Updating the CUDA Linux GPG Repository Key

Technical Blogs & Events Technical Blog
61

The cuda-keyring package enables the “online” repository. It does not enroll a GPG public key for the “offline” local repos.

The local repo installers use ephemeral “one-time” keys, so please follow the copy instruction provided at install time, i.e. for CUDA 12.1

$ sudo dpkg -i cudnn-local-repo-ubuntu2204-8.9.1.23_1.0-1_amd64.deb 
Selecting previously unselected package cudnn-local-repo-ubuntu2204-8.9.1.23.
(Reading database ... 5258 files and directories currently installed.)
Preparing to unpack cudnn-local-repo-ubuntu2204-8.9.1.23_1.0-1_amd64.deb ...
Unpacking cudnn-local-repo-ubuntu2204-8.9.1.23 (1.0-1) ...
Setting up cudnn-local-repo-ubuntu2204-8.9.1.23 (1.0-1) ...

The public cudnn-local-repo-ubuntu2204-8.9.1.23 GPG key does not appear to be installed.
To install the key, run this command:
sudo cp /var/cudnn-local-repo-ubuntu2204-8.9.1.23/cudnn-local-E7A7D88D-keyring.gpg /usr/share/keyrings/

As such, simply adapt 1. Introduction — cuda-installation-guide-linux 12.2 documentation

sudo cp -v /var/cudnn-local-repo-ubuntu2204-8.9.1.23/cudnn-local-*-keyring.gpg /usr/share/keyrings/
sudo apt-get update
62

Any chance at taking compliance seriously after 4 years? Especially with CMMC 2.0 here? Yes, FIPS matters.

1 Like
63

@BJSmithIEEE
A few possible workaround I’ve been using for similar things:

  • Use some custom scripts to query the 2nd/3rd level of dependency tree and kick out unwanted pkgs (e.g. nsight in this case).
  • Mirror their repo through https to ensure it’s authentic in transit, and repack/re-sign with compliant algo.
64

Hi @kmittman, @roarmstrong

I am following the below steps :

apt-key del 7fa2af80
apt-get update
apt-get install -y wget lsb-release
wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/cuda-keyring_1.0-1_all.deb
dpkg -i cuda-keyring_1.0-1_all.deb

but still getting the below error:

.
.
.

Get:19 Index of /ubuntu focal-backports/universe amd64 Packages [28.6 kB]

Reading package lists…

e[91mW: GPG error: Index of /compute/cuda/repos/ubuntu2004/x86_64 InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY A4B469963BF863CC

E: The repository ‘Index of /compute/cuda/repos/ubuntu2004/x86_64 InRelease’ is not signed.

Also is there an issue if I am still using [cuda-keyring_1.0-1_all.deb] instead of cuda-keyring_1.1-1_all.deb ??

Could you please suggest what could be going wrong?

65 
$ podman run -it ubuntu:20.04 /bin/bash -c "apt-get update >/dev/null; apt-get install -y sudo wget gnupg ca-certificates >/dev/null; bash"
debconf: delaying package configuration, since apt-utils is not installed
# sudo apt-key del 7fa2af80                                                                                      
OK

# sudo apt-get update
Hit:1 http://security.ubuntu.com/ubuntu focal-security InRelease
Hit:2 http://archive.ubuntu.com/ubuntu focal InRelease
Hit:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease
Reading package lists... Done

# sudo apt-get install -y wget lsb-release
Reading package lists... Done
Building dependency tree       
Reading state information... Done
wget is already the newest version (1.20.3-1ubuntu2).
The following additional packages will be installed:
  distro-info-data file libexpat1 libmagic-mgc libmagic1 libmpdec2 libpython3-stdlib libpython3.8-minimal libpython3.8-stdlib mime-support python3 python3-minimal python3.8 python3.8-minimal xz-utils
Suggested packages:
  python3-doc python3-tk python3-venv python3.8-venv python3.8-doc binutils binfmt-support
The following NEW packages will be installed:
  distro-info-data file libexpat1 libmagic-mgc libmagic1 libmpdec2 libpython3-stdlib libpython3.8-minimal libpython3.8-stdlib lsb-release mime-support python3 python3-minimal python3.8 python3.8-minimal xz-utils
0 upgraded, 16 newly installed, 0 to remove and 43 not upgraded.
Need to get 5361 kB of archives.
After this operation, 26.9 MB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libpython3.8-minimal amd64 3.8.10-0ubuntu1~20.04.8 [717 kB]
Get:2 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libexpat1 amd64 2.2.9-1ubuntu0.6 [74.6 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 python3.8-minimal amd64 3.8.10-0ubuntu1~20.04.8 [1902 kB]
Get:4 http://archive.ubuntu.com/ubuntu focal/main amd64 python3-minimal amd64 3.8.2-0ubuntu2 [23.6 kB]
Get:5 http://archive.ubuntu.com/ubuntu focal/main amd64 mime-support all 3.64ubuntu1 [30.6 kB]
Get:6 http://archive.ubuntu.com/ubuntu focal/main amd64 libmpdec2 amd64 2.4.2-3 [81.1 kB]
Get:7 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libpython3.8-stdlib amd64 3.8.10-0ubuntu1~20.04.8 [1675 kB]
Get:8 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 python3.8 amd64 3.8.10-0ubuntu1~20.04.8 [387 kB]
Get:9 http://archive.ubuntu.com/ubuntu focal/main amd64 libpython3-stdlib amd64 3.8.2-0ubuntu2 [7068 B]
Get:10 http://archive.ubuntu.com/ubuntu focal/main amd64 python3 amd64 3.8.2-0ubuntu2 [47.6 kB]
Get:11 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 distro-info-data all 0.43ubuntu1.14 [4788 B]
Get:12 http://archive.ubuntu.com/ubuntu focal/main amd64 libmagic-mgc amd64 1:5.38-4 [218 kB]
Get:13 http://archive.ubuntu.com/ubuntu focal/main amd64 libmagic1 amd64 1:5.38-4 [75.9 kB]
Get:14 http://archive.ubuntu.com/ubuntu focal/main amd64 file amd64 1:5.38-4 [23.3 kB]
Get:15 http://archive.ubuntu.com/ubuntu focal/main amd64 lsb-release all 11.1.0ubuntu2 [10.6 kB]
Get:16 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 xz-utils amd64 5.2.4-1ubuntu1.1 [82.6 kB]
Fetched 5361 kB in 1s (5847 kB/s)    
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package libpython3.8-minimal:amd64.
(Reading database ... 4890 files and directories currently installed.)
Preparing to unpack .../libpython3.8-minimal_3.8.10-0ubuntu1~20.04.8_amd64.deb ...
Unpacking libpython3.8-minimal:amd64 (3.8.10-0ubuntu1~20.04.8) ...
Selecting previously unselected package libexpat1:amd64.
Preparing to unpack .../libexpat1_2.2.9-1ubuntu0.6_amd64.deb ...
Unpacking libexpat1:amd64 (2.2.9-1ubuntu0.6) ...
Selecting previously unselected package python3.8-minimal.
Preparing to unpack .../python3.8-minimal_3.8.10-0ubuntu1~20.04.8_amd64.deb ...
Unpacking python3.8-minimal (3.8.10-0ubuntu1~20.04.8) ...
Setting up libpython3.8-minimal:amd64 (3.8.10-0ubuntu1~20.04.8) ...
Setting up libexpat1:amd64 (2.2.9-1ubuntu0.6) ...
Setting up python3.8-minimal (3.8.10-0ubuntu1~20.04.8) ...
Selecting previously unselected package python3-minimal.
(Reading database ... 5181 files and directories currently installed.)
Preparing to unpack .../0-python3-minimal_3.8.2-0ubuntu2_amd64.deb ...
Unpacking python3-minimal (3.8.2-0ubuntu2) ...
Selecting previously unselected package mime-support.
Preparing to unpack .../1-mime-support_3.64ubuntu1_all.deb ...
Unpacking mime-support (3.64ubuntu1) ...
Selecting previously unselected package libmpdec2:amd64.
Preparing to unpack .../2-libmpdec2_2.4.2-3_amd64.deb ...
Unpacking libmpdec2:amd64 (2.4.2-3) ...
Selecting previously unselected package libpython3.8-stdlib:amd64.
Preparing to unpack .../3-libpython3.8-stdlib_3.8.10-0ubuntu1~20.04.8_amd64.deb ...
Unpacking libpython3.8-stdlib:amd64 (3.8.10-0ubuntu1~20.04.8) ...
Selecting previously unselected package python3.8.
Preparing to unpack .../4-python3.8_3.8.10-0ubuntu1~20.04.8_amd64.deb ...
Unpacking python3.8 (3.8.10-0ubuntu1~20.04.8) ...
Selecting previously unselected package libpython3-stdlib:amd64.
Preparing to unpack .../5-libpython3-stdlib_3.8.2-0ubuntu2_amd64.deb ...
Unpacking libpython3-stdlib:amd64 (3.8.2-0ubuntu2) ...
Setting up python3-minimal (3.8.2-0ubuntu2) ...
Selecting previously unselected package python3.
(Reading database ... 5583 files and directories currently installed.)
Preparing to unpack .../0-python3_3.8.2-0ubuntu2_amd64.deb ...
Unpacking python3 (3.8.2-0ubuntu2) ...
Selecting previously unselected package distro-info-data.
Preparing to unpack .../1-distro-info-data_0.43ubuntu1.14_all.deb ...
Unpacking distro-info-data (0.43ubuntu1.14) ...
Selecting previously unselected package libmagic-mgc.
Preparing to unpack .../2-libmagic-mgc_1%3a5.38-4_amd64.deb ...
Unpacking libmagic-mgc (1:5.38-4) ...
Selecting previously unselected package libmagic1:amd64.
Preparing to unpack .../3-libmagic1_1%3a5.38-4_amd64.deb ...
Unpacking libmagic1:amd64 (1:5.38-4) ...
Selecting previously unselected package file.
Preparing to unpack .../4-file_1%3a5.38-4_amd64.deb ...
Unpacking file (1:5.38-4) ...
Selecting previously unselected package lsb-release.
Preparing to unpack .../5-lsb-release_11.1.0ubuntu2_all.deb ...
Unpacking lsb-release (11.1.0ubuntu2) ...
Selecting previously unselected package xz-utils.
Preparing to unpack .../6-xz-utils_5.2.4-1ubuntu1.1_amd64.deb ...
Unpacking xz-utils (5.2.4-1ubuntu1.1) ...
Setting up mime-support (3.64ubuntu1) ...
Setting up libmagic-mgc (1:5.38-4) ...
Setting up distro-info-data (0.43ubuntu1.14) ...
Setting up libmagic1:amd64 (1:5.38-4) ...
Setting up file (1:5.38-4) ...
Setting up xz-utils (5.2.4-1ubuntu1.1) ...
update-alternatives: using /usr/bin/xz to provide /usr/bin/lzma (lzma) in auto mode
update-alternatives: warning: skip creation of /usr/share/man/man1/lzma.1.gz because associated file /usr/share/man/man1/xz.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/unlzma.1.gz because associated file /usr/share/man/man1/unxz.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzcat.1.gz because associated file /usr/share/man/man1/xzcat.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzmore.1.gz because associated file /usr/share/man/man1/xzmore.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzless.1.gz because associated file /usr/share/man/man1/xzless.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzdiff.1.gz because associated file /usr/share/man/man1/xzdiff.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzcmp.1.gz because associated file /usr/share/man/man1/xzcmp.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzgrep.1.gz because associated file /usr/share/man/man1/xzgrep.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzegrep.1.gz because associated file /usr/share/man/man1/xzegrep.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzfgrep.1.gz because associated file /usr/share/man/man1/xzfgrep.1.gz (of link group lzma) doesn't exist
Setting up libmpdec2:amd64 (2.4.2-3) ...
Setting up libpython3.8-stdlib:amd64 (3.8.10-0ubuntu1~20.04.8) ...
Setting up python3.8 (3.8.10-0ubuntu1~20.04.8) ...
Setting up libpython3-stdlib:amd64 (3.8.2-0ubuntu2) ...
Setting up python3 (3.8.2-0ubuntu2) ...
running python rtupdate hooks for python3.8...
running python post-rtupdate hooks for python3.8...
Setting up lsb-release (11.1.0ubuntu2) ...
Processing triggers for libc-bin (2.31-0ubuntu9.9) ...

# wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/cuda-keyring_1.1-1_all.deb
--2023-11-27 16:42:48--  https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/cuda-keyring_1.1-1_all.deb
Resolving developer.download.nvidia.com (developer.download.nvidia.com)... 152.195.19.142
Connecting to developer.download.nvidia.com (developer.download.nvidia.com)|152.195.19.142|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4328 (4.2K) [application/x-deb]
Saving to: 'cuda-keyring_1.1-1_all.deb'

cuda-keyring_1.1-1_all.deb                                          100%[==================================================================================================================================================================>]   4.23K  --.-KB/s    in 0s      

2023-11-27 16:42:48 (185 MB/s) - 'cuda-keyring_1.1-1_all.deb' saved [4328/4328]

# sudo dpkg -i cuda-keyring_1.1-1_all.deb 
Selecting previously unselected package cuda-keyring.
(Reading database ... 5706 files and directories currently installed.)
Preparing to unpack cuda-keyring_1.1-1_all.deb ...
Unpacking cuda-keyring (1.1-1) ...
Setting up cuda-keyring (1.1-1) ...

# sudo apt-get update
Get:1 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64  InRelease [1581 B]
Get:2 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64  Packages [1312 kB]                                    
Hit:3 http://security.ubuntu.com/ubuntu focal-security InRelease          
Hit:4 http://archive.ubuntu.com/ubuntu focal InRelease               
Hit:5 http://archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:6 http://archive.ubuntu.com/ubuntu focal-backports InRelease
Fetched 1313 kB in 0s (2788 kB/s)
Reading package lists... Done
66

Hit enter too fast, I wanted to add that the only difference between cuda-keyring 1.0 and 1.1 is fixed a bug about it always warning the deprecated GPG key was found. GitHub - NVIDIA/apt-packaging-cuda-keyring: CUDA keyring packaging for Debian