RHEL 9 CUDA repo: nvidia-container-toolkit package missing SHA256 digest

mrybc · July 30, 2025, 12:54am

The nvidia-container-toolkit package and its dependencies in the RHEL 9 CUDA x86_64 repo (specified in the nvidia-dgx-9.repo file) aren’t built with SHA256 digests and therefore get an error when trying to install on a FIPS-compliant DGX-1 system:

$ sudo dnf install nvidia-container-toolkit
<... truncated ...>
Error: Transaction test error:
  package nvidia-container-toolkit-base-1.17.8-1.x86_64 does not verify: no digest
  package libnvidia-container1-1.17.8-1.x86_64 does not verify: no digest
  package libnvidia-container-tools-1.17.8-1.x86_64 does not verify: no digest
  package nvidia-container-toolkit-1.17.8-1.x86_64 does not verify: no digest

Inspecting the rpm file, it appears to only have a SHA1 digest, which isn’t sufficient for FIPS compliance:

$ rpm -K -v nvidia-container-toolkit-1.17.8-1.x86_64.rpm
nvidia-container-toolkit-1.17.8-1.x86_64.rpm:
    Header V4 RSA/SHA512 Signature, key ID d42d0685: OK
    Header SHA1 digest: OK
    Payload SHA256 digest: NOTFOUND
    Payload SHA256 ALT digest: NOTFOUND
    V4 RSA/SHA512 Signature, key ID d42d0685: OK
    MD5 digest: NOTFOUND

Appreciate any assistance with getting these built to a higher security standard, to avoid insecure workarounds.

ScottEllis · July 30, 2025, 2:55pm

Thanks for reporting that @mrybc . We’ve created a bug to track this, and see if we can switch to or add SHA256 digests to the RHEL repo files. I’ll report back here when the update gets pushed to the repo.

In the meantime, if this is blocking you, please make a support case with NVIDIA Enterprise Support - they can help navigate fix.

ScottE

mrybc · July 30, 2025, 3:36pm

Thanks @ScottEllis.

We have admin access to our systems so it’s not blocking. Workaround is to temporarily disable RPM digest checks by setting %_pkgverify_level none (documentation in /usr/lib/rpm/macros), after which the packages install fine.

That’s obviously not ideal, so thanks for creating a bug report.

mrybc · November 5, 2025, 1:00pm

Hello, just following up to confirm that this is still an issue with the latest1.18.0-1 update of the nvidia-container-toolkit package.

Topic		Replies	Views
Unable to install cuda rpms and libraries in RHEL8 FIPS mode - no digest CUDA Setup and Installation	4	3482	September 13, 2023
Nvidia-container-toolkit RPMs won't install on FIPS enable RHEL/Rocky systems Container: CUDA containers	2	204	August 25, 2025
CUDA Repo - RHEL8 - Select Package Signature Failures CUDA Setup and Installation	6	2489	October 10, 2023
Digest verification failed for file 'cuda-cublas-dev-8-0-8.0.61.1-1.x86_64.rpm' CUDA Setup and Installation	8	1574	July 24, 2017
Cuda repo currently has insecure hash? CUDA Setup and Installation	0	752	August 15, 2016
Using the Fedora rpmfusion nvidia driver vs the internal Nvidia driver CUDA Programming and Performance	4	23215	October 3, 2009
CUDA emulation in Ubuntu 9.10 Error in MD5 checksums CUDA Programming and Performance	2	5344	November 4, 2009
New 'Hash sum mismatch' error from nvidia package repo CUDA Setup and Installation	2	2165	September 7, 2017
CUDA 9.0 is failing md5sum for Opensuse422 version CUDA Setup and Installation	3	924	October 8, 2017
FIPS error CUDA Setup and Installation	0	445	June 2, 2023

RHEL 9 CUDA repo: nvidia-container-toolkit package missing SHA256 digest

Related topics