apt update throws signature error in Ubuntu 20.04 container on arm
I am trying to build Raspberry Pi docker images but I am always having the same error, similar to this one, this one and this one.
While running the command apt update
as root in a arm32v7/ubuntu:20.04
(or just ubuntu:latest
), I get the following output:
root@273d63597ce6:/# apt update
Get:1 http://ports.ubuntu.com/ubuntu-ports focal InRelease [265 kB]
Get:2 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease [111 kB]
Get:3 http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease [98.3 kB]
Get:4 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease [107 kB]
Err:1 http://ports.ubuntu.com/ubuntu-ports focal InRelease
At least one invalid signature was encountered.
Err:2 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease
At least one invalid signature was encountered.
Err:3 http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease
At least one invalid signature was encountered.
Err:4 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease
At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal-security InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
I have tried the suggested solutions of cleaning apt, cleaning docker and removing/recreating /var/lib/apt/lists
without success. The SD card is 32G and the OS is a fresh install. df
shows 26G free.
Some more information:
- This is happening on a fresh install of 2020-05-27-raspios-buster-lite-armhf on a raspberry pi 4 B
- The same error happens on another Raspberry Pi 4 B running HypriotOS
- The same command in the same image works fine on a raspberry pi 3 B that has Arch linux installed
- The error does not happen if I use an older version of ubuntu (
ubuntu:18.04
,16.04
,14.04
)
Solution 1:
The root cause of the problem is in libseccomp. The newer version fixes the problem, but it is not yet available in Debian's stable repos. There are two way to fix this problem:
Method 1
Start the container with --privileged
. This bypasses docker's security measures, so it is not recommended. Or with --security-opt seccomp:unconfined
as a little more secure.
docker run -it --security-opt seccomp:unconfined ubuntu:latest
Method 2
Upgrade libseccomp manually on the host system. Dowload version from unstable repos (I tested with 2.4.3-1) here.
Install the new version:
sudo dpkg -i libseccomp2_2.4.3-1+b1_armhf.deb
Note: The above methods solved the problems for systems based on Raspbian. The error was also happening on a Ubuntu 20.04 aarch64 system, for which @NeonLines' answer was able to help.
Solution 2:
At least one invalid signature was encountered
The error suggests that one of the files in /var/lib/apt/lists
consist at least one invalid/corrupted signature (could be the result of apt-key
misuse or something else).
Try to run Apt update with the debug messages:
apt-get -oDebug::pkgAcquire::Worker=1 update
which should point you to the corrupted file, e.g.
0% [Working] <- gpgv:400%20URI%20Failure%0aMessage:%20At%20least%20one%20invalid%20signature%20was%20encountered.%0aURI:%20gpgv:/var/lib/apt/lists/partial/CorruptedFile_InRelease
Edit the file, find and remove the corrupted parts, or remove the whole file, so it can be recreated.
Solution 3:
TSpark's, HyperCreeks and ibster1st123s answers did work for me on a Rasbian 10 and the latest docker version from the official repositories. As NeonLines pointed out you have to install a recent version, since they don't suffer this problem.
Most users set up Docker’s repositories and install from them, for ease of installation and upgrade tasks. This is the recommended approach, except for Raspbian. […] For Raspbian, installing using the repository is not yet supported. You must instead use the convenience script. – docs.docker.com
tl;dr
Get a recent docker version using the convenience script. You should check the link above though, there are some caveats.
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh