commit: 9c1e2bb5e15c833363367382e9f1c44b9eeae0a0 Author: Ionen Wolkens <ionen <AT> gentoo <DOT> org> AuthorDate: Sun Jun 4 10:47:05 2023 +0000 Commit: Ionen Wolkens <ionen <AT> gentoo <DOT> org> CommitDate: Sun Jun 4 13:35:43 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9c1e2bb5
x11-drivers/nvidia-drivers: use sandbox.d for /dev/nvidiactl+/dev/char /dev/nvidiactl been a long standing issue, sometime appearing in sneaky ways when a revdeps is built with opencl/cuda support even though the package itself does not use it. And /dev/char is newly needed with >=nvidia-drivers-525.105.17 or >=535.43.02, but not 530.41.03. The production branch's 525.105.17 is newer than ~arch's long-living 530 and led to this being overlooked until it hit stable (older stable 525.89.02 was not affected) and was unaware of this until rebuilt libomp[offload] with 535 today (note that 535.43.02 is unkeyworded, it's a beta). Need /dev/char rather than /dev/char/195:255 given it tries to remove + create a symlink and does not simply try to write there. This is not meant to be a full coverage of nvidia devices and only for those being a widespread problem. Special needs or addwrite (typically to run tests) should be handled manually or using cuda.eclass' cuda_add_sandbox. Adding /dev/char to all versions even if not needed *yet* just so it's not overlooked when nvidia spreads it to other branches (except 390 given it's EOL, not to mention has no cuda packages anymore). Bug: https://bugs.gentoo.org/904292 Bug: https://bugs.gentoo.org/905436 Closes: https://bugs.gentoo.org/904944 Signed-off-by: Ionen Wolkens <ionen <AT> gentoo.org> x11-drivers/nvidia-drivers/nvidia-drivers-390.157.ebuild | 7 +++++++ ...ivers-470.182.03.ebuild => nvidia-drivers-470.182.03-r1.ebuild} | 7 +++++++ ...ivers-515.105.01.ebuild => nvidia-drivers-515.105.01-r1.ebuild} | 7 +++++++ ...ivers-525.116.04.ebuild => nvidia-drivers-525.116.04-r1.ebuild} | 7 +++++++ ...drivers-525.47.26.ebuild => nvidia-drivers-525.47.26-r1.ebuild} | 7 +++++++ ...drivers-530.41.03.ebuild => nvidia-drivers-530.41.03-r1.ebuild} | 7 +++++++ ...drivers-535.43.02.ebuild => nvidia-drivers-535.43.02-r1.ebuild} | 7 +++++++ 7 files changed, 49 insertions(+) diff --git a/x11-drivers/nvidia-drivers/nvidia-drivers-390.157.ebuild b/x11-drivers/nvidia-drivers/nvidia-drivers-390.157.ebuild index 94e0026feef8..3f4ed7b4373b 100644 --- a/x11-drivers/nvidia-drivers/nvidia-drivers-390.157.ebuild +++ b/x11-drivers/nvidia-drivers/nvidia-drivers-390.157.ebuild @@ -518,6 +518,13 @@ https://wiki.gentoo.org/wiki/NVIDIA/nvidia-drivers"; # symlink non-versioned so nvidia-settings can use it even if misdetected dosym nvidia-application-profiles-${PV}-key-documentation \ ${paths[APPLICATION_PROFILE]}/nvidia-application-profiles-key-documentation + + # sandbox issues with /dev/nvidiactl are widespread and sometime + # affect revdeps of packages built with USE=opencl/cuda making it + # hard to manage in ebuilds (minimal set, ebuilds should handle + # manually if need others or addwrite) + insinto /etc/sandbox.d + newins - 20nvidia <<<'SANDBOX_PREDICT="/dev/nvidiactl"' } pkg_preinst() { diff --git a/x11-drivers/nvidia-drivers/nvidia-drivers-470.182.03.ebuild b/x11-drivers/nvidia-drivers/nvidia-drivers-470.182.03-r1.ebuild similarity index 98% rename from x11-drivers/nvidia-drivers/nvidia-drivers-470.182.03.ebuild rename to x11-drivers/nvidia-drivers/nvidia-drivers-470.182.03-r1.ebuild index 0d0e1a3a178d..e9d5a5757f02 100644 --- a/x11-drivers/nvidia-drivers/nvidia-drivers-470.182.03.ebuild +++ b/x11-drivers/nvidia-drivers/nvidia-drivers-470.182.03-r1.ebuild @@ -500,6 +500,13 @@ https://wiki.gentoo.org/wiki/NVIDIA/nvidia-drivers"; # don't attempt to strip firmware files (silences errors) dostrip -x ${paths[FIRMWARE]} + + # sandbox issues with /dev/nvidiactl (and /dev/char wrt bug #904292) + # are widespread and sometime affect revdeps of packages built with + # USE=opencl/cuda making it hard to manage in ebuilds (minimal set, + # ebuilds should handle manually if need others or addwrite) + insinto /etc/sandbox.d + newins - 20nvidia <<<'SANDBOX_PREDICT="/dev/nvidiactl:/dev/char"' } pkg_preinst() { diff --git a/x11-drivers/nvidia-drivers/nvidia-drivers-515.105.01.ebuild b/x11-drivers/nvidia-drivers/nvidia-drivers-515.105.01-r1.ebuild similarity index 98% rename from x11-drivers/nvidia-drivers/nvidia-drivers-515.105.01.ebuild rename to x11-drivers/nvidia-drivers/nvidia-drivers-515.105.01-r1.ebuild index f7417cec22da..50175f4e17e3 100644 --- a/x11-drivers/nvidia-drivers/nvidia-drivers-515.105.01.ebuild +++ b/x11-drivers/nvidia-drivers/nvidia-drivers-515.105.01-r1.ebuild @@ -550,6 +550,13 @@ https://wiki.gentoo.org/wiki/NVIDIA/nvidia-drivers"; # don't attempt to strip firmware files (silences errors) dostrip -x ${paths[FIRMWARE]} + + # sandbox issues with /dev/nvidiactl (and /dev/char wrt bug #904292) + # are widespread and sometime affect revdeps of packages built with + # USE=opencl/cuda making it hard to manage in ebuilds (minimal set, + # ebuilds should handle manually if need others or addwrite) + insinto /etc/sandbox.d + newins - 20nvidia <<<'SANDBOX_PREDICT="/dev/nvidiactl:/dev/char"' } pkg_preinst() { diff --git a/x11-drivers/nvidia-drivers/nvidia-drivers-525.116.04.ebuild b/x11-drivers/nvidia-drivers/nvidia-drivers-525.116.04-r1.ebuild similarity index 98% rename from x11-drivers/nvidia-drivers/nvidia-drivers-525.116.04.ebuild rename to x11-drivers/nvidia-drivers/nvidia-drivers-525.116.04-r1.ebuild index 6ae8b90eb1a9..ce05c7a71043 100644 --- a/x11-drivers/nvidia-drivers/nvidia-drivers-525.116.04.ebuild +++ b/x11-drivers/nvidia-drivers/nvidia-drivers-525.116.04-r1.ebuild @@ -548,6 +548,13 @@ https://wiki.gentoo.org/wiki/NVIDIA/nvidia-drivers"; # don't attempt to strip firmware files (silences errors) dostrip -x ${paths[FIRMWARE]} + + # sandbox issues with /dev/nvidiactl (and /dev/char wrt bug #904292) + # are widespread and sometime affect revdeps of packages built with + # USE=opencl/cuda making it hard to manage in ebuilds (minimal set, + # ebuilds should handle manually if need others or addwrite) + insinto /etc/sandbox.d + newins - 20nvidia <<<'SANDBOX_PREDICT="/dev/nvidiactl:/dev/char"' } pkg_preinst() { diff --git a/x11-drivers/nvidia-drivers/nvidia-drivers-525.47.26.ebuild b/x11-drivers/nvidia-drivers/nvidia-drivers-525.47.26-r1.ebuild similarity index 98% rename from x11-drivers/nvidia-drivers/nvidia-drivers-525.47.26.ebuild rename to x11-drivers/nvidia-drivers/nvidia-drivers-525.47.26-r1.ebuild index e20c5bdc0474..dd901326817b 100644 --- a/x11-drivers/nvidia-drivers/nvidia-drivers-525.47.26.ebuild +++ b/x11-drivers/nvidia-drivers/nvidia-drivers-525.47.26-r1.ebuild @@ -549,6 +549,13 @@ https://wiki.gentoo.org/wiki/NVIDIA/nvidia-drivers"; # don't attempt to strip firmware files (silences errors) dostrip -x ${paths[FIRMWARE]} + + # sandbox issues with /dev/nvidiactl (and /dev/char wrt bug #904292) + # are widespread and sometime affect revdeps of packages built with + # USE=opencl/cuda making it hard to manage in ebuilds (minimal set, + # ebuilds should handle manually if need others or addwrite) + insinto /etc/sandbox.d + newins - 20nvidia <<<'SANDBOX_PREDICT="/dev/nvidiactl:/dev/char"' } pkg_preinst() { diff --git a/x11-drivers/nvidia-drivers/nvidia-drivers-530.41.03.ebuild b/x11-drivers/nvidia-drivers/nvidia-drivers-530.41.03-r1.ebuild similarity index 98% rename from x11-drivers/nvidia-drivers/nvidia-drivers-530.41.03.ebuild rename to x11-drivers/nvidia-drivers/nvidia-drivers-530.41.03-r1.ebuild index 5cf130c784c0..c1a57acccc87 100644 --- a/x11-drivers/nvidia-drivers/nvidia-drivers-530.41.03.ebuild +++ b/x11-drivers/nvidia-drivers/nvidia-drivers-530.41.03-r1.ebuild @@ -462,6 +462,13 @@ https://wiki.gentoo.org/wiki/NVIDIA/nvidia-drivers"; # don't attempt to strip firmware files (silences errors) dostrip -x ${paths[FIRMWARE]} + + # sandbox issues with /dev/nvidiactl (and /dev/char wrt bug #904292) + # are widespread and sometime affect revdeps of packages built with + # USE=opencl/cuda making it hard to manage in ebuilds (minimal set, + # ebuilds should handle manually if need others or addwrite) + insinto /etc/sandbox.d + newins - 20nvidia <<<'SANDBOX_PREDICT="/dev/nvidiactl:/dev/char"' } pkg_preinst() { diff --git a/x11-drivers/nvidia-drivers/nvidia-drivers-535.43.02.ebuild b/x11-drivers/nvidia-drivers/nvidia-drivers-535.43.02-r1.ebuild similarity index 98% rename from x11-drivers/nvidia-drivers/nvidia-drivers-535.43.02.ebuild rename to x11-drivers/nvidia-drivers/nvidia-drivers-535.43.02-r1.ebuild index 2d8cc12953fd..f17a5d471821 100644 --- a/x11-drivers/nvidia-drivers/nvidia-drivers-535.43.02.ebuild +++ b/x11-drivers/nvidia-drivers/nvidia-drivers-535.43.02-r1.ebuild @@ -482,6 +482,13 @@ https://wiki.gentoo.org/wiki/NVIDIA/nvidia-drivers"; # don't attempt to strip firmware files (silences errors) dostrip -x ${paths[FIRMWARE]} + + # sandbox issues with /dev/nvidiactl (and /dev/char wrt bug #904292) + # are widespread and sometime affect revdeps of packages built with + # USE=opencl/cuda making it hard to manage in ebuilds (minimal set, + # ebuilds should handle manually if need others or addwrite) + insinto /etc/sandbox.d + newins - 20nvidia <<<'SANDBOX_PREDICT="/dev/nvidiactl:/dev/char"' } pkg_preinst() {
