Skip to content

Commit

Permalink
Merge pull request #176 from cdesiniotis/ubuntu24.04-apt-key-deprecation
Browse files Browse the repository at this point in the history
[ubuntu24.04] remove usage of deprecated 'apt-key add'
  • Loading branch information
cdesiniotis authored Dec 13, 2024
2 parents 070e32e + d464d31 commit b119e94
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 10 deletions.
7 changes: 1 addition & 6 deletions ubuntu24.04/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -63,13 +63,8 @@ RUN echo "TARGETARCH=$TARGETARCH"

ADD install.sh /tmp

# Fetch GPG keys for CUDA repo
RUN apt-key del 7fa2af80 && OS_ARCH=${TARGETARCH/amd64/x86_64} && OS_ARCH=${OS_ARCH/arm64/sbsa} && \
apt-key adv --fetch-keys "https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/${OS_ARCH}/3bf863cc.pub"

RUN usermod -o -u 0 -g 0 _apt && \
/tmp/install.sh depinstall

/tmp/install.sh depinstall && /tmp/install.sh setup_cuda_repo

COPY nvidia-driver /usr/local/bin

Expand Down
15 changes: 15 additions & 0 deletions ubuntu24.04/install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ dep_install () {
build-essential \
ca-certificates \
curl \
gpg \
kmod \
file \
libelf-dev \
Expand All @@ -27,6 +28,7 @@ dep_install () {
build-essential \
ca-certificates \
curl \
gpg \
kmod \
file \
libelf-dev \
Expand All @@ -35,10 +37,23 @@ dep_install () {
fi
}

setup_cuda_repo() {
# Remove any existing CUDA GPG keys that are unconditionally trusted by apt
apt-key del 3bf863cc
rm /etc/apt/sources.list.d/cuda.list

# Fetch public CUDA GPG key and configure apt to only use this key when downloading CUDA packages
OS_ARCH=${TARGETARCH/amd64/x86_64} && OS_ARCH=${OS_ARCH/arm64/sbsa};
curl -fsSL https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/${OS_ARCH}/3bf863cc.pub | gpg --dearmor -o /etc/apt/keyrings/cuda.pub;
echo "deb [signed-by=/etc/apt/keyrings/cuda.pub] https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/${OS_ARCH} /" > /etc/apt/sources.list.d/cuda.list
}

if [ "$1" = "depinstall" ]; then
dep_install
elif [ "$1" = "download_installer" ]; then
download_installer
elif [ "$1" = "setup_cuda_repo" ]; then
setup_cuda_repo
else
echo "Unknown function: $1"
exit 1
Expand Down
11 changes: 7 additions & 4 deletions ubuntu24.04/precompiled/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -14,23 +14,26 @@ ENV NVIDIA_VISIBLE_DEVICES=void

RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections

# Fetch GPG keys for CUDA repo
RUN apt-key del 7fa2af80 && \
apt-key adv --fetch-keys "https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/x86_64/3bf863cc.pub"

RUN dpkg --add-architecture i386 && \
apt-get update && apt-get install -y --no-install-recommends \
apt-utils \
build-essential \
ca-certificates \
curl \
gpg \
kmod \
file \
libelf-dev \
libglvnd-dev \
pkg-config && \
rm -rf /var/lib/apt/lists/*

# Fetch GPG keys for CUDA repo
RUN apt-key del 3bf863cc && \
rm /etc/apt/sources.list.d/cuda.list && \
curl -fsSL https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/x86_64/3bf863cc.pub | gpg --dearmor -o /etc/apt/keyrings/cuda.pub && \
echo "deb [signed-by=/etc/apt/keyrings/cuda.pub] https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/x86_64 /" > /etc/apt/sources.list.d/cuda.list

RUN usermod -o -u 0 -g 0 _apt

# Install / upgrade packages here that are required to resolve CVEs
Expand Down

0 comments on commit b119e94

Please sign in to comment.