search

OSTEsayed / OSTE-Meta-Scan

The OSTE meta scanner is a comprehensive web vulnerability scanner that combines multiple DAST scanners, including Nikto Scanner, ZAP, Nuclei, SkipFish, and Wapiti.
https://github.com/OSTEsayed/OSTE-Meta-Scan
GNU General Public License v3.0
241 stars 28 forks source link

Invalid signature while building docker #3

Closed gregfr closed 4 months ago

gregfr commented 4 months ago

Greetings I'm trying to build the docker container as per instructed ; here is the output:

docker build -t metascan .
Sending build context to Docker daemon  1.306MB
Step 1/8 : FROM kalilinux/kali-rolling
latest: Pulling from kalilinux/kali-rolling
b8db5b66eb9d: Pull complete 
Digest: sha256:d8f94cac6e035bf63c956d8663088ad335680bd4cd6b3a73226d8a656cafec46
Status: Downloaded newer image for kalilinux/kali-rolling:latest
 ---> 20d1b14b7bb9
Step 2/8 : RUN apt update -y
 ---> Running in 46d110c1e468

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Get:1 http://kali.download/kali kali-rolling InRelease [41.5 kB]
Err:1 http://kali.download/kali kali-rolling InRelease
  At least one invalid signature was encountered.
Reading package lists...
W: GPG error: http://kali.download/kali kali-rolling InRelease: At least one invalid signature was encountered.
E: The repository 'http://http.kali.org/kali kali-rolling InRelease' is not signed.
The command '/bin/sh -c apt update -y' returned a non-zero code: 100

Any idea how I can pass this?

Thanks in advance

Regards

OSTEsayed commented 4 months ago

Here are a few steps you can try to resolve this issue:

Retry the Build: Sometimes, GPG key issues can be temporary. You can try running the build command again to see if the issue resolves itself.

Update GPG Keys: You can manually update the GPG keys for the Kali Linux repositories by running the following commands inside the Dockerfile, before the apt update command:

Add this befor the apt update line :

RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys ED444FF07D8D0BF6

This command fetches the GPG key for the Kali Linux repository. Make sure to place this command before the apt update command.

Network Issues: Sometimes, network issues can cause problems with fetching repository metadata and GPG keys. Ensure that your Docker host has a stable internet connection and can access the Kali Linux repository.

Alternatives : Consider using normal installation of requirements into your local environment instead of docker build (follow the steps in the README) . if the issue persists.

gregfr commented 4 months ago

Thanks for your answer. I googled the problem and it seems pretty commun, however they are no working solution that I can find. Kali docker images doesn't provide wget, curl, or gpg, therefore I see no way to download and/or validate anything. I even tried apt update -oAcquire::AllowInsecureRepositories=true. But it seems to be a flaw in Kali, not OSTE meta scan.

OSTEsayed commented 4 months ago

I HAVE AN ODD SOLUTION Since it can also be a network connectivity issue "probebly it can't insure acess to kali repository " try to Use Vpn while building the Docker.

As i said if the problem persists you can alwayse do normal installation of the OSTE-Meta-Scanner requirments by following the installation steps rather than the docker build.

gregfr commented 4 months ago

Nice idea :) I finally find out that you need the latest version of Docker: when switching to another host (with a more recent docker), it's building. Thanks a lot for the fast support :pray:

OSTEsayed commented 4 months ago

Happy to hear you find solution. Hope you find this tool helpful. Kind regards.