Replace github.com/container-orchestrated-devices/container-device-interface with tags.cncf.io

This also removes the indirect dependency on runc which has a CVE.

Signed-off-by: Evan Lezar <elezar@nvidia.com>

cmd/nvidia-ctk/cdi/generate/generate.go

@@ -22,14 +22,15 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/urfave/cli/v2"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/config"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/platform-support/tegra/csv"
 	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi"
 	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/spec"
 	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/transform"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/urfave/cli/v2"
 )
 
 const (

cmd/nvidia-ctk/cdi/list/list.go

@@ -19,9 +19,10 @@ package list
 import (
 	"fmt"
 
-	"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
 	"github.com/urfave/cli/v2"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+
+	"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
 )
 
 type command struct {

cmd/nvidia-ctk/cdi/transform/root/root.go

@@ -21,11 +21,12 @@ import (
 	"io"
 	"os"
 
+	"github.com/urfave/cli/v2"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
 	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/spec"
 	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/transform"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/urfave/cli/v2"
 )
 
 type loadSaver interface {

go.mod

@@ -4,9 +4,8 @@ go 1.20
 
 require (
 	github.com/NVIDIA/go-nvml v0.12.0-1
-	github.com/container-orchestrated-devices/container-device-interface v0.6.0
 	github.com/fsnotify/fsnotify v1.5.4
-	github.com/opencontainers/runtime-spec v1.1.0-rc.2
+	github.com/opencontainers/runtime-spec v1.1.0
 	github.com/pelletier/go-toml v1.9.4
 	github.com/sirupsen/logrus v1.9.0
 	github.com/stretchr/testify v1.8.1
@@ -14,6 +13,8 @@ require (
 	gitlab.com/nvidia/cloud-native/go-nvlib v0.0.0-20230818092907-09424fdc8884
 	golang.org/x/mod v0.5.0
 	golang.org/x/sys v0.7.0
+	tags.cncf.io/container-device-interface v0.6.2
+	tags.cncf.io/container-device-interface/specs-go v0.6.0
 )
 
 require (
@@ -21,7 +22,6 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
-	github.com/opencontainers/runc v1.1.6 // indirect
 	github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626 // indirect
 	github.com/opencontainers/selinux v1.11.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect

go.sum

@@ -3,8 +3,6 @@ github.com/NVIDIA/go-nvml v0.12.0-1 h1:6mdjtlFo+17dWL7VFPfuRMtf0061TF4DKls9pkSw6
 github.com/NVIDIA/go-nvml v0.12.0-1/go.mod h1:hy7HYeQy335x6nEss0Ne3PYqleRa6Ct+VKD9RQ4nyFs=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
-github.com/container-orchestrated-devices/container-device-interface v0.6.0 h1:aWwcz/Ep0Fd7ZuBjQGjU/jdPloM7ydhMW13h85jZNvk=
-github.com/container-orchestrated-devices/container-device-interface v0.6.0/go.mod h1:OQlgtJtDrOxSQ1BWODC8OZK1tzi9W69wek+Jy17ndzo=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -29,11 +27,9 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/mndrix/tap-go v0.0.0-20171203230836-629fa407e90b/go.mod h1:pzzDgJWZ34fGzaAZGFW22KVZDfyrYW+QABMrWnJBnSs=
 github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
-github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA=
-github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
 github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.1.0-rc.2 h1:ucBtEms2tamYYW/SvGpvq9yUN0NEVL6oyLEwDcTSrk8=
-github.com/opencontainers/runtime-spec v1.1.0-rc.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg=
+github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626 h1:DmNGcqH3WDbV5k8OJ+esPWbqUOX5rMLR2PMvziDMJi0=
 github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626/go.mod h1:BRHJJd0E+cx42OybVYSgUvZmU0B8P9gZuRXlZUP7TKI=
 github.com/opencontainers/selinux v1.9.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
@@ -75,8 +71,6 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
-gitlab.com/nvidia/cloud-native/go-nvlib v0.0.0-20230613182322-7663cf900f0a h1:lceJVurLqiWFdxK6KMDw+SIwrAsFW/af44XrNlbGw78=
-gitlab.com/nvidia/cloud-native/go-nvlib v0.0.0-20230613182322-7663cf900f0a/go.mod h1:KYZksBgh18o+uzgnpDazzG4LVYtnfB96VXHMXypEtik=
 gitlab.com/nvidia/cloud-native/go-nvlib v0.0.0-20230818092907-09424fdc8884 h1:V0LUbfm4kVA1CPG8FgG9AGZqa3ykE5U12Gd3PZgoItA=
 gitlab.com/nvidia/cloud-native/go-nvlib v0.0.0-20230818092907-09424fdc8884/go.mod h1:/x5Ky1ZJNyCjDkgSL1atII0EFKQF5WaIHKeP5nkaQfk=
 golang.org/x/mod v0.5.0 h1:UG21uOlmZabA4fW5i7ZX6bjw1xELEGg/ZLgZq9auk/Q=
@@ -98,3 +92,7 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
 sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
+tags.cncf.io/container-device-interface v0.6.2 h1:dThE6dtp/93ZDGhqaED2Pu374SOeUkBfuvkLuiTdwzg=
+tags.cncf.io/container-device-interface v0.6.2/go.mod h1:Shusyhjs1A5Na/kqPVLL0KqnHQHuunol9LFeUNkuGVE=
+tags.cncf.io/container-device-interface/specs-go v0.6.0 h1:V+tJJN6dqu8Vym6p+Ru+K5mJ49WL6Aoc5SJFSY0RLsQ=
+tags.cncf.io/container-device-interface/specs-go v0.6.0/go.mod h1:hMAwAbMZyBLdmYqWgYcKH0F/yctNpV3P35f+/088A80=

internal/config/config.go

@@ -22,10 +22,11 @@ import (
 	"path/filepath"
 	"strings"
 
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/config/image"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/lookup"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
 )
 
 const (

internal/discover/hooks.go

@@ -19,7 +19,7 @@ package discover
 import (
 	"path/filepath"
 
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
 )
 
 var _ Discover = (*Hook)(nil)

internal/edits/device.go

@@ -17,9 +17,10 @@
 package edits
 
 import (
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/specs-go"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
 )
 
 type device discover.Device

internal/edits/device_test.go

@@ -20,9 +20,10 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
 	"github.com/stretchr/testify/require"
+	"tags.cncf.io/container-device-interface/specs-go"
+
+	"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
 )
 
 func TestDeviceToSpec(t *testing.T) {

internal/edits/edits.go

@@ -19,12 +19,13 @@ package edits
 import (
 	"fmt"
 
+	ociSpecs "github.com/opencontainers/runtime-spec/specs-go"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/specs-go"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/oci"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
-	ociSpecs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
 type edits struct {

internal/edits/hook.go

@@ -17,9 +17,10 @@
 package edits
 
 import (
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/specs-go"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
 )
 
 type hook discover.Hook

internal/edits/mount.go

@@ -17,9 +17,10 @@
 package edits
 
 import (
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/specs-go"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
 )
 
 type mount discover.Mount

internal/info/auto.go

@@ -17,12 +17,13 @@
 package info
 
 import (
-	"github.com/NVIDIA/nvidia-container-toolkit/internal/config/image"
-	"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
-	cdi "github.com/container-orchestrated-devices/container-device-interface/pkg/parser"
 	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/device"
 	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/info"
 	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvml"
+	cdi "tags.cncf.io/container-device-interface/pkg/parser"
+
+	"github.com/NVIDIA/nvidia-container-toolkit/internal/config/image"
+	"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
 )
 
 // infoInterface provides an alias for mocking.

internal/modifier/cdi.go

@@ -20,12 +20,13 @@ import (
 	"fmt"
 	"strings"
 
+	"tags.cncf.io/container-device-interface/pkg/parser"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/config"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/config/image"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/modifier/cdi"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/oci"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/parser"
 )
 
 type cdiModifier struct {

internal/modifier/cdi/builder.go

@@ -19,10 +19,11 @@ package cdi
 import (
 	"fmt"
 
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/specs-go"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/oci"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
 )
 
 type builder struct {

internal/modifier/cdi/registry.go

@@ -20,10 +20,11 @@ import (
 	"errors"
 	"fmt"
 
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/oci"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
 // fromRegistry represents the modifications performed using a CDI registry.

internal/modifier/cdi/spec.go

@@ -19,9 +19,10 @@ package cdi
 import (
 	"fmt"
 
-	"github.com/NVIDIA/nvidia-container-toolkit/internal/oci"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
 	"github.com/opencontainers/runtime-spec/specs-go"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+
+	"github.com/NVIDIA/nvidia-container-toolkit/internal/oci"
 )
 
 // fromCDISpec represents the modifications performed from a raw CDI spec.

pkg/nvcdi/api.go

@@ -17,10 +17,11 @@
 package nvcdi
 
 import (
-	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/spec"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
 	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/device"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/specs-go"
+
+	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/spec"
 )
 
 const (

pkg/nvcdi/full-gpu-nvml.go

@@ -22,14 +22,15 @@ import (
 	"path/filepath"
 	"strings"
 
+	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/device"
+	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvml"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/specs-go"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/edits"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/info/drm"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
-	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/device"
-	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvml"
 )
 
 // GetGPUDeviceSpecs returns the CDI device specs for the full GPU represented by 'device'.

pkg/nvcdi/gds.go

@@ -19,12 +19,13 @@ package nvcdi
 import (
 	"fmt"
 
+	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/device"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/specs-go"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/edits"
 	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/spec"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
-	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/device"
 )
 
 type gdslib nvcdilib

pkg/nvcdi/lib-csv.go

@@ -19,13 +19,14 @@ package nvcdi
 import (
 	"fmt"
 
+	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/device"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/specs-go"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/edits"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/platform-support/tegra"
 	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/spec"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
-	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/device"
 )
 
 type csvlib nvcdilib

pkg/nvcdi/lib-nvml.go

@@ -19,12 +19,13 @@ package nvcdi
 import (
 	"fmt"
 
-	"github.com/NVIDIA/nvidia-container-toolkit/internal/edits"
-	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/spec"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
 	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/device"
 	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvml"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/specs-go"
+
+	"github.com/NVIDIA/nvidia-container-toolkit/internal/edits"
+	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/spec"
 )
 
 type nvmllib nvcdilib

pkg/nvcdi/lib-wsl.go

@@ -19,11 +19,12 @@ package nvcdi
 import (
 	"fmt"
 
+	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/device"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/specs-go"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/edits"
 	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/spec"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
-	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/device"
 )
 
 type wsllib nvcdilib

pkg/nvcdi/management.go

@@ -21,13 +21,14 @@ import (
 	"path/filepath"
 	"strings"
 
+	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/device"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/specs-go"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/edits"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/lookup/cuda"
 	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/spec"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
-	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/device"
 )
 
 type managementlib nvcdilib

pkg/nvcdi/mig-device-nvml.go

@@ -19,14 +19,15 @@ package nvcdi
 import (
 	"fmt"
 
+	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/device"
+	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvml"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/specs-go"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/edits"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/nvcaps"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
-	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/device"
-	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvml"
 )
 
 // GetMIGDeviceSpecs returns the CDI device specs for the full GPU represented by 'device'.

pkg/nvcdi/mofed.go

@@ -19,12 +19,13 @@ package nvcdi
 import (
 	"fmt"
 
+	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/device"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/specs-go"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/edits"
 	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/spec"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
-	"gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvlib/device"
 )
 
 type mofedlib nvcdilib

pkg/nvcdi/spec/api.go

@@ -19,7 +19,7 @@ package spec
 import (
 	"io"
 
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
+	"tags.cncf.io/container-device-interface/specs-go"
 )
 
 const (

pkg/nvcdi/spec/builder.go

@@ -20,9 +20,10 @@ import (
 	"fmt"
 	"os"
 
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/specs-go"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/transform"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
 )
 
 type builder struct {

pkg/nvcdi/spec/spec.go

@@ -22,8 +22,8 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/specs-go"
 )
 
 type spec struct {

pkg/nvcdi/transform/api.go

@@ -16,7 +16,7 @@
 
 package transform
 
-import "github.com/container-orchestrated-devices/container-device-interface/specs-go"
+import "tags.cncf.io/container-device-interface/specs-go"
 
 // Transformer defines the API for applying arbitrary transforms to a spec in-place
 type Transformer interface {

pkg/nvcdi/transform/deduplicate.go

@@ -17,7 +17,7 @@
 package transform
 
 import (
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
+	"tags.cncf.io/container-device-interface/specs-go"
 )
 
 type dedupe struct{}

pkg/nvcdi/transform/deduplicate_test.go

@@ -19,8 +19,8 @@ package transform
 import (
 	"testing"
 
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
 	"github.com/stretchr/testify/require"
+	"tags.cncf.io/container-device-interface/specs-go"
 )
 
 func TestDeduplicate(t *testing.T) {

pkg/nvcdi/transform/edits.go

@@ -20,7 +20,7 @@ package transform
 import (
 	"encoding/json"
 
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
+	"tags.cncf.io/container-device-interface/specs-go"
 )
 
 type containerEdits specs.ContainerEdits

pkg/nvcdi/transform/merge.go

@@ -16,7 +16,7 @@
 
 package transform
 
-import "github.com/container-orchestrated-devices/container-device-interface/specs-go"
+import "tags.cncf.io/container-device-interface/specs-go"
 
 type merged []Transformer
 

pkg/nvcdi/transform/merged-device.go

@@ -19,9 +19,10 @@ package transform
 import (
 	"fmt"
 
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+	"tags.cncf.io/container-device-interface/specs-go"
+
 	"github.com/NVIDIA/nvidia-container-toolkit/internal/edits"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
 )
 
 const (

pkg/nvcdi/transform/merged-device_test.go

@@ -20,8 +20,8 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
 	"github.com/stretchr/testify/require"
+	"tags.cncf.io/container-device-interface/specs-go"
 )
 
 func TestMergeDeviceSpecs(t *testing.T) {

pkg/nvcdi/transform/no-op.go

@@ -17,7 +17,7 @@
 package transform
 
 import (
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
+	"tags.cncf.io/container-device-interface/specs-go"
 )
 
 type noop struct{}

pkg/nvcdi/transform/remove.go

@@ -19,7 +19,7 @@ package transform
 import (
 	"fmt"
 
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
+	"tags.cncf.io/container-device-interface/specs-go"
 )
 
 type remove map[string]bool

pkg/nvcdi/transform/root.go

@@ -21,7 +21,7 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
+	"tags.cncf.io/container-device-interface/specs-go"
 )
 
 type rootTransformer struct {

pkg/nvcdi/transform/root_test.go

@@ -19,8 +19,8 @@ package transform
 import (
 	"testing"
 
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
 	"github.com/stretchr/testify/require"
+	"tags.cncf.io/container-device-interface/specs-go"
 )
 
 func TestRootTransformer(t *testing.T) {

pkg/nvcdi/transform/simplify.go

@@ -19,7 +19,7 @@ package transform
 import (
 	"fmt"
 
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
+	"tags.cncf.io/container-device-interface/specs-go"
 )
 
 type simplify struct{}

pkg/nvcdi/transform/simplify_test.go

@@ -19,8 +19,8 @@ package transform
 import (
 	"testing"
 
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
 	"github.com/stretchr/testify/require"
+	"tags.cncf.io/container-device-interface/specs-go"
 )
 
 func TestSimplify(t *testing.T) {

pkg/nvcdi/transform/sorter.go

@@ -22,7 +22,7 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
+	"tags.cncf.io/container-device-interface/specs-go"
 )
 
 type sorter struct{}

pkg/nvcdi/transform/sorter_test.go

@@ -19,8 +19,8 @@ package transform
 import (
 	"testing"
 
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
 	"github.com/stretchr/testify/require"
+	"tags.cncf.io/container-device-interface/specs-go"
 )
 
 func TestSortSpec(t *testing.T) {

tools/container/toolkit/toolkit.go

@@ -23,13 +23,14 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/NVIDIA/nvidia-container-toolkit/internal/system/nvdevices"
-	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi"
-	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/transform"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
 	toml "github.com/pelletier/go-toml"
 	log "github.com/sirupsen/logrus"
 	"github.com/urfave/cli/v2"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
+
+	"github.com/NVIDIA/nvidia-container-toolkit/internal/system/nvdevices"
+	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi"
+	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/transform"
 )
 
 const (

vendor/github.com/container-orchestrated-devices/container-device-interface/specs-go/oci.go

@@ -1,113 +0,0 @@
-package specs
-
-import (
-	"errors"
-	"fmt"
-
-	spec "github.com/opencontainers/runtime-spec/specs-go"
-)
-
-// ApplyOCIEditsForDevice applies devices OCI edits, in other words
-// it finds the device in the CDI spec and applies the OCI patches that device
-// requires to the OCI specification.
-func ApplyOCIEditsForDevice(config *spec.Spec, cdi *Spec, dev string) error {
-	for _, d := range cdi.Devices {
-		if d.Name != dev {
-			continue
-		}
-
-		return ApplyEditsToOCISpec(config, &d.ContainerEdits)
-	}
-
-	return fmt.Errorf("CDI: device %q not found for spec %q", dev, cdi.Kind)
-}
-
-// ApplyOCIEdits applies the OCI edits the CDI spec declares globally
-func ApplyOCIEdits(config *spec.Spec, cdi *Spec) error {
-	return ApplyEditsToOCISpec(config, &cdi.ContainerEdits)
-}
-
-// ApplyEditsToOCISpec applies the specified edits to the OCI spec.
-func ApplyEditsToOCISpec(config *spec.Spec, edits *ContainerEdits) error {
-	if config == nil {
-		return errors.New("spec is nil")
-	}
-	if edits == nil {
-		return nil
-	}
-
-	if len(edits.Env) > 0 {
-		if config.Process == nil {
-			config.Process = &spec.Process{}
-		}
-		config.Process.Env = append(config.Process.Env, edits.Env...)
-	}
-
-	for _, d := range edits.DeviceNodes {
-		if config.Linux == nil {
-			config.Linux = &spec.Linux{}
-		}
-		config.Linux.Devices = append(config.Linux.Devices, d.ToOCI())
-	}
-
-	for _, m := range edits.Mounts {
-		config.Mounts = append(config.Mounts, m.ToOCI())
-	}
-
-	for _, h := range edits.Hooks {
-		if config.Hooks == nil {
-			config.Hooks = &spec.Hooks{}
-		}
-		switch h.HookName {
-		case "prestart":
-			config.Hooks.Prestart = append(config.Hooks.Prestart, h.ToOCI())
-		case "createRuntime":
-			config.Hooks.CreateRuntime = append(config.Hooks.CreateRuntime, h.ToOCI())
-		case "createContainer":
-			config.Hooks.CreateContainer = append(config.Hooks.CreateContainer, h.ToOCI())
-		case "startContainer":
-			config.Hooks.StartContainer = append(config.Hooks.StartContainer, h.ToOCI())
-		case "poststart":
-			config.Hooks.Poststart = append(config.Hooks.Poststart, h.ToOCI())
-		case "poststop":
-			config.Hooks.Poststop = append(config.Hooks.Poststop, h.ToOCI())
-		default:
-			fmt.Printf("CDI: Unknown hook %q\n", h.HookName)
-		}
-	}
-
-	return nil
-}
-
-// ToOCI returns the opencontainers runtime Spec Hook for this Hook.
-func (h *Hook) ToOCI() spec.Hook {
-	return spec.Hook{
-		Path:    h.Path,
-		Args:    h.Args,
-		Env:     h.Env,
-		Timeout: h.Timeout,
-	}
-}
-
-// ToOCI returns the opencontainers runtime Spec Mount for this Mount.
-func (m *Mount) ToOCI() spec.Mount {
-	return spec.Mount{
-		Source:      m.HostPath,
-		Destination: m.ContainerPath,
-		Options:     m.Options,
-		Type:        m.Type,
-	}
-}
-
-// ToOCI returns the opencontainers runtime Spec LinuxDevice for this DeviceNode.
-func (d *DeviceNode) ToOCI() spec.LinuxDevice {
-	return spec.LinuxDevice{
-		Path:     d.Path,
-		Type:     d.Type,
-		Major:    d.Major,
-		Minor:    d.Minor,
-		FileMode: d.FileMode,
-		UID:      d.UID,
-		GID:      d.GID,
-	}
-}

vendor/github.com/opencontainers/runc/NOTICE

@@ -1,17 +0,0 @@
-runc
-
-Copyright 2012-2015 Docker, Inc.
-
-This product includes software developed at Docker, Inc. (http://www.docker.com).
-
-The following is courtesy of our legal counsel:
-
-
-Use and transfer of Docker may be subject to certain restrictions by the
-United States and other governments.  
-It is your responsibility to ensure that your use and/or transfer does not
-violate applicable laws. 
-
-For more information, please see http://www.bis.doc.gov
-
-See also http://www.apache.org/dev/crypto.html and/or seek legal counsel.

vendor/github.com/opencontainers/runc/libcontainer/devices/device.go

@@ -1,174 +0,0 @@
-package devices
-
-import (
-	"fmt"
-	"os"
-	"strconv"
-)
-
-const (
-	Wildcard = -1
-)
-
-type Device struct {
-	Rule
-
-	// Path to the device.
-	Path string `json:"path"`
-
-	// FileMode permission bits for the device.
-	FileMode os.FileMode `json:"file_mode"`
-
-	// Uid of the device.
-	Uid uint32 `json:"uid"`
-
-	// Gid of the device.
-	Gid uint32 `json:"gid"`
-}
-
-// Permissions is a cgroupv1-style string to represent device access. It
-// has to be a string for backward compatibility reasons, hence why it has
-// methods to do set operations.
-type Permissions string
-
-const (
-	deviceRead uint = (1 << iota)
-	deviceWrite
-	deviceMknod
-)
-
-func (p Permissions) toSet() uint {
-	var set uint
-	for _, perm := range p {
-		switch perm {
-		case 'r':
-			set |= deviceRead
-		case 'w':
-			set |= deviceWrite
-		case 'm':
-			set |= deviceMknod
-		}
-	}
-	return set
-}
-
-func fromSet(set uint) Permissions {
-	var perm string
-	if set&deviceRead == deviceRead {
-		perm += "r"
-	}
-	if set&deviceWrite == deviceWrite {
-		perm += "w"
-	}
-	if set&deviceMknod == deviceMknod {
-		perm += "m"
-	}
-	return Permissions(perm)
-}
-
-// Union returns the union of the two sets of Permissions.
-func (p Permissions) Union(o Permissions) Permissions {
-	lhs := p.toSet()
-	rhs := o.toSet()
-	return fromSet(lhs | rhs)
-}
-
-// Difference returns the set difference of the two sets of Permissions.
-// In set notation, A.Difference(B) gives you A\B.
-func (p Permissions) Difference(o Permissions) Permissions {
-	lhs := p.toSet()
-	rhs := o.toSet()
-	return fromSet(lhs &^ rhs)
-}
-
-// Intersection computes the intersection of the two sets of Permissions.
-func (p Permissions) Intersection(o Permissions) Permissions {
-	lhs := p.toSet()
-	rhs := o.toSet()
-	return fromSet(lhs & rhs)
-}
-
-// IsEmpty returns whether the set of permissions in a Permissions is
-// empty.
-func (p Permissions) IsEmpty() bool {
-	return p == Permissions("")
-}
-
-// IsValid returns whether the set of permissions is a subset of valid
-// permissions (namely, {r,w,m}).
-func (p Permissions) IsValid() bool {
-	return p == fromSet(p.toSet())
-}
-
-type Type rune
-
-const (
-	WildcardDevice Type = 'a'
-	BlockDevice    Type = 'b'
-	CharDevice     Type = 'c' // or 'u'
-	FifoDevice     Type = 'p'
-)
-
-func (t Type) IsValid() bool {
-	switch t {
-	case WildcardDevice, BlockDevice, CharDevice, FifoDevice:
-		return true
-	default:
-		return false
-	}
-}
-
-func (t Type) CanMknod() bool {
-	switch t {
-	case BlockDevice, CharDevice, FifoDevice:
-		return true
-	default:
-		return false
-	}
-}
-
-func (t Type) CanCgroup() bool {
-	switch t {
-	case WildcardDevice, BlockDevice, CharDevice:
-		return true
-	default:
-		return false
-	}
-}
-
-type Rule struct {
-	// Type of device ('c' for char, 'b' for block). If set to 'a', this rule
-	// acts as a wildcard and all fields other than Allow are ignored.
-	Type Type `json:"type"`
-
-	// Major is the device's major number.
-	Major int64 `json:"major"`
-
-	// Minor is the device's minor number.
-	Minor int64 `json:"minor"`
-
-	// Permissions is the set of permissions that this rule applies to (in the
-	// cgroupv1 format -- any combination of "rwm").
-	Permissions Permissions `json:"permissions"`
-
-	// Allow specifies whether this rule is allowed.
-	Allow bool `json:"allow"`
-}
-
-func (d *Rule) CgroupString() string {
-	var (
-		major = strconv.FormatInt(d.Major, 10)
-		minor = strconv.FormatInt(d.Minor, 10)
-	)
-	if d.Major == Wildcard {
-		major = "*"
-	}
-	if d.Minor == Wildcard {
-		minor = "*"
-	}
-	return fmt.Sprintf("%c %s:%s %s", d.Type, major, minor, d.Permissions)
-}
-
-func (d *Rule) Mkdev() (uint64, error) {
-	return mkDev(d)
-}

vendor/github.com/opencontainers/runc/libcontainer/devices/device_unix.go

@@ -1,120 +0,0 @@
-//go:build !windows
-// +build !windows
-
-package devices
-
-import (
-	"errors"
-	"os"
-	"path/filepath"
-
-	"golang.org/x/sys/unix"
-)
-
-// ErrNotADevice denotes that a file is not a valid linux device.
-var ErrNotADevice = errors.New("not a device node")
-
-// Testing dependencies
-var (
-	unixLstat = unix.Lstat
-	osReadDir = os.ReadDir
-)
-
-func mkDev(d *Rule) (uint64, error) {
-	if d.Major == Wildcard || d.Minor == Wildcard {
-		return 0, errors.New("cannot mkdev() device with wildcards")
-	}
-	return unix.Mkdev(uint32(d.Major), uint32(d.Minor)), nil
-}
-
-// DeviceFromPath takes the path to a device and its cgroup_permissions (which
-// cannot be easily queried) to look up the information about a linux device
-// and returns that information as a Device struct.
-func DeviceFromPath(path, permissions string) (*Device, error) {
-	var stat unix.Stat_t
-	err := unixLstat(path, &stat)
-	if err != nil {
-		return nil, err
-	}
-
-	var (
-		devType   Type
-		mode      = stat.Mode
-		devNumber = uint64(stat.Rdev) //nolint:unconvert // Rdev is uint32 on e.g. MIPS.
-		major     = unix.Major(devNumber)
-		minor     = unix.Minor(devNumber)
-	)
-	switch mode & unix.S_IFMT {
-	case unix.S_IFBLK:
-		devType = BlockDevice
-	case unix.S_IFCHR:
-		devType = CharDevice
-	case unix.S_IFIFO:
-		devType = FifoDevice
-	default:
-		return nil, ErrNotADevice
-	}
-	return &Device{
-		Rule: Rule{
-			Type:        devType,
-			Major:       int64(major),
-			Minor:       int64(minor),
-			Permissions: Permissions(permissions),
-		},
-		Path:     path,
-		FileMode: os.FileMode(mode &^ unix.S_IFMT),
-		Uid:      stat.Uid,
-		Gid:      stat.Gid,
-	}, nil
-}
-
-// HostDevices returns all devices that can be found under /dev directory.
-func HostDevices() ([]*Device, error) {
-	return GetDevices("/dev")
-}
-
-// GetDevices recursively traverses a directory specified by path
-// and returns all devices found there.
-func GetDevices(path string) ([]*Device, error) {
-	files, err := osReadDir(path)
-	if err != nil {
-		return nil, err
-	}
-	var out []*Device
-	for _, f := range files {
-		switch {
-		case f.IsDir():
-			switch f.Name() {
-			// ".lxc" & ".lxd-mounts" added to address https://github.com/lxc/lxd/issues/2825
-			// ".udev" added to address https://github.com/opencontainers/runc/issues/2093
-			case "pts", "shm", "fd", "mqueue", ".lxc", ".lxd-mounts", ".udev":
-				continue
-			default:
-				sub, err := GetDevices(filepath.Join(path, f.Name()))
-				if err != nil {
-					return nil, err
-				}
-
-				out = append(out, sub...)
-				continue
-			}
-		case f.Name() == "console":
-			continue
-		}
-		device, err := DeviceFromPath(filepath.Join(path, f.Name()), "rwm")
-		if err != nil {
-			if errors.Is(err, ErrNotADevice) {
-				continue
-			}
-			if os.IsNotExist(err) {
-				continue
-			}
-			return nil, err
-		}
-		if device.Type == FifoDevice {
-			continue
-		}
-		out = append(out, device)
-	}
-	return out, nil
-}

vendor/github.com/opencontainers/runtime-spec/specs-go/config.go

@@ -33,6 +33,34 @@ type Spec struct {
 	ZOS *ZOS `json:"zos,omitempty" platform:"zos"`
 }
 
+// Scheduler represents the scheduling attributes for a process. It is based on
+// the Linux sched_setattr(2) syscall.
+type Scheduler struct {
+	// Policy represents the scheduling policy (e.g., SCHED_FIFO, SCHED_RR, SCHED_OTHER).
+	Policy LinuxSchedulerPolicy `json:"policy"`
+
+	// Nice is the nice value for the process, which affects its priority.
+	Nice int32 `json:"nice,omitempty"`
+
+	// Priority represents the static priority of the process.
+	Priority int32 `json:"priority,omitempty"`
+
+	// Flags is an array of scheduling flags.
+	Flags []LinuxSchedulerFlag `json:"flags,omitempty"`
+
+	// The following ones are used by the DEADLINE scheduler.
+
+	// Runtime is the amount of time in nanoseconds during which the process
+	// is allowed to run in a given period.
+	Runtime uint64 `json:"runtime,omitempty"`
+
+	// Deadline is the absolute deadline for the process to complete its execution.
+	Deadline uint64 `json:"deadline,omitempty"`
+
+	// Period is the length of the period in nanoseconds used for determining the process runtime.
+	Period uint64 `json:"period,omitempty"`
+}
+
 // Process contains information to start a specific application inside the container.
 type Process struct {
 	// Terminal creates an interactive terminal for the container.
@@ -60,8 +88,12 @@ type Process struct {
 	ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"`
 	// Specify an oom_score_adj for the container.
 	OOMScoreAdj *int `json:"oomScoreAdj,omitempty" platform:"linux"`
+	// Scheduler specifies the scheduling attributes for a process
+	Scheduler *Scheduler `json:"scheduler,omitempty" platform:"linux"`
 	// SelinuxLabel specifies the selinux context that the container process is run as.
 	SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"`
+	// IOPriority contains the I/O priority settings for the cgroup.
+	IOPriority *LinuxIOPriority `json:"ioPriority,omitempty" platform:"linux"`
 }
 
 // LinuxCapabilities specifies the list of allowed capabilities that are kept for a process.
@@ -79,6 +111,22 @@ type LinuxCapabilities struct {
 	Ambient []string `json:"ambient,omitempty" platform:"linux"`
 }
 
+// IOPriority represents I/O priority settings for the container's processes within the process group.
+type LinuxIOPriority struct {
+	Class    IOPriorityClass `json:"class"`
+	Priority int             `json:"priority"`
+}
+
+// IOPriorityClass represents an I/O scheduling class.
+type IOPriorityClass string
+
+// Possible values for IOPriorityClass.
+const (
+	IOPRIO_CLASS_RT   IOPriorityClass = "IOPRIO_CLASS_RT"
+	IOPRIO_CLASS_BE   IOPriorityClass = "IOPRIO_CLASS_BE"
+	IOPRIO_CLASS_IDLE IOPriorityClass = "IOPRIO_CLASS_IDLE"
+)
+
 // Box specifies dimensions of a rectangle. Used for specifying the size of a console.
 type Box struct {
 	// Height is the vertical dimension of a box.
@@ -789,3 +837,43 @@ type ZOSDevice struct {
 	// Gid of the device.
 	GID *uint32 `json:"gid,omitempty"`
 }
+
+// LinuxSchedulerPolicy represents different scheduling policies used with the Linux Scheduler
+type LinuxSchedulerPolicy string
+
+const (
+	// SchedOther is the default scheduling policy
+	SchedOther LinuxSchedulerPolicy = "SCHED_OTHER"
+	// SchedFIFO is the First-In-First-Out scheduling policy
+	SchedFIFO LinuxSchedulerPolicy = "SCHED_FIFO"
+	// SchedRR is the Round-Robin scheduling policy
+	SchedRR LinuxSchedulerPolicy = "SCHED_RR"
+	// SchedBatch is the Batch scheduling policy
+	SchedBatch LinuxSchedulerPolicy = "SCHED_BATCH"
+	// SchedISO is the Isolation scheduling policy
+	SchedISO LinuxSchedulerPolicy = "SCHED_ISO"
+	// SchedIdle is the Idle scheduling policy
+	SchedIdle LinuxSchedulerPolicy = "SCHED_IDLE"
+	// SchedDeadline is the Deadline scheduling policy
+	SchedDeadline LinuxSchedulerPolicy = "SCHED_DEADLINE"
+)
+
+// LinuxSchedulerFlag represents the flags used by the Linux Scheduler.
+type LinuxSchedulerFlag string
+
+const (
+	// SchedFlagResetOnFork represents the reset on fork scheduling flag
+	SchedFlagResetOnFork LinuxSchedulerFlag = "SCHED_FLAG_RESET_ON_FORK"
+	// SchedFlagReclaim represents the reclaim scheduling flag
+	SchedFlagReclaim LinuxSchedulerFlag = "SCHED_FLAG_RECLAIM"
+	// SchedFlagDLOverrun represents the deadline overrun scheduling flag
+	SchedFlagDLOverrun LinuxSchedulerFlag = "SCHED_FLAG_DL_OVERRUN"
+	// SchedFlagKeepPolicy represents the keep policy scheduling flag
+	SchedFlagKeepPolicy LinuxSchedulerFlag = "SCHED_FLAG_KEEP_POLICY"
+	// SchedFlagKeepParams represents the keep parameters scheduling flag
+	SchedFlagKeepParams LinuxSchedulerFlag = "SCHED_FLAG_KEEP_PARAMS"
+	// SchedFlagUtilClampMin represents the utilization clamp minimum scheduling flag
+	SchedFlagUtilClampMin LinuxSchedulerFlag = "SCHED_FLAG_UTIL_CLAMP_MIN"
+	// SchedFlagUtilClampMin represents the utilization clamp maximum scheduling flag
+	SchedFlagUtilClampMax LinuxSchedulerFlag = "SCHED_FLAG_UTIL_CLAMP_MAX"
+)

vendor/github.com/opencontainers/runtime-spec/specs-go/version.go

@@ -11,7 +11,7 @@ const (
 	VersionPatch = 0
 
 	// VersionDev indicates development branch. Releases will be empty string.
-	VersionDev = "-rc.2"
+	VersionDev = ""
 )
 
 // Version is the specification version that the package types support.

vendor/modules.txt

@@ -2,14 +2,6 @@
 ## explicit; go 1.15
 github.com/NVIDIA/go-nvml/pkg/dl
 github.com/NVIDIA/go-nvml/pkg/nvml
-# github.com/container-orchestrated-devices/container-device-interface v0.6.0
-## explicit; go 1.17
-github.com/container-orchestrated-devices/container-device-interface/internal/multierror
-github.com/container-orchestrated-devices/container-device-interface/internal/validation
-github.com/container-orchestrated-devices/container-device-interface/internal/validation/k8s
-github.com/container-orchestrated-devices/container-device-interface/pkg/cdi
-github.com/container-orchestrated-devices/container-device-interface/pkg/parser
-github.com/container-orchestrated-devices/container-device-interface/specs-go
 # github.com/cpuguy83/go-md2man/v2 v2.0.2
 ## explicit; go 1.11
 github.com/cpuguy83/go-md2man/v2/md2man
@@ -23,10 +15,7 @@ github.com/fsnotify/fsnotify
 ## explicit
 # github.com/kr/pretty v0.3.1
 ## explicit; go 1.12
-# github.com/opencontainers/runc v1.1.6
-## explicit; go 1.17
-github.com/opencontainers/runc/libcontainer/devices
-# github.com/opencontainers/runtime-spec v1.1.0-rc.2
+# github.com/opencontainers/runtime-spec v1.1.0
 ## explicit
 github.com/opencontainers/runtime-spec/specs-go
 # github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626
@@ -89,3 +78,13 @@ gopkg.in/yaml.v3
 # sigs.k8s.io/yaml v1.3.0
 ## explicit; go 1.12
 sigs.k8s.io/yaml
+# tags.cncf.io/container-device-interface v0.6.2
+## explicit; go 1.19
+tags.cncf.io/container-device-interface/internal/multierror
+tags.cncf.io/container-device-interface/internal/validation
+tags.cncf.io/container-device-interface/internal/validation/k8s
+tags.cncf.io/container-device-interface/pkg/cdi
+tags.cncf.io/container-device-interface/pkg/parser
+# tags.cncf.io/container-device-interface/specs-go v0.6.0
+## explicit; go 1.19
+tags.cncf.io/container-device-interface/specs-go

vendor/tags.cncf.io/container-device-interface/internal/validation/k8s/objectmeta.go

@@ -23,7 +23,7 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/container-orchestrated-devices/container-device-interface/internal/multierror"
+	"tags.cncf.io/container-device-interface/internal/multierror"
 )
 
 // TotalAnnotationSizeLimitB defines the maximum size of all annotations in characters.

vendor/tags.cncf.io/container-device-interface/internal/validation/validate.go

@@ -20,7 +20,7 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/container-orchestrated-devices/container-device-interface/internal/validation/k8s"
+	"tags.cncf.io/container-device-interface/internal/validation/k8s"
 )
 
 // ValidateSpecAnnotations checks whether spec annotations are valid.

vendor/tags.cncf.io/container-device-interface/pkg/cdi/annotations.go

@@ -21,7 +21,7 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/parser"
+	"tags.cncf.io/container-device-interface/pkg/parser"
 )
 
 const (

vendor/tags.cncf.io/container-device-interface/pkg/cdi/cache.go

@@ -26,10 +26,10 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/container-orchestrated-devices/container-device-interface/internal/multierror"
-	cdi "github.com/container-orchestrated-devices/container-device-interface/specs-go"
 	"github.com/fsnotify/fsnotify"
 	oci "github.com/opencontainers/runtime-spec/specs-go"
+	"tags.cncf.io/container-device-interface/internal/multierror"
+	cdi "tags.cncf.io/container-device-interface/specs-go"
 )
 
 // Option is an option to change some aspect of default CDI behavior.
@@ -49,7 +49,7 @@ type Cache struct {
 }
 
 // WithAutoRefresh returns an option to control automatic Cache refresh.
-// By default auto-refresh is enabled, the list of Spec directories are
+// By default, auto-refresh is enabled, the list of Spec directories are
 // monitored and the Cache is automatically refreshed whenever a change
 // is detected. This option can be used to disable this behavior when a
 // manually refreshed mode is preferable.
@@ -203,7 +203,7 @@ func (c *Cache) refresh() error {
 // RefreshIfRequired triggers a refresh if necessary.
 func (c *Cache) refreshIfRequired(force bool) (bool, error) {
 	// We need to refresh if
-	// - it's forced by an explicitly call to Refresh() in manual mode
+	// - it's forced by an explicit call to Refresh() in manual mode
 	// - a missing Spec dir appears (added to watch) in auto-refresh mode
 	if force || (c.autoRefresh && c.watch.update(c.dirErrors)) {
 		return true, c.refresh()
@@ -244,7 +244,7 @@ func (c *Cache) InjectDevices(ociSpec *oci.Spec, devices ...string) ([]string, e
 
 	if unresolved != nil {
 		return unresolved, fmt.Errorf("unresolvable CDI devices %s",
-			strings.Join(devices, ", "))
+			strings.Join(unresolved, ", "))
 	}
 
 	if err := edits.Apply(ociSpec); err != nil {

vendor/tags.cncf.io/container-device-interface/pkg/cdi/container-edits.go

@@ -24,9 +24,9 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/container-orchestrated-devices/container-device-interface/specs-go"
 	oci "github.com/opencontainers/runtime-spec/specs-go"
 	ocigen "github.com/opencontainers/runtime-tools/generate"
+	"tags.cncf.io/container-device-interface/specs-go"
 )
 
 const (

vendor/tags.cncf.io/container-device-interface/pkg/cdi/container-edits_unix.go

@@ -20,11 +20,42 @@
 package cdi
 
 import (
+	"errors"
 	"fmt"
 
-	runc "github.com/opencontainers/runc/libcontainer/devices"
+	"golang.org/x/sys/unix"
 )
 
+const (
+	blockDevice = "b"
+	charDevice  = "c" // or "u"
+	fifoDevice  = "p"
+)
+
+// deviceInfoFromPath takes the path to a device and returns its type,
+// major and minor device numbers.
+//
+// It was adapted from https://github.com/opencontainers/runc/blob/v1.1.9/libcontainer/devices/device_unix.go#L30-L69
+func deviceInfoFromPath(path string) (devType string, major, minor int64, _ error) {
+	var stat unix.Stat_t
+	err := unix.Lstat(path, &stat)
+	if err != nil {
+		return "", 0, 0, err
+	}
+	switch stat.Mode & unix.S_IFMT {
+	case unix.S_IFBLK:
+		devType = blockDevice
+	case unix.S_IFCHR:
+		devType = charDevice
+	case unix.S_IFIFO:
+		devType = fifoDevice
+	default:
+		return "", 0, 0, errors.New("not a device node")
+	}
+	devNumber := uint64(stat.Rdev) //nolint:unconvert // Rdev is uint32 on e.g. MIPS.
+	return devType, int64(unix.Major(devNumber)), int64(unix.Minor(devNumber)), nil
+}
+
 // fillMissingInfo fills in missing mandatory attributes from the host device.
 func (d *DeviceNode) fillMissingInfo() error {
 	if d.HostPath == "" {
@@ -35,22 +66,22 @@ func (d *DeviceNode) fillMissingInfo() error {
 		return nil
 	}
 
-	hostDev, err := runc.DeviceFromPath(d.HostPath, "rwm")
+	deviceType, major, minor, err := deviceInfoFromPath(d.HostPath)
 	if err != nil {
 		return fmt.Errorf("failed to stat CDI host device %q: %w", d.HostPath, err)
 	}
 
 	if d.Type == "" {
-		d.Type = string(hostDev.Type)
+		d.Type = deviceType
 	} else {
-		if d.Type != string(hostDev.Type) {
+		if d.Type != deviceType {
 			return fmt.Errorf("CDI device (%q, %q), host type mismatch (%s, %s)",
-				d.Path, d.HostPath, d.Type, string(hostDev.Type))
+				d.Path, d.HostPath, d.Type, deviceType)
 		}
 	}
 	if d.Major == 0 && d.Type != "p" {
-		d.Major = hostDev.Major
-		d.Minor = hostDev.Minor
+		d.Major = major
+		d.Minor = minor
 	}
 
 	return nil

vendor/tags.cncf.io/container-device-interface/pkg/cdi/device.go

@@ -19,10 +19,10 @@ package cdi
 import (
 	"fmt"
 
-	"github.com/container-orchestrated-devices/container-device-interface/internal/validation"
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/parser"
-	cdi "github.com/container-orchestrated-devices/container-device-interface/specs-go"
 	oci "github.com/opencontainers/runtime-spec/specs-go"
+	"tags.cncf.io/container-device-interface/internal/validation"
+	"tags.cncf.io/container-device-interface/pkg/parser"
+	cdi "tags.cncf.io/container-device-interface/specs-go"
 )
 
 // Device represents a CDI device of a Spec.

vendor/tags.cncf.io/container-device-interface/pkg/cdi/doc.go

@@ -2,9 +2,9 @@
 // interacting with CDI and consuming CDI devices.
 //
 // For more information about Container Device Interface, please refer to
-// https://github.com/container-orchestrated-devices/container-device-interface
+// https://tags.cncf.io/container-device-interface
 //
-// Container Device Interface
+// # Container Device Interface
 //
 // Container Device Interface, or CDI for short, provides comprehensive
 // third party device support for container runtimes. CDI uses vendor
@@ -29,7 +29,7 @@
 // the vast majority of CDI consumers need. The API should be usable both
 // by OCI runtime clients and runtime implementations.
 //
-// CDI Registry
+// # CDI Registry
 //
 // The primary interface to interact with CDI devices is the Registry. It
 // is essentially a cache of all Specs and devices discovered in standard
@@ -37,34 +37,34 @@
 // injecting devices into an OCI Spec and refreshing the cache of CDI
 // Specs and devices.
 //
-// Device Injection
+// # Device Injection
 //
 // Using the Registry one can inject CDI devices into a container with code
 // similar to the following snippet:
 //
-//  import (
-//      "fmt"
-//      "strings"
+//	import (
+//	    "fmt"
+//	    "strings"
 //
-//      log "github.com/sirupsen/logrus"
+//	    log "github.com/sirupsen/logrus"
 //
-//      "github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-//      oci "github.com/opencontainers/runtime-spec/specs-go"
-//  )
+//	    "tags.cncf.io/container-device-interface/pkg/cdi"
+//	    oci "github.com/opencontainers/runtime-spec/specs-go"
+//	)
 //
-//  func injectCDIDevices(spec *oci.Spec, devices []string) error {
-//      log.Debug("pristine OCI Spec: %s", dumpSpec(spec))
+//	func injectCDIDevices(spec *oci.Spec, devices []string) error {
+//	    log.Debug("pristine OCI Spec: %s", dumpSpec(spec))
 //
-//      unresolved, err := cdi.GetRegistry().InjectDevices(spec, devices)
-//      if err != nil {
-//          return fmt.Errorf("CDI device injection failed: %w", err)
-//      }
+//	    unresolved, err := cdi.GetRegistry().InjectDevices(spec, devices)
+//	    if err != nil {
+//	        return fmt.Errorf("CDI device injection failed: %w", err)
+//	    }
 //
-//      log.Debug("CDI-updated OCI Spec: %s", dumpSpec(spec))
-//      return nil
-//  }
+//	    log.Debug("CDI-updated OCI Spec: %s", dumpSpec(spec))
+//	    return nil
+//	}
 //
-// Cache Refresh
+// # Cache Refresh
 //
 // By default the CDI Spec cache monitors the configured Spec directories
 // and automatically refreshes itself when necessary. This behavior can be
@@ -85,42 +85,42 @@
 // CDI Spec cache is up to date before performing device injection.
 // A code snippet similar to the following accmplishes that:
 //
-//  import (
-//      "fmt"
-//      "strings"
+//	import (
+//	    "fmt"
+//	    "strings"
 //
-//      log "github.com/sirupsen/logrus"
+//	    log "github.com/sirupsen/logrus"
 //
-//      "github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
-//      oci "github.com/opencontainers/runtime-spec/specs-go"
-//  )
+//	    "tags.cncf.io/container-device-interface/pkg/cdi"
+//	    oci "github.com/opencontainers/runtime-spec/specs-go"
+//	)
 //
-//  func injectCDIDevices(spec *oci.Spec, devices []string) error {
-//      registry := cdi.GetRegistry()
+//	func injectCDIDevices(spec *oci.Spec, devices []string) error {
+//	    registry := cdi.GetRegistry()
 //
-//      if err := registry.Refresh(); err != nil {
-//          // Note:
-//          //   It is up to the implementation to decide whether
-//          //   to abort injection on errors. A failed Refresh()
-//          //   does not necessarily render the registry unusable.
-//          //   For instance, a parse error in a Spec file for
-//          //   vendor A does not have any effect on devices of
-//          //   vendor B...
-//          log.Warnf("pre-injection Refresh() failed: %v", err)
-//      }
+//	    if err := registry.Refresh(); err != nil {
+//	        // Note:
+//	        //   It is up to the implementation to decide whether
+//	        //   to abort injection on errors. A failed Refresh()
+//	        //   does not necessarily render the registry unusable.
+//	        //   For instance, a parse error in a Spec file for
+//	        //   vendor A does not have any effect on devices of
+//	        //   vendor B...
+//	        log.Warnf("pre-injection Refresh() failed: %v", err)
+//	    }
 //
-//      log.Debug("pristine OCI Spec: %s", dumpSpec(spec))
+//	    log.Debug("pristine OCI Spec: %s", dumpSpec(spec))
 //
-//      unresolved, err := registry.InjectDevices(spec, devices)
-//      if err != nil {
-//          return fmt.Errorf("CDI device injection failed: %w", err)
-//      }
+//	    unresolved, err := registry.InjectDevices(spec, devices)
+//	    if err != nil {
+//	        return fmt.Errorf("CDI device injection failed: %w", err)
+//	    }
 //
-//      log.Debug("CDI-updated OCI Spec: %s", dumpSpec(spec))
-//      return nil
-//  }
+//	    log.Debug("CDI-updated OCI Spec: %s", dumpSpec(spec))
+//	    return nil
+//	}
 //
-// Generated Spec Files, Multiple Directories, Device Precedence
+// # Generated Spec Files, Multiple Directories, Device Precedence
 //
 // It is often necessary to generate Spec files dynamically. On some
 // systems the available or usable set of CDI devices might change
@@ -149,7 +149,7 @@
 // '/etc/cdi' while all the dynamically generated Spec files, transient
 // or other, go into '/var/run/cdi'.
 //
-// Spec File Generation
+// # Spec File Generation
 //
 // CDI offers two functions for writing and removing dynamically generated
 // Specs from CDI Spec directories. These functions, WriteSpec() and
@@ -169,33 +169,35 @@
 // code snippet similar to the following:
 //
 // import (
-//     "fmt"
-//     ...
-//     "github.com/container-orchestrated-devices/container-device-interface/specs-go"
-//     "github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
+//
+//	"fmt"
+//	...
+//	"tags.cncf.io/container-device-interface/specs-go"
+//	"tags.cncf.io/container-device-interface/pkg/cdi"
+//
 // )
 //
-// func generateDeviceSpecs() error {
-//     registry := cdi.GetRegistry()
-//     spec := &specs.Spec{
-//         Version: specs.CurrentVersion,
-//         Kind:    vendor+"/"+class,
-//     }
+//	func generateDeviceSpecs() error {
+//	    registry := cdi.GetRegistry()
+//	    spec := &specs.Spec{
+//	        Version: specs.CurrentVersion,
+//	        Kind:    vendor+"/"+class,
+//	    }
 //
-//     for _, dev := range enumerateDevices() {
-//         spec.Devices = append(spec.Devices, specs.Device{
-//             Name: dev.Name,
-//             ContainerEdits: getContainerEditsForDevice(dev),
-//         })
-//     }
+//	    for _, dev := range enumerateDevices() {
+//	        spec.Devices = append(spec.Devices, specs.Device{
+//	            Name: dev.Name,
+//	            ContainerEdits: getContainerEditsForDevice(dev),
+//	        })
+//	    }
 //
-//     specName, err := cdi.GenerateNameForSpec(spec)
-//     if err != nil {
-//         return fmt.Errorf("failed to generate Spec name: %w", err)
-//     }
+//	    specName, err := cdi.GenerateNameForSpec(spec)
+//	    if err != nil {
+//	        return fmt.Errorf("failed to generate Spec name: %w", err)
+//	    }
 //
-//     return registry.SpecDB().WriteSpec(spec, specName)
-// }
+//	    return registry.SpecDB().WriteSpec(spec, specName)
+//	}
 //
 // Similarly, generating and later cleaning up transient Spec files can be
 // done with code fragments similar to the following. These transient Spec
@@ -204,53 +206,55 @@
 // and removed once that container is removed.
 //
 // import (
-//     "fmt"
-//     ...
-//     "github.com/container-orchestrated-devices/container-device-interface/specs-go"
-//     "github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
+//
+//	"fmt"
+//	...
+//	"tags.cncf.io/container-device-interface/specs-go"
+//	"tags.cncf.io/container-device-interface/pkg/cdi"
+//
 // )
 //
-// func generateTransientSpec(ctr Container) error {
-//     registry := cdi.GetRegistry()
-//     devices := getContainerDevs(ctr, vendor, class)
-//     spec := &specs.Spec{
-//         Version: specs.CurrentVersion,
-//         Kind:    vendor+"/"+class,
-//     }
+//	func generateTransientSpec(ctr Container) error {
+//	    registry := cdi.GetRegistry()
+//	    devices := getContainerDevs(ctr, vendor, class)
+//	    spec := &specs.Spec{
+//	        Version: specs.CurrentVersion,
+//	        Kind:    vendor+"/"+class,
+//	    }
 //
-//     for _, dev := range devices {
-//         spec.Devices = append(spec.Devices, specs.Device{
-//             // the generated name needs to be unique within the
-//             // vendor/class domain on the host/node.
-//             Name: generateUniqueDevName(dev, ctr),
-//             ContainerEdits: getEditsForContainer(dev),
-//         })
-//     }
+//	    for _, dev := range devices {
+//	        spec.Devices = append(spec.Devices, specs.Device{
+//	            // the generated name needs to be unique within the
+//	            // vendor/class domain on the host/node.
+//	            Name: generateUniqueDevName(dev, ctr),
+//	            ContainerEdits: getEditsForContainer(dev),
+//	        })
+//	    }
 //
-//     // transientID is expected to guarantee that the Spec file name
-//     // generated using <vendor, class, transientID> is unique within
-//     // the host/node. If more than one device is allocated with the
-//     // same vendor/class domain, either all generated Spec entries
-//     // should go to a single Spec file (like in this sample snippet),
-//     // or transientID should be unique for each generated Spec file.
-//     transientID := getSomeSufficientlyUniqueIDForContainer(ctr)
-//     specName, err := cdi.GenerateNameForTransientSpec(vendor, class, transientID)
-//     if err != nil {
-//         return fmt.Errorf("failed to generate Spec name: %w", err)
-//     }
+//	    // transientID is expected to guarantee that the Spec file name
+//	    // generated using <vendor, class, transientID> is unique within
+//	    // the host/node. If more than one device is allocated with the
+//	    // same vendor/class domain, either all generated Spec entries
+//	    // should go to a single Spec file (like in this sample snippet),
+//	    // or transientID should be unique for each generated Spec file.
+//	    transientID := getSomeSufficientlyUniqueIDForContainer(ctr)
+//	    specName, err := cdi.GenerateNameForTransientSpec(vendor, class, transientID)
+//	    if err != nil {
+//	        return fmt.Errorf("failed to generate Spec name: %w", err)
+//	    }
 //
-//     return registry.SpecDB().WriteSpec(spec, specName)
-// }
+//	    return registry.SpecDB().WriteSpec(spec, specName)
+//	}
 //
-// func removeTransientSpec(ctr Container) error {
-//     registry := cdi.GetRegistry()
-//     transientID := getSomeSufficientlyUniqueIDForContainer(ctr)
-//     specName := cdi.GenerateNameForTransientSpec(vendor, class, transientID)
+//	func removeTransientSpec(ctr Container) error {
+//	    registry := cdi.GetRegistry()
+//	    transientID := getSomeSufficientlyUniqueIDForContainer(ctr)
+//	    specName := cdi.GenerateNameForTransientSpec(vendor, class, transientID)
 //
-//     return registry.SpecDB().RemoveSpec(specName)
-// }
+//	    return registry.SpecDB().RemoveSpec(specName)
+//	}
 //
-// CDI Spec Validation
+// # CDI Spec Validation
 //
 // This package performs both syntactic and semantic validation of CDI
 // Spec file data when a Spec file is loaded via the registry or using

vendor/tags.cncf.io/container-device-interface/pkg/cdi/qualified-device.go

@@ -17,7 +17,7 @@
 package cdi
 
 import (
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/parser"
+	"tags.cncf.io/container-device-interface/pkg/parser"
 )
 
 // QualifiedName returns the qualified name for a device.

vendor/tags.cncf.io/container-device-interface/pkg/cdi/registry.go

@@ -19,8 +19,8 @@ package cdi
 import (
 	"sync"
 
-	cdi "github.com/container-orchestrated-devices/container-device-interface/specs-go"
 	oci "github.com/opencontainers/runtime-spec/specs-go"
+	cdi "tags.cncf.io/container-device-interface/specs-go"
 )
 
 // Registry keeps a cache of all CDI Specs installed or generated on

vendor/tags.cncf.io/container-device-interface/pkg/cdi/spec.go

@@ -28,8 +28,8 @@ import (
 	oci "github.com/opencontainers/runtime-spec/specs-go"
 	"sigs.k8s.io/yaml"
 
-	"github.com/container-orchestrated-devices/container-device-interface/internal/validation"
-	cdi "github.com/container-orchestrated-devices/container-device-interface/specs-go"
+	"tags.cncf.io/container-device-interface/internal/validation"
+	cdi "tags.cncf.io/container-device-interface/specs-go"
 )
 
 const (

vendor/tags.cncf.io/container-device-interface/pkg/cdi/version.go

@@ -21,8 +21,8 @@ import (
 
 	"golang.org/x/mod/semver"
 
-	"github.com/container-orchestrated-devices/container-device-interface/pkg/parser"
-	cdi "github.com/container-orchestrated-devices/container-device-interface/specs-go"
+	"tags.cncf.io/container-device-interface/pkg/parser"
+	cdi "tags.cncf.io/container-device-interface/specs-go"
 )
 
 const (

vendor/tags.cncf.io/container-device-interface/specs-go/LICENSE

@@ -1,4 +1,3 @@
-
                                  Apache License
                            Version 2.0, January 2004
                         http://www.apache.org/licenses/
@@ -176,7 +175,18 @@
 
    END OF TERMS AND CONDITIONS
 
-   Copyright 2014 Docker, Inc.
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

vendor/tags.cncf.io/container-device-interface/specs-go/oci.go

@@ -0,0 +1,38 @@
+package specs
+
+import (
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// ToOCI returns the opencontainers runtime Spec Hook for this Hook.
+func (h *Hook) ToOCI() spec.Hook {
+	return spec.Hook{
+		Path:    h.Path,
+		Args:    h.Args,
+		Env:     h.Env,
+		Timeout: h.Timeout,
+	}
+}
+
+// ToOCI returns the opencontainers runtime Spec Mount for this Mount.
+func (m *Mount) ToOCI() spec.Mount {
+	return spec.Mount{
+		Source:      m.HostPath,
+		Destination: m.ContainerPath,
+		Options:     m.Options,
+		Type:        m.Type,
+	}
+}
+
+// ToOCI returns the opencontainers runtime Spec LinuxDevice for this DeviceNode.
+func (d *DeviceNode) ToOCI() spec.LinuxDevice {
+	return spec.LinuxDevice{
+		Path:     d.Path,
+		Type:     d.Type,
+		Major:    d.Major,
+		Minor:    d.Minor,
+		FileMode: d.FileMode,
+		UID:      d.UID,
+		GID:      d.GID,
+	}
+}