Closed sdake closed 1 year ago
I have confirmed this development quality approach is feasible and delivers a built faiss.
wise@wise-a40x1-1:~/repos/origin$ git diff
diff --git a/platform/packaging/build/faiss/Dockerfile b/platform/packaging/build/faiss/Dockerfile
index 51fc08e..24bae4b 100644
--- a/platform/packaging/build/faiss/Dockerfile
+++ b/platform/packaging/build/faiss/Dockerfile
@@ -61,7 +61,7 @@ RUN dpkg -i /workspace/cuda-keyring_1.1-1_all.deb
# NB. we don't need the all of Intel's oneApi, we only need MKL.
RUN curl -sL https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB | gpg --dearmor > /usr/share/keyrings/oneapi-archive-keyring.gpg
-RUN echo "deb [signed-by=/usr/share/keyrings/oneapi-archive-keyring.gpg] https://apt.repos.intel.com/oneapi all main" > /etc/apt/sources.list.d/oneAPI.list
+RUN echo "deb [trusted=yes] https://apt.repos.intel.com/oneapi all main" > /etc/apt/sources.list.d/oneAPI.list
RUN apt update
RUN apt install -y cuda-toolkit-12-2
I noticed during this work we use http
as a transport for apt when we should be using https
.
More problematic is this workaround does no deb
package signature check. These problems would result in security vulnerability disclosures, so these changes may not enter our git repository.
Thank you,
-steve
, we use HTTP
as a transport
This appears to have been resolved upstream by key change. Closing.
In an attempt to build our implementation of faiss, I discovered the following:
We build with Intel MKL by using the apt repository installation mechanism. Unfortunately, today is 2023-10-1, and
52AB D6E8 7E42 1793 9718 73FF ACFA 9FC5 7E6C 5DBE
is in an expired state.