[Bug 1979139] Re: apt-get update fails inside docker container
Julian Andres Klode
1979139 at bugs.launchpad.net
Mon Jun 20 06:30:23 UTC 2022
You also do not have the latest docker installed. Be aware that if the
host system is older than the guest, various things can fail due to
seccomp issues, the latest docker should always be used.
So please check with all updates installed in the host, the official
ubuntu:jammy image, and using a chroot.
I'm reasonably sure that you are just missing updates to docker and runc
or whatever that allowlist the syscalls used by jammy glibc.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1979139
Title:
apt-get update fails inside docker container
Status in apt package in Ubuntu:
Incomplete
Bug description:
A docker image built with "debootstrap jammy" fails when running "apt-
get update".
1) lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
2)
# apt-cache policy docker.io
docker.io:
Installed: 19.03.8-0ubuntu1.20.04.1
Candidate: 20.10.7-0ubuntu5~20.04.2
Version table:
20.10.7-0ubuntu5~20.04.2 500
500 http://mirror.localnet:8055/ubuntu-security focal-security/universe amd64 Packages
*** 19.03.8-0ubuntu1.20.04.1 100
100 /var/lib/dpkg/status
19.03.8-0ubuntu1 500
500 http://mirror.localnet:8055/ubuntu focal/universe amd64 Packages
# docker run --rm -ti ubuntu:jammy apt-cache policy apt
apt:
Installed: 2.4.5
Candidate: 2.4.5
Version table:
*** 2.4.5 500
500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages
100 /var/lib/dpkg/status
3) I would expect, that "apt-get update" updates the package lists, as
in
# docker run --rm -ti ubuntu:focal apt-get update
Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease
Get:2 http://archive.ubuntu.com/ubuntu focal/main Translation-en [506 kB]
Fetched 506 kB in 1s (464 kB/s)
Reading package lists... Done
4) Instead, it fails with
# docker run --rm -ti ubuntu:jammy apt-get update
Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease
Err:1 http://archive.ubuntu.com/ubuntu jammy InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Reading package lists... Done
W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://archive.ubuntu.com/ubuntu jammy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
W: Some index files failed to download. They have been ignored, or old ones used instead.
5) To reproduce:
# mkdir jammy-jellyfish
# debootstrap jammy jammy-jellyfish
...
# tar -C jammy-jellyfish -c . | docker import - ubuntu:jammy
# docker run --rm -ti ubuntu:jammy apt-get update
Doing the same with focal, works as expected:
# mkdir focal-fossa
# debootstrap focal focal-fossa
...
# tar -C focal-fossa -c . | docker import - ubuntu:focal
# docker run --rm -ti ubuntu:focal apt-get update
Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease
Get:2 http://archive.ubuntu.com/ubuntu focal/main Translation-en [506 kB]
Fetched 506 kB in 1s (963 kB/s)
Reading package lists... Done
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1979139/+subscriptions
More information about the foundations-bugs
mailing list