├── .gitignore ├── CONTRIBUTING ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── build.sh └── debian ├── compat ├── rules ├── source └── format └── templates ├── changelog.in ├── control.in ├── cuda-REPO.list.in ├── cuda-keyring.install.in └── cuda-keyring.postinst.in /.gitignore: -------------------------------------------------------------------------------- 1 | *.deb 2 | *.gpg 3 | *.pin 4 | -------------------------------------------------------------------------------- /CONTRIBUTING: -------------------------------------------------------------------------------- 1 | Developer Certificate of Origin 2 | Version 1.1 3 | 4 | Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 5 | 1 Letterman Drive 6 | Suite D4700 7 | San Francisco, CA, 94129 8 | 9 | Everyone is permitted to copy and distribute verbatim copies of this 10 | license document, but changing it is not allowed. 11 | 12 | 13 | Developer's Certificate of Origin 1.1 14 | 15 | By making a contribution to this project, I certify that: 16 | 17 | (a) The contribution was created in whole or in part by me and I 18 | have the right to submit it under the open source license 19 | indicated in the file; or 20 | 21 | (b) The contribution is based upon previous work that, to the best 22 | of my knowledge, is covered under an appropriate open source 23 | license and I have the right under that license to submit that 24 | work with modifications, whether created in whole or in part 25 | by me, under the same open source license (unless I am 26 | permitted to submit under a different license), as indicated 27 | in the file; or 28 | 29 | (c) The contribution was provided directly to me by some other 30 | person who certified (a), (b) or (c) and I have not modified 31 | it. 32 | 33 | (d) I understand and agree that this project and the contribution 34 | are public and that a record of the contribution (including all 35 | personal information I submit with it, including my sign-off) is 36 | maintained indefinitely and may be redistributed consistent with 37 | this project or the open source license(s) involved. 38 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contribute to this project 2 | 3 | Want to contribute to this project? Awesome! 4 | We only require you to sign your work, the below section describes this! 5 | 6 | ## Sign your work 7 | 8 | The sign-off is a simple line at the end of the explanation for the patch. Your 9 | signature certifies that you wrote the patch or otherwise have the right to pass 10 | it on as an open-source patch. The rules are pretty simple: if you can certify 11 | the below (from [developercertificate.org](http://developercertificate.org/)): 12 | 13 | ``` 14 | Developer Certificate of Origin 15 | Version 1.1 16 | 17 | Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 18 | 1 Letterman Drive 19 | Suite D4700 20 | San Francisco, CA, 94129 21 | 22 | Everyone is permitted to copy and distribute verbatim copies of this 23 | license document, but changing it is not allowed. 24 | 25 | Developer's Certificate of Origin 1.1 26 | 27 | By making a contribution to this project, I certify that: 28 | 29 | (a) The contribution was created in whole or in part by me and I 30 | have the right to submit it under the open source license 31 | indicated in the file; or 32 | 33 | (b) The contribution is based upon previous work that, to the best 34 | of my knowledge, is covered under an appropriate open source 35 | license and I have the right under that license to submit that 36 | work with modifications, whether created in whole or in part 37 | by me, under the same open source license (unless I am 38 | permitted to submit under a different license), as indicated 39 | in the file; or 40 | 41 | (c) The contribution was provided directly to me by some other 42 | person who certified (a), (b) or (c) and I have not modified 43 | it. 44 | 45 | (d) I understand and agree that this project and the contribution 46 | are public and that a record of the contribution (including all 47 | personal information I submit with it, including my sign-off) is 48 | maintained indefinitely and may be redistributed consistent with 49 | this project or the open source license(s) involved. 50 | ``` 51 | 52 | Then you just add a line to every git commit message: 53 | 54 | Signed-off-by: Joe Smith 55 | 56 | Use your real name (sorry, no pseudonyms or anonymous contributions.) 57 | 58 | If you set your `user.name` and `user.email` git configs, you can sign your 59 | commit automatically with `git commit -s`. 60 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2022 NVIDIA Corporation 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of 6 | this software and associated documentation files (the "Software"), to deal in 7 | the Software without restriction, including without limitation the rights to 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software is furnished to do so, 10 | subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # cuda-keyring 2 | 3 | [![License](https://img.shields.io/badge/license-MIT-green.svg)](https://opensource.org/licenses/MIT-license) 4 | [![Contributing](https://img.shields.io/badge/Contributing-Developer%20Certificate%20of%20Origin-violet)](https://developercertificate.org) 5 | 6 | 7 | ## Overview 8 | 9 | Packaging for cuda-keyring 10 | 11 | 1. Install GPG public key in `/usr/share/keyrings/` 12 | 2. Set repository priority with apt pinning 13 | 3. Enable Nvidia's CUDA repository with `.list` for `apt-get` 14 | 15 | ### Note on enabling a repository 16 | 17 | ```shell 18 | deb [signed-by=/path/to/keyring] https://$repositoryURL $suite 19 | ``` 20 | 21 | > ex: `debian11/x86_64` 22 | ``` 23 | deb [signed-by=/usr/share/keyrings/cuda-archive-keyring.gpg] https://developer.download.nvidia.com/compute/cuda/repos/debian11/x86_64/ / 24 | ``` 25 | 26 | ### Blog post 27 | [https://developer.nvidia.com/blog/updating-the-cuda-linux-gpg-repository-key/](https://developer.nvidia.com/blog/updating-the-cuda-linux-gpg-repository-key/) 28 | 29 | 30 | ## Deliverables 31 | 32 | ```shell 33 | - cuda-keyring 34 | ``` 35 | 36 | ## Prerequisites 37 | 38 | ### Download GPG public key 39 | 40 | The `apt-key` command is deprecated in Debian 12, Ubuntu 21.10 and derivative distros. 41 | NVIDIA provides the repo GPG keys in both `*.pub` and encapsulated keyring formats. 42 | 43 | ```shell 44 | wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-archive-keyring.gpg 45 | ``` 46 | 47 | **OR** 48 | 49 | ```shell 50 | wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/$shortname.pub 51 | cat $shortname.pub | gpg --dearmor > cuda-archive.keyring.gpg 52 | ``` 53 | > note: replace `$shortname` with `3bf863cc` 54 | 55 | 56 | ### Download priority pin 57 | 58 | Repositories maintained by different organizations may contain packages with the same name. 59 | To ensure `apt` selects software from one repository over another, priority pinning may be used. 60 | 61 | ```shell 62 | wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-ubuntu2204.pin 63 | mv cuda-ubuntu2204.pin cuda.pin 64 | ``` 65 | 66 | `cat cuda.pin` 67 | 68 | ```shell 69 | Package: nsight-compute 70 | Pin: origin *ubuntu.com* 71 | Pin-Priority: -1 72 | 73 | Package: nsight-systems 74 | Pin: origin *ubuntu.com* 75 | Pin-Priority: -1 76 | 77 | Package: * 78 | Pin: release l=NVIDIA CUDA 79 | Pin-Priority: 600 80 | ``` 81 | 82 | 83 | ### Install build dependencies 84 | > *note:* these are only needed for building not installation 85 | 86 | ```shell 87 | apt-get install debhelper devscripts dpkg-dev make 88 | ``` 89 | 90 | 91 | ## Usage 92 | 93 | ```shell 94 | usage: build.sh [priority.pin] 95 | DISTRO=[ubuntu2204|ubuntu2004] ARCH=[x86_64|sbsa|arm64] build.sh 96 | DISTRO=[ubuntu2204|ubuntu2004] ARCH=[cross-linux-sbsa|cross-linux-aarch64] build.sh 97 | DISTRO=[ubuntu1804|ubuntu1604] ARCH=[x86_64|ppc64el|sbsa] build.sh 98 | DISTRO=[debian11|debian10|wsl-ubuntu] ARCH=x86_64 build.sh 99 | ``` 100 | 101 | ### Example 102 | 103 | ```shell 104 | wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-archive-keyring.gpg 105 | wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-ubuntu2204.pin 106 | mv cuda-ubuntu2204.pin cuda.pin 107 | ``` 108 | 109 | ```shell 110 | DISTRO=ubuntu2204 ARCH=x86_64 ./build.sh cuda-archive-keyring.gpg cuda.pin 111 | ``` 112 | 113 | ```shell 114 | ls cuda-keyring*_all.deb 115 | sudo dpkg --install cuda-keyring*_all.deb 116 | sudo apt-get update 117 | ``` 118 | 119 | 120 | ## Contributing 121 | 122 | See [CONTRIBUTING.md](CONTRIBUTING.md) 123 | -------------------------------------------------------------------------------- /build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright 2022, NVIDIA Corporation 3 | # SPDX-License-Identifier: MIT 4 | 5 | err() { echo "ERROR: $*"; exit 1; } 6 | 7 | make_clean() { 8 | rm -rf debian/.debhelper/ debian/files debian/changelog debian/control debian/cuda-keyring/ 9 | rm -f debian/cuda-keyring.debhelper.log debian/cuda-keyring.install debian/cuda-keyring.postinst debian/cuda-keyring.substvars 10 | rm -f debian/cuda*.list debian/cuda*.gpg debian/cuda*pin* 11 | } 12 | 13 | make_clean 14 | [[ -f "$1" ]] || err "USAGE: $0 [keyring] [pin file]" 15 | [[ -f "$1" ]] && [[ "$1" =~ \.gpg ]] && cp -v "$1" debian/ 16 | [[ -f "$2" ]] && [[ "$2" =~ \.pin ]] && cp -v "$2" debian/cuda-repository-pin-600 17 | 18 | make -i -f debian/rules fill_templates || err "make" 19 | dpkg-buildpackage -b -kcudatools@nvidia.com || err "dpkg-buildpackage" 20 | 21 | make_clean 22 | mv -v ../cuda-keyring*.deb . 23 | rm -f ../cuda-keyring_* 24 | 25 | dpkg -I ./cuda-keyring*.deb 26 | dpkg -c ./cuda-keyring*.deb 27 | -------------------------------------------------------------------------------- /debian/compat: -------------------------------------------------------------------------------- 1 | 9 2 | -------------------------------------------------------------------------------- /debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | DH_VERBOSE := 1 3 | 4 | VERSION ?= 1.1 5 | REVISION ?= 1 6 | TIMESTAMP := $(shell date -R) 7 | YEAR ?= $(shell date +%Y) 8 | PUBKEY ?= $(shell GNUPGHOME=/dev/null gpg --list-packets debian/cuda-archive-keyring.gpg | grep 'keyid:' | cut -d: -f2 | rev | cut -c -8 | rev) 9 | PINFILE := $(shell test -f debian/cuda-repository-pin-600 && echo 1) 10 | DISTRO ?= $(shell grep -oP '(?<=^ID=).*|(?<=^VERSION_ID=).*' /etc/os-release | paste -sd '\0') 11 | ARCH ?= x86_64 12 | 13 | ifeq ($(PINFILE),1) 14 | PRIORITY := 15 | else 16 | PRIORITY := \# 17 | endif 18 | 19 | %: 20 | dh $@ 21 | 22 | override_dh_clean: 23 | dh_clean 24 | 25 | override_dh_auto_build: 26 | rm -f lib*.so 27 | 28 | fill_templates: 29 | for template in debian/templates/*.in; do \ 30 | dest=`echo $$template | \ 31 | sed -e "s|\.in\$$||" \ 32 | -e "s|templates\/||" \ 33 | -e "s|REPO|$(DISTRO)-$(ARCH)|"`; \ 34 | sed -e "s|#VERSION#|$(VERSION)|g" \ 35 | -e "s|#REVISION#|$(REVISION)|g" \ 36 | -e "s|#DISTRO#|$(DISTRO)|g" \ 37 | -e "s|#ARCH#|$(ARCH)|g" \ 38 | -e "s|#PRIORITY#|$(PRIORITY)|g" \ 39 | -e "s|#PUBKEY#|$(PUBKEY)|g" \ 40 | -e "s|#YEAR#|$(YEAR)|g" \ 41 | -e "s|#TIMESTAMP#|$(TIMESTAMP)|g" \ 42 | $$template > $$dest; \ 43 | done 44 | 45 | override_dh_auto_install: 46 | dh_install --exclude=none --fail-missing 47 | 48 | override_dh_makeshlibs: 49 | DEB_BUILD_GNU_TYPE=$(DEB_HOST_GNU_TYPE) dh_makeshlibs 50 | 51 | # 52 | # Turn off a few of the debhelper scripts 53 | # 54 | override_dh_usrlocal: 55 | 56 | override_dh_strip: 57 | 58 | override_dh_strip_nondeterminism: 59 | 60 | # 61 | # Disable dh_shlibdeps to allow packaging to run on systems which aren't 62 | # the same architecture we're packaging for. 63 | # 64 | override_dh_shlibdeps: 65 | 66 | ifneq ($(DISABLE_FIXPERMS),) 67 | override_dh_fixperms: 68 | endif 69 | -------------------------------------------------------------------------------- /debian/source/format: -------------------------------------------------------------------------------- 1 | 3.0 (quilt) 2 | -------------------------------------------------------------------------------- /debian/templates/changelog.in: -------------------------------------------------------------------------------- 1 | cuda-keyring (#VERSION#-#REVISION#) stable; urgency=low 2 | 3 | * CUDA keyring package (2022) 4 | 5 | -- cudatools #TIMESTAMP# 6 | -------------------------------------------------------------------------------- /debian/templates/control.in: -------------------------------------------------------------------------------- 1 | Source: cuda-keyring 2 | Maintainer: cudatools 3 | Section: multiverse/devel 4 | Priority: optional 5 | Standards-Version: 3.8.0 6 | 7 | Package: cuda-keyring 8 | Architecture: all 9 | Depends: ${misc:Depends} 10 | Description: GPG keyring for the CUDA repository 11 | Enrolls public key: #PUBKEY# (#YEAR#) 12 | and enables repo: #DISTRO#/#ARCH# 13 | -------------------------------------------------------------------------------- /debian/templates/cuda-REPO.list.in: -------------------------------------------------------------------------------- 1 | deb [signed-by=/usr/share/keyrings/cuda-archive-keyring.gpg] https://developer.download.nvidia.com/compute/cuda/repos/#DISTRO#/#ARCH#/ / 2 | -------------------------------------------------------------------------------- /debian/templates/cuda-keyring.install.in: -------------------------------------------------------------------------------- 1 | debian/cuda-archive-keyring.gpg /usr/share/keyrings/ 2 | debian/cuda-#DISTRO#-#ARCH#.list /etc/apt/sources.list.d/ 3 | #PRIORITY#debian/cuda-repository-pin-600 /etc/apt/preferences.d/ 4 | -------------------------------------------------------------------------------- /debian/templates/cuda-keyring.postinst.in: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | set -e 4 | 5 | case "$1" in 6 | configure) 7 | keyexists="$(GNUPGHOME=/dev/null gpg /etc/apt/trusted.gpg 2>/dev/null | grep -i 7fa2af80)" || true 8 | if [ -f "/etc/apt/trusted.gpg" ] && [ "$keyexists" ]; then 9 | removeKey="sudo apt-key del 7fa2af80" 10 | cat <