cp-docker-images icon indicating copy to clipboard operation
cp-docker-images copied to clipboard

Published 20 hours ago verified publisher icon confluentinc

[cp-base] Apt-get update is broken. The following signatures were invalid: KEYEXPIRED 1587841717

Open KIVagant opened this issue 4 years ago • 9 comments 

➜ docker run -it confluentinc/cp-base apt-get update
Unable to find image 'confluentinc/cp-base:latest' locally
latest: Pulling from confluentinc/cp-base
8a45f3148b49: Pull complete
5fd1c1919136: Pull complete
171a7e7c3b13: Pull complete
Digest: sha256:3d39ae1ee2cbd023789726997192c59571fde83a7c499c250bd1f381671c48c8
Status: Downloaded newer image for confluentinc/cp-base:latest
Get:1 http://security.debian.org jessie/updates InRelease [44.9 kB]
Ign http://repos.azulsystems.com stable InRelease
Ign http://archive.debian.org jessie InRelease
Get:2 https://s3-us-west-2.amazonaws.com stable InRelease [5872 B]
Get:3 http://repos.azulsystems.com stable Release.gpg [819 B]
Get:4 http://repos.azulsystems.com stable Release [8604 B]
Get:5 http://archive.debian.org jessie Release.gpg [2420 B]
Get:6 http://archive.debian.org jessie Release [148 kB]
Get:7 http://security.debian.org jessie/updates/main amd64 Packages [976 kB]
Ign http://archive.debian.org jessie Release
Get:8 http://repos.azulsystems.com stable/main amd64 Packages [24.7 kB]
Get:9 http://archive.debian.org jessie/main amd64 Packages [9098 kB]
Get:10 https://s3-us-west-2.amazonaws.com stable/main amd64 Packages [20.6 kB]
Fetched 10.3 MB in 8s (1166 kB/s)
Reading package lists... Done
W: GPG error: http://archive.debian.org jessie Release: The following signatures were invalid: KEYEXPIRED 1587841717

And the problem exists in all dependent images:

➜ docker run -it confluentinc/cp-kafka-rest:5.5.0 apt-get update
...
W: GPG error: http://archive.debian.org jessie Release: The following signatures were invalid: KEYEXPIRED 1587841717

KIVagant avatar Apr 26 '20 18:04 KIVagant

apt-key update and the trick with apt-key list | grep “expired:” + apt-key adv --keyserver keys.gnupg.net --recv-keys [KEY] didn't help

KIVagant avatar Apr 26 '20 18:04 KIVagant

This hit us today, stopping us from building an image with bundled auth and config.

Any chance #834 would solve it? Any chance someone could take a look at that PR and get it moving?

mortenlj avatar Apr 29 '20 11:04 mortenlj

Same thing here. Also tried lots of tricks with keys, including the tricks mentioned by @KIVagant, with no success. I also found out that Debian moved to new new keys, as detailed here (https://lists.debian.org/debian-devel-announce/2014/11/msg00017.html), but can't see how to overcome this.

mulho avatar Apr 30 '20 18:04 mulho

Ok, found a workaround. Make sure you run the following command: docker run -it confluentinc/cp-kafka-rest:5.5.0 sh -c "sed -i 's;http://archive.debian.org/debian/;http://deb.debian.org/debian/;' /etc/apt/sources.list && apt-get update"

mulho avatar Apr 30 '20 18:04 mulho

The @mulho workaround worked on docker image

just add

RUN sed -i 's;http://archive.debian.org/debian/;http://deb.debian.org/debian/;' /etc/apt/sources.list

mhobotpplnet avatar May 11 '20 15:05 mhobotpplnet

The @mulho workaround worked on docker image

just add

RUN sed -i 's;http://archive.debian.org/debian/;http://deb.debian.org/debian/;' /etc/apt/sources.list

Where add this, in the begin? example:

RUN sed -i 's;http://archive.debian.org/debian/;http://deb.debian.org/debian/;' /etc/apt/sources.list

RUN printf "deb http://archive.debian.org/debian/ jessie main\ndeb-src http://archive.debian.org/debian/ jessie main\ndeb http://security.debian.org jessie/updates main\ndeb-src http://security.debian.org jessie/updates main" > /etc/apt/sources.list

RUN apt-get update -qq RUN apt-get install -y --no-install-recommends apt-transport-https ca-certificates

victorgmp avatar Jun 04 '20 14:06 victorgmp

@victorgmp yes at the very top of all, right after FROM:..

mhobotpplnet avatar Jun 09 '20 22:06 mhobotpplnet

I resolved this, but now I get this error:

W: Duplicate sources.list entry https://s3-us-west-2.amazonaws.com/staging-confluent-packages-5.5.0/deb/5.5/ stable/main amd64 Packages (/var/lib/apt/lists/s3-us-west-2.amazonaws.com_staging-confluent-packages-5.5.0_deb_5.5_dists_stable_main_binary-amd64_Packages.gz)
W: You may want to run apt-get update to correct these problems

Did anyone also encounter the same issue? The command apt-get update does not work.

hershdhillon avatar Sep 16 '20 21:09 hershdhillon

it actually worked for me. I would run the sed command after the printf and before apt-get. seems like when you generate your sources.list file, something causes it to generate two sources for one package.. or something like that.

try to look at all the printf / echo commands you run when you create your sources.list file, and make sure they are right. after the lines that create the file, you should put the sed line that replaces archive.debian.org to deb.debian.org, and you should be good.

galsivan avatar Jan 13 '21 14:01 galsivan