# Generated by go2rpm 1.14.0 %bcond check 1 # https://fedora.gitlab.io/sigs/go/go-vendor-tools/scenarios/#manually-update-specfile-for-new-upstream-version # spectool -g nvidia-container-toolkit.spec # go_vendor_archive create --config go-vendor-tools.toml nvidia-container-toolkit.spec # https://github.com/NVIDIA/nvidia-container-toolkit %global goipath github.com/NVIDIA/nvidia-container-toolkit Version: 1.17.3 %global __golang_extldflags -Wl,-z,lazy -Wl,--export-dynamic %global dgx_selinux_commit b988ea65e7b43009a705eb5e5d7e94048f916734 %global selinuxtype targeted %global container_selinux_v 2.213 %gometa -L -f %global common_description %{expand: Build and run containers leveraging NVIDIA GPUs.} Name: nvidia-container-toolkit Release: %autorelease Summary: Build and run containers leveraging NVIDIA GPUs # Generated by go-vendor-tools License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT URL: %{gourl} Source0: %{gosource} # Generated by go-vendor-tools Source1: %{archivename}-vendor.tar.bz2 Source2: go-vendor-tools.toml Source3: https://github.com/NVIDIA/dgx-selinux/archive/%{dgx_selinux_commit}/dgx-selinux-%{dgx_selinux_commit}.tar.gz Source4: nvidia-container-toolkit-selinux.README.txt Recommends: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype}) BuildRequires: go-vendor-tools BuildRequires: selinux-policy-devel, container-selinux >= %{container_selinux_v} %description %{common_description} %package operator-extensions Summary: NVIDIA Container Toolkit Operator Extensions License: Apache-2.0 Requires: %{name} = %{version}-%{release} %description operator-extensions %wordwrap -v common_description Provides tools for using the NVIDIA Container Toolkit with the GPU Operator %package selinux Summary: NVIDIA Container Toolkit SELinux Policy License: MIT Requires: %{name} = %{version}-%{release} BuildArch: noarch Requires: selinux-policy Requires: (container-selinux >= %{container_selinux_v} if selinux-policy-%{selinuxtype}) Requires(post): policycoreutils Requires(postun): policycoreutils %description selinux %wordwrap -v common_description SELinux policy to enable the toolkit to use the GPU. This package enables container_use_devices policy boolean and disables the boolean after removal. Defines nvidia_container_t to be added for containers needing access to the GPU in a more restrictive way than the default enabling of container_use_devices boolean. %gopkg %prep %goprep -A %setup -q -T -D -a1 %{forgesetupargs} %autopatch -p1 tar xf %{SOURCE3} %generate_buildrequires %go_vendor_license_buildrequires -c %{S:2} %build for cmd in cmd/* ; do %gobuild -o %{gobuilddir}/bin/$(basename $cmd) %{goipath}/$cmd done pushd dgx-selinux-%{dgx_selinux_commit}/src/nvidia-container-selinux make nvidia-container.pp popd %install %go_vendor_license_install -c %{S:2} install -m 0755 -vd %{buildroot}%{_bindir} install -m 0755 -vp %{gobuilddir}/bin/* %{buildroot}%{_bindir}/ install -m 0644 %{SOURCE4} . install -m 0644 dgx-selinux-%{dgx_selinux_commit}/LICENSE LICENSE-dgx-selinux install -m 0644 dgx-selinux-%{dgx_selinux_commit}/src/nvidia-container-selinux/README.md dgx-selinux-README.md pushd dgx-selinux-%{dgx_selinux_commit}/src/nvidia-container-selinux install -m 0755 -vd %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/ install -m 0644 -t %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype} nvidia-container.pp popd install -m 0755 -vd %{buildroot}%{_sysconfdir}/cdi %gopkginstall %check %go_vendor_license_check -c %{S:2} %if %{with check} # https://github.com/NVIDIA/nvidia-container-toolkit/issues/794 %gocheck -t "internal/lookup/root" %endif %post selinux if [ $1 -eq 1 ]; then if grep -q '0 0' /sys/fs/selinux/booleans/container_use_devices; then install -m 0755 -vd %{_localstatedir}/lib/rpm-state/%{name}/ touch %{_localstatedir}/lib/rpm-state/%{name}/managed-selinux-bool setsebool -P container_use_devices 1 fi fi %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/nvidia-container.pp %postun selinux if [ $1 -eq 0 ]; then if [ -f %{_localstatedir}/lib/rpm-state/%{name}/managed-selinux-bool ]; then setsebool -P container_use_devices 0 rm -f %{_localstatedir}/lib/rpm-state/%{name}/managed-selinux-bool rmdir %{_localstatedir}/lib/rpm-state/%{name}/ fi %selinux_modules_uninstall -s %{selinuxtype} nvidia-container fi %files -f %{go_vendor_license_filelist} %license vendor/modules.txt %doc CHANGELOG.md CONTRIBUTING.md DEVELOPMENT.md README.md RELEASE.md %doc cmd/nvidia-cdi-hook/README.md cmd/nvidia-container-runtime/README.md %doc cmd/nvidia-ctk/README.md deployments/container/README.md %doc packaging/debian/changelog.old tools/container/README.md %dir %{_sysconfdir}/cdi %{_bindir}/nvidia-cdi-hook %{_bindir}/nvidia-ctk %{_bindir}/nvidia-container-runtime %{_bindir}/nvidia-container-runtime-hook %gopkgfiles %files operator-extensions %license LICENSE %{_bindir}/nvidia-container-runtime.cdi %{_bindir}/nvidia-container-runtime.legacy %files selinux %license LICENSE-dgx-selinux %doc nvidia-container-toolkit-selinux.README.txt dgx-selinux-README.md %{_datadir}/selinux/packages/%{selinuxtype}/nvidia-container.pp %changelog %autochangelog