From 9ca74a70b25bcd4fba4b8176635fcdf3a9b2ee90 Mon Sep 17 00:00:00 2001
From: Adam DeConinck <adeconinck@nvidia.com>
Date: Thu, 28 Apr 2022 17:27:57 +0000
Subject: [PATCH] Update to new NVIDIA signing key

---
 README.md                          |  2 --
 defaults/main.yml                  |  7 +++---
 files/cuda-ubuntu.pin              |  3 ---
 tasks/install-ubuntu-cuda-repo.yml | 34 +++++++++++++-----------------
 4 files changed, 19 insertions(+), 27 deletions(-)
 delete mode 100644 files/cuda-ubuntu.pin

diff --git a/README.md b/README.md
index d37625c..406280f 100644
--- a/README.md
+++ b/README.md
@@ -52,8 +52,6 @@ By default, the Canonical repositories will be used, and the driver installed wi
 | -------- | ------------- | ----------- |
 | `nvidia_driver_ubuntu_install_from_cuda_repo` | `no` | Flag whether to use the CUDA repo |
 | `nvidia_driver_ubuntu_cuda_repo_baseurl` | `"http://developer.download.nvidia.com/compute/cuda/repos/{{ _ubuntu_repo_dir }}"` | Base URL to use for CUDA repo |
-| `nvidia_driver_ubuntu_cuda_repo_gpgkey_url` | `"https://developer.download.nvidia.com/compute/cuda/repos/{{ _ubuntu_repo_dir }}/7fa2af80.pub"` | GPG key for the CUDA repo |
-| `nvidia_driver_ubuntu_cuda_repo_gpgkey_id` | `"7fa2af80"` | GPG key ID for the CUDA repo |
 | `nvidia_driver_ubuntu_cuda_package` | `"cuda-drivers"` | Package name to install from CUDA repo |
 
 ## Example playbook
diff --git a/defaults/main.yml b/defaults/main.yml
index 2b0974d..e70164a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -14,7 +14,7 @@ nvidia_driver_branch: "510"
 epel_package: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
 epel_repo_key: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}"
 nvidia_driver_rhel_cuda_repo_baseurl: "https://developer.download.nvidia.com/compute/cuda/repos/{{ _rhel_repo_dir }}/"
-nvidia_driver_rhel_cuda_repo_gpgkey: "https://developer.download.nvidia.com/compute/cuda/repos/{{ _rhel_repo_dir }}/7fa2af80.pub"
+nvidia_driver_rhel_cuda_repo_gpgkey: "https://developer.download.nvidia.com/compute/cuda/repos/{{ _rhel_repo_dir }}/D42D0685.pub"
 
 nvidia_driver_rhel_branch: "{{ nvidia_driver_branch }}"
 
@@ -37,7 +37,8 @@ nvidia_driver_ubuntu_packages:
 - "nvidia-kernel-source-{{ nvidia_driver_ubuntu_branch }}-server"
 
 # Installing with CUDA repositories
-nvidia_driver_ubuntu_cuda_repo_gpgkey_url: "https://developer.download.nvidia.com/compute/cuda/repos/{{ _ubuntu_repo_dir }}/7fa2af80.pub"
-nvidia_driver_ubuntu_cuda_repo_gpgkey_id: "7fa2af80"
+old_nvidia_driver_ubuntu_cuda_repo_gpgkey_id: "7fa2af80"
 nvidia_driver_ubuntu_cuda_repo_baseurl: "https://developer.download.nvidia.com/compute/cuda/repos/{{ _ubuntu_repo_dir }}"
+nvidia_driver_ubuntu_cuda_keyring_package: "cuda-keyring_1.0-1_all.deb"
+nvidia_driver_ubuntu_cuda_keyring_url: "{{ nvidia_driver_ubuntu_cuda_repo_baseurl }}/{{ nvidia_driver_ubuntu_cuda_keyring_package }}"
 nvidia_driver_ubuntu_cuda_package: "cuda-drivers-{{ nvidia_driver_ubuntu_branch }}"
diff --git a/files/cuda-ubuntu.pin b/files/cuda-ubuntu.pin
deleted file mode 100644
index b050308..0000000
--- a/files/cuda-ubuntu.pin
+++ /dev/null
@@ -1,3 +0,0 @@
-Package: *
-Pin: release l=NVIDIA CUDA
-Pin-Priority: 600
diff --git a/tasks/install-ubuntu-cuda-repo.yml b/tasks/install-ubuntu-cuda-repo.yml
index cf9a5d9..9b51a47 100644
--- a/tasks/install-ubuntu-cuda-repo.yml
+++ b/tasks/install-ubuntu-cuda-repo.yml
@@ -4,23 +4,26 @@
     repo: ppa:graphics-drivers/ppa
     state: absent
 
-- name: add pin file
-  copy:
-    src: "cuda-ubuntu.pin"
-    dest: "/etc/apt/preferences.d/cuda-repository-pin-600"
-    owner: "root"
-    group: "root"
-    mode: "0644"
+- name: remove old signing key
+  apt_key:
+    id: "{{ old_nvidia_driver_ubuntu_cuda_repo_gpgkey_id }}"
+    state: absent
+  environment: "{{proxy_env if proxy_env is defined else {}}}"
   when: nvidia_driver_add_repos | bool
 
-- name: add key
-  apt_key:
-    url: "{{ nvidia_driver_ubuntu_cuda_repo_gpgkey_url }}"
-    id: "{{ nvidia_driver_ubuntu_cuda_repo_gpgkey_id }}"
+- name: add CUDA keyring
+  apt:
+    deb: "{{ nvidia_driver_ubuntu_cuda_keyring_url }}"
+    state: "present"
   environment: "{{proxy_env if proxy_env is defined else {}}}"
   when: nvidia_driver_add_repos | bool
 
-- name: esure kmod is installed
+- name: force an apt update
+  apt:
+    update_cache: true
+  changed_when: false
+
+- name: ensure kmod is installed
   apt:
     name: "kmod"
     state: "present"
@@ -30,13 +33,6 @@
     name: nouveau
     state: present
 
-- name: add repo
-  apt_repository:
-    repo: "deb {{ nvidia_driver_ubuntu_cuda_repo_baseurl }} /"
-    update_cache: yes
-  environment: "{{proxy_env if proxy_env is defined else {}}}"
-  when: nvidia_driver_add_repos | bool
-
 - name: install driver packages
   apt:
     name: "{{ nvidia_driver_package_version | ternary(nvidia_driver_ubuntu_cuda_package+'='+nvidia_driver_package_version, nvidia_driver_ubuntu_cuda_package) }}"