Rotating the GPG Key

NVIDIA constantly evaluates and improves security implementations. As part of these improvements, we are rolling out changes to harden the security and reliability of our repositories. These changes require rotating the GPG keys that are used to sign the packages and metadata in those repositories. This section provides information about how to rotate the GPG keys on your system.

  1. Directly install the dgx-repo-setup package.
    $ sudo yum install -y https://international.download.nvidia.com/dgx/repos/rhel-files/dgx-repo-setup-21.11-1.el7.x86_64.rpm
  2. Manually revoke the previous DGX and CUDA GPG keys.
    Note: If the CUDA GPG key is not installed, the command might return an error, but you can ignore this error.
    $ sudo rpm -e gpg-pubkey-629c85f2-57571711
    $ sudo rpm -e gpg-pubkey-7fa2af80-576db785
  3. Enable/disable supplemental repositories as needed.
    # Enable
    $ sudo yum-config-manager --enable nvidia-dgx-7-r450-cuda11-0
    $ sudo yum-config-manager --enable nvidia-dgx-7-r470-cuda11-4
    
    # Disable
    $ sudo yum-config-manager --disable nvidia-dgx-7-r450-cuda11-0
    $ sudo yum-config-manager --disable nvidia-dgx-7-r470-cuda11-4
  4. Clean up old repository metadata.
    $ sudo yum clean metadata
OTA updates can now occur as normal.