12

I am trying to upgrade from ubuntu16 to ubuntu20 and for that I need to change image arm32v7/ubuntu:16.04 to arm32v7/ubuntu:20.04 in all our Dockerfiles [update required libraries after that], But while working on this task I found that there's some issue with arm32v7 base image of ubuntu:20.04 - when I run apt-get update it fails with following error messages-

Err:1 http://ports.ubuntu.com/ubuntu-ports focal InRelease
  At least one invalid signature was encountered.
Get:4 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease [107 kB]
Err:2 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease
  At least one invalid signature was encountered.
Err:3 http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease
  At least one invalid signature was encountered.
Err:4 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease
  At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

I tried the solution mentioned here [https://askubuntu.com/a/1264921/872700] but that too is not working as we are using the image in Dockerfile and its not allowed to pass --security-opt in docker build command.

As a workaround I ran docker run with --security-opt option and created another image with docker commit - then ran apt-get update inside new image but that too is not working.

FYI, The machine has following docker version on it- Docker version 19.03.13, build 4484c46

Frant
  • 5,382
  • 1
  • 16
  • 22
Vinay Verma
  • 533
  • 1
  • 6
  • 28
  • checkout duplicate on askubuntu https://askubuntu.com/questions/1263284/apt-update-throws-signature-error-in-ubuntu-20-04-container-on-arm – Pipo May 06 '21 at 23:54
  • same issue occurred with php8 docker container – til Sep 08 '22 at 08:01

2 Answers2

58

I had this issue on Docker Desktop for Mac recently, running apt-get update in an Ubuntu 20.04 x86_64 container. It turned out the VM hosting the Docker images on macOS had run out of disk space. That somehow manifested itself as apt reporting invalid signatures on package index files. Pruning unused images to free space solved the issue for me:

docker image prune -a

As mentioned in comment by sema, if the issue is caused by insufficient disk space, another workaround is to increase the size of the virtual disk used by the virtual machine that is running docker. In Docker Desktop for Mac this can be done via Preferences > Resources > Disk image size.

Andreas Hindborg
  • 681
  • 4
  • 3
  • 1
    I had exactly the same issue as the OP and this solves the problem. In addition, increasing disk space for images can also help: Preferences > Resources > Disk image size. – sema Jan 10 '21 at 17:41
  • 1
    `docker system prune -a` will remove unused containers and clean up a lot of space. I ran into this and this fixed the issue, also cleared out 30GB of files. – dardo Nov 02 '21 at 19:59
  • 2
    Waw, damn, thank you so much for pointing that out, that probably saved me a couple of hours of soul searching. – jlos Mar 01 '22 at 18:55
13

To solve the problem, I had to update the library libseccomp2 on my host pi machine as I could not find any other solution to apply inside the base image.

Downloaded the deb package from here and applied on host machine using -

sudo dpkg -i libseccomp2_2.4.4-1+b1_armhf.deb

starbeamrainbowlabs
  • 5,692
  • 8
  • 42
  • 73
Vinay Verma
  • 533
  • 1
  • 6
  • 28
  • Is there any word on when this will be rolled out by default? – starbeamrainbowlabs Jan 14 '21 at 23:19
  • Update: If you setup [debian backports](https://backports.debian.org/Instructions/), then running `sudo apt-get install -t buster-backports libseccomp2` will install a newer version of `libseccomp2` to fix the issue. Just to be on the safe side, I restarted `docker` and `containerd` too: `sudo systemctl restart containerd docker`. – starbeamrainbowlabs Jan 15 '21 at 00:10
  • 1
    duplicate answer on askubuntu: https://askubuntu.com/questions/1263284/apt-update-throws-signature-error-in-ubuntu-20-04-container-on-arm – Pipo May 06 '21 at 23:54