Rotating the GPG Keys
NVIDIA constantly evaluates and improves security implementations. As part of these improvements, we are rolling out changes to harden the security and reliability of our repositories. These changes require rotating the GPG keys that are used to sign the metadata and packages in those repositories. This section provides information about how to rotate the GPG keys on your system.
Download the new repository setup packages.
wget https://international.download.nvidia.com/dgx/repos/bionic/pool/multiverse/d/dgx-repo/dgx-repo_1.0-5_amd64.deb wget https://international.download.nvidia.com/dgx/repos/bionic/pool/multiverse/n/nvidia-repo-keys/nvidia-repo-keys_22.04-1_all.deb
Directly install the
.debpackages, which skips the GPG check performed in
If prompted, ensure that you accept the maintainer’s version for all files.
sudo dpkg --force-confnew -i ./nvidia-repo-keys_22.04-1_all.deb ./dgx-repo_1.0-5_amd64.deb
Manually revoke the previous DGX and CUDA GPG keys.
sudo apt-key del 629C85F2 sudo apt-key del 7FA2AF80
Update optional repositories that were previously enabled.
for x in $(find /etc/apt/sources.list.d -name "dgx*.list"); do if ! grep -q "signed-by" $x; then sudo sed -i 's|^deb |deb [arch=amd64 signed-by=/usr/share/keyrings/dgx_debian_prod.gpg] |' $x; fi; done