github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-10-21 03:48:45 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #11904 from manuelh-dev/mahuber/conf-rootfs-nv-guest-pull

Browse Source 
gpu: nvidia rootfs build with guest pull support
This commit is contained in:
Steve Horsman
2025-10-17 16:08:05 +01:00
committed by GitHub
parent 94b6a1d43e 4ad8c31b5a
commit 947862f804
1 changed files with 16 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
tools/osbuilder/rootfs-builder/nvidia/nvidia_rootfs.sh
View File

@@ -239,7 +239,7 @@ chisseled_init() {
mkdir -p dev etc proc run/cdi sys tmp usr var lib/modules lib/firmware \
usr/share/nvidia lib/"${machine_arch}"-linux-gnu lib64 \
usr/bin etc/modprobe.d
usr/bin etc/modprobe.d etc/ssl/certs
ln -sf ../run var/run
@@ -262,6 +262,8 @@ chisseled_init() {
cp -a "${stage_one}"/lib/firmware/nvidia lib/firmware/.
cp -a "${stage_one}"/sbin/ldconfig.real sbin/ldconfig
cp -a "${stage_one}"/etc/ssl/certs/ca-certificates.crt etc/ssl/certs/.
local conf_file="etc/modprobe.d/0000-nvidia.conf"
echo 'options nvidia NVreg_DeviceFileMode=0660' > "${conf_file}"
}
@@ -293,22 +295,26 @@ compress_rootfs() {
}
coco_guest_components() {
if [[ ${type} != "confidential" ]]; then
if [[ "${type}" != "confidential" ]]; then
return
fi
readonly source="usr/local/bin"
readonly dest="${source}"
info "nvidia: installing the confidential containers guest components tarball"
mkdir -p "${dest}"
local -r coco_bin_dir="usr/local/bin"
local -r etc_dir="etc"
local -r pause_dir="pause_bundle"
cp -a "${stage_one}/${source}"/attestation-agent "${dest}/."
cp -a "${stage_one}/${source}"/api-server-rest "${dest}/."
cp -a "${stage_one}/${source}"/confidential-data-hub "${dest}/."
mkdir -p "${coco_bin_dir}"
cp -a "${stage_one}/${coco_bin_dir}"/attestation-agent "${coco_bin_dir}/."
cp -a "${stage_one}/${coco_bin_dir}"/api-server-rest "${coco_bin_dir}/."
cp -a "${stage_one}/${coco_bin_dir}"/confidential-data-hub "${coco_bin_dir}/."
cp -a "${stage_one}"/etc/ocicrypt_config.json etc/.
cp -a "${stage_one}/${etc_dir}"/ocicrypt_config.json "${etc_dir}/."
mkdir -p "${pause_dir}/rootfs"
cp -a "${stage_one}/${pause_dir}"/config.json "${pause_dir}/."
cp -a "${stage_one}/${pause_dir}"/rootfs/pause "${pause_dir}/rootfs/."
info "TODO: nvidia: luks-encrypt-storage is a bash script, we do not have a shell!"
}