apt-get update fails in node 20.3

[Chubacca73]

If have a node.js application that wraps an smbclient into an express node Rest-API to export content from an application via Rest-API to a Windows shared drive on a remote computer.

The container an dimage was built some time agon and running fine. Now I needed to increase the size of the allowed content in express therfore I had to rebuild the image with the modified application.

Previously I used node 16 and I could use apt-get upate and apt-get install to bring smbclient onto the node image

THis was not working anymore and I assume it is due to deprication of the old operating system (stretch?)

So I tried to use a more up to date node image as base.

Unfortunately the apt-get and apt-get install still fail with errors.

My Dockerfile:

FROM node:20.3

RUN apt-get -y update

RUN apt-get install -y smbclient

WORKDIR /app

COPY package.json ./

RUN npm install
COPY . .

EXPOSE 8080

CMD ["npm",  "start" ]

If I run docker build it outputs as follows:

Sending build context to Docker daemon  9.728kB
Step 1/9 : FROM node:20.3
 ---> 04565e17fb84
Step 2/9 : RUN apt-get -y update
 ---> Running in 3f868965b738
Get:1 http://deb.debian.org/debian bookworm InRelease [147 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [52.1 kB]
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Err:1 http://deb.debian.org/debian bookworm InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY F8D2585B8783D481
Err:2 http://deb.debian.org/debian bookworm-updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
Err:3 http://deb.debian.org/debian-security bookworm-security InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
Reading package lists...
W: GPG error: http://deb.debian.org/debian bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY F8D2585B8783D481
E: The repository 'http://deb.debian.org/debian bookworm InRelease' is not signed.
W: GPG error: http://deb.debian.org/debian bookworm-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
E: The repository 'http://deb.debian.org/debian bookworm-updates InRelease' is not signed.
W: GPG error: http://deb.debian.org/debian-security bookworm-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
E: The repository 'http://deb.debian.org/debian-security bookworm-security InRelease' is not signed.
The command '/bin/sh -c apt-get -y update' returned a non-zero code: 100

Would it be possible to explain why on an actual docker nod eimage the public keys are not working or not contained?

What woudl be the way to install smbclient based on the official node image?

Thank you for support!

[yosifkit]

This is the same as https://github.com/docker-library/python/issues/837, so fix is https://github.com/docker-library/python/issues/837#issuecomment-1599640563: "update libseccomp and docker on the host running the containers"