name: nvidia-container-runtime variant: scratch shell: /bin/bash install: - build-base - bash - go - patch dependencies: - image: cgr.dev/chainguard/wolfi-base@{{ .WOLFI_BASE_REF }} steps: - sources: - url: https://gitlab.com/nvidia/container-toolkit/container-toolkit/-/archive/{{ .CONTAINER_TOOLKIT_VERSION }}/container-toolkit-{{ .CONTAINER_TOOLKIT_VERSION }}.tar.gz destination: container-toolkit.tar.gz sha256: b9ee6f96addbcbace9503f29551b4f3c42d76293a0d54f5c6009971909dac0fc sha512: 69bfac15d8be2797b09dda35650a90dcb2c24ca7a5107c3df5946840a55df8dc62cb5cc46f172169ee3e8447c416733848b513b92dc512df35e0aad7c77e5c1e env: GIT_COMMIT: {{ substr 0 7 .CONTAINER_TOOLKIT_REF }} # build is using short sha prepare: - | mkdir -p container-toolkit tar -xzf container-toolkit.tar.gz --strip-components=1 -C container-toolkit cd container-toolkit patch -p0 < /pkg/patches/ldcache_path.patch build: - | cd container-toolkit make cmds install: - | mkdir -p /rootfs/usr/local/bin cd container-toolkit # let's copy all built binaries suffixing them with .real # the wrapper binary will call the real binary with the same name for file in $(find . -maxdepth 1 -type f -executable); do clean_file=$(basename $file) # oci-nvidia-hook is a shell script calling nvidia-container-runtime-hook if [[ $clean_file == "oci-nvidia-hook" ]]; then ln -sv nvidia-container-runtime-hook /rootfs/usr/local/bin/$clean_file continue fi ln -sv nvidia-container-runtime-wrapper /rootfs/usr/local/bin/$(basename $clean_file) cp $clean_file /rootfs/usr/local/bin/$(basename $clean_file).real done finalize: - from: /rootfs to: /rootfs - from: /pkg/nvidia-container-runtime.part to: /rootfs/etc/cri/conf.d/nvidia-container-runtime.part - from: /pkg/nvidia-container-runtime.toml to: /rootfs/usr/local/etc/nvidia-container-runtime/config.toml