Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bookworm: GPG Error when attempting apt update #804

Closed
webaholik opened this issue Jun 15, 2023 · 5 comments
Closed

Bookworm: GPG Error when attempting apt update #804

webaholik opened this issue Jun 15, 2023 · 5 comments

Comments

@webaholik
Copy link

The issue seems to be related to the latest docker image update to bookworm

At the top of my Dockerfile:

FROM nginx
RUN apt-get update -qq && apt-get -y install apache2-utils

Now when building, I get these errors:

W: GPG error: http://deb.debian.org/debian bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY F8D2585B8783D481
E: The repository 'http://deb.debian.org/debian bookworm InRelease' is not signed.
W: GPG error: http://deb.debian.org/debian bookworm-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
E: The repository 'http://deb.debian.org/debian bookworm-updates InRelease' is not signed.
W: GPG error: http://deb.debian.org/debian-security bookworm-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
E: The repository 'http://deb.debian.org/debian-security bookworm-security InRelease' is not signed.
E: Problem executing scripts APT::Update::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
E: Sub-process returned an error code

Attempted to manually add:

RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0E98404D386FA1D9
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F8D2585B8783D481
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6ED0E7B82643E131
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 54404762BBB6E853
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys BDE6D2B9216EC7A8

Result:
E: gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation

Then tried running this first:
RUN apt-get install -y debian-keyring
Result:
E: Unable to locate package debian-keyring
-and I can't update my sources because of the GPG key
@thresheek
Copy link
Collaborator

Hi @webaholik,

It seems like the same issue as in #800 - can you please check the docker runtime versions you're running, as well as seccomp version and runc?

Thanks!

@webaholik
Copy link
Author

webaholik commented Jun 15, 2023
edited
Loading

Thanks for the quick reply, @thresheek, HOST is Centos

Docker version 1.13.1, build 7d71120/1.13.1

==========================================================================================================================================================================================================================================================================
 Package                                                       Arch                                                   Version                                                                               Repository                                               Size
==========================================================================================================================================================================================================================================================================

 docker                                                        x86_64                                                 2:1.13.1-209.git7d71120.el7.centos                                                    @extras                                                  64 M
 docker-client                                                 x86_64                                                 2:1.13.1-209.git7d71120.el7.centos                                                    @extras                                                  13 M
 docker-common                                                 x86_64                                                 2:1.13.1-209.git7d71120.el7.centos                                                    @extras                                                 4.4 k

@thresheek
Copy link
Collaborator

Thanks,

I think you need at least Docker 20.10.10+ for this image (and any other bookworm-based) to work as expected.

@yosifkit
Copy link
Contributor

yosifkit commented Jun 15, 2023
edited
Loading

You can verify that it is libseccomp by running the bookworm image with --security-opt seccomp=unconfined. If it works, then I'd suggest updating docker and libseccomp on the host. Newer base OS's use newer system calls and an older libseccomp can block them since they are unknown to it.

Similar to docker-library/python#837

@webaholik
Copy link
Author

@thresheek - thanks, updating docker resolved my issue:
https://docs.docker.com/engine/install/centos/

@thresheek thresheek mentioned this issue Jul 10, 2023
Closed
@J0WI J0WI mentioned this issue Aug 20, 2023
Closed
8 tasks
@avvertix avvertix mentioned this issue Aug 28, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yosifkit @thresheek @webaholik