From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 0BF3E158041 for ; Sun, 7 Apr 2024 09:37:58 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E27FAE29F5; Sun, 7 Apr 2024 09:37:56 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7035EE29EC for ; Sun, 7 Apr 2024 09:37:56 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 960503432DC for ; Sun, 7 Apr 2024 09:37:55 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id C5AD414F8 for ; Sun, 7 Apr 2024 09:37:53 +0000 (UTC) From: "David Seifert" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "David Seifert" Message-ID: <1712482660.c6a96e9169b96c35d91263b113b334655f752e60.soap@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: dev-util/nvidia-cuda-toolkit/ X-VCS-Repository: repo/gentoo X-VCS-Files: dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-11.8.0-r4.ebuild dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.3.2.ebuild dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.4.0.ebuild X-VCS-Directories: dev-util/nvidia-cuda-toolkit/ X-VCS-Committer: soap X-VCS-Committer-Name: David Seifert X-VCS-Revision: c6a96e9169b96c35d91263b113b334655f752e60 X-VCS-Branch: master Date: Sun, 7 Apr 2024 09:37:53 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: ca2a81bd-63f2-42ae-99cc-78ce6e474819 X-Archives-Hash: fba1a273361eb0c92b1c3972d28451e6 commit: c6a96e9169b96c35d91263b113b334655f752e60 Author: David Seifert gentoo org> AuthorDate: Sun Apr 7 09:37:40 2024 +0000 Commit: David Seifert gentoo org> CommitDate: Sun Apr 7 09:37:40 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6a96e91 dev-util/nvidia-cuda-toolkit: add CMake sandbox workaround to all versions Closes: https://bugs.gentoo.org/926116 Signed-off-by: David Seifert gentoo.org> .../nvidia-cuda-toolkit-11.8.0-r4.ebuild | 9 +++++++-- .../nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.3.2.ebuild | 6 ++++++ .../nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.4.0.ebuild | 14 +------------- 3 files changed, 14 insertions(+), 15 deletions(-) diff --git a/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-11.8.0-r4.ebuild b/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-11.8.0-r4.ebuild index ac16815eb2cc..521f32930215 100644 --- a/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-11.8.0-r4.ebuild +++ b/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-11.8.0-r4.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2023 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -230,7 +230,12 @@ src_install() { newins - 80${PN} <<-EOF SEARCH_DIRS_MASK="${ecudadir}" EOF - # TODO: Add pkgconfig files for installed libraries + + # https://bugs.gentoo.org/926116 + insinto /etc/sandbox.d + newins - 80${PN} <<-EOF + SANDBOX_PREDICT="/proc/self/task" + EOF } pkg_postinst_check() { diff --git a/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.3.2.ebuild b/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.3.2.ebuild index ab5253992784..c309bcd62476 100644 --- a/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.3.2.ebuild +++ b/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.3.2.ebuild @@ -276,6 +276,12 @@ src_install() { newins - 80${PN} <<-EOF SEARCH_DIRS_MASK="${ecudadir}" EOF + + # https://bugs.gentoo.org/926116 + insinto /etc/sandbox.d + newins - 80${PN} <<-EOF + SANDBOX_PREDICT="/proc/self/task" + EOF } pkg_postinst_check() { diff --git a/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.4.0.ebuild b/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.4.0.ebuild index 39914c80209d..681a1840c4be 100644 --- a/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.4.0.ebuild +++ b/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.4.0.ebuild @@ -279,19 +279,7 @@ src_install() { SEARCH_DIRS_MASK="${ecudadir}" EOF - # To address the sandbox errors encountered in packages with CUDA, - # such as those documented in https://bugs.gentoo.org/926116, it is - # necessary to modify the sandbox environment settings. This change - # specifically targets issues during the execution of - # CMakeDetermineCompilerABI_CUDA.bin, as observed in a range of - # software including caffe2, opencv, vtk, cholmod, and openvdb - # (refer to https://forums.gentoo.org/viewtopic-p-8789206.html). - # Granting access to /proc/self within the sandbox is essential for - # these applications to correctly determine the CUDA compiler ABI - # without triggering sandbox violations. While opening up /proc/self - # may seem to have security implications, its impact is limited as - # it only exposes information about the processes inside the same - # sandbox environment. The proposed configuration is as follows: + # https://bugs.gentoo.org/926116 insinto /etc/sandbox.d newins - 80${PN} <<-EOF SANDBOX_PREDICT="/proc/self/task"