According to https://stackoverflow.com/questions/66319610/gpg-error-in- ubuntu-21-04-after-second-apt-get-update-during-docker-build, this bug fix is supposed to fix the issue of getting the following error when running "apt-get update" in an Ubuntu 21.04 container: "W: GPG error: http://ports.ubuntu.com/ubuntu-ports hirsute InRelease: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed".
I was running into this error when attempting to build my Dockerfiles based on arm64v8/ubuntu:21.04 and arm32v7/ubuntu:21.04. After upgrading my runc version to 1.0.1, the error went away but only for arm64v8/ubuntu:21.04. The Dockerfile based on arm32v7/ubuntu:21.04 still encountered the error. In both cases, I am running the build on an AArch64 device, so it's using emulation for the arm32v7/ubuntu:21.04 scenario. It would appear that it's still broken for that scenario? The repro is very simple, just run the following command on an AArch64 device: "docker run --rm arm32v7/ubuntu:21.04 apt-get update". It will output the following: Unable to find image 'arm32v7/ubuntu:21.04' locally 21.04: Pulling from arm32v7/ubuntu 48989deb32eb: Pulling fs layer 48989deb32eb: Verifying Checksum 48989deb32eb: Download complete 48989deb32eb: Pull complete Digest: sha256:b61c1421a092dd4ffc0b14a6b683513d775d5daa275598c74cd34090a0424a19 Status: Downloaded newer image for arm32v7/ubuntu:21.04 WARNING: The requested image's platform (linux/arm/v7) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested WARNING: apt does not have a stable CLI interface. Use with caution in scripts. Get:1 http://ports.ubuntu.com/ubuntu-ports hirsute InRelease [269 kB] Get:2 http://ports.ubuntu.com/ubuntu-ports hirsute-updates InRelease [115 kB] Err:1 http://ports.ubuntu.com/ubuntu-ports hirsute InRelease gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed Get:3 http://ports.ubuntu.com/ubuntu-ports hirsute-backports InRelease [101 kB] Err:2 http://ports.ubuntu.com/ubuntu-ports hirsute-updates InRelease gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed Get:4 http://ports.ubuntu.com/ubuntu-ports hirsute-security InRelease [110 kB] Err:3 http://ports.ubuntu.com/ubuntu-ports hirsute-backports InRelease gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed Err:4 http://ports.ubuntu.com/ubuntu-ports hirsute-security InRelease gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed Reading package lists... W: GPG error: http://ports.ubuntu.com/ubuntu-ports hirsute InRelease: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed E: The repository 'http://ports.ubuntu.com/ubuntu-ports hirsute InRelease' is not signed. W: GPG error: http://ports.ubuntu.com/ubuntu-ports hirsute-updates InRelease: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed E: The repository 'http://ports.ubuntu.com/ubuntu-ports hirsute-updates InRelease' is not signed. W: GPG error: http://ports.ubuntu.com/ubuntu-ports hirsute-backports InRelease: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed E: The repository 'http://ports.ubuntu.com/ubuntu-ports hirsute-backports InRelease' is not signed. W: GPG error: http://ports.ubuntu.com/ubuntu-ports hirsute-security InRelease: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed E: The repository 'http://ports.ubuntu.com/ubuntu-ports hirsute-security InRelease' is not signed. Here's the docker version info for the host machine: Client: Version: 20.10.7 API version: 1.41 Go version: go1.16.4 Git commit: f0df35096d5f5e6b559b42c7fde6c65a2909f7c5 Built: Sat Sep 11 15:09:09 2021 OS/Arch: linux/arm64 Context: default Experimental: true Server: Docker Engine - Community Engine: Version: 20.10.8 API version: 1.41 (minimum version 1.12) Go version: go1.16.6 Git commit: 75249d8 Built: Fri Jul 30 19:53:13 2021 OS/Arch: linux/arm64 Experimental: false containerd: Version: 1.4.9 GitCommit: e25210fe30a0a703442421b0f60afac609f950a3 runc: Version: 1.0.1 GitCommit: v1.0.1-0-g4144b63 docker-init: Version: 0.19.0 GitCommit: de40ad0 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1916485 Title: test -x fails inside shell scripts in containers Status in Ubuntu on IBM z Systems: New Status in docker.io package in Ubuntu: Invalid Status in glibc package in Ubuntu: Opinion Status in libseccomp package in Ubuntu: Fix Committed Status in runc package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Fix Released Status in docker.io source package in Xenial: New Status in libseccomp source package in Xenial: New Status in runc source package in Xenial: New Status in systemd source package in Xenial: Invalid Status in docker.io source package in Bionic: New Status in libseccomp source package in Bionic: New Status in runc source package in Bionic: Fix Released Status in systemd source package in Bionic: Fix Released Status in docker.io source package in Focal: New Status in libseccomp source package in Focal: New Status in runc source package in Focal: Fix Released Status in systemd source package in Focal: Fix Released Status in docker.io source package in Groovy: Won't Fix Status in libseccomp source package in Groovy: Won't Fix Status in runc source package in Groovy: Fix Released Status in systemd source package in Groovy: Fix Released Status in docker.io source package in Hirsute: New Status in libseccomp source package in Hirsute: Fix Committed Status in runc source package in Hirsute: Fix Released Status in systemd source package in Hirsute: Fix Released Status in systemd package in Debian: Fix Released Bug description: (SRU template for systemd) [impact] bash (and some other shells) builtin test command -x operation fails [test case] on any affected host system, start nspawn container, e.g.: $ sudo apt install systemd-container $ wget https://cloud-images.ubuntu.com/hirsute/current/hirsute-server-cloudimg-amd64-root.tar.xz $ mkdir h $ cd h $ sudo tar xvf ../hirsute-server-cloudimg-amd64-root.tar.xz $ sudo systemd-nspawn Then from a bash shell, verify if test -x works: root@h:~# ls -l /usr/bin/gpg -rwxr-xr-x 1 1000 1000 1083472 Jan 16 09:53 /usr/bin/gpg root@h:~# test -x /usr/bin/gpg || echo "fail" fail [regression potential] any regression would likely occur during a syscall, most likely faccessat2(), or during other syscalls. [scope] this is needed for b/f this is fixed upstream by commit bcf08acbffdee0d6360d3c31d268e73d0623e5dc which is in 247 and later, so this is fixed in h this was pulled into Debian at version 246.2 in commit e80c5e5371ab77792bae94e0f8c5e85a4237e6eb, so this is fixed in g in x, the entire systemd seccomp code is completely different and the patch doesn't apply, nor does it appear to be needed, as the problem doesn't reproduce in a h container under x. [other info] this needs fixing in libseccomp as well [original description] glibc regression causes test -x to fail inside scripts inside docker/podman, dash and bash are broken, mksh and zsh are fine: root@0df2ce5d7a46:/# test -x /usr/bin/gpg || echo Fail root@0df2ce5d7a46:/# dash -c "test -x /usr/bin/gpg || echo Fail" Fail root@0df2ce5d7a46:/# bash -c "test -x /usr/bin/gpg || echo Fail" Fail root@0df2ce5d7a46:/# mksh -c "test -x /usr/bin/gpg || echo Fail" root@0df2ce5d7a46:/# zsh -c "test -x /usr/bin/gpg || echo Fail" root@0df2ce5d7a46:/# root@0df2ce5d7a46:/# zsh -c "[ -x /usr/bin/gpg ] || echo Fail" root@0df2ce5d7a46:/# mksh -c "[ -x /usr/bin/gpg ] || echo Fail" root@0df2ce5d7a46:/# dash -c "[ -x /usr/bin/gpg ] || echo Fail" Fail root@0df2ce5d7a46:/# bash -c "[ -x /usr/bin/gpg ] || echo Fail" Fail The -f flag works, as does /usr/bin/test: # bash -c "test -f /usr/bin/gpg || echo Fail" # bash -c "/usr/bin/test -x /usr/bin/gpg || echo Fail" # [Original bug report] root@84b750e443f8:/# lsb_release -rd Description: Ubuntu Hirsute Hippo (development branch) Release: 21.04 root@84b750e443f8:/# dpkg -l gnupg apt Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==============-===============-============-========================================== ii apt 2.1.20 amd64 commandline package manager ii gnupg 2.2.20-1ubuntu2 all GNU privacy guard - a free PGP replacement Hi, for 3 days our CI pipelines to recreate Docker images fails for the Hirsute images. From comparison this seems to be caused by apt 2.1.20. The build fails with: 0E: gnupg, gnupg2 and unupg1 do not seem to be installed, but one of them is required for this operation The simple Dockerfile to reproduce the error - "docker build -t foo ." FROM amd64/ubuntu:hirsute MAINTAINER Florian Lohoff <f...@zz.de> USER root RUN apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get -y install curl gnupg apt \ && curl https://syncthing.net/release-key.txt | apt-key add - Breaking it down it this seems to be an issue that there is new functionality in apt/apt-key e.g. security hardening that docker prohibits in its containers. Running this manually works only in an --privileged container. So adding keys in unpriviledged container or possibly kubernetes will not work anymore. Flo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1916485/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
