Ubuntu
nvidia-graphics-drivers-535-server package

Provide all available pkcs11 userspace binaries for container consumption

Bug #2052967 reported by Dimitri John Ledkov
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nvidia-graphics-drivers-535 (Ubuntu)
Fix Released
Undecided
Unassigned
Bionic
New
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Undecided
Unassigned
Mantic
Fix Released
Undecided
Unassigned
Noble
Fix Released
Undecided
Unassigned
nvidia-graphics-drivers-535-server (Ubuntu)
Fix Released
Undecided
Unassigned
Bionic
New
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Undecided
Unassigned
Mantic
Fix Released
Undecided
Unassigned
Noble
Fix Released
Undecided
Unassigned

Bug Description

[ Impact ]

 * NVIDIA ERD drivers provide userspace libraries for consumption.
 * One of them is pkcs11 plugin compiled against openssl v3 or openssl v1.1 abi
 * A host system only needs one of them, that matches the host os OpenSSL ABI
 * However, if a given host system launches containers of a different releases series, it may require the other abi pkcs11 plugin.
 * It is common to pass userspace libraries from host to container guest (i.e. docker, k8s, lxd all have tooling to do so).
 * Thus to better support running ancient and obsolete containers on modern hostos; or vice versa run modern containers on ancient hostos; ship both variants of the library always in the ERD drivers.
 * Most urgently this affects the longterm ERD driver production branch 535-server
 * Shipping this update as packaging revision only, allows releasing this update without rebuilding LRM packages.

[ Test Plan ]

 * Observe that ERD driver packages ship all available libnvidia-pkcs11-openssl*.so* libraries
 * Check that launching a docker container with userspace libraries passthrough results in both available in the guest
 * Ensuring that matching libssl/libcrypto is available in the guest container, remains exercise for the container operator.

[ Where problems could occur ]

 * Lintian warnings will be generated w.r.t. missing library dependencies
 * One must ensure shlib dependency is not generated for the other library, as those will not be satisfied.

[ Other Info ]

 * All other projects that try to be universal against multiple openssl ABIs typically use dlopen and make appropriate function calls from a single library build. I encourage NVIDIA upstream to adapt this strategy. A C language example of achieving this, licensed under MIT license, is available here https://github.com/golang-fips/openssl

Dimitri John Ledkov (xnox)
Changed in nvidia-graphics-drivers-535-server (Ubuntu Noble):
status: New → Fix Committed
Changed in nvidia-graphics-drivers-535-server (Ubuntu Mantic):
status: New → In Progress
Changed in nvidia-graphics-drivers-535-server (Ubuntu Jammy):
status: New → In Progress
Changed in nvidia-graphics-drivers-535-server (Ubuntu Focal):
status: New → In Progress
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Dimitri, or anyone else affected,

Accepted nvidia-graphics-drivers-535-server into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-535-server/535.154.05-0ubuntu0.23.10.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-mantic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in nvidia-graphics-drivers-535-server (Ubuntu Mantic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-mantic
Changed in nvidia-graphics-drivers-535-server (Ubuntu Jammy):
status: In Progress → Fix Committed
tags: added: verification-needed-jammy
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello Dimitri, or anyone else affected,

Accepted nvidia-graphics-drivers-535-server into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-535-server/535.154.05-0ubuntu0.22.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Brian Murray (brian-murray) wrote :

Hello Dimitri, or anyone else affected,

Accepted nvidia-graphics-drivers-535-server into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-535-server/535.154.05-0ubuntu0.20.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in nvidia-graphics-drivers-535-server (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (nvidia-graphics-drivers-535-server/535.154.05-0ubuntu0.23.10.2)

All autopkgtests for the newly accepted nvidia-graphics-drivers-535-server (535.154.05-0ubuntu0.23.10.2) for mantic have finished running.
The following regressions have been reported in tests triggered by the package:

pyopencl/2023.1.1-1 (arm64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/mantic/update_excuses.html#nvidia-graphics-drivers-535-server

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

535-server is verified on focal and up; it contains correctly two pkcs11 .so libraries.

535 will be fixed with next new upstream release.

tags: added: verification-done verification-done-focal verification-done-jammy verification-done-mantic
removed: verification-needed verification-needed-focal verification-needed-jammy verification-needed-mantic
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-535-server - 535.154.05-0ubuntu0.20.04.2

---------------
nvidia-graphics-drivers-535-server (535.154.05-0ubuntu0.20.04.2) focal; urgency=medium

  * Install all ABI builds of the libnvidia-pkcs11 plugin for host/container compatibility.
    (LP: #2052967)

 -- Dimitri John Ledkov <email address hidden> Tue, 13 Feb 2024 14:09:25 +0000

Changed in nvidia-graphics-drivers-535-server (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Andy Whitcroft (apw) wrote : Update Released

The verification of the Stable Release Update for nvidia-graphics-drivers-535-server has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-535-server - 535.154.05-0ubuntu0.22.04.2

---------------
nvidia-graphics-drivers-535-server (535.154.05-0ubuntu0.22.04.2) jammy; urgency=medium

  * Install all ABI builds of the libnvidia-pkcs11 plugin for host/container compatibility.
    (LP: #2052967)

 -- Dimitri John Ledkov <email address hidden> Tue, 13 Feb 2024 14:07:58 +0000

Changed in nvidia-graphics-drivers-535-server (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-535-server - 535.154.05-0ubuntu0.23.10.2

---------------
nvidia-graphics-drivers-535-server (535.154.05-0ubuntu0.23.10.2) mantic; urgency=medium

  * Install all ABI builds of the libnvidia-pkcs11 plugin for host/container compatibility.
    (LP: #2052967)

 -- Dimitri John Ledkov <email address hidden> Tue, 13 Feb 2024 13:56:53 +0000

Changed in nvidia-graphics-drivers-535-server (Ubuntu Mantic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-535 - 535.161.07-0ubuntu0.20.04.1

---------------
nvidia-graphics-drivers-535 (535.161.07-0ubuntu0.20.04.1) focal; urgency=medium

  * New upstream release (LP: #2054571)
  * Install all ABI builds of the libnvidia-pkcs11 plugin for host/container compatibility.
    (LP: #2052967)

 -- Dimitri John Ledkov <email address hidden> Thu, 22 Feb 2024 18:26:30 +0000

Changed in nvidia-graphics-drivers-535 (Ubuntu Focal):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-535 - 535.161.07-0ubuntu0.22.04.1

---------------
nvidia-graphics-drivers-535 (535.161.07-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream release (LP: #2054571)
  * Install all ABI builds of the libnvidia-pkcs11 plugin for host/container compatibility.
    (LP: #2052967)

 -- Dimitri John Ledkov <email address hidden> Thu, 22 Feb 2024 18:26:03 +0000

Changed in nvidia-graphics-drivers-535 (Ubuntu Jammy):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-535 - 535.161.07-0ubuntu0.23.10.1

---------------
nvidia-graphics-drivers-535 (535.161.07-0ubuntu0.23.10.1) mantic; urgency=medium

  * New upstream release (LP: #2054571)
  * Install all ABI builds of the libnvidia-pkcs11 plugin for host/container compatibility.
    (LP: #2052967)

 -- Dimitri John Ledkov <email address hidden> Thu, 22 Feb 2024 18:25:32 +0000

Changed in nvidia-graphics-drivers-535 (Ubuntu Mantic):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-535-server - 535.161.07-0ubuntu2

---------------
nvidia-graphics-drivers-535-server (535.161.07-0ubuntu2) noble; urgency=medium

  * remove debian/dkms_nvidia/patches/buildfix_kernel_6.8-nv_drm_ioctls-DRM_UNLOCKED-is-now-the-default-behavi.patch
  * remove debian/dkms_nvidia/patches/buildfix_kernel_6.8-gpl-pfn_valid.patch

 -- Kuba Pawlak <email address hidden> Thu, 29 Feb 2024 18:54:31 +0100

Changed in nvidia-graphics-drivers-535-server (Ubuntu Noble):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-535 - 535.161.07-0ubuntu3

---------------
nvidia-graphics-drivers-535 (535.161.07-0ubuntu3) noble; urgency=medium

  * Disable 6.8 buildfix patches
    -debian/dkms_nvidia/patches/buildfix_kernel_6.8-nv_drm_ioctls-DRM_UNLOCKED-is-now-the-default-behavi.patch
    -debian/dkms_nvidia/patches/buildfix_kernel_6.8-gpl-pfn_valid.patch

 -- Ian May <email address hidden> Wed, 28 Feb 2024 16:50:45 -0600

Changed in nvidia-graphics-drivers-535 (Ubuntu Noble):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.