diff --git a/.common-ci.yml b/.common-ci.yml index 3ba3c7381..f9e1e9338 100644 --- a/.common-ci.yml +++ b/.common-ci.yml @@ -131,10 +131,18 @@ trigger-pipeline: variables: DIST: rhel10 +.dist-rocky8: + variables: + DIST: rocky8 + .dist-rocky9: variables: DIST: rocky9 +.dist-rocky10: + variables: + DIST: rocky10 + .dist-fedora36: variables: DIST: fedora36 @@ -227,6 +235,14 @@ trigger-pipeline: rules: - if: $CI_PIPELINE_SOURCE != "schedule" && $CI_COMMIT_TAG == null +.release-rocky10: + # Perform for each DRIVER_VERSION + extends: + - .release-generic + - .driver-versions-rhel10 + rules: + - if: $CI_PIPELINE_SOURCE != "schedule" && $CI_COMMIT_TAG == null + .release-rhel10: # Perform for each DRIVER_VERSION extends: @@ -235,6 +251,14 @@ trigger-pipeline: rules: - if: $CI_PIPELINE_SOURCE != "schedule" && $CI_COMMIT_TAG == null +.release-rocky8: + # Perform for each DRIVER_VERSION + extends: + - .release-generic + - .driver-versions + rules: + - if: $CI_PIPELINE_SOURCE != "schedule" && $CI_COMMIT_TAG == null + .release: # Perform for each DRIVER_VERSION extends: @@ -291,6 +315,15 @@ trigger-pipeline: OUT_REGISTRY: "${NGC_REGISTRY}" OUT_IMAGE_NAME: "${NGC_STAGING_REGISTRY}/driver" +.release:staging-rocky8: + extends: + - .release-rocky8 + variables: + OUT_REGISTRY_USER: "${NGC_REGISTRY_USER}" + OUT_REGISTRY_TOKEN: "${NGC_REGISTRY_TOKEN}" + OUT_REGISTRY: "${NGC_REGISTRY}" + OUT_IMAGE_NAME: "${NGC_STAGING_REGISTRY}/driver" + .release:staging-rocky9: extends: - .release-rocky9 @@ -300,6 +333,15 @@ trigger-pipeline: OUT_REGISTRY: "${NGC_REGISTRY}" OUT_IMAGE_NAME: "${NGC_STAGING_REGISTRY}/driver" +.release:staging-rocky10: + extends: + - .release-rocky10 + variables: + OUT_REGISTRY_USER: "${NGC_REGISTRY_USER}" + OUT_REGISTRY_TOKEN: "${NGC_REGISTRY_TOKEN}" + OUT_REGISTRY: "${NGC_REGISTRY}" + OUT_IMAGE_NAME: "${NGC_STAGING_REGISTRY}/driver" + # Define an external release step that pushes an image to an external repository. .release:external: extends: @@ -359,6 +401,13 @@ release:staging-rhel9: needs: - image-rhel9 +release:staging-rocky8: + extends: + - .release:staging + - .dist-rocky8 + needs: + - image-rocky8 + #release:staging-rhel10: # extends: # - .release:staging @@ -373,6 +422,13 @@ release:staging-rocky9: needs: - image-rocky9 +release:staging-rocky10: + extends: + - .release:staging-rhel10 + - .dist-rocky10 + needs: + - image-rocky10 + .release:staging-precompiled: stage: release variables: diff --git a/.github/actions/set-cve-updates/action.yml b/.github/actions/set-cve-updates/action.yml index c45fcad8d..2f3c71aa1 100644 --- a/.github/actions/set-cve-updates/action.yml +++ b/.github/actions/set-cve-updates/action.yml @@ -20,7 +20,7 @@ inputs: dist: description: > Target distribution string (e.g. ubuntu22.04, ubuntu24.04, rhel8, - rhel9, rhel10, rocky9). The action matches on the family prefix. + rhel9, rhel10, rocky8, rocky9, rocky10). The action matches on the family prefix. required: true runs: using: composite diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 7bd534378..8a2291495 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -37,7 +37,9 @@ jobs: - rhel8 - rhel9 - rhel10 + - rocky8 - rocky9 + - rocky10 ispr: - ${{github.event_name == 'pull_request'}} exclude: @@ -45,6 +47,8 @@ jobs: driver: 535.309.01 - dist: rhel10 driver: 535.309.01 + - dist: rocky10 + driver: 535.309.01 fail-fast: false steps: - uses: actions/checkout@v6 diff --git a/.nvidia-ci.yml b/.nvidia-ci.yml index 6703a64f7..0331da482 100644 --- a/.nvidia-ci.yml +++ b/.nvidia-ci.yml @@ -161,11 +161,21 @@ image-rhel10: - .image-pull-rhel10 - .dist-rhel10 +image-rocky8: + extends: + - .image-pull + - .dist-rocky8 + image-rocky9: extends: - .image-pull - .dist-rocky9 +image-rocky10: + extends: + - .image-pull-rhel10 + - .dist-rocky10 + # The .scan step forms the base of the image scan operation performed before releasing # images. .scan-generic: @@ -381,6 +391,22 @@ scan-rhel10-arm64: needs: - image-rhel10 +scan-rocky8-amd64: + extends: + - .scan + - .dist-rocky8 + - .platform-amd64 + needs: + - image-rocky8 + +scan-rocky8-arm64: + extends: + - .scan + - .dist-rocky8 + - .platform-arm64 + needs: + - image-rocky8 + scan-rocky9-amd64: extends: - .scan @@ -397,6 +423,22 @@ scan-rocky9-arm64: needs: - image-rocky9 +scan-rocky10-amd64: + extends: + - .scan-rhel10 + - .dist-rocky10 + - .platform-amd64 + needs: + - image-rocky10 + +scan-rocky10-arm64: + extends: + - .scan-rhel10 + - .dist-rocky10 + - .platform-arm64 + needs: + - image-rocky10 + .release:ngc-variables: variables: OUT_REGISTRY_USER: "${NGC_REGISTRY_USER}" @@ -526,11 +568,22 @@ release:ngc-rhel9: - .release:ngc - .dist-rhel9 +release:ngc-rocky8: + extends: + - .release:ngc + - .dist-rocky8 + release:ngc-rocky9: extends: - .release:ngc - .dist-rocky9 +release:ngc-rocky10: + extends: + - .release:ngc + - .dist-rocky10 + - .driver-versions-rhel10 + release:ngc-rhel10: extends: - .release:ngc diff --git a/Makefile b/Makefile index 6a9f8fa6e..bd7fe3ea4 100644 --- a/Makefile +++ b/Makefile @@ -54,7 +54,7 @@ OUT_IMAGE_TAG = $(OUT_IMAGE_VERSION)-$(OUT_DIST) OUT_IMAGE = $(OUT_IMAGE_NAME):$(OUT_IMAGE_TAG) ##### Public rules ##### -DISTRIBUTIONS := ubuntu18.04 ubuntu20.04 ubuntu22.04 ubuntu24.04 signed_ubuntu20.04 signed_ubuntu22.04 signed_ubuntu24.04 rhel8 rhel9 rhel10 rocky9 flatcar fedora36 sles15.3 precompiled_rhcos +DISTRIBUTIONS := ubuntu18.04 ubuntu20.04 ubuntu22.04 ubuntu24.04 signed_ubuntu20.04 signed_ubuntu22.04 signed_ubuntu24.04 rhel8 rhel9 rhel10 rocky8 rocky9 rocky10 flatcar fedora36 sles15.3 precompiled_rhcos RHCOS_VERSIONS := rhcos4.14 rhcos4.15 rhcos4.16 rhcos4.17 rhcos4.18 rhel9.6 PUSH_TARGETS := $(patsubst %, push-%, $(DISTRIBUTIONS)) BASE_FROM := noble jammy focal @@ -177,9 +177,15 @@ $(DRIVER_BUILD_TARGETS): build-rhcos%: SUBDIR = rhel9 +build-rocky8%: SUBDIR = rhel8 +build-rocky8%: DOCKER_BUILD_ARGS = --build-arg BASE_IMAGE=nvcr.io/nvidia/cuda:13.2.1-base-rockylinux8 + build-rocky9%: SUBDIR = rhel9 build-rocky9%: DOCKER_BUILD_ARGS = --build-arg BASE_IMAGE=nvcr.io/nvidia/cuda:13.2.1-base-rockylinux9 +build-rocky10%: SUBDIR = rhel10 +build-rocky10%: DOCKER_BUILD_ARGS = --build-arg BASE_IMAGE=nvcr.io/nvidia/cuda:13.2.0-base-rockylinux10 + build-fedora%: SUBDIR = fedora build-sles15%: SUBDIR = sle15 diff --git a/rhel10/install.sh b/rhel10/install.sh index bcef4081e..e802568e5 100755 --- a/rhel10/install.sh +++ b/rhel10/install.sh @@ -39,32 +39,45 @@ dep_installer () { kmod fi - # Download unzboot as kernel images are compressed in the zboot format on RHEL 9 arm64 + if ! dnf install -y 'dnf-command(config-manager)'; then + dnf install -y dnf5-plugins + fi + + # Download unzboot as kernel images are compressed in the zboot format on RHEL 10 arm64 # unzboot is only available on the EPEL RPM repo - rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-10 - dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm - dnf config-manager --enable epel - - # Try to install unzboot, but continue if not available (only in EPEL 10.2+) - if ! dnf install -y unzboot 2>/dev/null; then - echo "Warning: unzboot package not available in current EPEL version (requires EPEL 10.2+)" - echo "Attempting to build unzboot from source..." - - # Install meson build dependencies - dnf install -y git gcc meson ninja-build glib2-devel zlib-devel libzstd-devel || true - git clone https://github.com/eballetbo/unzboot.git 2>/dev/null - cd unzboot - if meson setup build && meson compile -C build; then - echo "Successfully built unzboot from source" - cp build/unzboot /usr/bin/unzboot - chmod +x /usr/bin/unzboot - else - echo "Warning: Failed to build unzboot from source. Kernel extraction may fall back to gunzip methods." + if [ "$DRIVER_ARCH" = "aarch64" ]; then + rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-10 + dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm + dnf config-manager --enable epel + # Try to install unzboot, but continue if not available (only in EPEL 10.2+) + if ! dnf install -y unzboot; then + echo "Warning: unzboot package not available in current EPEL version; continuing without it." + + # Install meson build dependencies + if dnf install -y git gcc meson ninja-build glib2-devel zlib-devel libzstd-devel; then + if command -v meson >/dev/null 2>&1 && command -v ninja >/dev/null 2>&1; then + if git clone https://github.com/eballetbo/unzboot.git /tmp/unzboot-src 2>/dev/null; then + if meson setup /tmp/unzboot-src/build /tmp/unzboot-src && meson compile -C /tmp/unzboot-src/build; then + cp /tmp/unzboot-src/build/unzboot /usr/bin/unzboot + chmod +x /usr/bin/unzboot + echo "Built and installed unzboot from source" + else + echo "Warning: Failed to build unzboot from source; continuing without it." + fi + rm -rf /tmp/unzboot-src + else + echo "Warning: Unable to clone unzboot source; continuing without it." + fi + else + echo "Warning: meson or ninja not available; continuing without unzboot." + fi + + dnf remove -y git meson ninja-build glib2-devel zlib-devel libzstd-devel || true + dnf autoremove -y || true + else + echo "Warning: Could not install build dependencies for unzboot; continuing without it." + fi fi - cd .. - rm -rf unzboot - dnf remove -y git meson ninja-build glib2-devel zlib-devel libzstd-devel || true - dnf autoremove -y || true fi rm -rf /var/cache/yum/* } diff --git a/rhel8/install.sh b/rhel8/install.sh index 311d97fc3..26accd14e 100755 --- a/rhel8/install.sh +++ b/rhel8/install.sh @@ -38,6 +38,8 @@ dep_installer () { cpio \ kmod fi + + dnf install -y 'dnf-command(config-manager)' rm -rf /var/cache/yum/* }