nvidia-container-runtime: Update to newer version

layers/meta-balena-jetson/recipes-containers/libnvidia-container-tools/libnvidia-container-tools-0.9.0/0001-Makefile-Fix-RCP-flags-and-change-path-definitions-s.patch → layers/meta-balena-jetson/recipes-containers/libnvidia-container-tools/libnvidia-container-tools-0.10.0/0001-Makefile-Fix-RCP-flags-and-change-path-definitions-s.patch

@@ -1,17 +1,18 @@
-From f9756aeb7e5095f17cfbe6ec6cfac9ccf63554a5 Mon Sep 17 00:00:00 2001
-From: Pablo Rodriguez Quesada <pablo.rodriguez-quesada@windriver.com>
-Date: Thu, 6 Feb 2020 00:10:41 +0000
-Subject: [PATCH] Makefile: Fix RCP flags and change path definitions signs
+From 8fdbc558a8a3230899942fe2a8ce4b76cab40846 Mon Sep 17 00:00:00 2001
+From: Ilies CHERGUI <ilies.chergui@gmail.com>
+Date: Sun, 8 Aug 2021 21:18:48 +0100
+Subject: [PATCH 1/4] Makefile: Fix RCP flags and change path definitions signs
 
 Add RCP -ltirpc flag and fix equal signs on paths definitions.
 
 Signed-off-by: Pablo Rodriguez Quesada <[email protected]>
+Signed-off-by: Ilies CHERGUI <[email protected]>
 ---
  Makefile | 33 ++++++++++++++++++++-------------
  1 file changed, 20 insertions(+), 13 deletions(-)
 
 diff --git a/Makefile b/Makefile
-index 8f7f3b4..6150129 100644
+index 8f7f3b4..3f02b9d 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -13,14 +13,14 @@ WITH_SECCOMP ?= yes
@@ -49,7 +50,7 @@ index 8f7f3b4..6150129 100644
              -Wstrict-prototypes -Wunreachable-code -Wconversion -Wsign-conversion \
 -            -Wno-unknown-warning-option -Wno-format-extra-args -Wno-gnu-alignof-expression $(CFLAGS)
 +            -Wno-format-extra-args $(if $(filter clang,$(CCNAME)),-Wno-unknown-warning-option -Wno-gnu-alignof-expression,) \
-+	    -I=/usr/include/tirpc $(CFLAGS)
++            -I=/usr/include/tirpc $(CFLAGS)
  LDFLAGS  := -Wl,-zrelro -Wl,-znow -Wl,-zdefs -Wl,--gc-sections $(LDFLAGS)
  LDLIBS   := $(LDLIBS)
 
@@ -89,3 +90,6 @@ index 8f7f3b4..6150129 100644
  endif
 
  install: all
+-- 
+2.32.0
+

layers/meta-balena-jetson/recipes-containers/libnvidia-container-tools/libnvidia-container-tools-0.10.0/0002-mk-common.mk-set-JETSON-variable-if-not-set-before.patch

@@ -0,0 +1,29 @@
+From aa71d4c097034cdcc0b0958d1c3f21da96cc4ead Mon Sep 17 00:00:00 2001
+From: Ilies CHERGUI <[email protected]>
+Date: Sun, 8 Aug 2021 21:22:14 +0100
+Subject: [PATCH 2/4] mk/common.mk: set JETSON variable if not set before
+ Changing the equal sign will allow modifying the variable using the
+ environment variables.
+
+Signed-off-by: Pablo Rodriguez Quesada <[email protected]>
+Signed-off-by: Ilies CHERGUI <[email protected]>
+---
+ mk/common.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mk/common.mk b/mk/common.mk
+index d6ef499..875e412 100644
+--- a/mk/common.mk
++++ b/mk/common.mk
+@@ -24,7 +24,7 @@ DATE     := $(shell date -u --iso-8601=minutes)
+ REVISION := $(shell git rev-parse HEAD)
+ COMPILER := $(realpath $(shell which $(CC)))
+ PLATFORM ?= $(shell uname -m)
+-JETSON   := TRUE
++JETSON   ?= TRUE
+
+ ifeq ($(DATE),)
+ $(error Invalid date format)
+-- 
+2.32.0
+

layers/meta-balena-jetson/recipes-containers/libnvidia-container-tools/libnvidia-container-tools-0.9.0/0003-Fix-mapping-of-library-paths-for-jetson-mounts.patch → layers/meta-balena-jetson/recipes-containers/libnvidia-container-tools/libnvidia-container-tools-0.10.0/0003-Fix-mapping-of-library-paths-for-jetson-mounts.patch

@@ -1,17 +1,19 @@
-From 2753ed9d92689dadc3f91643343735360818a6ea Mon Sep 17 00:00:00 2001
-From: Matt Madison <[email protected]>
-Date: Sat, 14 Mar 2020 07:16:38 -0700
-Subject: [PATCH] Fix mapping of library paths for jetson mounts
+From 08af34415b46e77e50cbc13846a74fda1352558f Mon Sep 17 00:00:00 2001
+From: Ilies CHERGUI <[email protected]>
+Date: Sun, 8 Aug 2021 21:40:36 +0100
+Subject: [PATCH 3/4] Fix mapping of library paths for jetson mounts
 
+Signed-off-by: Matt Madison <[email protected]>
+Signed-off-by: Ilies CHERGUI <[email protected]>
 ---
  Makefile           |  3 +-
- src/jetson_mount.c | 72 +++++++++++++++++++++++++++++++++++++++-------
+ src/jetson_mount.c | 70 ++++++++++++++++++++++++++++++++++++++++------
  src/jetson_mount.h |  2 +-
- src/nvc_mount.c    |  6 ++--
- 4 files changed, 66 insertions(+), 17 deletions(-)
+ src/nvc_mount.c    |  4 +--
+ 4 files changed, 65 insertions(+), 14 deletions(-)
 
 diff --git a/Makefile b/Makefile
-index 6150129..a574800 100644
+index 3f02b9d..d179986 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -113,9 +113,8 @@ LIB_PKGCFG  := $(LIB_NAME).pc
@@ -26,17 +28,22 @@ index 6150129..a574800 100644
              -Wall -Wextra -Wcast-align -Wpointer-arith -Wmissing-prototypes -Wnonnull \
              -Wwrite-strings -Wlogical-op -Wformat=2 -Wmissing-format-attribute -Winit-self -Wshadow \
 diff --git a/src/jetson_mount.c b/src/jetson_mount.c
-index dff9c97..8d3e275 100644
+index 1c5d9de..5cf94c8 100644
 --- a/src/jetson_mount.c
 +++ b/src/jetson_mount.c
-@@ -18,28 +18,69 @@
+@@ -18,6 +18,9 @@
  #include "utils.h"
  #include "xfuncs.h"
  #include "jetson_mount.h"
 +#define stringify(s__) stringify__(s__)
 +#define stringify__(s__) #s__
 +static const char *hostlibdir = stringify(HOST_LIBDIR) "/";
 
+ static int
+ resolve_symlink(struct error *err, const char *src, char *dst)
+@@ -34,30 +37,69 @@ resolve_symlink(struct error *err, const char *src, char *dst)
+ }
+
  char **
 -mount_jetson_files(struct error *err, const char *root, const struct nvc_container *cnt, char *paths[], size_t size)
 +mount_jetson_files(struct error *err, const char *root, const struct nvc_container *cnt, const char *dir, char *paths[], size_t size)
@@ -53,11 +60,15 @@ index dff9c97..8d3e275 100644
 
          for (size_t i = 0; i < size; ++i) {
 +                int samepath = 0;
+                 if (!match_jetson_library_flags(paths[i], cnt->flags) &&
+                     !match_jetson_directory_flags(paths[i], cnt->flags))
+                         continue;
+
                  if (path_new(err, src, root) < 0)
                          goto fail;
 -                if (path_new(err, dst, cnt->cfg.rootfs) < 0)
 -                        goto fail;
--
+ 
 +                if (dir != NULL) {
 +                        size_t hostlibdirlen = strlen(hostlibdir);
 +                        /*
@@ -104,19 +115,22 @@ index dff9c97..8d3e275 100644
                          goto fail;
 
                  if (file_mode(err, src, &mode) < 0)
-@@ -71,22 +112,31 @@ create_jetson_symlinks(struct error *err, const char *root, const struct nvc_con
+@@ -89,25 +131,35 @@ create_jetson_symlinks(struct error *err, const char *root, const struct nvc_con
          char src[PATH_MAX];
          char src_lnk[PATH_MAX];
          char dst[PATH_MAX];
 +        char *file;
 
          for (size_t i = 0; i < size; ++i) {
 +                file = basename(paths[i]);
+                 if (!match_jetson_symlink_flags(paths[i], cnt->flags))
+                         continue;
+
                  if (path_new(err, src, root) < 0)
                          return (-1);
 -                if (path_new(err, dst, cnt->cfg.rootfs) < 0)
 -                        return (-1);
--
+ 
                  if (path_append(err, src, paths[i]) < 0)
                          return (-1);
 -                if (path_append(err, dst, paths[i]) < 0)
@@ -143,23 +157,23 @@ index dff9c97..8d3e275 100644
                          return (-1);
 
 diff --git a/src/jetson_mount.h b/src/jetson_mount.h
-index 76ade6a..a7b390f 100644
+index c11e6d3..b1af835 100644
 --- a/src/jetson_mount.h
 +++ b/src/jetson_mount.h
-@@ -11,7 +11,7 @@
- int resolve_symlink(struct error *, const char *, char *);
- void unmount(const char *);
+@@ -8,7 +8,7 @@
+ #include "nvc_internal.h"
+ #include "error.h"
 
 -char **mount_jetson_files(struct error *, const char *, const struct nvc_container *, char * [], size_t);
 +char **mount_jetson_files(struct error *, const char *, const struct nvc_container *, const char *, char * [], size_t);
  int create_jetson_symlinks(struct error *, const char *, const struct nvc_container *, char * [], size_t);
 
  #endif /* HEADER_JETSON_MOUNT_H */
 diff --git a/src/nvc_mount.c b/src/nvc_mount.c
-index 61af23d..67ac414 100644
+index fc2d0ec..8971e28 100644
 --- a/src/nvc_mount.c
 +++ b/src/nvc_mount.c
-@@ -486,15 +486,15 @@ nvc_driver_mount(struct nvc_context *ctx, const struct nvc_container *cnt, const
+@@ -477,7 +477,7 @@ nvc_driver_mount(struct nvc_context *ctx, const struct nvc_container *cnt, const
 
          log_info("mount jetson libraries");
          if (info->jetson->libs != NULL && info->jetson->nlibs > 0) {
@@ -168,13 +182,15 @@ index 61af23d..67ac414 100644
                          goto fail;
                  ptr = array_append(ptr, tmp, array_size(tmp));
                  free(tmp);
-         }
+@@ -485,7 +485,7 @@ nvc_driver_mount(struct nvc_context *ctx, const struct nvc_container *cnt, const
 
          log_info("mount jetson dirs");
--        if (info->jetson->libs != NULL && info->jetson->nlibs > 0) {
+         if (info->jetson->dirs != NULL && info->jetson->ndirs > 0) {
 -                if ((tmp = (const char **)mount_jetson_files(&ctx->err, ctx->cfg.root, cnt, info->jetson->dirs, info->jetson->ndirs)) == NULL)
-+        if (info->jetson->dirs != NULL && info->jetson->ndirs > 0) {
 +                if ((tmp = (const char **)mount_jetson_files(&ctx->err, ctx->cfg.root, cnt, NULL, info->jetson->dirs, info->jetson->ndirs)) == NULL)
                          goto fail;
                  ptr = array_append(ptr, tmp, array_size(tmp));
                  free(tmp);
+-- 
+2.32.0
+

layers/meta-balena-jetson/recipes-containers/libnvidia-container-tools/libnvidia-container-tools-0.10.0/0004-Fix-build.h-generation-for-cross-builds.patch

@@ -0,0 +1,44 @@
+From 9cb99609be811ce0a1b5a53ad01b1ab86f0eefa8 Mon Sep 17 00:00:00 2001
+From: Ilies CHERGUI <[email protected]>
+Date: Sun, 8 Aug 2021 21:45:09 +0100
+Subject: [PATCH 4/4] Fix build.h generation for cross builds
+
+Signed-off-by: Matt Madison <[email protected]>
+Signed-off-by: Ilies CHERGUI <[email protected]>
+---
+ Makefile     | 4 ++++
+ mk/common.mk | 2 +-
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index d179986..a2aaf17 100644
+--- a/Makefile
++++ b/Makefile
+@@ -177,7 +177,11 @@ DEPENDENCIES   := $(BIN_OBJS:%.o=%.d) $(LIB_OBJS:%.lo=%.d)
+ $(BUILD_DEFS):
+ 	@printf '#define BUILD_DATE     "%s"\n' '$(strip $(DATE))' >$(BUILD_DEFS)
+ 	@printf '#define BUILD_COMPILER "%s " __VERSION__\n' '$(notdir $(COMPILER))' >>$(BUILD_DEFS)
++ifeq ($(EXCLUDE_BUILD_FLAGS),)
+ 	@printf '#define BUILD_FLAGS    "%s"\n' '$(strip $(CPPFLAGS) $(CFLAGS) $(LDFLAGS))' >>$(BUILD_DEFS)
++else
++	@printf '#define BUILD_FLAGS    ""\n' >>$(BUILD_DEFS)
++endif
+ 	@printf '#define BUILD_REVISION "%s"\n' '$(strip $(REVISION))' >>$(BUILD_DEFS)
+ 	@printf '#define BUILD_PLATFORM "%s"\n' '$(strip $(PLATFORM))' >>$(BUILD_DEFS)
+
+diff --git a/mk/common.mk b/mk/common.mk
+index 875e412..f8170de 100644
+--- a/mk/common.mk
++++ b/mk/common.mk
+@@ -22,7 +22,7 @@ UID      := $(shell id -u)
+ GID      := $(shell id -g)
+ DATE     := $(shell date -u --iso-8601=minutes)
+ REVISION := $(shell git rev-parse HEAD)
+-COMPILER := $(realpath $(shell which $(CC)))
++COMPILER := $(realpath $(shell which $(firstword $(CC))))
+ PLATFORM ?= $(shell uname -m)
+ JETSON   ?= TRUE
+
+-- 
+2.32.0
+

layers/meta-balena-jetson/recipes-containers/libnvidia-container-tools/libnvidia-container-tools-0.10.0/0005-Update-makefile-for-statically-linking-external-libt.patch

@@ -0,0 +1,27 @@
+From 8302198ab0e2bfe9709b747d24cfca79753ed706 Mon Sep 17 00:00:00 2001
+From: Matt Madison <[email protected]>
+Date: Mon, 18 Oct 2021 02:43:19 -0700
+Subject: [PATCH] Update makefile for statically linking external libtirpc
+
+Signed-off-by: Matt Madison <[email protected]>
+---
+ Makefile | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index a2aaf17..231a4ad 100644
+--- a/Makefile
++++ b/Makefile
+@@ -127,9 +127,9 @@ LDLIBS   := $(LDLIBS)
+ # Library flags (recursively expanded to handle target-specific flags)
+ LIB_CPPFLAGS       = -DNV_LINUX -isystem $(DEPS_DIR)$(includedir) -include $(BUILD_DEFS)
+ LIB_CFLAGS         = -fPIC
+-LIB_LDFLAGS        = -L$(DEPS_DIR)$(libdir) -shared -Wl,-soname=$(LIB_SONAME)
+-LIB_LDLIBS_STATIC  = -l:libnvidia-modprobe-utils.a
+-LIB_LDLIBS_SHARED  = -ldl -lcap -ltirpc
++LIB_LDFLAGS        = -shared -Wl,-soname=$(LIB_SONAME)
++LIB_LDLIBS_STATIC  = -L$(DEPS_DIR)$(libdir) -l:libnvidia-modprobe-utils.a -L=$(libdir) -l:libtirpc.a
++LIB_LDLIBS_SHARED  = -ldl -lcap -lpthread
+ ifeq ($(WITH_LIBELF), yes)
+ LIB_CPPFLAGS       += -DWITH_LIBELF
+ LIB_LDLIBS_SHARED  += -lelf

layers/meta-balena-jetson/recipes-containers/libnvidia-container-tools/libnvidia-container-tools-0.10.0/0006-common.mk-Add-current-directory-as-git-safe-director.patch

@@ -0,0 +1,31 @@
+From: Alex Gonzalez <[email protected]>
+Date: Fri, 17 Jun 2022 14:50:13 +0200
+Subject: [PATCH] common.mk: Add current directory as git safe directory
+
+The security vulnerability CVE-2022-24765 was fixed in git v2.35.2 enforces
+new access controls. This has been addressed in newer Poky versions with
+the addition of a git-intercept script.
+(see 4d7383aefb391a5a998454c70feb96127951ca0a)
+
+Until then, patch the build scripts to configure the working directory
+as safe.
+
+Upstream-Status: Inappropriate (upstream uses git intercept)
+Signed-off-by: Alex Gonzalez <[email protected]>
+---
+ mk/common.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mk/common.mk b/mk/common.mk
+index f8170de83a66..346b09da03b9 100644
+--- a/mk/common.mk
++++ b/mk/common.mk
+@@ -21,7 +21,7 @@ DOCKER   ?= docker
+ UID      := $(shell id -u)
+ GID      := $(shell id -g)
+ DATE     := $(shell date -u --iso-8601=minutes)
+-REVISION := $(shell git rev-parse HEAD)
++REVISION := $(shell git config --global --add safe.directory ${PWD} && git rev-parse HEAD)
+ COMPILER := $(realpath $(shell which $(firstword $(CC))))
+ PLATFORM ?= $(shell uname -m)
+ JETSON   ?= TRUE