github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-04-27 11:31:05 +00:00
Code Issues Projects Releases Wiki Activity

gpu: Update NVIDIA chroot script

Browse Source 
We need to place the signing key and cert at the right place
and hide the KBUILD_SIGN_PIN from echo'ing or xtrace

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
This commit is contained in:
Zvonko Kaiser 2025-02-12 15:46:50 +00:00
parent d815fb6f46
commit 39d3b7fb90
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
tools/osbuilder/rootfs-builder/nvidia/nvidia_chroot.sh
View File

@ -5,7 +5,7 @@
# SPDX-License-Identifier: Apache-2.0
#!/bin/bash
set -xeuo pipefail
set -euo pipefail
shopt -s nullglob
shopt -s extglob
@ -21,6 +21,8 @@ base_os="jammy"
APT_INSTALL="apt -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' -yqq --no-install-recommends install"
export KBUILD_SIGN_PIN=$6
export DEBIAN_FRONTEND=noninteractive
is_feature_enabled() {
@ -104,9 +106,13 @@ build_nvidia_drivers() {
echo "chroot: Build NVIDIA drivers"
pushd "${driver_source_files}" >> /dev/null
local certs_dir
local kernel_version
for version in /lib/modules/*; do
kernel_version=$(basename "${version}")
certs_dir=/lib/modules/"${kernel_version}"/build/certs
signing_key=${certs_dir}/signing_key.pem
echo "chroot: Building GPU modules for: ${kernel_version}"
cp /boot/System.map-"${kernel_version}" /lib/modules/"${kernel_version}"/build/System.map
@ -119,9 +125,16 @@ build_nvidia_drivers() {
fi
make -j "$(nproc)" CC=gcc SYSSRC=/lib/modules/"${kernel_version}"/build > /dev/null
if [ -n "${KBUILD_SIGN_PIN}" ]; then
mkdir -p "${certs_dir}" && mv /signing_key.* "${certs_dir}"/.
fi
make INSTALL_MOD_STRIP=1 -j "$(nproc)" CC=gcc SYSSRC=/lib/modules/"${kernel_version}"/build modules_install
make -j "$(nproc)" CC=gcc SYSSRC=/lib/modules/"${kernel_version}"/build clean > /dev/null
# The make clean above should clear also the certs directory but just in case something
# went wroing make sure the signing_key.pem is removed
[ -e "${signing_key}" ] && rm -f "${signing_key}"
done
# Save the modules for later so that a linux-image purge does not remove it
tar cvfa /lib/modules.save_from_purge.tar.zst /lib/modules