Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

many NO_PUBKEY for debian:stable and debian:unstable #225

Closed
uli42 opened this issue Jul 30, 2024 · 3 comments
Closed

many NO_PUBKEY for debian:stable and debian:unstable #225

uli42 opened this issue Jul 30, 2024 · 3 comments

Comments

@uli42
Copy link

uli42 commented Jul 30, 2024

I have done some simple debian image test but failed.

I have done this:

  • docker pull debian:stable
  • ran it: docker run -it --rm -e TZ=Europe/Berlin -e HTTP_PROXY=... -e HTTPS_PROXY=... -e http_proxy=... -e https_proxy=... debian:stable
  • apt-get update

Result:

root@c10cae135872:/# apt-get update
Get:1 http://deb.debian.org/debian stable InRelease [151 kB]
Get:2 http://deb.debian.org/debian stable-updates InRelease [55.4 kB]
Get:3 http://deb.debian.org/debian-security stable-security InRelease [48.0 kB]
Err:1 http://deb.debian.org/debian stable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481
Err:2 http://deb.debian.org/debian stable-updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
Err:3 http://deb.debian.org/debian-security stable-security InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
Reading package lists... Done
W: GPG error: http://deb.debian.org/debian stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481
E: The repository 'http://deb.debian.org/debian stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian stable-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
E: The repository 'http://deb.debian.org/debian stable-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian-security stable-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
E: The repository 'http://deb.debian.org/debian-security stable-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Problem executing scripts APT::Update::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
E: Sub-process returned an error code

(same for debian:unstable)

What am I doing wrong here? Why are the pubkeys unavailable? Shouldn't this work out of the box?
@tianon
Copy link
Contributor

tianon commented Jul 30, 2024

My best guess is seccomp (#122); see also docker-library/official-images#16829

@tianon
Copy link
Contributor

tianon commented Jul 30, 2024

For comparison:

$ docker run -it --rm --pull=always debian:stable
stable: Pulling from library/debian
Digest: sha256:6c07c2a542b2f1f477bb9b2f218e3b1f46266ec5db68801ad3129a36bff89004
Status: Image is up to date for debian:stable
root@baed127e0a3d:/# apt-get update
Get:1 http://deb.debian.org/debian stable InRelease [151 kB]
Get:2 http://deb.debian.org/debian stable-updates InRelease [55.4 kB]
Get:3 http://deb.debian.org/debian-security stable-security InRelease [48.0 kB]
Get:4 http://deb.debian.org/debian stable/main amd64 Packages [8788 kB]
Get:5 http://deb.debian.org/debian stable-updates/main amd64 Packages [13.8 kB]
Get:6 http://deb.debian.org/debian-security stable-security/main amd64 Packages [169 kB]
Fetched 9225 kB in 1s (8559 kB/s)                    
Reading package lists... Done
root@baed127e0a3d:/#

@uli42
Copy link
Author

uli42 commented Jul 31, 2024

My best guess is seccomp (#122); see also docker-library/official-images#16829

An you are absolutely right, with --security-opt seccomp=unconfined it works! Thx!

@uli42 uli42 closed this as completed Jul 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tianon @uli42