bullseye: apt not working

[mnacharov]

Maintainer's note from @tianon: see docker-library/official-images#16829

---

pi@store:~$ docker pull arm32v7/debian:bullseye-slim
bullseye-slim: Pulling from arm32v7/debian
e5398822d76b: Already exists 
Digest: sha256:d6ee6ca6672f5ec285bbf4f3e1a88696624ac14af6479e57fa6feddaec8c09ba
Status: Downloaded newer image for arm32v7/debian:bullseye-slim
docker.io/arm32v7/debian:bullseye-slim
pi@store:~$ docker run -it --rm arm32v7/debian:bullseye-slim
root@eebb868f17ab:/# apt-get update
Get:1 http://deb.debian.org/debian bullseye InRelease [142 kB]
Get:2 http://security.debian.org/debian-security bullseye-security InRelease [44.1 kB]
Get:3 http://deb.debian.org/debian bullseye-updates InRelease [40.1 kB]
Err:2 http://security.debian.org/debian-security bullseye-security InRelease
  At least one invalid signature was encountered.
Err:1 http://deb.debian.org/debian bullseye InRelease
  At least one invalid signature was encountered.
Err:3 http://deb.debian.org/debian bullseye-updates InRelease
  At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://security.debian.org/debian-security bullseye-security InRelease: At least one invalid signature was encountered.
E: The repository 'http://security.debian.org/debian-security bullseye-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian bullseye InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian bullseye InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian bullseye-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian bullseye-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

[mnacharov]

Looks like it's docker issue
https://stackoverflow.com/a/64843925/3282927

pi@store:~$ docker run -it --rm arm32v7/debian:buster-slim /bin/date
Fri Mar 12 13:25:48 UTC 2021
pi@store:~$ docker run -it --rm arm32v7/debian:bullseye-slim /bin/date
Thu Jan  1 00:00:00 UTC 1970

[mnacharov]

same issue affected to alpine 3.13

pi@store:~$ docker run -it --rm arm32v7/alpine:3.12.4 /bin/date
Fri Mar 12 13:39:31 UTC 2021
pi@store:~$ docker run -it --rm arm32v7/alpine:3.13.2 /bin/date
Sun Jan  0 00:100:4174038  1900

[mnacharov]

looks related to linux kernel v4 v5 difference

[stappersg]

On Fri, Mar 12, 2021 at 05:44:52AM -0800, Mikhail Nacharov wrote: looks related to linux kernel v4 v5 difference

That observation plus my knowledge: Recent docker images need recent counter parts

[tianon]

This is the same as #106, #97 (for a couple other semi-recent examples). TLDR, you'll need to update your host, specifically to:

• Docker version 19.03.9 or newer
• libseccomp version 2.4.2 or newer

See moby/moby#40734 for more details around this (and similar issues).

Edit: see also docker-library/official-images#16829

[UncleTawnos]

actually the problem can lie in your free disk space. Especially if you're running docker on mac. It doesn't report it directly in this case, but well, freeing some images solved this issue for me. it silently can't download package manifest so it can't validate it. From "in-docker" OS perspective you have a plenty of disk space, so apt is unaware of the problem. Hope that will help others wasting time here ;)

[icsy7867]

I'm having this exact issue. Buster works fine. Bullseye is having this problem. Plenty of free space. Also tried clearing apt cache as well.

[tianon]

This is the same as #106, #97 (for a couple other semi-recent examples). TLDR, you'll need to update your host, specifically to:

• Docker version 19.03.9 or newer
• libseccomp version 2.4.2 or newer

See moby/moby#40734 for more details around this (and similar issues).

You might need to go as high as Docker 20.10.10+ depending on which version of the issue you're running into.

[icsy7867]

This is the same as #106, #97 (for a couple other semi-recent examples). TLDR, you'll need to update your host, specifically to:

• Docker version 19.03.9 or newer
• libseccomp version 2.4.2 or newer

See moby/moby#40734 for more details around this (and similar issues).

You might need to go as high as Docker 20.10.10+ depending on which version of the issue you're running into.

I'm running 20.10.12 on Buster arm.

Also I noticed that
docker run -it debian:bullseye date returns

January 1 00:00:00 1970

However on Buster I get the correct date.

[tianon]

You need newer libseccomp too.

[icsy7867]

I was able to bandaid this on Buster.

sudo vi /etc/apt/sources.list
### Add the backports repo
deb http://deb.debian.org/debian buster-backports main

### Add GPG Keys
gpg --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC
gpg --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
gpg --export 04EE7237B7D453EC | sudo apt-key add -
gpg --export 648ACFD622F3D138 | sudo apt-key add -

### Install libseccomp from backports:
sudo apt install -t buster-backports libseccomp-dev

[ChengLiPP]

fixed mine with a simple

docker system prune

Check here https://stackoverflow.com/a/65524014, hope it helps anyone