[Touch-packages] [Bug 1979139] [NEW] apt-get update fails inside docker container

Olaf Dietsche Sun, 19 Jun 2022 09:06:05 -0700

Public bug reported:

A docker image built with "debootstrap jammy" fails when running "apt-
get update".


1) lsb_release -rd
Description:    Ubuntu 20.04 LTS
Release:        20.04

2)
# apt-cache policy docker.io
docker.io:
  Installed: 19.03.8-0ubuntu1.20.04.1
  Candidate: 20.10.7-0ubuntu5~20.04.2
  Version table:
     20.10.7-0ubuntu5~20.04.2 500
        500 http://mirror.localnet:8055/ubuntu-security focal-security/universe 
amd64 Packages
 *** 19.03.8-0ubuntu1.20.04.1 100
        100 /var/lib/dpkg/status
     19.03.8-0ubuntu1 500
        500 http://mirror.localnet:8055/ubuntu focal/universe amd64 Packages

# docker run --rm -ti ubuntu:jammy apt-cache policy apt
apt:
  Installed: 2.4.5
  Candidate: 2.4.5
  Version table:
 *** 2.4.5 500
        500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages
        100 /var/lib/dpkg/status

3) I would expect, that "apt-get update" updates the package lists, as
in

# docker run --rm -ti ubuntu:focal apt-get update
Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease
Get:2 http://archive.ubuntu.com/ubuntu focal/main Translation-en [506 kB]
Fetched 506 kB in 1s (464 kB/s)         
Reading package lists... Done

4) Instead, it fails with

# docker run --rm -ti ubuntu:jammy apt-get update
Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease
Err:1 http://archive.ubuntu.com/ubuntu jammy InRelease
  The following signatures couldn't be verified because the public key is not 
available: NO_PUBKEY 871920D1991BC93C
Reading package lists... Done
W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the 
keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as 
the file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the 
keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as 
the file is not readable by user '_apt' executing apt-key.
W: An error occurred during the signature verification. The repository is not 
updated and the previous index files will be used. GPG error: 
http://archive.ubuntu.com/ubuntu jammy InRelease: The following signatures 
couldn't be verified because the public key is not available: NO_PUBKEY 
871920D1991BC93C
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease  The 
following signatures couldn't be verified because the public key is not 
available: NO_PUBKEY 871920D1991BC93C
W: Some index files failed to download. They have been ignored, or old ones 
used instead.

5) To reproduce:

# mkdir jammy-jellyfish
# debootstrap jammy jammy-jellyfish
...
# tar -C jammy-jellyfish -c . | docker import - ubuntu:jammy
# docker run --rm -ti ubuntu:jammy apt-get update

Doing the same with focal, works as expected:

# mkdir focal-fossa
# debootstrap focal focal-fossa
...
# tar -C focal-fossa -c . | docker import - ubuntu:focal
# docker run --rm -ti ubuntu:focal apt-get update
Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease
Get:2 http://archive.ubuntu.com/ubuntu focal/main Translation-en [506 kB]
Fetched 506 kB in 1s (963 kB/s)        
Reading package lists... Done

** Affects: apt (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1979139

Title:
  apt-get update fails inside docker container

Status in apt package in Ubuntu:
  New

Bug description:
  A docker image built with "debootstrap jammy" fails when running "apt-
  get update".

  1) lsb_release -rd
  Description:    Ubuntu 20.04 LTS
  Release:        20.04

  2)
  # apt-cache policy docker.io
  docker.io:
    Installed: 19.03.8-0ubuntu1.20.04.1
    Candidate: 20.10.7-0ubuntu5~20.04.2
    Version table:
       20.10.7-0ubuntu5~20.04.2 500
          500 http://mirror.localnet:8055/ubuntu-security 
focal-security/universe amd64 Packages
   *** 19.03.8-0ubuntu1.20.04.1 100
          100 /var/lib/dpkg/status
       19.03.8-0ubuntu1 500
          500 http://mirror.localnet:8055/ubuntu focal/universe amd64 Packages

  # docker run --rm -ti ubuntu:jammy apt-cache policy apt
  apt:
    Installed: 2.4.5
    Candidate: 2.4.5
    Version table:
   *** 2.4.5 500
          500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages
          100 /var/lib/dpkg/status

  3) I would expect, that "apt-get update" updates the package lists, as
  in

  # docker run --rm -ti ubuntu:focal apt-get update
  Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease
  Get:2 http://archive.ubuntu.com/ubuntu focal/main Translation-en [506 kB]
  Fetched 506 kB in 1s (464 kB/s)         
  Reading package lists... Done

  4) Instead, it fails with

  # docker run --rm -ti ubuntu:jammy apt-get update
  Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease
  Err:1 http://archive.ubuntu.com/ubuntu jammy InRelease
    The following signatures couldn't be verified because the public key is not 
available: NO_PUBKEY 871920D1991BC93C
  Reading package lists... Done
  W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the 
keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as 
the file is not readable by user '_apt' executing apt-key.
  W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the 
keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as 
the file is not readable by user '_apt' executing apt-key.
  W: An error occurred during the signature verification. The repository is not 
updated and the previous index files will be used. GPG error: 
http://archive.ubuntu.com/ubuntu jammy InRelease: The following signatures 
couldn't be verified because the public key is not available: NO_PUBKEY 
871920D1991BC93C
  W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease  
The following signatures couldn't be verified because the public key is not 
available: NO_PUBKEY 871920D1991BC93C
  W: Some index files failed to download. They have been ignored, or old ones 
used instead.

  5) To reproduce:

  # mkdir jammy-jellyfish
  # debootstrap jammy jammy-jellyfish
  ...
  # tar -C jammy-jellyfish -c . | docker import - ubuntu:jammy
  # docker run --rm -ti ubuntu:jammy apt-get update

  Doing the same with focal, works as expected:

  # mkdir focal-fossa
  # debootstrap focal focal-fossa
  ...
  # tar -C focal-fossa -c . | docker import - ubuntu:focal
  # docker run --rm -ti ubuntu:focal apt-get update
  Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease
  Get:2 http://archive.ubuntu.com/ubuntu focal/main Translation-en [506 kB]
  Fetched 506 kB in 1s (963 kB/s)        
  Reading package lists... Done

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1979139/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1979139] [NEW] apt-get update fails inside docker container

Reply via email to