System Information:
- Dell Precision 5820
- NVIDIA Corporation GP107GL [Quadro P1000] (rev a1)
- RHEL 8.5 + latest errata
- RHEL8 CUDA Repo, already setup for nvidia-driver:510-dkms
Happened afternoon-evening of Fri 2/25 and again today Mon 2/28
Was able to install the drivers from the RHEL8 Module for 510:
$ sudo dnf module install nvidia-driver:510-dkms
And I can verify the GPG key 7fa2af80 is good on all driver (from the 510 module) packages.
$ rpm -qi nvidia-kmod-common-510.47.03-1.el8.noarch
Name : nvidia-kmod-common
...
License : NVIDIA License
Signature : RSA/SHA512, Mon 24 Jan 2022 09:30:46 PM CST, Key ID f60f4b3d7fa2af80
Source RPM : nvidia-kmod-common-510.47.03-1.el8.src.rpm
Build Date : Mon 24 Jan 2022 09:29:17 PM CST
...
But when I try to install CUDA 11-4 and 11-6 packages, all but 2 fail.
$ sudo dnf install $(cat /tmp/rpms_cuda11-6_11-4.txt)
...
Error: Transaction test error:
package cuda-toolkit-config-common-11.6.55-1.noarch does not verify: no digest
...
package cuda-11-6-11.6.1-1.x86_64 does not verify: no digest
And I verified in the DNF cache directory … (these are the only 2 good ones)
$ rpm -K /var/cache/dnf/LIMITED-cuda-f1d7a46f058da57c/packages/*.rpm | grep -iv not
/var/cache/dnf/LIMITED-cuda-f1d7a46f058da57c/packages/datacenter-gpu-manager-2.3.4-1-x86_64.rpm: digests signatures OK
/var/cache/dnf/LIMITED-cuda-f1d7a46f058da57c/packages/nsight-systems-2021.5.2-2021.5.2.53_28d0e6e-0.x86_64.rpm: digests signatures OK
And the rest are all bad signatures …
$ rpm -K /var/cache/dnf/LIMITED-cuda-f1d7a46f058da57c/packages/*.rpm | grep -i not
/var/cache/dnf/LIMITED-cuda-f1d7a46f058da57c/packages/cuda-11-4-11.4.4-1.x86_64.rpm: DIGESTS signatures NOT OK
/var/cache/dnf/LIMITED-cuda-f1d7a46f058da57c/packages/cuda-11-6-11.6.1-1.x86_64.rpm: DIGESTS signatures NOT OK
...
/var/cache/dnf/LIMITED-cuda-f1d7a46f058da57c/packages/nsight-compute-2022.1.1-2022.1.1.2-1.x86_64.rpm: DIGESTS signatures NOT OK
I’ve found other reports in the forum that this happens from time-to-time. But given the recent nVidia compromise, I don’t want to directly use rpm to install without signature validation.
Please advise and/or remediate.