Opened 23 months ago
Closed 18 months ago
#270 closed task (fixed)
RPM with proprietary nvidia drivers
| Reported by: | joanna | Owned by: | marmarek |
|---|---|---|---|
| Priority: | major | Milestone: | Release 1 Beta 3 |
| Component: | installer | Keywords: | |
| Cc: |
Description
Change History (18)
comment:1 Changed 23 months ago by marmarek
comment:2 Changed 22 months ago by joanna
- Owner changed from somebody to joanna
- Status changed from new to accepted
comment:3 Changed 22 months ago by joanna
- Milestone changed from Release 1 Beta 2 to Release 1 Beta 3
- Owner changed from joanna to marmarek
- Status changed from accepted to assigned
The nvidia rpm generating script doesn't create/download the required 'nvidia-kmod-common' rpm, which is required by kmod-nvidia*'.
comment:4 Changed 22 months ago by joanna
- Type changed from defect to task
comment:5 Changed 20 months ago by joanna
- Milestone changed from Release 1 Beta 3 to Release 1 Beta 2
comment:6 Changed 20 months ago by marmarek
nvidia-kmod-common is provided by xorg-x11-drv-nvidia
comment:7 Changed 20 months ago by joanna
Ok, so, I understand that we should copy all the rpms from 3rd_party-packages/x86_64/ into yum/dom0-updates/rpm and it wil be automatically picked by the installer? Or not?
If not, then I would just upload them into current yum repo?
comment:8 Changed 20 months ago by marmarek
Not - only if included in comps config.
Also it is unclear how it will behave on non-nvidia hardware... Have you checked it?
IMHO it's better to place it in current yum repo.
comment:9 Changed 20 months ago by joanna
RPMs uploaded to current, pls test.
comment:10 Changed 20 months ago by marmarek
Downloaded RPMs are signed by RPM Fusion key. Should we import it as trusted key, or resign packages?
comment:11 Changed 20 months ago by marmarek
Besides gpg key problem, looks good.
- qvm-dom0-update x11-xorg-drv-nvidia
- reboot
and now xorg uses nvidia binary driver :)
Notice: this package modifies kernel cmdline (blacklist nouveau), so AEM secret should resealed (and stick should be mounted as /boot during installation).
comment:12 Changed 20 months ago by joanna
- Milestone changed from Release 1 Beta 2 to Release 1 Beta 3
comment:13 Changed 20 months ago by joanna
For some reason I'm unable to reasign a few of the auxiliary rpms with Qubes key. Apparently rpm --resign renders any previous signature BAD?!
Also one of the packages from rpm fusion is not signed at all akmods-0.3.6-3.fc12.noarch.rpm and, even worse, the makefile doesn't warn about it.
comment:14 Changed 20 months ago by marmarek
akmods is signed, just one of signature cannot be verified (but the other, from rpmfusion-free-fedora-13-primary key IS correct):
rpm/x86_64/akmods-0.3.6-3.fc12.noarch.rpm:
Header V3 RSA/SHA256 Signature, key ID a3780952: OK
Header SHA1 digest: OK (180089b7979f80aecac92d0c65ead52d77ad3196)
V3 RSA/SHA256 Signature, key ID 16ca1a56: NOKEY
V3 RSA/SHA256 Signature, key ID a3780952: OK
MD5 digest: OK (0aeeaa37256fdaf4562d46f244165ec2)
comment:15 Changed 20 months ago by marmarek
This invalidating previous signatures is because of different hash used. In "original" packages SHA256 (and header V3) is used, but rpm --addsign (by default?) adds V4 sign with SHA1 hash.
From rpm manual:
For compatibility with older versions of GPG, PGP, and rpm, only V3 OpenPGP signature packets should be configured. Either DSA or RSA verification algo‐
rithms can be used, but DSA is preferred.
Trying to find out how to configure it...
comment:16 Changed 20 months ago by marmarek
Ok, the solution is to add "digest-algo sha256" to your ~/.gnupg/gpg.conf
(header version turned out to be irrelevant)
comment:17 Changed 19 months ago by joanna
- Priority changed from minor to major
comment:18 Changed 18 months ago by marmarek
- Resolution set to fixed
- Status changed from assigned to closed
Problem with signatures solved by rebuilding packages and signing only with Qubes key.
But still - this package cannot be installed by default (on non-nvidia hardware) as it unconditionally force to use nvidia driver.
Should be placed only on yum.qubes-os.org.
http://git.qubes-os.org/gitweb/?p=marmarek/installer.git;a=commit;h=deb3a1cc251683703c10be81e4053f20ac9bc1d9
I've noticed that it adds /etc/init.d/nvidia which loads nvidia module and modifies xorg.conf to use it... Don't know if it checks for nvidia hardware first, but I don't think so.