本文介绍使用python-slim执行apt-get update时候碰到的GPG error问题。
- 现象描述
基于如下Dockerfile构建目标镜像
1 | FROM python:3.12-slim |
碰到类似如下描述的问题
1 | W: GPG error: http://deb.debian.org/debian bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481 |
- 原因
It is Docker with libseccomp so a newer syscall used in Debian Bookworm packages/libs is being blocked. libseccomp lets you configure allowed syscalls for a process. Docker sets a default seccomp profile for all containers such that only certain syscalls are allowed and everything else is blocked (so, newer syscalls that are not yet known to libseccomp or docker are blocked).
python:3.9 - Failed run apt update from the last version of the image #837
简单解释就是官方的Python镜像升级,构建python镜像的基础镜像从原来的debian10 buster升级到debian12 bookworm, 在此情况下很多bookworm采用的新的系统调用被libseccomp屏蔽掉了,因此执行报错。
- 解决方案
本人采用的解决方案为更新基础镜像。
1 | # FROM python:3.12-slim |
其他可能可行的解决方案
- Update libseccomp and docker on the host running the containers.
- Add the following in the Dockerfile:
1 | RUN mv -i /etc/apt/trusted.gpg.d/debian-archive-*.asc /root/ |