Use cuda_keyring for avoiding installing keys manually in install_cuda-scripts in the future?

[mskyttner]

In a recent fix for #442 the list of keys for cuda libraries is manually updated with the latest key so that "apt-get update" does not fail (after April 27) when rebuilding with messages such as "The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A4B469963BF863CC".

Nvidia recommends to use cuda_keyring which can avoid manual steps next time they rotate keys for CUDA Linux repositories, if I understand correctly.

This Dockerfile stanza seems to work for switching to their new repositories and installing cuda_keyring:

# use cuda_keyring instead of manually installed keys
RUN sed -i '/developer\.download\.nvidia\.com\/compute\/cuda\/repos/d' /etc/apt/sources.list.d/cuda.list && \
	sed -i '/developer\.download\.nvidia\.com\/compute\/cuda\/repos/d' /etc/apt/sources.list.d/nvidia-ml.list && \
	wget -O cuda-keyring.deb "https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64/cuda-keyring_1.0-1_all.deb" && \
	dpkg -i cuda-keyring.deb && \
	rm cuda-keyring.deb && \
	apt-get update

Would something similar to install cuda_keyring be nice to have in the install_cuda scripts?

[cboettig]

thanks for looking into this, sounds like a good idea to me. Would you be interested in sending a PR for this?