s}iIa@^7lfrQ2(^AJ^-BG~v%qCX+={E&xyu BQ$+v( diff --git a/files/etc/nvidia-container-runtime/config-rootless.toml b/files/etc/nvidia-container-runtime/config-rootless.toml deleted file mode 100644 index 4b796e5..0000000 --- a/files/etc/nvidia-container-runtime/config-rootless.toml +++ /dev/null @@ -1,34 +0,0 @@ -disable-require = false -#swarm-resource = "DOCKER_RESOURCE_GPU" -#accept-nvidia-visible-devices-envvar-when-unprivileged = true -#accept-nvidia-visible-devices-as-volume-mounts = false - -[nvidia-container-cli] -#root = "/run/nvidia/driver" -#path = "/usr/bin/nvidia-container-cli" -environment = [] -#debug = "/var/log/nvidia-container-toolkit.log" -#ldcache = "/etc/ld.so.cache" -load-kmods = true -#no-cgroups = false -no-cgroups = true -#user = "root:video" -ldconfig = "@/sbin/ldconfig" - -[nvidia-container-runtime] -#debug = "/var/log/nvidia-container-runtime.log" -debug = "~/.local/nvidia-container-runtime.log" -log-level = "info" - -# Specify the runtimes to consider. This list is processed in order and the PATH -# searched for matching executables unless the entry is an absolute path. -runtimes = [ - "docker-runc", - "runc", -] - -mode = "auto" - - [nvidia-container-runtime.modes.csv] - - mount-spec-path = "/etc/nvidia-container-runtime/host-files-for-container.d" diff --git a/files/etc/sway/environment b/files/etc/sway/environment deleted file mode 100644 index 7c596ac..0000000 --- a/files/etc/sway/environment +++ /dev/null @@ -1,27 +0,0 @@ -# This file is a part of Fedora configuration for Sway and will be sourced -# from /usr/bin/start-sway script for all users of the system. -# User-specific variables should be placed in $XDG_CONFIG_HOME/sway/environment -# -# vim: set ft=sh: - -## Pass extra arguments to the /usr/bin/sway executable - -#SWAY_EXTRA_ARGS="$SWAY_EXTRA_ARGS --unsupported-gpu" -SWAY_EXTRA_ARGS="$SWAY_EXTRA_ARGS --unsupported-gpu -D noscanout" -#SWAY_EXTRA_ARGS="$SWAY_EXTRA_ARGS --debug" - -## Set environment variables - -# Useful variables for wlroots: -# https://gitlab.freedesktop.org/wlroots/wlroots/-/blob/master/docs/env_vars.md -# -#WLR_NO_HARDWARE_CURSORS=1 -WLR_NO_HARDWARE_CURSORS=1 -# Setting renderer to Vulkan may fix flickering but needs the following extensions: -# - VK_EXT_image_drm_format_modifier -# - VK_EXT_physical_device_drm -# -# Source: https://gitlab.freedesktop.org/wlroots/wlroots/-/commit/8e346922508aa3eaccd6e12f2917f6574f349843 -#WLR_RENDERER=vulkan - -# Application compatibility diff --git a/generate-akmods-key b/generate-akmods-key deleted file mode 100755 index 9c9999f..0000000 --- a/generate-akmods-key +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env bash - -set -oeux pipefail - -readonly LANG="${LANG:-en_US.UTF-8}" - -readonly CERT_DIR=certs - -readonly IMAGE="quay.io/fedora-ostree-desktops/silverblue" -readonly TAG="37" - -mkdir -p "${PWD}/${CERT_DIR}" - -# Bootstrap keys with a pre-existing image to avoid touching '/etc' or -# installing additional packages on host -podman run \ - --env="LANG=${LANG}" \ - --volume="${PWD}/${CERT_DIR}:/tmp/${CERT_DIR}:z" \ - --workdir="/tmp/${CERT_DIR}" \ - --entrypoint=/bin/sh \ - "${IMAGE}:${TAG}" -c \ - "sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/fedora-{cisco-openh264,modular,updates-modular,updates-archive}.repo && \ - rpm-ostree install akmods && \ - kmodgenca --auto && \ - cp /etc/pki/akmods/private/private_key.priv private_key.priv.prod && \ - cp /etc/pki/akmods/certs/public_key.der public_key.der.prod" diff --git a/install.Containerfile b/install.Containerfile deleted file mode 100644 index 5f99cb2..0000000 --- a/install.Containerfile +++ /dev/null @@ -1,21 +0,0 @@ -ARG IMAGE_NAME=silverblue -ARG BASE_IMAGE=ghcr.io/ublue-os/${IMAGE_NAME}-main -ARG FEDORA_MAJOR_VERSION=38 - -FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} - -ARG IMAGE_NAME="${IMAGE_NAME}" -ARG AKMODS_CACHE="ghcr.io/ublue-os/akmods-nvidia" -ARG AKMODS_VERSION="38" -ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION}" -ARG NVIDIA_MAJOR_VERSION="535" - -COPY --from=${AKMODS_CACHE}:${AKMODS_VERSION}-${NVIDIA_MAJOR_VERSION} / . - -COPY install.sh /tmp/install.sh -COPY post-install.sh /tmp/post-install.sh -RUN /tmp/install.sh -RUN /tmp/post-install.sh -RUN rm -rf /tmp/* /var/* -RUN ostree container commit -RUN mkdir -p /var/tmp && chmod -R 1777 /tmp /var/tmp diff --git a/install.sh b/install.sh index f1797d5..6aff841 100755 --- a/install.sh +++ b/install.sh @@ -4,12 +4,10 @@ set -ouex pipefail sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/fedora-{cisco-openh264,modular,updates-modular}.repo -install -D /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/nvidia-container-runtime.repo \ - /etc/yum.repos.d/nvidia-container-runtime.repo -install -D /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/eyecantcu-supergfxctl.repo \ - /etc/yum.repos.d/eyecantcu-supergfxctl.repo +rpm-ostree install \ + /tmp/akmods-rpms/ublue-os/ublue-os-nvidia-addons-*.rpm -source /var/cache/akmods/nvidia-vars +source /tmp/akmods-rpms/kmods/nvidia-vars.${NVIDIA_MAJOR_VERSION} if [[ "${IMAGE_NAME}" == "kinoite" ]]; then VARIANT_PKGS="supergfxctl-plasmoid" @@ -22,5 +20,4 @@ fi rpm-ostree install \ xorg-x11-drv-${NVIDIA_PACKAGE_NAME}-{,cuda-,devel-,kmodsrc-,power-}${NVIDIA_FULL_VERSION} \ nvidia-container-toolkit nvidia-vaapi-driver supergfxctl ${VARIANT_PKGS} \ - /var/cache/akmods/${NVIDIA_PACKAGE_NAME}/kmod-${NVIDIA_PACKAGE_NAME}-${KERNEL_VERSION}-${NVIDIA_AKMOD_VERSION}.fc${RELEASE}.rpm \ - /tmp/ublue-os-nvidia-addons/rpmbuild/RPMS/noarch/ublue-os-nvidia-addons-*.rpm + /tmp/akmods-rpms/kmods/kmod-${NVIDIA_PACKAGE_NAME}-${KERNEL_VERSION}-${NVIDIA_AKMOD_VERSION}.fc${RELEASE}.rpm diff --git a/post-install.sh b/post-install.sh index 3b88cd7..c3e47b4 100755 --- a/post-install.sh +++ b/post-install.sh @@ -2,6 +2,8 @@ set -ouex pipefail +sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/{eyecantcu-supergfxctl,nvidia-container-runtime}.repo + mv /etc/nvidia-container-runtime/config.toml{,.orig} cp /etc/nvidia-container-runtime/config{-rootless,}.toml diff --git a/ublue-os-nvidia-addons.spec b/ublue-os-nvidia-addons.spec deleted file mode 100644 index 1d16a26..0000000 --- a/ublue-os-nvidia-addons.spec +++ /dev/null @@ -1,78 +0,0 @@ -Name: ublue-os-nvidia-addons -Version: 0.8 -Release: 1%{?dist} -Summary: Additional files for nvidia driver support - -License: MIT -URL: https://github.com/ublue-os/nvidia - -BuildArch: noarch -Supplements: mokutil policycoreutils - -Source0: nvidia-container-runtime.repo -Source1: eyecantcu-supergfxctl.repo -Source2: config-rootless.toml -Source3: nvidia-container.pp -Source4: environment - -%description -Adds various runtime files for nvidia support. - -%prep -%setup -q -c -T - - -%build -# Have different name for *.der in case kmodgenca is needed for creating more keys -install -Dm0644 %{SOURCE0} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-runtime.repo -install -Dm0644 %{SOURCE1} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/eyecantcu-supergfxctl.repo -install -Dm0644 %{SOURCE2} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/nvidia-container-runtime/config-rootless.toml -install -Dm0644 %{SOURCE3} %{buildroot}%{_datadir}/ublue-os/%{_datadir}/selinux/packages/nvidia-container.pp -install -Dm0644 %{SOURCE4} %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/sway/environment - -sed -i 's@enabled=1@enabled=0@g' %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/{eyecantcu-supergfxctl,nvidia-container-runtime}.repo - -install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-runtime.repo %{buildroot}%{_sysconfdir}/yum.repos.d/nvidia-container-runtime.repo -install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/eyecantcu-supergfxctl.repo %{buildroot}%{_sysconfdir}/yum.repos.d/eyecantcu-supergfxctl.repo -install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_sysconfdir}/nvidia-container-runtime/config-rootless.toml %{buildroot}%{_sysconfdir}/nvidia-container-runtime/config-rootless.toml -install -Dm0644 %{buildroot}%{_datadir}/ublue-os/%{_datadir}/selinux/packages/nvidia-container.pp %{buildroot}%{_datadir}/selinux/packages/nvidia-container.pp - -%files -%attr(0644,root,root) %{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/nvidia-container-runtime.repo -%attr(0644,root,root) %{_datadir}/ublue-os/%{_sysconfdir}/yum.repos.d/eyecantcu-supergfxctl.repo -%attr(0644,root,root) %{_datadir}/ublue-os/%{_sysconfdir}/nvidia-container-runtime/config-rootless.toml -%attr(0644,root,root) %{_datadir}/ublue-os/%{_datadir}/selinux/packages/nvidia-container.pp -%attr(0644,root,root) %{_datadir}/ublue-os/%{_sysconfdir}/sway/environment -%attr(0644,root,root) %{_sysconfdir}/yum.repos.d/nvidia-container-runtime.repo -%attr(0644,root,root) %{_sysconfdir}/yum.repos.d/eyecantcu-supergfxctl.repo -%attr(0644,root,root) %{_sysconfdir}/nvidia-container-runtime/config-rootless.toml -%attr(0644,root,root) %{_datadir}/selinux/packages/nvidia-container.pp - -%changelog -* Sat Aug 3 2023 RJ Trujillo - 0.8 -- Add new copr for supergfxctl - -* Sat Jun 17 2023 Benjamin Sherman - 0.7 -- Remove MOK keys; now provided by ublue-os-akmods-addons - -* Sat Jun 17 2023 RJ Trujillo - 0.6 -- Add supergfxctl-plasmoid COPR - -* Sun May 17 2023 Benjamin Sherman - 0.5 -- Add new ublue akmod public key for MOK enrollment - -* Sun Mar 26 2023 Joshua Stone - 0.4 -- Add asus-linux COPR - -* Fri Feb 24 2023 Joshua Stone - 0.3 -- Add sway environment file -- Put ublue-os modifications into a separate data directory - -* Thu Feb 16 2023 Joshua Stone - 0.2 -- Add nvidia-container-runtime repo -- Add nvidia-container-runtime selinux policy file -- Re-purpose into a general-purpose add-on package -- Update URL to point to ublue-os project - -* Fri Feb 03 2023 Joshua Stone - 0.1 -- Add key for enrolling kernel modules in alpha builds From 025563d287226e8421fea8f517f1ac34afed1cd2 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 24 Aug 2023 23:11:34 -0500 Subject: [PATCH 2/4] chore(ci): fix forgotten change of Containerfile name --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e5b8327..dae1f81 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -135,7 +135,7 @@ jobs: uses: redhat-actions/buildah-build@v2 with: containerfiles: | - ./install.Containerfile + ./Containerfile image: ${{ env.IMAGE_NAME }} tags: | ${{ steps.generate-tags.outputs.alias_tags }} From 5863ec5356be83304860b79c64e876bd484948a7 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Fri, 25 Aug 2023 00:17:14 -0500 Subject: [PATCH 3/4] chore(ci): remove driver 530 references from workflow --- .github/workflows/build.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index dae1f81..d651c5a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -36,10 +36,6 @@ jobs: # When F38 is added, sericea will automatically be built too - image_name: sericea major_version: 37 - - driver_version: 530 - major_version: 38 - - driver_version: 530 - major_version: 37 steps: # Checkout push-to-registry action GitHub repository - name: Checkout Push to Registry action From e0fa991e72ba872b01e73f8f7b8fc6ff3671af3a Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Fri, 25 Aug 2023 14:12:58 -0500 Subject: [PATCH 4/4] chore(ci): use versioned akmods-nvidia images instead of akmods common --- Containerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containerfile b/Containerfile index 47a9033..a531975 100644 --- a/Containerfile +++ b/Containerfile @@ -11,7 +11,7 @@ ARG NVIDIA_MAJOR_VERSION="${NVIDIA_MAJOR_VERSION:-535}" COPY install.sh /tmp/install.sh COPY post-install.sh /tmp/post-install.sh -COPY --from=ghcr.io/ublue-os/akmods:${FEDORA_MAJOR_VERSION} /rpms /tmp/akmods-rpms +COPY --from=ghcr.io/ublue-os/akmods-nvidia:${FEDORA_MAJOR_VERSION}-${NVIDIA_MAJOR_VERSION} /rpms /tmp/akmods-rpms RUN /tmp/install.sh RUN /tmp/post-install.sh