Your message dated Fri, 23 Jun 2023 07:19:51 +0200
with message-id <20230623051951.xie2fdq4eawj2mmu@crossbow>
and subject line Re: Bug#1038915: Bookworm APT-GET Security Public Keys
has caused the Debian Bug report #1038915,
regarding Bookworm APT-GET Security Public Keys
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1038915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038915
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: apt

Version: 2.6.1

X-Debbugs-CC: [email protected]<mailto:[email protected]>, 
[email protected]<mailto:[email protected]>, [email protected]<mailto:[email protected]>, 
[email protected]<mailto:[email protected]>

When I attempt to deploy a container while using the debian:latest (Bookworm) 
image, I execute the apt-get update command which gives me an error message 
involving the absence of a certain group of public keys.


Step 14/30 : RUN apt-get -y update
---> Running in eb6228890f3c
Get:1 http://deb.debian.org/debian bookworm InRelease [147 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [52.1 kB]
Err:1 http://deb.debian.org/debian bookworm InRelease
  The following signatures couldn't be verified because the public key is not 
available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 
F8D2585B8783D481
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 
kB]
Err:2 http://deb.debian.org/debian bookworm-updates InRelease
  The following signatures couldn't be verified because the public key is not 
available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
Err:3 http://deb.debian.org/debian-security bookworm-security InRelease
  The following signatures couldn't be verified because the public key is not 
available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
Reading package lists...
W: GPG error: http://deb.debian.org/debian bookworm InRelease: The following 
signatures couldn't be verified because the public key is not available: 
NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY F8D2585B8783D481
E: The repository 'http://deb.debian.org/debian bookworm InRelease' is not 
signed.
W: GPG error: http://deb.debian.org/debian bookworm-updates InRelease: The 
following signatures couldn't be verified because the public key is not 
available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
E: The repository 'http://deb.debian.org/debian bookworm-updates InRelease' is 
not signed.
W: GPG error: http://deb.debian.org/debian-security bookworm-security 
InRelease: The following signatures couldn't be verified because the public key 
is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
E: The repository 'http://deb.debian.org/debian-security bookworm-security 
InRelease' is not signed.
E: Problem executing scripts APT::Update::Post-Invoke 'rm -f 
/var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb 
/var/cache/apt/*.bin || true'
E: Sub-process returned an error code
The command '/bin/sh -c apt-get -y update' returned a non-zero code: 100
Cleaning up file based variables
00:00
ERROR: Job failed: exit code 100


I was not expecting to encounter this error. Instead, I was expecting for the 
apt package to successfully update itself.

Kernel Version: 5.4.17-2136.320.7.el7uek.x86_64 #2 SMP Mon Jun 5 15:18:50 PDT 
2023 x86_64 GNU/Linux

Shared C Library: /lib/x86_64-linux-gnu/libc.so.6

Best,
Shreyas

--- End Message ---
--- Begin Message ---
On Fri, Jun 23, 2023 at 02:03:15AM +0000, Shahi, Shreyas 
(CDC/DDPHSS/CSELS/DHIS) (CTR) wrote:
> Package: apt
> Version: 2.6.1

Are you sure or is that just a guess on your part? As 2.6.1 is part of
bookworm you have a somewhat hard time to get it before upgrading to it…


> When I attempt to deploy a container while using the debian:latest (Bookworm) 
> image, I execute the apt-get update command which gives me an error message 
> involving the absence of a certain group of public keys.
> 
> Step 14/30 : RUN apt-get -y update

Your problem is not in Step 14 even if that one is the one spewing
errors. The mentioned keys are not shipped by apt, but by
debian-archive-keyring and as the archive is still (also) signed
by the 'Debian Archive Automatic Signing Key (10/buster)' from 2019
your base image (or whatever its called, I am not using Docker) is too
old to upgrade to bookworm (Debian does not support skipping releases,
especially not multiple ones from ??? -> skipping buster & bullseye
directly to -> bookworm).

If that is not it, it could of course also be that the image is broken;
the keys should be in /etc/apt/trusted.gpg.d with names like
debian-archive-bullseye-automatic.asc nowadays. Might be *.gpg in
older releases. Symlinks in even older ones.


> Kernel Version: 5.4.17-2136.320.7.el7uek.x86_64 #2 SMP Mon Jun 5 15:18:50 PDT 
> 2023 x86_64 GNU/Linux

Lastly, having a casual browse through
https://github.com/debuerreotype/docker-debian-artifacts
(which is the source for the Debian docker images you are using)
especially in the [closed] issues is suggesting that docker is not as
isolated as you would hope – as in, newer images (that isn't specific to
Debian) might use newer syscalls than the host kernel provides or
docker (and related tools) support, especially in terms of seccomp
filtering. So you might need to upgrade your host first…
e.g. https://github.com/debuerreotype/docker-debian-artifacts/issues/187
although that triggers slightly different errors, but a whole lot of
different ones get basically the same response, so…


In either case, apts buglist is not a support forum for Docker nor for
Docker on Oracle Linux 7 (which seems to be your host based on the
kernel version), so I am closing as not a bug (in apt).


Best regards

David Kalnischkies

Attachment: signature.asc
Description: PGP signature


--- End Message ---

Reply via email to