Nvidia-docker: invalid: BADSIG F60F4B3D7FA2AF80 cudatools <[email protected]>

Hello!

Which region are you from? I can't seem to reproduce your error :)

@RenaudWasTaken China mainland.

After this issue opened, the error seemed fixed, but sometimes it's failed again.

I think this issue can be closed since it is available most times.

I'm also receiving this error from UK

I'm also receiving this error from Indonesia.

W: GPG error: http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64  Release: The following signatures were invalid: BADSIG F60F4B3D7FA2AF80 cudatools <[email protected]>
E: The repository 'http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64  Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

same issue

Get:21 http://archive.ubuntu.com/ubuntu xenial-backports/main amd64 Packages [7942 B]
Get:22 http://archive.ubuntu.com/ubuntu xenial-backports/universe amd64 Packages [8532 B]
Get:23 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1604/x86_64  Release.gpg [169 B]
Get:24 https://developer.download.nvidia.com/compute/machine-learning/repos/ubuntu1604/x86_64  Release.gpg [169 B]
Ign:24 https://developer.download.nvidia.com/compute/machine-learning/repos/ubuntu1604/x86_64  Release.gpg
Get:25 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1604/x86_64  Packages [209 kB]
Err:25 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1604/x86_64  Packages
  Hash Sum mismatch
Get:26 https://developer.download.nvidia.com/compute/machine-learning/repos/ubuntu1604/x86_64  Packages [46.3 kB]
Fetched 16.1 MB in 9s (1642 kB/s)
Reading package lists...
W: GPG error: https://developer.download.nvidia.com/compute/machine-learning/repos/ubuntu1604/x86_64  Release: The following signatures were invalid: BADSIG F60F4B3D7FA2AF80 cudatools <[email protected]>
W: The repository 'https://developer.download.nvidia.com/compute/machine-learning/repos/ubuntu1604/x86_64  Release' is not signed.
E: Failed to fetch https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1604/x86_64/Packages.gz  Hash Sum mismatch
E: Some index files failed to download. They have been ignored, or old ones used instead.
The command '/bin/sh -c apt-get update --fix-missing && apt-get install -y --no-install-recommends        build-essential         software-properties-common         python3         python3-dev         python3-tk         python3-pip         build-essential         libfreetype6-dev         libpng12-dev         libzmq3-dev         libspatialindex-dev         libsm6         vim         wget         git         zip         &&     apt-get clean &&     rm -rf /var/lib/apt/lists/*' returned a non-zero code: 100

Having the same issue after installing the cudatools key.

W: GPG error: http://developer.download.nvidia.com/compute/machine-learning/repos/ubuntu1804/x86_64 Release: The following signatures were invalid: BADSIG F60F4B3D7FA2AF80 cudatools cudatools@nvidia.com
W: The repository 'http://developer.download.nvidia.com/compute/machine-learning/repos/ubuntu1804/x86_64 Release' is not signed.

Performing an install of the following packages:

libcudnn7=7.6.0.64-1+cuda10.0 \
libcudnn7-dev=7.6.0.64-1+cuda10.0 \
cuda-command-line-tools-10-0 cuda-cublas-10-0
cuda-cufft-10-0 cuda-curand-10-0 \
cuda-cusolver-10-0 cuda-cusparse-10-0

gives an error saying that:

WARNING: The following packages cannot be authenticated!
libcudnn7 libcudnn7-dev

Downloading from Sweden, if that matters.

Further, this seemed to work perfectly last week (on 19 June and before) but not after the weekend (24 June and after).

Looks like this was a caching issue. Closing as we haven't seen any other issues in the past few months.

@RenaudWasTaken
Having the same issue for https://developer.download.nvidia.cn/compute/cuda/repos/ubuntu1804/x86_64 recently.

Actually I've seen this several times.
Especially in China where the .com URL get redirected to .cn domain.
If I hook up a proxy or simply do it in US, currently it's fine.

@RenaudWasTaken
Still happening, here from Taiwan, for https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1604/x86_64, no redirection as for xkszltl above though. Tried every possible solution but to no avail.

This is not fixed; multiple users are still reporting this from all sorts of countries.

https://github.com/NVIDIA/nvidia-docker/issues/1178

Just in case it's of help to someone else, I could avoid this error and install CUDA+the NVIDIA driver on Mint19.3. Here's what I did:

clean install of mint (let nouveau drivers be installed, do not upgrade to NVIDIA). Follow the deb-local installation method (under a VPN @ California):

https://developer.nvidia.com/cuda-downloads?target_os=Linux&target_arch=x86_64&target_distro=Ubuntu&target_version=1804&target_type=deblocal

goto 1. and repeat the process around 50 times.

Voilá! NVIDIA drivers and CUDA running on your system! Wasn't that easy?

Severely censored network in China :)

@372046933 I doubt this has anything to do with censorship. More likely to be a CDN related issue.

I am also meeting this issue on China:

W: GPG error: https://developer.download.nvidia.cn/compute/machine-learning/repos/ubuntu1804/x86_64 Release: The following signatures were invalid: BADSIG F60F4B3D7FA2AF80 cudatools cudatools@nvidia.com
E: The repository 'https://developer.download.nvidia.com/compute/machine-learning/repos/ubuntu1804/x86_64 Release' is not signed.

@jdhao , Use ladder to bypass the nasty situation.

Same from South Korea right now:

Ign:10 http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1604/x86_64 Packages
Hit:10 http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1604/x86_64 Packages
Err:10 http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1604/x86_64 Packages
Hash Sum mismatch
...
Reading package lists...
W: GPG error: http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1604/x86_64 Release: The following signatures were invalid: BADSIG F60F4B3D7FA2AF80 cudatools <[email protected]>
W: The repository 'http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1604/x86_64 Release' is not signed.
E: Failed to fetch store:/var/lib/apt/lists/partial/developer.download.nvidia.com_compute_cuda_repos_ubuntu1604_x86%5f64_Packages.gz Hash Sum mismatch
E: Some index files failed to download. They have been ignored, or old ones used instead.

This is not the right place to file issues related to containers running on top of nvidia-docker.

You will need to file an issue here:
https://forums.developer.nvidia.com/c/accelerated-computing/cuda/cuda-setup-and-installation/8

i got the same problem on China, the error occurred when I used the image of Nvidia/CUDa :10.2-cudnn7-devel-ubuntu18.04 and executed the apt-get update command:

Reading package lists... Done
W: GPG error: https://developer.download.nvidia.cn/compute/cuda/repos/ubuntu1804/x8 6_64 Release: The following signatures were invalid: BADSIG F60F4B3D7FA2AF80 cudat ools cudatools@nvidia.com
E: The repository 'https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1 804/x86_64 Release' is not signed.

but, i just slove this problem by executing the following command:

gpg --keyserver keyserver.ubuntu.com --recv-keys F60F4B3D7FA2AF80

我也遇到了这个问题，解决办法如下，在dockerfile中报错的step之前添加如下命令，如果curl已经安装，可以去掉第一个RUN命令

RUN apt-get update && apt-get install -y --no-install-recommends \
curl
RUN curl -s -L https://nvidia.github.io/libnvidia-container/gpgkey | \
apt-key add -

I got the same error in China

RUN curl -fsSL https://mirrors.aliyun.com/nvidia-cuda/ubuntu1804/x86_64/7fa2af80.pub | apt-key add -
RUN echo "deb https://mirrors.aliyun.com/nvidia-cuda/ubuntu1804/x86_64/ ./" > /etc/apt/sources.list.d/cuda.list

RUN echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-security main restricted universe multiverse" >> /etc/apt/sources.list&& \
    echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-updates main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-proposed main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-backports main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty main restricted universe multiverse" >> /etc/apt/sources.list&& \
    echo "deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-security main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-updates main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-proposed main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-backports main restricted universe multiverse" >> /etc/apt/sources.list 

The problem was solved.

Good to know Aliyun has CUDA mirror, unfortunately they don't have nvidia/machine-learning.

I got the same error in China

RUN curl -fsSL https://mirrors.aliyun.com/nvidia-cuda/ubuntu1804/x86_64/7fa2af80.pub | apt-key add -
RUN echo "deb https://mirrors.aliyun.com/nvidia-cuda/ubuntu1804/x86_64/ ./" > /etc/apt/sources.list.d/cuda.list

RUN echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-security main restricted universe multiverse" >> /etc/apt/sources.list&& \
    echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-updates main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-proposed main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-backports main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty main restricted universe multiverse" >> /etc/apt/sources.list&& \
    echo "deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-security main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-updates main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-proposed main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-backports main restricted universe multiverse" >> /etc/apt/sources.list 

The problem was solved.

Not a security expert, but to my understanding, you shouldn't use public key from untrusted source (aliyun, in your case)

For those who are using this dockerfile as a starting point for your own dockerfile, you can consider download the bad file manually and COPY it to the corresponding location.

FYI usually it's too hard to get the file, regardless of who's doing the
download (docker build or human).
Local mirror makes things better, by moving the failure to the up-front
when mirroring.

For me I put whatever nvidia related network command into a until xxx; do echo Retrying; done, usually there will be a success within 100-10k times.

On Sun, Oct 4, 2020 at 10:53 AM Incomplete notifications@github.com wrote:

For those who are using this dockerfile as a starting point for your own
dockerfile, you can consider download the bad file manually and COPY it
to the corresponding location.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/NVIDIA/nvidia-docker/issues/969#issuecomment-703192776,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/ABHWIUJQQNPS3UJPIPCK2ZTSI7PRLANCNFSM4HKSD7XA
.

--
From LTL

I am also facing this issue with nvidia/cuda:10.2-cudnn7-devel-ubuntu18.04 and I am from India.

@praveenbadimala
Just curious, does the traffic go through any CDN in India?
You can check with curl -SILsv 'https://developer.download.nvidia.com/compute/cuda/repos'.
For me I'm seeing a lot of X-Cache and X-OCRA-Accelerator fields in header with jp.krill.zenlogic.net after being 301 to nvidia.cn.

@xkszltl
today I dint face the issue and the output of the curl -SILsv dint show that the traffic is routed through any CDN in India.

I got the same error in China

RUN curl -fsSL https://mirrors.aliyun.com/nvidia-cuda/ubuntu1804/x86_64/7fa2af80.pub | apt-key add -
RUN echo "deb https://mirrors.aliyun.com/nvidia-cuda/ubuntu1804/x86_64/ ./" > /etc/apt/sources.list.d/cuda.list

RUN echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-security main restricted universe multiverse" >> /etc/apt/sources.list&& \
    echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-updates main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-proposed main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-backports main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty main restricted universe multiverse" >> /etc/apt/sources.list&& \
    echo "deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-security main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-updates main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-proposed main restricted universe multiverse" >> /etc/apt/sources.list && \
    echo "deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ trusty-backports main restricted universe multiverse" >> /etc/apt/sources.list 

The problem was solved.

Not a security expert, but to my understanding, you shouldn't use public key from untrusted source (aliyun, in your case)

why do you think aliyun is untrusted source???

@Answergeng

Only author and trusted CA can be treated as trusted source.
HTTPS make sure the .pub you get is from nvidia without MITM attack.
If you get it from Ali, you can only make sure it's what Ali offers, not what nvidia offers.
Technically Ali can put malware in package and sign with their own priv key matching their .pub.

I know your point, Ali is big enough to not do stupid things in this way, but it's always a bad idea to keep door open. And darkness can gradually rise when too many doors are open.

As you're using ubuntu 18.04, run:

# ###list keys if you need###
# apt-key list
# apt-key del F60F4B3D7FA2AF80
#
# apt-key adv --fetch-keys https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64/7fa2af80.pub
# apt update

it works.

via:

• https://www.tensorflow.org/install/gpu#install_cuda_with_apt
• https://docs.nvidia.com/cuda/wsl-user-guide/index.html#running-cuda
• https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html

As you're using ubuntu 18.04, run:

# ###list keys if you need###
# apt-key list
# apt-key del F60F4B3D7FA2AF80
#
# apt-key adv --fetch-keys https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64/7fa2af80.pub
# apt update

it works.

via:

* https://www.tensorflow.org/install/gpu#install_cuda_with_apt

* https://docs.nvidia.com/cuda/wsl-user-guide/index.html#running-cuda

* https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html

Not so fast. Actually in my case after executing your solution, if I run
# apt update
again, the error will occur. Like a haunting ghost.
PS: NONE of the above ideas about apt-list cleaning or gpg key removing and adding again worked or lasted.