pyrox.dev / nixpkgs
lol
fork atom

nvidia-docker: init at 2.0.3

nvidia_x11 and persistenced were modified to provide binaries which can be
mounted inside a docker-container to be executed there.

most ldconfig-based discovery of bundled nvidia libraries is patched out

ldconfig itself is patched to be able to deal with patchelf'ed libraries
See https://sourceware.org/bugzilla/show_bug.cgi?id=23964

Averell Dalton d6c2fe76 8913ba2a

+289
unified split
+13
pkgs/applications/virtualization/nvidia-docker/config.toml
··· 1 + disable-require = false 2 + #swarm-resource = "DOCKER_RESOURCE_GPU" 3 + 4 + [nvidia-container-cli] 5 + #root = "/run/nvidia/driver" 6 + #path = "/usr/bin/nvidia-container-cli" 7 + environment = [] 8 + #debug = "/var/log/nvidia-container-runtime-hook.log" 9 + ldcache = "/tmp/ld.so.cache" 10 + load-kmods = true 11 + #no-cgroups = false 12 + #user = "root:video" 13 + ldconfig = "@@glibcbin@/bin/ldconfig"
+84
pkgs/applications/virtualization/nvidia-docker/default.nix
··· 1 + { stdenv, lib, fetchFromGitHub, fetchpatch, callPackage, makeWrapper 2 + , buildGoPackage, runc, libelf, libcap, libseccomp, glibc }: 3 + 4 + with lib; let 5 + 6 + glibc-ldconf = glibc.overrideAttrs (oldAttrs: { 7 + # ldconfig needs help reading libraries that have been patchelf-ed, as the 8 + # .dynstr section is no longer in the first LOAD segment. See also 9 + # https://sourceware.org/bugzilla/show_bug.cgi?id=23964 and 10 + # https://github.com/NixOS/patchelf/issues/44 11 + patches = oldAttrs.patches ++ [ (fetchpatch { 12 + name = "ldconfig-patchelf.patch"; 13 + url = "https://sourceware.org/bugzilla/attachment.cgi?id=11444"; 14 + sha256 = "0nzzmq7pli37iyjrgcmvcy92piiwjybpw245ds7q43pbgdm7lc3s"; 15 + })]; 16 + }); 17 + 18 + libnvidia-container = callPackage ./libnvc.nix { }; 19 + 20 + nvidia-container-runtime = fetchFromGitHub { 21 + owner = "NVIDIA"; 22 + repo = "nvidia-container-runtime"; 23 + rev = "runtime-v2.0.0"; 24 + sha256 = "0jcj5xxbg7x7gyhbb67h3ds6vly62gx7j02zm6lg102h34jajj7a"; 25 + }; 26 + 27 + nvidia-container-runtime-hook = buildGoPackage rec { 28 + name = "nvidia-container-runtime-hook-${version}"; 29 + version = "1.4.0"; 30 + 31 + goPackagePath = "nvidia-container-runtime-hook"; 32 + 33 + src = "${nvidia-container-runtime}/hook/nvidia-container-runtime-hook"; 34 + }; 35 + 36 + nvidia-runc = runc.overrideAttrs (oldAttrs: rec { 37 + name = "nvidia-runc"; 38 + version = "1.0.0-rc6"; 39 + src = fetchFromGitHub { 40 + owner = "opencontainers"; 41 + repo = "runc"; 42 + rev = "v${version}"; 43 + sha256 = "1jwacb8xnmx5fr86gximhbl9dlbdwj3rpf27hav9q1si86w5pb1j"; 44 + }; 45 + patches = [ "${nvidia-container-runtime}/runtime/runc/3f2f8b84a77f73d38244dd690525642a72156c64/0001-Add-prestart-hook-nvidia-container-runtime-hook-to-t.patch" ]; 46 + }); 47 + 48 + in stdenv.mkDerivation rec { 49 + name = "nvidia-docker-${version}"; 50 + version = "2.0.3"; 51 + 52 + src = fetchFromGitHub { 53 + owner = "NVIDIA"; 54 + repo = "nvidia-docker"; 55 + rev = "v${version}"; 56 + sha256 = "1vx5m591mnvcb9vy0196x5lh3r8swjsk0fnlv5h62m7m4m07v6wx"; 57 + }; 58 + 59 + nativeBuildInputs = [ makeWrapper ]; 60 + 61 + buildPhase = '' 62 + mkdir bin 63 + cp nvidia-docker bin 64 + cp ${libnvidia-container}/bin/nvidia-container-cli bin 65 + cp ${nvidia-container-runtime-hook}/bin/nvidia-container-runtime-hook bin 66 + cp ${nvidia-runc}/bin/runc bin/nvidia-container-runtime 67 + ''; 68 + 69 + installPhase = '' 70 + mkdir -p $out/{bin,etc} 71 + cp -r bin $out 72 + wrapProgram $out/bin/nvidia-container-cli \ 73 + --prefix LD_LIBRARY_PATH : /run/opengl-driver/lib:/run/opengl-driver-32/lib 74 + cp ${./config.toml} $out/etc/config.toml 75 + substituteInPlace $out/etc/config.toml --subst-var-by glibcbin ${lib.getBin glibc-ldconf} 76 + ''; 77 + 78 + meta = { 79 + homepage = https://github.com/NVIDIA/nvidia-docker; 80 + description = "NVIDIA container runtime for Docker"; 81 + license = licenses.bsd3; 82 + platforms = platforms.linux; 83 + }; 84 + }
+130
pkgs/applications/virtualization/nvidia-docker/libnvc-ldconfig-and-path-fixes.patch
··· 1 + diff --git a/src/ldcache.c b/src/ldcache.c 2 + index 38bab05..e1abc89 100644 3 + --- a/src/ldcache.c 4 + +++ b/src/ldcache.c 5 + @@ -108,40 +108,27 @@ ldcache_close(struct ldcache *ctx) 6 + 7 + int 8 + ldcache_resolve(struct ldcache *ctx, uint32_t arch, const char *root, const char * const libs[], 9 + - char *paths[], size_t size, ldcache_select_fn select, void *select_ctx) 10 + + char *paths[], size_t size, const char* version) 11 + { 12 + char path[PATH_MAX]; 13 + - struct header_libc6 *h; 14 + - int override; 15 + + char dir[PATH_MAX]; 16 + + char lib[PATH_MAX]; 17 + 18 + - h = (struct header_libc6 *)ctx->ptr; 19 + memset(paths, 0, size * sizeof(*paths)); 20 + 21 + - for (uint32_t i = 0; i < h->nlibs; ++i) { 22 + - int32_t flags = h->libs[i].flags; 23 + - char *key = (char *)ctx->ptr + h->libs[i].key; 24 + - char *value = (char *)ctx->ptr + h->libs[i].value; 25 + - 26 + - if (!(flags & LD_ELF) || (flags & LD_ARCH_MASK) != arch) 27 + + for (size_t j = 0; j < size; ++j) { 28 + + snprintf(dir, 100, "/run/opengl-driver%s/lib", 29 + + arch == LD_I386_LIB32 ? "-32" : ""); 30 + + if (!strncmp(libs[j], "libvdpau_nvidia.so", 100)) 31 + + strcat(dir, "/vdpau"); 32 + + snprintf(lib, 100, "%s/%s.%s", dir, libs[j], version); 33 + + if (path_resolve_full(ctx->err, path, "/", lib) < 0) 34 + + return (-1); 35 + + if (!file_exists(ctx->err, path)) 36 + continue; 37 + - 38 + - for (size_t j = 0; j < size; ++j) { 39 + - if (!str_has_prefix(key, libs[j])) 40 + - continue; 41 + - if (path_resolve(ctx->err, path, root, value) < 0) 42 + - return (-1); 43 + - if (paths[j] != NULL && str_equal(paths[j], path)) 44 + - continue; 45 + - if ((override = select(ctx->err, select_ctx, root, paths[j], path)) < 0) 46 + - return (-1); 47 + - if (override) { 48 + - free(paths[j]); 49 + - paths[j] = xstrdup(ctx->err, path); 50 + - if (paths[j] == NULL) 51 + - return (-1); 52 + - } 53 + - break; 54 + - } 55 + + paths[j] = xstrdup(ctx->err, path); 56 + + if (paths[j] == NULL) 57 + + return (-1); 58 + } 59 + return (0); 60 + } 61 + diff --git a/src/ldcache.h b/src/ldcache.h 62 + index 33d78dd..2b087db 100644 63 + --- a/src/ldcache.h 64 + +++ b/src/ldcache.h 65 + @@ -50,6 +50,6 @@ void ldcache_init(struct ldcache *, struct error *, const char *); 66 + int ldcache_open(struct ldcache *); 67 + int ldcache_close(struct ldcache *); 68 + int ldcache_resolve(struct ldcache *, uint32_t, const char *, const char * const [], 69 + - char *[], size_t, ldcache_select_fn, void *); 70 + + char *[], size_t, const char*); 71 + 72 + #endif /* HEADER_LDCACHE_H */ 73 + diff --git a/src/nvc_info.c b/src/nvc_info.c 74 + index cc96542..3fe7612 100644 75 + --- a/src/nvc_info.c 76 + +++ b/src/nvc_info.c 77 + @@ -163,15 +163,13 @@ find_library_paths(struct error *err, struct nvc_driver_info *info, const char * 78 + if (path_resolve_full(err, path, root, ldcache) < 0) 79 + return (-1); 80 + ldcache_init(&ld, err, path); 81 + - if (ldcache_open(&ld) < 0) 82 + - return (-1); 83 + 84 + info->nlibs = size; 85 + info->libs = array_new(err, size); 86 + if (info->libs == NULL) 87 + goto fail; 88 + if (ldcache_resolve(&ld, LIB_ARCH, root, libs, 89 + - info->libs, info->nlibs, select_libraries, info) < 0) 90 + + info->libs, info->nlibs, info->nvrm_version) < 0) 91 + goto fail; 92 + 93 + info->nlibs32 = size; 94 + @@ -179,13 +177,11 @@ find_library_paths(struct error *err, struct nvc_driver_info *info, const char * 95 + if (info->libs32 == NULL) 96 + goto fail; 97 + if (ldcache_resolve(&ld, LIB32_ARCH, root, libs, 98 + - info->libs32, info->nlibs32, select_libraries, info) < 0) 99 + + info->libs32, info->nlibs32, info->nvrm_version) < 0) 100 + goto fail; 101 + rv = 0; 102 + 103 + fail: 104 + - if (ldcache_close(&ld) < 0) 105 + - return (-1); 106 + return (rv); 107 + } 108 + 109 + @@ -199,7 +195,7 @@ find_binary_paths(struct error *err, struct nvc_driver_info *info, const char *r 110 + char path[PATH_MAX]; 111 + int rv = -1; 112 + 113 + - if ((env = secure_getenv("PATH")) == NULL) { 114 + + if ((env = "/run/nvidia-docker/bin:/run/nvidia-docker/extras/bin") == NULL) { 115 + error_setx(err, "environment variable PATH not found"); 116 + return (-1); 117 + } 118 + diff --git a/src/nvc_ldcache.c b/src/nvc_ldcache.c 119 + index d41a24d..65b7878 100644 120 + --- a/src/nvc_ldcache.c 121 + +++ b/src/nvc_ldcache.c 122 + @@ -331,7 +331,7 @@ nvc_ldcache_update(struct nvc_context *ctx, const struct nvc_container *cnt) 123 + if (validate_args(ctx, cnt != NULL) < 0) 124 + return (-1); 125 + 126 + - argv = (char * []){cnt->cfg.ldconfig, cnt->cfg.libs_dir, cnt->cfg.libs32_dir, NULL}; 127 + + argv = (char * []){cnt->cfg.ldconfig, "-f", "/tmp/ld.so.conf.nvidia-host", "-C", "/tmp/ld.so.cache.nvidia-host", cnt->cfg.libs_dir, cnt->cfg.libs32_dir, NULL}; 128 + if (*argv[0] == '@') { 129 + /* 130 + * We treat this path specially to be relative to the host filesystem.
+53
pkgs/applications/virtualization/nvidia-docker/libnvc.nix
··· 1 + { stdenv, lib, fetchFromGitHub, libelf, libcap, libseccomp }: 2 + 3 + with lib; let 4 + 5 + modp-ver = "396.51"; 6 + 7 + nvidia-modprobe = fetchFromGitHub { 8 + owner = "NVIDIA"; 9 + repo = "nvidia-modprobe"; 10 + rev = modp-ver; 11 + sha256 = "1fw2qwc84k64agw6fx2v0mjf88aggph9c6qhs4cv7l3gmflv8qbk"; 12 + }; 13 + 14 + in stdenv.mkDerivation rec { 15 + name = "libnvidia-container-${version}"; 16 + version = "1.0.0"; 17 + 18 + src = fetchFromGitHub { 19 + owner = "NVIDIA"; 20 + repo = "libnvidia-container"; 21 + rev = "v${version}"; 22 + sha256 = "1ws6mfsbgxhzlb5w1r8qqg2arvxkr21n59i4cqsyz3h5jsqsflbw"; 23 + }; 24 + 25 + # locations of nvidia-driver libraries are not resolved via ldconfig which 26 + # doesn't get used on NixOS. Additional support binaries like nvidia-smi are 27 + # not resolved via the environment PATH but via the derivation output path. 28 + patches = [ ./libnvc-ldconfig-and-path-fixes.patch ]; 29 + 30 + makeFlags = [ 31 + "WITH_LIBELF=yes" 32 + "prefix=$(out)" 33 + ]; 34 + 35 + postPatch = '' 36 + sed -i 's/^REVISION :=.*/REVISION = ${src.rev}/' mk/common.mk 37 + sed -i 's/^COMPILER :=.*/COMPILER = $(CC)/' mk/common.mk 38 + 39 + mkdir -p deps/src/nvidia-modprobe-${modp-ver} 40 + cp -r ${nvidia-modprobe}/* deps/src/nvidia-modprobe-${modp-ver} 41 + chmod -R u+w deps/src 42 + touch deps/src/nvidia-modprobe-${modp-ver}/.download_stamp 43 + ''; 44 + 45 + buildInputs = [ libelf libcap libseccomp ]; 46 + 47 + meta = { 48 + homepage = https://github.com/NVIDIA/libnvidia-container; 49 + description = "NVIDIA container runtime library"; 50 + license = licenses.bsd3; 51 + platforms = platforms.linux; 52 + }; 53 + }
+2
pkgs/os-specific/linux/nvidia-x11/builder.sh
··· 129 129 for i in nvidia-cuda-mps-control nvidia-cuda-mps-server nvidia-smi nvidia-debugdump; do 130 130 if [ -e "$i" ]; then 131 131 install -Dm755 $i $bin/bin/$i 132 + # unmodified binary backup for mounting in containers 133 + install -Dm755 $i $bin/origBin/$i 132 134 patchelf --interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ 133 135 --set-rpath $out/lib:$libPath $bin/bin/$i 134 136 fi
+5
pkgs/os-specific/linux/nvidia-x11/persistenced.nix
··· 16 16 installFlags = [ "PREFIX=$(out)" ]; 17 17 18 18 postFixup = '' 19 + # Save a copy of persistenced for mounting in containers 20 + mkdir $out/origBin 21 + cp $out/{bin,origBin}/nvidia-persistenced 22 + patchelf --set-interpreter /lib64/ld-linux-x86-64.so.2 $out/origBin/nvidia-persistenced 23 + 19 24 patchelf --set-rpath "$(patchelf --print-rpath $out/bin/nvidia-persistenced):${nvidia_x11}/lib" \ 20 25 $out/bin/nvidia-persistenced 21 26 '';
+2
pkgs/top-level/all-packages.nix
··· 11837 11837 11838 11838 nv-codec-headers = callPackage ../development/libraries/nv-codec-headers { }; 11839 11839 11840 + nvidia-docker = callPackage ../applications/virtualization/nvidia-docker { }; 11841 + 11840 11842 nvidia-texture-tools = callPackage ../development/libraries/nvidia-texture-tools { }; 11841 11843 11842 11844 nvidia-video-sdk = callPackage ../development/libraries/nvidia-video-sdk { };