From f8f506fd856a79a66dd7125e1dbf743a21f6b5e1 Mon Sep 17 00:00:00 2001
From: Evan Lezar <elezar@nvidia.com>
Date: Fri, 8 Nov 2024 16:00:26 -0800
Subject: [PATCH 1/6] Bump version for v1.17.1 release

Signed-off-by: Evan Lezar <elezar@nvidia.com>
---
 CHANGELOG.md | 8 ++++++++
 versions.mk  | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 458d5db8..d6479467 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # NVIDIA Container Toolkit Changelog
 
+## v1.17.1
+- Fixed a bug where specific symlinks existing in a container image could cause a container to fail to start.
+- Fixed a bug on Tegra-based systems where a container would fail to start.
+- Fixed a bug where the default container runtime config path was not properly set.
+
+### Changes in the Toolkit Container
+- Fallback to using a config file if the current runtime config can not be determined from the command line.
+
 ## v1.17.0
 - Promote v1.17.0-rc.2 to v1.17.0
 - Fix bug when using just-in-time CDI spec generation
diff --git a/versions.mk b/versions.mk
index e302c18c..a8047ebe 100644
--- a/versions.mk
+++ b/versions.mk
@@ -13,7 +13,7 @@
 # limitations under the License.
 
 LIB_NAME := nvidia-container-toolkit
-LIB_VERSION := 1.17.0
+LIB_VERSION := 1.17.1
 LIB_TAG :=
 
 # The package version is the combination of the library version and tag.

From 70261d84f1dcfa79429e37d937428df5e682bd99 Mon Sep 17 00:00:00 2001
From: Evan Lezar <elezar@nvidia.com>
Date: Fri, 15 Nov 2024 10:59:27 -0700
Subject: [PATCH 2/6] Bump version for v1.17.2 release

Signed-off-by: Evan Lezar <elezar@nvidia.com>
---
 CHANGELOG.md | 3 +++
 versions.mk  | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d6479467..1df137cc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # NVIDIA Container Toolkit Changelog
 
+## v1.17.2
+- Fixed a bug where legacy images would set imex channels as `all`.
+
 ## v1.17.1
 - Fixed a bug where specific symlinks existing in a container image could cause a container to fail to start.
 - Fixed a bug on Tegra-based systems where a container would fail to start.
diff --git a/versions.mk b/versions.mk
index a8047ebe..7b8a14a5 100644
--- a/versions.mk
+++ b/versions.mk
@@ -13,7 +13,7 @@
 # limitations under the License.
 
 LIB_NAME := nvidia-container-toolkit
-LIB_VERSION := 1.17.1
+LIB_VERSION := 1.17.2
 LIB_TAG :=
 
 # The package version is the combination of the library version and tag.

From 9318aaf275c6d85b4cbf26280a38ae94edb15173 Mon Sep 17 00:00:00 2001
From: Evan Lezar <elezar@nvidia.com>
Date: Tue, 26 Nov 2024 13:52:15 +0100
Subject: [PATCH 3/6] Bump version for v1.17.3 release

Signed-off-by: Evan Lezar <elezar@nvidia.com>
---
 CHANGELOG.md | 3 +++
 versions.mk  | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1df137cc..d82c0b5d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # NVIDIA Container Toolkit Changelog
 
+## v1.17.3
+- Only allow host-relative LDConfig paths by default.
+
 ## v1.17.2
 - Fixed a bug where legacy images would set imex channels as `all`.
 
diff --git a/versions.mk b/versions.mk
index 7b8a14a5..f2d8f71c 100644
--- a/versions.mk
+++ b/versions.mk
@@ -13,7 +13,7 @@
 # limitations under the License.
 
 LIB_NAME := nvidia-container-toolkit
-LIB_VERSION := 1.17.2
+LIB_VERSION := 1.17.3
 LIB_TAG :=
 
 # The package version is the combination of the library version and tag.

From 22035d4561666a78f0117f8837ac6ebba6a6bf65 Mon Sep 17 00:00:00 2001
From: Evan Lezar <elezar@nvidia.com>
Date: Wed, 4 Dec 2024 10:44:40 +0100
Subject: [PATCH 4/6] [no-relnote] Update changelog

Signed-off-by: Evan Lezar <elezar@nvidia.com>
---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d82c0b5d..2a3c36e1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## v1.17.3
 - Only allow host-relative LDConfig paths by default.
+### Changes in libnvidia-container
+- Create virtual copy of host ldconfig binary before calling fexecve()
 
 ## v1.17.2
 - Fixed a bug where legacy images would set imex channels as `all`.

From 1330467652f0d58b97a2747596987b6d5362bfc1 Mon Sep 17 00:00:00 2001
From: Evan Lezar <elezar@nvidia.com>
Date: Wed, 4 Dec 2024 12:40:07 +0100
Subject: [PATCH 5/6] [no-relnote] Update dependabot

Signed-off-by: Evan Lezar <elezar@nvidia.com>
---
 .github/dependabot.yml | 127 ++++++++++++++++++++++++++++-------------
 1 file changed, 86 insertions(+), 41 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 3ca93494..2a02ca58 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,63 +3,42 @@
 
 version: 2
 updates:
+# main branch
   - package-ecosystem: "gomod"
     target-branch: main
-    directory: "/"
-    schedule:
-      interval: "weekly"
-      day: "sunday"
-    ignore:
-    - dependency-name: k8s.io/*
-    labels:
-    - dependencies
-
-  - package-ecosystem: "docker"
-    target-branch: main
-    directory: "/deployments/container"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "gomod"
-    # This defines a specific dependabot rule for the latest release-* branch.
-    target-branch: release-1.16
-    directory: "/"
-    schedule:
-      interval: "weekly"
-      day: "sunday"
-    ignore:
-    - dependency-name: k8s.io/*
-    labels:
-    - dependencies
-    - maintenance
-
-  - package-ecosystem: "docker"
-    target-branch: release-1.16
-    directory: "/deployments/container"
+    directories:
+    - "/"
+    - "deployments/devel"
     schedule:
       interval: "daily"
     labels:
     - dependencies
-    - maintenance
+    groups:
+      k8sio:
+        patterns:
+        - k8s.io/*
+        exclude-patterns:
+        - k8s.io/klog/*
 
-  - package-ecosystem: "gomod"
-    target-branch: main
-    directory: "deployments/devel"
-    schedule:
-      interval: "weekly"
-      day: "sunday"
-
-  # A dependabot rule to bump the golang version.
   - package-ecosystem: "docker"
     target-branch: main
-    directory: "/deployments/devel"
+    directories:
+    # CUDA image
+    - "/deployments/container"
+    # Golang version
+    - "/deployments/devel"
     schedule:
       interval: "daily"
+    labels:
+    - dependencies
 
   - package-ecosystem: "github-actions"
+    target-branch: main
     directory: "/"
     schedule:
       interval: "daily"
+    labels:
+    - dependencies
 
   # Allow dependabot to update the libnvidia-container submodule.
   - package-ecosystem: "gitsubmodule"
@@ -72,3 +51,69 @@ updates:
     labels:
     - dependencies
     - libnvidia-container
+
+# The release branch(es):
+  - package-ecosystem: "gomod"
+    target-branch: release-1.17
+    directories:
+    - "/"
+    # We don't update development or test dependencies on release branches
+    # - "deployments/devel"
+    # - "tests"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+    labels:
+    - dependencies
+    - maintenance
+    ignore:
+    # For release branches we only consider patch updates.
+    - dependency-name: "*"
+      update-types:
+      - version-update:semver-major
+      - version-update:semver-minor
+    groups:
+      k8sio:
+        patterns:
+        - k8s.io/*
+        exclude-patterns:
+        - k8s.io/klog/*
+
+  - package-ecosystem: "docker"
+    target-branch: release-1.17
+    directories:
+    # CUDA image
+    - "/deployments/container"
+    # Golang version
+    - "/deployments/devel"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+    ignore:
+    # For release branches we only apply patch updates to the golang version.
+    - dependency-name: "*golang*"
+      update-types:
+      - version-update:semver-major
+      - version-update:semver-minor
+    labels:
+    - dependencies
+    - maintenance
+
+  - package-ecosystem: "github-actions"
+    target-branch: release-1.17
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+    labels:
+    - dependencies
+    - maintenance
+
+  # Github actions need to be gh-pages branches.
+  - package-ecosystem: "github-actions"
+    target-branch: gh-pages
+    directory: "/"
+    schedule:
+      interval: "daily"
+    labels:
+    - dependencies

From 784917a0d911fe572f35956e0d874d0db1002c7d Mon Sep 17 00:00:00 2001
From: Evan Lezar <elezar@nvidia.com>
Date: Wed, 4 Dec 2024 12:48:18 +0100
Subject: [PATCH 6/6] [no-relnote] Fix archive-packages script

Signed-off-by: Evan Lezar <elezar@nvidia.com>
---
 scripts/archive-packages.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scripts/archive-packages.sh b/scripts/archive-packages.sh
index 688513d8..8683c248 100755
--- a/scripts/archive-packages.sh
+++ b/scripts/archive-packages.sh
@@ -39,12 +39,15 @@ ARTIFACTORY_REPO=$1
 
 if [[ $# -eq 2 ]]; then
     REFERENCE=$2
-    SHA=$(git rev-parse --short=8 ${REFERENCE})
 elif [[ -z ${PACKAGE_IMAGE_TAG} ]]; then
     echo "Either PACKAGE_IMAGE_TAG or REFERENCE must be specified"
     assert_usage "$@"
+else
+    REFERENCE="HEAD"
 fi
 
+SHA=$(git rev-parse --short=8 ${REFERENCE})
+
 : ${CURL:=curl}
 
 : ${PACKAGE_IMAGE_NAME="registry.gitlab.com/nvidia/container-toolkit/container-toolkit/staging/container-toolkit"}