Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot install package with tomcat:9-jdk17-temurin #270

Closed
nicolas-albert opened this issue Jun 30, 2022 · 4 comments
Closed

Cannot install package with tomcat:9-jdk17-temurin #270

nicolas-albert opened this issue Jun 30, 2022 · 4 comments

Comments

@nicolas-albert
Copy link

I use the tomcat:9-jdk17-temurin base image to build convertigo for days.
Builds were ok until 27/06/2022 and broken since 28/06/2022 over CircleCI.

Server Engine Details:
  Version:          17.09.0-ce
  API version:      1.32 (minimum version 1.12)
  Go version:       go1.8.3
  Git commit:       afdb6d4
  Built:            2017-09-26T22:40:56.000000000+00:00
  OS/Arch:          linux/amd64
  Experimental:     false

Also failed on my local docker environment.

Server: Docker Engine - Community
 Engine:
  Version:          19.03.12
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.10
  Git commit:       48a66213fe
  Built:            Mon Jun 22 15:49:35 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Here the output of my first RUN command:

docker run --rm -it tomcat:9-jdk17-temurin bash
root@905662c2fbff:/usr/local/tomcat# apt-get update -y
Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [109 kB]
Get:3 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Get:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [99.8 kB]
Err:1 http://archive.ubuntu.com/ubuntu jammy InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Err:2 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Err:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Err:3 http://security.ubuntu.com/ubuntu jammy-security InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Reading package lists... Done
W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-backports InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://security.ubuntu.com/ubuntu jammy-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://security.ubuntu.com/ubuntu jammy-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Problem executing scripts APT::Update::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
E: Sub-process returned an error code

I tried apt-key update:

root@905662c2fbff:/usr/local/tomcat# apt-key update
E: gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation

Issue in the image ?
Need to use newer version of Docker engine ?

Thanks for help !
@gschueler
Copy link

Same problem with tomcat:8-jdk11, tomcat:9-jdk11

@wglambert
Copy link

Seems like an intermittent issue that got resolved, I'm not able to reproduce currently

$ docker run -it --rm tomcat:9-jdk17-temurin bash
Unable to find image 'tomcat:9-jdk17-temurin' locally
9-jdk17-temurin: Pulling from library/tomcat
Digest: sha256:c9820adf3ad9c3ab458dc5e37c7806f68c2ee2ed8e34211ee9d0d9958e343896
Status: Downloaded newer image for tomcat:9-jdk17-temurin
root@63b76444e5f4:/usr/local/tomcat# apt-get update -y
Get:1 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
Get:3 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [239 kB]
Get:4 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [94.9 kB]
Get:5 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [4,648 B]
Get:6 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [221 kB]
Get:7 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [109 kB]
Get:8 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [99.8 kB]
Get:9 http://archive.ubuntu.com/ubuntu jammy/restricted amd64 Packages [164 kB]
Get:10 http://archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [266 kB]
Get:11 http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [17.5 MB]
Get:12 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages [1,792 kB]
Get:13 http://archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [165 kB]
Get:14 http://archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [4,648 B]
Get:15 http://archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [276 kB]
Get:16 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [416 kB]
Get:17 http://archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [5,797 B]
Fetched 21.7 MB in 4s (5,993 kB/s)
Reading package lists... Done

@yosifkit
Copy link
Member

I think this is the same as #269? If using the focal tags fixes the problem, then yes a newer docker and libseccomp should make the jammy based images work (#269 (comment)).

@nicolas-albert
Copy link
Author

nicolas-albert commented Jul 1, 2022
edited
Loading

I have to use VirtualBox (docker-machine) on my desktop and I found burmillaos that provide a docker engine 20.10.9 but still failling with another error:

docker run --rm -it tomcat:9-jdk17-temurin bash
Unable to find image 'tomcat:9-jdk17-temurin' locally
9-jdk17-temurin: Pulling from library/tomcat
405f018f9d1d: Pull complete
160c99d3182b: Pull complete
e07a736be37f: Pull complete
eb991d49ce62: Pull complete
0ff310af806b: Pull complete
61186ad84b31: Pull complete
3d141c097589: Pull complete
Digest: sha256:c9820adf3ad9c3ab458dc5e37c7806f68c2ee2ed8e34211ee9d0d9958e343896
Status: Downloaded newer image for tomcat:9-jdk17-temurin
root@edffbacb0764:/usr/local/tomcat# apt-get update -y
Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
Get:2 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Get:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [109 kB]
Get:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [99.8 kB]
Get:5 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [94.9 kB]
Get:6 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [241 kB]
Get:7 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [226 kB]
Get:8 http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [17.5 MB]
Get:9 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [4,648 B]
Get:10 http://archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [266 kB]
Get:11 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages [1,792 kB]
Get:12 http://archive.ubuntu.com/ubuntu jammy/restricted amd64 Packages [164 kB]
Get:13 http://archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [276 kB]
Get:14 http://archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [165 kB]
Get:15 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [416 kB]
Get:16 http://archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [4,648 B]
Get:17 http://archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [5,797 B]
Fetched 21.7 MB in 8s (2,875 kB/s)
Reading package lists... Done
E: Problem executing scripts APT::Update::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
E: Sub-process returned an error code

With tomcat:9-jdk17-temurin-focal, it's good like before.

I forced CircleCI to build using docker engine 20.10.17 and the build is successfull with tomcat:9-jdk17-temurin (jammy).

I'm afraid that customer docker runtimes aren't always up-to-date and I should use -focal based image for some months to prevent regressions or issues.

@tianon tianon closed this as completed Oct 6, 2022
@andreasnef andreasnef mentioned this issue Oct 28, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@gschueler @tianon @nicolas-albert @yosifkit @wglambert