5

I am trying to use Ubuntu 20.04 or Ubuntu 22.04 in Docker. My Dockerfile is:

from ubuntu:22.04
run DEBIAN_FRONTEND=noninteractive apt update

I build this with docker build .. The result is:

Sending build context to Docker daemon  2.048kB
Step 1/2 : from ubuntu:22.04
---> 2dc39ba059dc
Step 2/2 : run DEBIAN_FRONTEND=noninteractive apt update
---> Running in b15002ae9dd5

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB] 
Get:2 http://security.ubuntu.com/ubuntu jammy-security 
InRelease [110 kB] 
Get:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [114 kB] 
Get:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [99.8 kB] Err:1 http://archive.ubuntu.com/ubuntu jammy InRelease

The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C

I get this message repeated several times, until I get:

W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.

I have tried to chmod a+rwx /etc/apt -R as the first run command in the Dockerfile but it made no difference.

I have also explicitly run docker pull ubuntu:22.04 and it said it was already up-to-date. I have the exact same problem with the ubuntu:20.04 image.

I have consulted all other web sources referring to this problem, but they all require me to be able to run apt install apt-key or something else, but I can't update apt to start with so nothing works, besides the first 3 pages of search engine hits just showing how to install Docker on Ubuntu and not the other way around.

I have also tried --security-opt seccomp:unconfined as mentioned in another answer. That responded with Error response from daemon: The daemon on this platform does not support setting security options on build.

So my image doesn't have curl, wget or gnupg and I can't install it without getting this working. When I do anything with apt-key I get: E: gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation

I have managed to install gnupg manually from the deb file, and manually receiving the key, which gives a similar error message:

# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 871920D1991BC93C
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Executing: /tmp/apt-key-gpghome.rQuYmKpjpo/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 871920D1991BC93C
gpg: requesting key 991BC93C from hkp server keyserver.ubuntu.com
gpg: key 991BC93C: public key "Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA:  1)
W: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '' executing apt-key.

I have also tried trimming down /etc/apt/source.list to the minimum. Same problem.

How can I add the required key from the host?

As a secondary question, how can such a mainstream tool, and distribution, be broken? Or am I doing something stupidly obvious wrong? Has everybody moved on to something else, and what is it? I do not have good internet access so keeping up to date with what is happening in the computer world is a challenge.

Artur Meinild
  • 26,018
WikiLover
  • 231
  • 1
  • 2
  • 6
  • I am trying to build something on Ubuntu image inside docker. Both do the same ubuntu:22.04 and ubuntu:20.04. There is no ubuntu:20 image on dockerhub. Is ubuntu finished, should I move back to debian rather? – WikiLover Sep 13 '22 at 09:20
  • Which OS are you using for the host system? Reason being there are some versions of Docker where this problem arises on MacOS and/or Windows, and updating Docker itself on the host resolves the issue. This is particularly egregious on MacOS 12.x with Docker engine 20.10.14 and lower – matigo Sep 13 '22 at 10:07

4 Answers4

7

You have been trying to solve the wrong problem.

From Ubuntu 20, Ubuntu uses more secure syscalls, which on older versions of docker result in permission errors instead of "not supported" errors, resulting in the misleading error messages. While it can technically be patched in the Ubuntu images, that would make them less secure, so it's not a long term solution.

The easiest solution by far is to update docker.

An unsustainable alternative is too temporarily revert back to ubuntu:18.04

WikiLover
  • 231
  • 1
  • 2
  • 6
  • Well, I have latest version of Podman, and Podman is notably more secure than Docker. I wonder what those syscalls could be. Also, I don't have the same problem with ubuntu 20.04 image, although the author claims it's reproducible there as well. Odd, could there be different causes for the same error? – Hi-Angel Nov 05 '22 at 22:20
  • 1
    After 2 hours of trying other solutions, I came across this answer, and upgraded my Docker. And.. success!! Many thannks @WikiLover – Trent Gm Nov 24 '22 at 23:56
  • @Hi-Angel This should do it: podman run --rm --security-opt seccomp=unconfined -it ubuntu:22.04 /bin/bash – WikiLover Jan 20 '23 at 13:11
  • Minimum version is Docker >= 20.10.9 from a comment on https://askubuntu.com/q/1408090/1075541 – so_ Feb 28 '24 at 19:55
2

I didn't research the exact cause of this problem, but what helps is running with --security-opt seccomp=unconfined option. I tested that on Podman implementation of Docker utilities. That should be applicable to original docker as well.

 λ podman run --rm --security-opt seccomp=unconfined -it ubuntu:22.04 /bin/bash                     
root@1e910696dd09:/# apt update
Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
Get:2 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]            
Get:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [114 kB]              
Get:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [99.8 kB]
Get:5 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages [1792 kB]
Get:6 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [578 kB]
Get:7 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [480 kB]
Get:8 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [4644 B]
Get:9 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [756 kB]
Get:10 http://archive.ubuntu.com/ubuntu jammy/restricted amd64 Packages [164 kB]
Get:11 http://archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [266 kB]        
Get:12 http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [17.5 MB]           
Get:13 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [880 kB]         
Get:14 http://archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [939 kB]
Get:15 http://archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [16.9 kB]
Get:16 http://archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [528 kB]
Get:17 http://archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [7290 B]
Get:18 http://archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages [3175 B]
Fetched 24.5 MB in 6s (4365 kB/s)                
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
root@1e910696dd09:/#
Hi-Angel
  • 3,702
  • 1
  • 29
  • 36
  • On the same old docker: Error response from daemon: The daemon on this platform does not support setting security options on build – WikiLover Jan 20 '23 at 13:07
1

I encountered a similar problem when building an image based on ubuntu:22.04 on Raspberry Pi (armhf). The problem was the host's libseccomp library.

The solution is documented here: https://docs.linuxserver.io/faq

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
echo "deb http://deb.debian.org/debian buster-backports main" | sudo tee -a /etc/apt/sources.list.d/buster-backports.list
sudo apt update
sudo apt install -t buster-backports libseccomp2

After rebooting, I'm able to run apt-get update without the error.

Jinyang Li
  • 11
0

Not a solution but a suggestion for the people who just want to get things done quickly for quick learning/experimental purposes. As mentioned above, these errors occur due to improved ubuntu syscalls and due to your docker version being old.

You can downgrade your ubuntu image from ubuntu:latest to ubuntu:18.04 and everything should work as expected.

Mujeeb Ishaque
  • 101