Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Missing apt public key in some Linux distros (but not all)? #1233

Open
Gryhyphen opened this issue Nov 16, 2024 · 2 comments
Open

Missing apt public key in some Linux distros (but not all)? #1233

Gryhyphen opened this issue Nov 16, 2024 · 2 comments

Comments

@Gryhyphen
Copy link

Gryhyphen commented Nov 16, 2024

For my dev environment I need to install openOCD and gbd-multiarch on a Debian image.

I started by running the following docker file which works in bullseye, but does not work in bookworm. Since I needed versions of the package (specifically openOCD I needed at least version 0.12 or higher, but bullseye only goes up to 0.11), I changed it to bookworm. However it didn't work on bookworm, for some reason there is a missing public key. Finding it odd, I then changed distros to ubuntu and used the noble version because I didn't want to solve the public key issue (because I know it can rotate regularly). I then also found that I couldn't install it with noble either.

I am really scratching my head on this, because bullseye installs things just fine (even if they aren't the version I need). But when I try to go to these newer versions, even switching to a different distro, I'm wondering if I'm just getting really unlucky with finding images where the public key isn't installed correctly or if I'm doing something wrong.

I'm pretty sure this has to be a bug tho

FROM mcr.microsoft.com/devcontainers/base:bookworm

# Install apt packages
RUN apt-get update \
    && apt-get install -y \
    # To get SWD working, need to have the following installed in the container
    openocd \
    gdb-multiarch

Broken output preventing me from completing the build:

> [dev_container_auto_added_stage_label 2/2] RUN apt-get update     && apt-get
install -y     openocd     gdb-multiarch:
#6 0.594 Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
#6 0.715 Get:2 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
#6 0.773 Err:1 http://deb.debian.org/debian bookworm InRelease
#6 0.773   The following signatures couldn't be verified because the public key
is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKE
Y F8D2585B8783D481
#6 0.775 Get:3 http://deb.debian.org/debian-security bookworm-security InRelease
[48.0 kB]
#6 0.820 Err:2 http://deb.debian.org/debian bookworm-updates InRelease
#6 0.820   The following signatures couldn't be verified because the public key
is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
#6 0.867 Err:3 http://deb.debian.org/debian-security bookworm-security InRelease
#6 0.867   The following signatures couldn't be verified because the public key
is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
#6 0.869 Reading package lists...
#6 0.880 W: GPG error: http://deb.debian.org/debian bookworm InRelease: The foll
owing signatures couldn't be verified because the public key is not available: N
O_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481
#6 0.880 E: The repository 'http://deb.debian.org/debian bookworm InRelease' is
not signed.
#6 0.880 W: GPG error: http://deb.debian.org/debian bookworm-updates InRelease:
The following signatures couldn't be verified because the public key is not avai
lable: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
#6 0.880 E: The repository 'http://deb.debian.org/debian bookworm-updates InRele
ase' is not signed.
#6 0.880 W: GPG error: http://deb.debian.org/debian-security bookworm-security I
nRelease: The following signatures couldn't be verified because the public key i
s not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
#6 0.880 E: The repository 'http://deb.debian.org/debian-security bookworm-secur
ity InRelease' is not signed.
#6 0.880 E: Problem executing scripts APT::Update::Post-Invoke 'rm -f /var/cache
/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin |
| true'
#6 0.880 E: Sub-process returned an error code

Noble also doesn't work

FROM mcr.microsoft.com/devcontainers/base:noble

# Install apt packages
RUN apt-get update \
    && apt-get install -y \
    # To get SWD working, need to have the following installed in the container
    openocd \
    gdb-multiarch
    

But for some reason, the bullseye image seems to have the public key 🤷‍♂️

FROM mcr.microsoft.com/devcontainers/base:bullseye

# Install apt packages
RUN apt-get update \
   && apt-get install -y \
   # To get SWD working, need to have the following installed in the container
   openocd \
   gdb-multiarch

Can I please be advised what is happening here?

@Gryhyphen
Copy link
Author

Gryhyphen commented Nov 16, 2024

Some further info, I've even moved completely away from a custom docker image and I'm still unable to build the container as a bookworm environment:

my devcontainer.json

{
	"name": "Debian Rust Dev Env",
	"image": "mcr.microsoft.com/devcontainers/base:bookworm",
	"runArgs": ["--privileged"],
	"features": {
		"ghcr.io/devcontainers/features/common-utils:2": {
			"installZsh": true,
			"configureZshAsDefaultShell": true,
			"installOhMyZsh": true,
			"installOhMyZshConfig": true,
			"upgradePackages": true,
			"username": "vscode",
			"userUid": "1000",
			"userGid": "1000"
		},
		"ghcr.io/devcontainers/features/git:1": {
			"ppa": false,
			"version": "latest"
		},
		"ghcr.io/devcontainers/features/rust:1": {
			"targets": "thumbv6m-none-eabi"
		}
	},
	"customizations": {
		"vscode": {
			"extensions": [
				"marus25.cortex-debug",
				"rust-lang.rust-analyzer",
				"tamasfe.even-better-toml"
			]
		}
}

error logs

=> ERROR [dev_containers_target_stage  6/10] RUN chmod -R 0755 /tmp/dev-  0.9s
------
 > [dev_containers_target_stage  6/10] RUN chmod -R 0755 /tmp/dev-container-feat
ures/common-utils_0 && cd /tmp/dev-container-features/common-utils_0 && chmod +x
 ./devcontainer-features-install.sh && ./devcontainer-features-install.sh:
#13 0.404 ======================================================================
=====
#13 0.404 Feature       : Common Utilities
#13 0.404 Description   : Installs a set of common command line utilities, Oh My
 Zsh!, and sets up a non-root user.
#13 0.404 Id            : ghcr.io/devcontainers/features/common-utils
#13 0.404 Version       : 2.5.2
#13 0.404 Documentation : https://github.com/devcontainers/features/tree/main/sr
c/common-utils
#13 0.404 Options       :
#13 0.404     INSTALLZSH="true"
#13 0.404     CONFIGUREZSHASDEFAULTSHELL="true"
#13 0.404     INSTALLOHMYZSH="true"
#13 0.404     INSTALLOHMYZSHCONFIG="true"
#13 0.404     UPGRADEPACKAGES="true"
#13 0.404     USERNAME="vscode"
#13 0.404     USERUID="1000"
#13 0.404     USERGID="1000"
#13 0.404     NONFREEPACKAGES="false"
#13 0.404 ======================================================================
=====
#13 0.411 Marker file found:
#13 0.412     PACKAGES_ALREADY_INSTALLED=true
#13 0.412     LOCALE_ALREADY_SET=true
#13 0.412     EXISTING_NON_ROOT_USER=vscode
#13 0.412     RC_SNIPPET_ALREADY_ADDED=true
#13 0.412     ZSH_ALREADY_INSTALLED=true
#13 0.421 Packages to verify are installed:
#13 0.606 Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
#13 0.771 Get:2 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB
]
#13 0.788 Err:1 http://deb.debian.org/debian bookworm InRelease
#13 0.788   The following signatures couldn't be verified because the public key
 is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBK
EY F8D2585B8783D481
#13 0.827 Get:3 http://deb.debian.org/debian-security bookworm-security InReleas
e [48.0 kB]
#13 0.838 Err:2 http://deb.debian.org/debian bookworm-updates InRelease
#13 0.838   The following signatures couldn't be verified because the public key
 is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
#13 0.889 Err:3 http://deb.debian.org/debian-security bookworm-security InReleas
e
#13 0.889   The following signatures couldn't be verified because the public key
 is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
#13 0.890 Reading package lists...
[2024-11-16T11:37:01.679Z] 
#13 0.897 W: GPG error: http://deb.debian.org/debian bookworm InRelease: The fol
lowing signatures couldn't be verified because the public key is not available:
NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481
#13 0.897 E: The repository 'http://deb.debian.org/debian bookworm InRelease' is
 not signed.
#13 0.897 W: GPG error: http://deb.debian.org/debian bookworm-updates InRelease:
 The following signatures couldn't be verified because the public key is not ava
ilable: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
#13 0.897 E: The repository 'http://deb.debian.org/debian bookworm-updates InRel
ease' is not signed.
#13 0.897 W: GPG error: http://deb.debian.org/debian-security bookworm-security
InRelease: The following signatures couldn't be verified because the public key
is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
#13 0.897 E: The repository 'http://deb.debian.org/debian-security bookworm-secu
rity InRelease' is not signed.
#13 0.897 E: Problem executing scripts APT::Update::Post-Invoke 'rm -f /var/cach
e/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin
|| true'
#13 0.897 E: Sub-process returned an error code
#13 0.898 ERROR: Feature "Common Utilities" (ghcr.io/devcontainers/features/comm
on-utils) failed to install! Look at the documentation at https://github.com/dev
containers/features/tree/main/src/common-utils for help troubleshooting this err
or.

@Gryhyphen
Copy link
Author

Gryhyphen commented Nov 16, 2024

Okay, it looks like I was able to build it on my raspberry pi, but not on my windows machine.

That is very strange, because I would have through the public keys would be part of the image, but it is potentially somehow being affected by the host OS?

This is surely a bug right? It shouldn't matter which machine I use, it should build on both?

My main pc was running windows 10, and my pi is running raspbian.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant