Atleast one invalid signature was encountered

Question

I am trying to build and deploy microservices images to a single-node Kubernetes cluster running on my development machine using minikube. I am using the cloud-native microservices demo application Online Boutique by Google to understand the use of technologies like Kubernetes, Istio etc.

Link to github repo: microservices-demo

While following the installation process, and on running command skaffold run to build and deploy my application, I get some errors:

Step 10/11 : RUN apt-get -qq update     && apt-get install -y --no-install-recommends         curl
 ---> Running in 43d61232617c
W: GPG error: http://deb.debian.org/debian buster InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian buster InRelease' is not signed.
W: GPG error: http://deb.debian.org/debian buster-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian buster-updates InRelease' is not signed.
W: GPG error: http://security.debian.org/debian-security buster/updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://security.debian.org/debian-security buster/updates InRelease' is not signed.
failed to build: couldn't build "loadgenerator": unable to stream build output: The command '/bin/sh -c apt-get -qq update     && apt-get install -y --no-install-recommends         curl' returned a non-zero code: 100

I receive these errors when trying to build loadgenerator. How can I resolve this issue?

score 207 · Accepted Answer · edited Apr 26 '23 at 09:31

207

There are a few reasons why you encounter these errors:

There might be an issue with the existing cache and/or disc space. In order to fix it you need to clear the APT cache by executing: sudo apt-get clean and sudo apt-get update.
The same goes with existing docker images. Execute: docker image prune -f and docker container prune -f in order to remove unused data and free disc space. Executing docker image prune -f will delete all the unused images. To delete some selective images of large size, run docker images and identify the images you want to remove, and then run docker rmi -f <IMAGE-ID1> <IMAGE-ID2> <IMAGE-ID3>.
If you don't care about the security risks, you can try to run the apt-get command with the --allow-unauthenticated or --allow-insecure-repositories flag. According to the docs:

Ignore if packages can't be authenticated and don't prompt about it. This can be useful while working with local repositories, but is a huge security risk if data authenticity isn't ensured in another way by the user itself.

Please let me know if that helped.

edited Apr 26 '23 at 09:31

A Nayak

15
4

answered Jun 22 '20 at 09:07

Wytrzymały Wiktor

11,492
5
29
37

2

Hi, I have tried all the three methods, and it still does not work, is there anything else I could possibly do? Thanks! – Saranya Gupta Jun 23 '20 at 03:26
@SaranyaGupta Have you tried that with `sudo`? Does it print the same error? – Wytrzymały Wiktor Jun 23 '20 at 08:24
Yes! I have used sudo with all three methods. – Saranya Gupta Jun 23 '20 at 09:13
If there are no space issues (check with `df -h`) there might be one more thing: run `rm -rf /etc/apt/trusted.gpg.d/*`. It will remove old gpg repositories that could potentially cause some conflicts. – Wytrzymały Wiktor Jun 23 '20 at 10:11
40

Caused by being out of diskspace (fixed by pruning with docker). – Att Righ Nov 03 '20 at 15:30
3

`docker-compose down -v --rmi all --remove-orphans` did the trick for me. – Igor Escobar Nov 19 '20 at 10:27
21

For me, `docker image prune -f` was enough ! – Ilya Davydov Dec 10 '20 at 05:57
28

`docker system prune` worked for me. Had 20 GB of build cache. – alex Oct 24 '21 at 18:23
1

I was getting this error in Azure Devops building by Docker image. Using `--allow-unauthenticated` with apt-get worked for me. Thanks! – duyn9uyen Jun 25 '22 at 03:10
1

I encountered the problem while building docker images and the second point worked for me. – Yaser Sakkaf Sep 15 '22 at 07:04
2

`docker images | awk '{print $3}' | xargs -I{} docker rmi -f {}` – Jaydeep Dave Nov 30 '22 at 14:48
1

Can someone explain WHY this error is caused by low disk space? Why does apt throw this unhelpful error when disk space is low? – red888 May 09 '23 at 16:05
I tried all of these, but still no go. `docker system df` showed ~50 Gbytes of images still. I needed to do a `docker image prune -a` to get rid of them, and finally get things working again. – Ketil Malde May 25 '23 at 11:42

Jack Kawell · Answer 2 · 2021-05-17T20:22:18.487

185

I had this same issue and none of the previous responses saying to prune images or containers worked. The reason was that my Docker Build Cache was taking up the bulk of the space. Running the below command fixed the issue:

docker system prune

You can then check to see if it worked by running:

docker system df

UPDATE:

The above command will clear the whole Docker system. If you want to clear only the build cache, you can do it with the below command (credit to saraf.gahl):

docker builder prune

edited May 17 '21 at 20:22

answered Dec 31 '20 at 17:38

Jack Kawell

2,051
1
10
13

21

Thanks! This was a pointer in the right direction. Note you can also clear the build cache directly - `docker builder prune`. :) – saraf.gahl May 16 '21 at 09:41
1

Added a note to this effect. Thanks! – Jack Kawell May 17 '21 at 20:22
docker builder prune worked perfectly for me – zyd Oct 06 '21 at 03:08
I had this issue on my `mac` while builder a `docker` image and I had no idea what was going on. This worked, thanks a lot! – rrlamichhane Apr 19 '22 at 20:16
This was very helpful! I didn't relate "invalid signature" with disc space issue, thanks! However I would recommend to move `docker system prune` in your answer lower as a final step as usually it may be better to clear only build cache and not whole docker system (which will remove also volume data). In most cases `docker builder prune` should be fair enough. – Krzysiek Aug 05 '22 at 08:56
docker system prune - helped, thanks – GML-VS Jan 13 '23 at 12:01
As per my comment above, I needed to add `-a` to get rid of everything (and get things working again) – Ketil Malde May 25 '23 at 11:43
docker builder prune worked. Thanks. – Srikanth Reddy Jun 26 '23 at 11:47

score 41 · Answer 3 · edited Jun 05 '23 at 21:46

The reason I usually see this is because docker has run out of disk space, which is frustrating because the error gives little indication that this is the problem. First try cleaning up images and containers you don't need using the prune command https://docs.docker.com/config/pruning/.

warning this would delete all your images

$ docker image prune 
$ docker container prune

If you have a lot of images accumulated and want to remove all of them that aren't associated with an existing container try:

$ docker image prune -a

Or you can remove only older images:

$ docker image prune -a --filter "until=24h"

Finally, on MacOS, where Docker runs inside a dedicated VM, you may need to increase the disk available to Docker from the Docker Desktop application (Settings -> Resources -> Advanced -> Disk image size).

this works for me under minikube system – Larry Cai Oct 22 '21 at 07:52 — Larry Cai, Oct 22 '21 at 07:52

score 32 · Answer 4 · answered Oct 26 '21 at 21:14

@Jack Kawell got it right.

docker builder prune

This command does the trick. Beware of the command "docker system prune" as this would delete all your images (very destructive). The builder prune only deletes the build cache that is where your have all your previous (cached) builds steps.

score 24 · Answer 5 · edited Aug 23 '22 at 10:25

24

I had the same problem. It looks like it was lack of space. I've removed old images and it started to work.

$ docker images

Select the ones you don't care anymore (to delete).

$ docker rmi <image_id>

The following command filter the dangling images and remove those.

docker rmi $(docker images -q --filter "dangling=true")

edited Aug 23 '22 at 10:25

Udara Seneviratne

2,303
1
33
49

answered Dec 21 '21 at 11:02

Tiago Simões

413
5
8

The same for me – Timur Gilauri Aug 15 '22 at 16:48

score 16 · Answer 6 · answered Nov 15 '20 at 11:39

16

I think that is related to some LSM component of the docker official image (in this case armhf) and exec/capabilities permissions. In this simple case sid flavour is unable to handle time corectly. And this related to the certificate check, is the cause of invalid signature. It happends too in ubuntu focal.

# docker run -it debian:buster /bin/date
Sun Nov 15 11:30:44 UTC 2020
# docker run -it debian:sid /bin/date 
Thu Jan  1 00:00:00 UTC 1970

answered Nov 15 '20 at 11:39

Juan Pedro Paredes

169
1
4

4

THIS. Omg how did you figure this out. – Jay Douglass May 03 '21 at 20:30
3

Upgrading pi kernel to buster, upgrading to docker-ce and building my own image from debootstrap with qemu, see comment below. – Juan Pedro Paredes May 05 '21 at 07:30
2

Thank you so much! Same issue with e.g. `balenalib/raspberry-pi-node`. Using `debian:buster`, I can now build my Dockerfile without any errors. – Michael Oct 20 '21 at 22:28
thanks a lot! had the same issue trying to build a docker image for raspberry pi using a latest image for some tag that used bullseye as its base, switching to buster fixed the issue. – Noam Yizraeli Dec 11 '21 at 09:57
But how to solve it? – Wolfgang Stengel Mar 04 '22 at 20:40

score 11 · Answer 7 · answered Jul 23 '21 at 20:55

11

None of these worked for me. This command did the trick though:

docker volume prune

Literally had 249GB worth of volumes that I was able to reclaim.

answered Jul 23 '21 at 20:55

BoyArmy_89

207
2
8

This works for me! – soulmachine Sep 30 '21 at 22:16
did not helped for me – GML-VS Jan 13 '23 at 11:58

score 11 · Answer 8 · answered Nov 04 '21 at 09:45

I tried a few of the above answers, and none of them worked for me. The real trigger was when I used --allow-unauthenticated and --allow-insecure-repositories from @Wytrzymały Wiktor's answer, and I got a notification showing

tar: ./conffiles: Cannot utime: Operation not permitted
tar: ./control: Cannot utime: Operation not permitted
tar: ./md5sums: Cannot utime: Operation not permitted
tar: ./postinst: Cannot utime: Operation not permitted
tar: .: Cannot utime: Operation not permitted
tar: Exiting with failure status due to previous errors

This lead me down a route where I found this post which suggested that the issue may be where libseccomp2 was outdated.

The fix there was to do:

# Get signing keys to verify the new packages, otherwise they will not install
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138

# Add the Buster backport repository to apt sources.list
echo 'deb http://httpredir.debian.org/debian buster-backports main contrib non-free' | sudo tee -a /etc/apt/sources.list.d/debian-backports.list

sudo apt update ; sudo apt install libseccomp2 -t buster-backports

Note that this assumes that you're using Raspbian and a version of docker after 19.04

Thanks, that fixed it for me. ( php:8.0-apache-bullseye container in a raspbian docker environment ) — Dominik, Nov 13 '21 at 12:15
Thanks a lot, that was the issue on my Raspberry Pi as well. Should have a lot more upvotes. — Tobias, Feb 03 '22 at 10:26

score 4 · Answer 9 · answered Oct 10 '22 at 20:33

4

In my case I was trying to run a Docker debian:stable (bullseye at the moment) in a Raspberry PI with a buster distribution of the OS.

Changed to debian:busterand it worked

Hope this will help someone out there

answered Oct 10 '22 at 20:33

Roman Panaget

1,578
12
21

This helped me quite a bit, even when using: --allow-unauthenticated --allow-insecure-repositories, I was getting several "not signed error". Looks like it is a debian stable (bullseye) problem, but with debian:buster works fine, still don't know why but happy to have a workaround for it. Thanks! – ArgiesDario Nov 25 '22 at 23:39
@ArgiesDario glad it helped someone, you’re most welcome – Roman Panaget Nov 27 '22 at 00:29

score 2 · Answer 10 · answered Aug 25 '22 at 15:05

2

@BoyArmy_89 solves my similar problem; I tried all the other solutions but only the following worked:

docker volume prune

answered Aug 25 '22 at 15:05

profSH

21
1

score 1 · Answer 11 · answered Jun 09 '21 at 23:40

At least one invalid signature was encountered

The error suggests that one of the files in /var/lib/apt/lists consist at least one invalid/corrupted signature (could be the result of apt-key misuse or something else).

Try to run Apt update with the debug messages:

apt-get -oDebug::pkgAcquire::Worker=1 update

which should point you to the corrupted file, e.g.

0% [Working] <- gpgv:400%20URI%20Failure%0aMessage:%20At%20least%20one%20invalid%20signature%20was%20encountered.%0aURI:%20gpgv:/var/lib/apt/lists/partial/CorruptedFile_InRelease

Edit the file, find and remove the corrupted parts, or remove the whole file, so it can be recreated.

score 0 · Answer 12 · answered May 05 '21 at 07:21

Make your own sid image in x64

# variables
$WORKPLACE=/space_change_me
$BASEIMG=debian:buster
$TAG=my/debian
$RELEASE=sid
$PLATFORM=arm

# multiarch preparation
apt-get update
apt-get -y install apt-transport-https ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get -y install qemu binfmt-support qemu-user-static docker-ce byobu make
export DOCKER_CLI_EXPERIMENTAL=enabled

#build image
docker run  -i --rm -v $WORKPLACE:/data $BASEIMG /bin/bash  << EOF
export DEBIAN_FRONTEND="noninteractive" 
apt-get -y update
apt-get -y install debootstrap
debootstrap --verbose --include=iputils-ping --arch $PLATFORM $RELEASE /data/$RELEASE-$PLATFORM $REPO
chroot /data/$RELEASE-$PLATFORM/ /bin/bash << SEOF 
export DEBIAN_FRONTEND="noninteractive"
apt-get -y update
apt-get -y upgrade
apt-get -y clean
SEOF
rm -R /data/$RELEASE-$PLATFORM/debootstrap
EOF

cd $WORKPLACE/$RELEASE-$PLATFORM
tar cpf - . | docker import - $TAG:$RELEASE-$PLATFORM --platform $PLATFORM
docker save $TAG:$RELEASE-$PLATFORM  > debian-$RELEASE-$PLATFORM.tar

You can load later in the arm host with

cat debian-$RELEASE-$PLATFORM.tar |docker load

Atleast one invalid signature was encountered

12 Answers12

Linked