GPG error in Ubuntu 21.04 after second apt-get update during Docker build

Question

Getting error while building the following Docker file

FROM ubuntu:21.04

RUN apt-get update && \
    apt-get install --no-install-recommends -y curl=7.\* && \
    apt-get install --no-install-recommends -y unzip=6.\* &&\ 
    rm -rf /var/lib/apt/lists/*

RUN apt-get update && \
    mkdir -p /usr/share/man/man1 && \
    apt-get install --no-install-recommends -y maven=3.6.3-5 && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

The error occurs when the second apt-get update runs.

The error is as follows :-

E: The repository 'http://security.ubuntu.com/ubuntu hirsute-security InRelease' is not signed.
W: GPG error: http://archive.ubuntu.com/ubuntu hirsute InRelease: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed
E: The repository 'http://archive.ubuntu.com/ubuntu hirsute InRelease' is not signed.
W: GPG error: http://archive.ubuntu.com/ubuntu hirsute-updates InRelease: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed
E: The repository 'http://archive.ubuntu.com/ubuntu hirsute-updates InRelease' is not signed.
W: GPG error: http://archive.ubuntu.com/ubuntu hirsute-backports InRelease: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed
E: The repository 'http://archive.ubuntu.com/ubuntu hirsute-backports InRelease' is not signed.

Any kind of help would be appreciated.

Answer 1

That's a bug in the docker / seccomp / glibc interaction: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1916485

Answer 2

I've run your docker file and get the same error. Playing around with various ways to disable the verification also produced no good results. Neither did removing the version constraints and just installing the latest versions of the tools. The only solution I could find was to downgrade ubuntu to 20.04, but there is no 3.6.3-5 version of maven for that version of the OS, only 3.6.3-1 (afaik).

The closest I could get working is quite different from your desired image:

FROM ubuntu:20.04

RUN apt update && \
    apt install --no-install-recommends -y curl=7.\* unzip=6.\* maven=3.6.3-1 && \
    apt clean && \
    rm -rf /var/lib/apt/lists/* && \
    mkdir -p /usr/share/man/man1

Also note how I use apt rather than apt-get and I only do a single run (which makes a simpler image by having only a single layer) and only a single apt update and chain the things I want to install into a single apt install rather than separate ones. This is just quicker and easier.

However, if you want a maven build box, perhaps you'd be better advised using one of the prebuilt maven images from docker hub that are themselves based on openjdk images. For java the underlying linux distro rarely matters and the openjdk images are pretty well respected:

from maven:3.6.3-jdk-11
run apt update && apt install -y curl unzip && apt clean

Answer 3

This bug does not occur if using a newer version of Docker (tested with 20.10). If using an older version of Docker, I recommend switching to a previous version of the ubuntu image. I tested ubuntu:20.10 with Docker 19.03 and it worked just fine. This is discussed here: https://bugs.launchpad.net/cloud-images/+bug/1928218