GPG error in Ubuntu 21.04 after second apt-get update during Docker build

Question

Getting error while building the following Docker file

FROM ubuntu:21.04

RUN apt-get update && \
    apt-get install --no-install-recommends -y curl=7.\* && \
    apt-get install --no-install-recommends -y unzip=6.\* &&\ 
    rm -rf /var/lib/apt/lists/*

RUN apt-get update && \
    mkdir -p /usr/share/man/man1 && \
    apt-get install --no-install-recommends -y maven=3.6.3-5 && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

The error occurs when the second apt-get update runs.

The error is as follows :-

E: The repository 'http://security.ubuntu.com/ubuntu hirsute-security InRelease' is not signed.
W: GPG error: http://archive.ubuntu.com/ubuntu hirsute InRelease: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed
E: The repository 'http://archive.ubuntu.com/ubuntu hirsute InRelease' is not signed.
W: GPG error: http://archive.ubuntu.com/ubuntu hirsute-updates InRelease: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed
E: The repository 'http://archive.ubuntu.com/ubuntu hirsute-updates InRelease' is not signed.
W: GPG error: http://archive.ubuntu.com/ubuntu hirsute-backports InRelease: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed
E: The repository 'http://archive.ubuntu.com/ubuntu hirsute-backports InRelease' is not signed.

Any kind of help would be appreciated.

Confirmed -- I get the same error with that dockerfile, so it's not specific to you. — Software Engineer, Feb 22 '21 at 20:39
I don't know if the bug is actually fixed. I had the same problem with a ubuntu 21.04 image downloaded a few weeks ago. Tonight I tried wiping to get the ubuntu image re-downloaded and the problem is gone. — mastupristi, Apr 18 '21 at 20:56

score 23 · Accepted Answer · answered Feb 26 '21 at 12:22

23

That's a bug in the docker / seccomp / glibc interaction: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1916485

answered Feb 26 '21 at 12:22

Gregor Jasny

246
1
2

5

Fixed in with `runc 1.0.0-rc93`. You could find your version with `docker version`. – Gregor Jasny Apr 21 '21 at 13:52
3

From the [21.04 release notes](https://discourse.ubuntu.com/t/hirsute-hippo-release-notes/19221): “Due to changes in glibc 2.33 Ubuntu 21.04 container images require updated container runtimes. All widely used container runtimes shipped in supported versions of Ubuntu have been updated via the standard stable release updates procedure. Container hosts running other operating systems may need manual updates.” – andrewdotn Apr 23 '21 at 01:33
1

I found I had to completely uninstall docker and re-install to get this to work- following the instructions in https://askubuntu.com/questions/1230248/docker-problems-in-ubuntu-20-04 - when using ubuntu 20.04 as the host OS. – lewis Apr 23 '21 at 14:13
1

No way to use that fix on Dockerhub yet, right? – staticdev Apr 27 '21 at 12:54
Note: minikube still (as of v1.19.0) has `runc 1.0.0-rc92` and is still effected by this issue (in my case I was using skaffold which does the build in minikube's docker). – sherbang Apr 28 '21 at 16:30
@lewis That worked for me. You might consider posting that as an answer to this question. – fakedad Jul 08 '21 at 01:34
I'm running ARM-based containers. Upgrading to version 1.0.1 of runc fixed this issue for me for the Arm64 container but not for the Arm32 container. See https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1916485/comments/59 – Matt Thalman Sep 21 '21 at 15:24

score 4 · Answer 2 · answered Feb 22 '21 at 21:12

I've run your docker file and get the same error. Playing around with various ways to disable the verification also produced no good results. Neither did removing the version constraints and just installing the latest versions of the tools. The only solution I could find was to downgrade ubuntu to 20.04, but there is no 3.6.3-5 version of maven for that version of the OS, only 3.6.3-1 (afaik).

The closest I could get working is quite different from your desired image:

FROM ubuntu:20.04

RUN apt update && \
    apt install --no-install-recommends -y curl=7.\* unzip=6.\* maven=3.6.3-1 && \
    apt clean && \
    rm -rf /var/lib/apt/lists/* && \
    mkdir -p /usr/share/man/man1

Also note how I use apt rather than apt-get and I only do a single run (which makes a simpler image by having only a single layer) and only a single apt update and chain the things I want to install into a single apt install rather than separate ones. This is just quicker and easier.

However, if you want a maven build box, perhaps you'd be better advised using one of the prebuilt maven images from docker hub that are themselves based on openjdk images. For java the underlying linux distro rarely matters and the openjdk images are pretty well respected:

from maven:3.6.3-jdk-11
run apt update && apt install -y curl unzip && apt clean

Thanks, but the issue with Ubuntu 20.04 is that the security analysis fails for it. (i am using clair analysis for that). Right now the only solution was to use ubuntu version 20.10. — Tanmaya, Feb 23 '21 at 03:40
The problem with using newer distros for your stated reason is that the vulns often haven't caught up yet, not that they don't exist. I think 20.10 was only released 4 months ago, so it's relatively untested, which could result in a false negative. Better sometimes to patch and justify - not all vulns are valid in a given context — Software Engineer, Feb 23 '21 at 03:47

score 3 · Answer 3 · answered May 21 '21 at 07:57

3

This bug does not occur if using a newer version of Docker (tested with 20.10). If using an older version of Docker, I recommend switching to a previous version of the ubuntu image. I tested ubuntu:20.10 with Docker 19.03 and it worked just fine. This is discussed here: https://bugs.launchpad.net/cloud-images/+bug/1928218

answered May 21 '21 at 07:57

CodeCaffeinateContinue

204
1
3

thx, upgrading from Docker 19.03.5 to 20.10.6 fixed it for me =) – Michael Schock May 31 '21 at 23:23
1

It does not fix the problem for me (on docker 20.10.0 build 7287ab3) on Macintosh. – Mathieu Dutour Sikiric Jul 21 '21 at 12:19
Upgrading to 20.10.8 didn't fix my issue! – Sara Vaseei Sep 08 '21 at 07:05
This worked for me.. – Vijay Kumar Jan 10 '22 at 19:19

score 0 · Answer 4 · answered Jan 24 '22 at 12:59

0

Update Docker version to the latest to solve this issue.

For ubuntu users follow these steps:

curl -fsSL https://get.docker.com -o get-docker.sh

sudo sh get-docker.sh

For others please refer this link: https://docs.docker.com/engine/install/

answered Jan 24 '22 at 12:59

narwanimonish

1,552
17
13

score -2 · Answer 5 · answered Aug 14 '21 at 16:56

I ran into this problem when I was running the Ubuntu 21.04 image under Rootless Docker, but the apt-get update command worked fine under the system Docker (invoked via sudo). Since my need was just for a manual test of an environment setup script, I just ran under the system Docker but, depending on your application, that might not be secure.

score -3 · Answer 6 · answered Oct 19 '21 at 03:29

-3

Substituting apt-get with apt has worked for me.

answered Oct 19 '21 at 03:29

Ahmed Khalil

1
1

GPG error in Ubuntu 21.04 after second apt-get update during Docker build

6 Answers6