bobbai00 opened a new issue, #4472: URL: https://github.com/apache/texera/issues/4472
### What happened? Texera's Linux x86_64 images and `pip-licenses` CI job bundle fourteen proprietary-licensed NVIDIA CUDA shared libraries plus `triton`, all pulled in transitively by `torch==2.8.0` declared in `amber/operator-requirements.txt`. PyPI metadata for `torch==2.8.0` declares these as required, gated on `platform_system == "Linux" and platform_machine == "x86_64"`: - `nvidia-cublas-cu12` - `nvidia-cuda-cupti-cu12` - `nvidia-cuda-nvrtc-cu12` - `nvidia-cuda-runtime-cu12` - `nvidia-cudnn-cu12` - `nvidia-cufft-cu12` - `nvidia-cufile-cu12` - `nvidia-curand-cu12` - `nvidia-cusolver-cu12` - `nvidia-cusparse-cu12` - `nvidia-cusparselt-cu12` - `nvidia-nccl-cu12` (BSD-3-Clause — not a problem on its own) - `nvidia-nvjitlink-cu12` - `nvidia-nvtx-cu12` (Apache-2.0 — not a problem on its own) - `triton` (MIT — not a problem on its own) The twelve remaining packages ship under the NVIDIA Software License Agreement for the CUDA Toolkit. That license is proprietary with redistribution constraints that are not compatible with ASF binary-distribution policy. Bundling them into Texera's release artifact is a compliance risk. ### How to reproduce? ``` grep torch amber/operator-requirements.txt curl -s https://pypi.org/pypi/torch/2.8.0/json | python3 -c "import sys,json; [print(r) for r in json.load(sys.stdin)['info']['requires_dist'] if 'nvidia' in r.lower() or 'triton' in r.lower()]" ``` ### Version 1.1.0-incubating (Pre-release/Master) ### Commit Hash (Optional) ef663648d ### Proposed fix Pin torch to the CPU-only wheel variant so the CUDA shared libraries are never pulled into the shipped artifact. Two common approaches: 1. Add PyTorch's CPU index to `amber/operator-requirements.txt` and pin the CPU build: ``` --extra-index-url https://download.pytorch.org/whl/cpu torch==2.8.0+cpu ``` 2. Or replace `torch` with the `torch` wheel from a CPU-only platform marker and document GPU support as a user-side post-install step. After the change, a fresh `pip install -r amber/operator-requirements.txt` on Linux x86_64 should no longer install any `nvidia-*-cu12` package, and the CUDA section of `LICENSE-binary` can be removed. ### Was this authored or co-authored using generative AI tooling? Generated-by: Claude Code (Claude Opus 4.7) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
