I noticed that when building the image using the latest Dockerfile, an outdated version of tor is being installed.
The reason seems to be that the signing keys are expired:
The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key
I think the issue lies with the fact that deb.torproject.org-keyring and tor are being installed in the same transaction, meaning that when apt checks which version of tor to install, the keys are not yet updated.
I noticed that when building the image using the latest Dockerfile, an outdated version of tor is being installed. The reason seems to be that the signing keys are expired:
The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key
I think the issue lies with the fact that
deb.torproject.org-keyring
andtor
are being installed in the same transaction, meaning that when apt checks which version of tor to install, the keys are not yet updated.https://github.com/chriswayg/tor-server/blob/2a9ed8e92bab080f0d7623324a5e89ddf1e5cdc6/Dockerfile#L38-L43
I resolved the issue by first executing
apt-get install deb.torproject.org-keyring
on its own, before installingtor
: