首页 > 其他分享 >低版本docker在dockerfile构建时的NO_PUBKEY问题

低版本docker在dockerfile构建时的NO_PUBKEY问题

时间:2023-05-17 09:24:07浏览次数:37  
标签:InRelease NO 低版本 jammy apt com key ubuntu dockerfile

 

问题

我在ubuntu22.04的容器里面运行apt update的时候出现了以下报错

[root@VM-16-9-centos docker-kubuntu]# docker run --rm -it ubuntu:22.04 bash
root@8ac245b487e6:/# apt update
Get:1 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]                    
Err:1 http://security.ubuntu.com/ubuntu jammy-security InRelease                   
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Err:2 http://archive.ubuntu.com/ubuntu jammy InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Get:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [109 kB]
Err:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Get:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [90.7 kB]
Err:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Reading package lists... Done
W: http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://security.ubuntu.com/ubuntu jammy-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://security.ubuntu.com/ubuntu jammy-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-backports InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Problem executing scripts APT::Update::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
E: Sub-process returned an error code

 

原因

经过查询,发现是ubuntu21.10和fedora35开始使用glibc2.34甚至更高的版本。在glibc2.34版本里面,开始使用一个名为clone3的系统调用。通常情况下,容器里面所有的系统调用都会被docker捕获,然后docker决定如何处理它们。如果docker中没有为特定系统调用指定策略,则默认的策略会通知容器这边"Permission Denied"。但是,如果 Glibc 收到此错误,它不会回退。它仅在收到响应“此系统调用不可用”时才执行此操作。

解决

办法一:

运行容器的时候,加上这个参数来绕过docker系统调用限制

--security-opt seccomp=unconfined
 

不过这会有很大的问题,一个是你的容器将变得不安全,另一个是这些参数在构建镜像的时候是不可用的。所以,请参考办法二

办法二:

将docker升级到20.10.8以上的版本(> 20.10.8)

思考

由于生产环境调整docker版本不是一件容易的事情,所以生产环境在构建镜像时候要避免使用ubuntu21.10和fedora35以更高版本的镜像,以及使用它们作为基础镜像的其他镜像。目前官方大部分镜像基于debian,后续要确认debian系列镜像是否受此影响

 

标签:InRelease,NO,低版本,jammy,apt,com,key,ubuntu,dockerfile
From: https://www.cnblogs.com/chentiao/p/17407527.html

相关文章

  • 【Cocos2d游戏开发之九】CCSpriteBatchNode与"pvr.ccz","plist"精灵优化及注意事项
     首先对于使用过精灵的童鞋很熟悉CCSpriteBatchNode,至少大家都会知道它能优化精灵,但是至于优化原理这里简单说下:      一般使用精灵CCSprite的时候,都是直接使用[CCLayer*addChild:CCSprite*];,假设我们创建一百个精灵,那么当前的CCLayer会为100个精灵单独绘制;  ......
  • 使用notepad++查看DLL位数
    简便方法:直接用记事本或者notepad++打开exe文件(dll文件),会有很多乱码,不要头疼,接下来只需要在第二段中找到PE两个字母,在其后的不远出会出现d?或者L。若是d,则证明该程序是64位;若是L,则证明是32位。翻译搜索复制......
  • Vue 报错-4058 ENOENT: no such file or directory的原因和解决办法
    原因是我在上一级目录打开的cmd然后npmrunserve 需要进到app内run一下 ......
  • Android 控件之Notification
    [quote]最近一直在研究android,并一边研究一边做应用。其中遇到了把程序通知常驻在Notification栏,并且不能被clear掉的问题。虽然notify()的第一个参数可以写死并clear掉,但这个值我并不想写死,但是这个值如果是随机生成一个数怎么传给Activity,用Intent当中的Bu......
  • could not initialize proxy - no Session
    在<many-to-on>中这错误很常见,字面意义就是不能被初始化,因为session已经关闭了。简单理解就是因为,你使用了lazy=true,这样hibernate在从数据库中调数据的时候是不会把关联的对象查出来的,而是保存一个获取值得方法,在你使用getXXX()调用的时候,hiberante会利用这个保存的方法去从数据库......
  • idea配置Tomcat出现Warning: No artifacts configured 解决方法
    报错的截图解决方法 完成后启动 成功!!!!!!!!!!!!!......
  • mysql 5.7 Expression #1 of ORDER BY clause is not in GROUP BY clause and contain
    https://www.shuzhiduo.com/A/gGdX3BNp54/https://blog.csdn.net/wufaqidong1/article/details/126263023 使用mysql在执行一条插入语句时insertintochannel(channel_id,channel_no,channel_name)values(1,'',"hhh");报错:Expression#1ofORDERBYclaus......
  • SynchronousQueue相关介绍
    SynchronousQueue是一个没有容量的队列,它的put操作和take操作之间是相互依赖的,即put操作必须在take操作准备好时才能将元素“推”过去,反之take操作也必须在put操作准备推元素的时候才能获取到元素。 同步队列:SynchronousQueue,零容量的SynchronousQueue,一进一出,避免队列里缓冲......
  • Non-Default parameter follows default parameters
    错误解析:在设置参数的时候,不能把没有的默认的参放在有默认值的参数的后面解决措施:把没有默认数值的参数放在最前面,train放在num_users前面去def__init__(self,train,num_users,num_items,num_rate_levels,emb_dim=64):......
  • Inno Setup
    modpath.iss//----------------------------------------------------------------------------////InnoSetupVer: 5.4.2//ScriptVersion: 1.4.2//Author: JaredBreland<[email protected]>//Homepage: http://www.legroom.net/software//Licen......