Normalize NVIDIA library paths to /usr/lib/

[maherthomsi]

Merge with bottlerocket-os/bottlerocket-kernel-kit#425

Description of changes:

Normalize NVIDIA library paths in containers so libraries appear at /usr/lib/ instead of the Bottlerocket cross-compilation sysroot path (/x86_64-bottlerocket-linux-gnu/sys-root/usr/lib/).

• nvidia-container-toolkit: Add --additional-symlinks flag patch to nvidia-ctk cdi generate that creates backwards-compatibility symlinks in a specified directory pointing to each discovered library. Configure generate-cdi-specs.service with --additional-symlinks /usr/lib/nvidia/tesla.
• nvidia-k8s-device-plugin: Set containerDriverRoot to the Bottlerocket sysroot path so the device plugin discovers libraries correctly and generates CDI specs with normalized /usr/lib/ container paths. Enable CreateLibSymlinksHook via patch 1002 so the device plugin's CDI spec includes backwards-compat symlinks. Add --cdi-enabled-hooks create-lib-symlinks to the exec-start template to pass the hook enablement through the systemd drop-in. Fix containerDriverRoot macro expansion from %{_cross_sysroot} (undefined) to /%{_target_cpu}-bottlerocket-linux-gnu/sys-root.

Result: containers see libraries at /usr/lib/libcuda.so.580.159.03 with backwards-compat symlinks at /usr/lib/nvidia/tesla/libcuda.so.580.159.03 pointing to /usr/lib/libcuda.so.580.159.03.

Note: Backwards-compat symlinks are supported in cdi-cri mode (the default device-list-strategy). The legacy volume-mounts mode does not use CDI hooks and therefore does not create symlinks in containers.

Testing done:

• Built core-kit for x86_64, published, and built aws-k8s-1.35-nvidia variant AMI
• Launched g6.xlarge node on EKS cluster in ap-northeast-1
• Verified containerDriverRoot resolves to /x86_64-bottlerocket-linux-gnu/sys-root
• Verified device plugin starts and registers GPUs with kubelet
• Verified nvidia-smi works in container
• Verified libraries at /usr/lib/ inside container
• Verified backwards-compat symlinks at /usr/lib/nvidia/tesla/ point to /usr/lib/
• Verified generate-cdi-specs.service passes on boot
• Verified CDI spec at /var/run/cdi/ includes symlink hooks
• Verified ldconfig resolves libcuda.so.1 on host
• Verified no ld.so.conf.d entry needed (libs in standard path)
• Verified nvidia-smi works on host (dlopen via both paths)
• Tested negative case: without --cdi-enabled-hooks, symlinks do not appear in containers
• Ran nvidia smoke tests - all passed

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

[maherthomsi]

Added Signed off by to commits

[arnaldo2792]

This is not correct, you are hardcoding the path for both arches. If this is the way to go from now on, you will have to make this file an "input" templated file. Similar to what was done in the files you removed from the kernel kit.

[maherthomsi]

Force-push: Added --cdi-enabled-hooks create-lib-symlinks to exec-start template

[arnaldo2792]

%{__target_cpu} is not the correct macro, you should use %{_cross_arch}

[KCSesh]

Nit: Please call out in the future variant releases, we will remove this symlink. This is a change for existing variants 👍