Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using
--nogpgcheckdisables GPG signature verification for this package installation. This poses a significant security risk as it allows the installation of packages without verifying their authenticity, potentially exposing the build process to man-in-the-middle attacks with malicious packages.Instead of disabling the check, it would be better to investigate the root cause of the GPG check failure. It might be due to a missing or outdated GPG key in the
pytorch/manylinuxaarch64-builderimage used for ARM builds.A more secure solution would be to import the correct GPG key for the repository before running
yum install. For example:# This is an example; the key and its location might be different. rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 yum install libibverbs -yCould you please investigate the underlying issue with the GPG key and address that instead of bypassing the security check?