I am trying to build and deploy microservices images to a single-node Kubernetes cluster running on my development machine using minikube. I am using the cloud-native microservices demo application Online Boutique by Google to understand the use of technologies like Kubernetes, Istio etc.
Link to github repo: microservices-demo
While following the installation process, and on running command skaffold run
to build and deploy my application, I get some errors:
Step 10/11 : RUN apt-get -qq update && apt-get install -y --no-install-recommends curl
---> Running in 43d61232617c
W: GPG error: http://deb.debian.org/debian buster InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian buster InRelease' is not signed.
W: GPG error: http://deb.debian.org/debian buster-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian buster-updates InRelease' is not signed.
W: GPG error: http://security.debian.org/debian-security buster/updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://security.debian.org/debian-security buster/updates InRelease' is not signed.
failed to build: couldn't build "loadgenerator": unable to stream build output: The command '/bin/sh -c apt-get -qq update && apt-get install -y --no-install-recommends curl' returned a non-zero code: 100
I receive these errors when trying to build loadgenerator. How can I resolve this issue?
Make your own sid image in x64
# variables
$WORKPLACE=/space_change_me
$BASEIMG=debian:buster
$TAG=my/debian
$RELEASE=sid
$PLATFORM=arm
# multiarch preparation
apt-get update
apt-get -y install apt-transport-https ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get -y install qemu binfmt-support qemu-user-static docker-ce byobu make
export DOCKER_CLI_EXPERIMENTAL=enabled
#build image
docker run -i --rm -v $WORKPLACE:/data $BASEIMG /bin/bash << EOF
export DEBIAN_FRONTEND="noninteractive"
apt-get -y update
apt-get -y install debootstrap
debootstrap --verbose --include=iputils-ping --arch $PLATFORM $RELEASE /data/$RELEASE-$PLATFORM $REPO
chroot /data/$RELEASE-$PLATFORM/ /bin/bash << SEOF
export DEBIAN_FRONTEND="noninteractive"
apt-get -y update
apt-get -y upgrade
apt-get -y clean
SEOF
rm -R /data/$RELEASE-$PLATFORM/debootstrap
EOF
cd $WORKPLACE/$RELEASE-$PLATFORM
tar cpf - . | docker import - $TAG:$RELEASE-$PLATFORM --platform $PLATFORM
docker save $TAG:$RELEASE-$PLATFORM > debian-$RELEASE-$PLATFORM.tar
You can load later in the arm host with
cat debian-$RELEASE-$PLATFORM.tar |docker load
At least one invalid signature was encountered
The error suggests that one of the files in /var/lib/apt/lists
consist at least one invalid/corrupted signature (could be the result of apt-key
misuse or something else).
Try to run Apt update with the debug messages:
apt-get -oDebug::pkgAcquire::Worker=1 update
which should point you to the corrupted file, e.g.
0% Working <- gpgv:400%20URI%20Failure%0aMessage:%20At%20least%20one%20invalid%20signature%20was%20encountered.%0aURI:%20gpgv:/var/lib/apt/lists/partial/CorruptedFile_InRelease
Edit the file, find and remove the corrupted parts, or remove the whole file, so it can be recreated.
There are a few reasons why you encounter these errors:
There might be an issue with the existing cache and/or disc space. In order to fix it you need to clear the APT cache by executing: sudo apt-get clean
and sudo apt-get update
.
The same goes with existing docker images. Execute: docker image prune -f
and docker container prune -f
in order to remove unused data and free disc space.
If you don't care about the security risks, you can try to run the apt-get
command with the --allow-unauthenticated
or --allow-insecure-repositories
flag. According to the docs:
Ignore if packages can't be authenticated and don't prompt about it. This can be useful while working with local repositories, but is a huge security risk if data authenticity isn't ensured in another way by the user itself.
Please let me know if that helped.
I had this same issue and none of the previous responses saying to prune images or containers worked. The reason was that my Docker Build Cache was taking up the bulk of the space. Running the below command fixed the issue:
docker system prune
You can then check to see if it worked by running:
docker system df
UPDATE:
The above command will clear the whole Docker system. If you want to clear only the build cache, you can do it with the below command (credit to saraf.gahl):
docker builder prune
The reason I usually see this is because docker has run out of disk space, which is frustrating because the error gives little indication that this is the problem. First try cleaning up images and containers you don't need using the prune
command https://docs.docker.com/config/pruning/.
$ docker image prune
$ docker container prune
If you have a lot of images accumulated and want to remove all of them that aren't associated with an existing container try:
$ docker image prune -a
Or you can remove only older images:
$ docker image prune -a --filter "until=24h"
Finally, on MacOS, where Docker runs inside a dedicated VM, you may need to increase the disk available to Docker from the Docker Desktop application (Settings -> Resources -> Advanced -> Disk image size).
I think that is related to some LSM component of the docker official image (in this case armhf) and exec/capabilities permissions. In this simple case sid flavour is unable to handle time corectly. And this related to the certificate check, is the cause of invalid signature. It happends too in ubuntu focal.
# docker run -it debian:buster /bin/date
Sun Nov 15 11:30:44 UTC 2020
# docker run -it debian:sid /bin/date
Thu Jan 1 00:00:00 UTC 1970
@Jack Kawell got it right.
docker builder prune
This command does the trick. Beware of the command "docker system prune" as this would delete all your images (very destructive). The builder prune only deletes the build cache that is where your have all your previous (cached) builds steps.
I had the same problem. It looks like it was lack of space. I've removed old images and it started to work.
$ docker images
Select the ones you don't care anymore (to delete).
$ docker rmi <image_id>
None of these worked for me. This command did the trick though:
docker volume prune
Literally had 249GB worth of volumes that I was able to reclaim.
I tried a few of the above answers, and none of them worked for me. The real trigger was when I used --allow-unauthenticated
and --allow-insecure-repositories
from @Wytrzymały Wiktor's answer, and I got a notification showing
tar: ./conffiles: Cannot utime: Operation not permitted
tar: ./control: Cannot utime: Operation not permitted
tar: ./md5sums: Cannot utime: Operation not permitted
tar: ./postinst: Cannot utime: Operation not permitted
tar: .: Cannot utime: Operation not permitted
tar: Exiting with failure status due to previous errors
This lead me down a route where I found this post which suggested that the issue may be where libseccomp2 was outdated.
The fix there was to do:
# Get signing keys to verify the new packages, otherwise they will not install
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
# Add the Buster backport repository to apt sources.list
echo 'deb http://httpredir.debian.org/debian buster-backports main contrib non-free' | sudo tee -a /etc/apt/sources.list.d/debian-backports.list
sudo apt update ; sudo apt install libseccomp2 -t buster-backports
Note that this assumes that you're using Raspbian and a version of docker after 19.04