search

kevinzfjiang / dockerfile

MIT License
0 stars 0 forks source link

ERROR: glibc-ldconfig-trigger-1.0-r0.apk: UNTRUSTED signature #2

Closed jiatern closed 4 months ago

jiatern commented 4 months ago

Hi,

I recently encounter this error when installing glibc with error ERROR: glibc-ldconfig-trigger-1.0-r0.apk: UNTRUSTED signature.

The same dockerfile used to work but now even with alpine-4.18 it returns the following error. Do you have any idea how to solve this?

7.133 Downloading glibc (https://github.com/jlesage/glibc-bin-multiarch/releases/download/2.31-r1/glibc-bin-2.31-r1-x86_64.tar.gz)...
######################################################################## 100.0%
9.718 Installing glibc...
9.722 strip: /usr/glibc-compat/bin/mtrace: file format not recognized
9.723 strip: /usr/glibc-compat/bin/ldd: file format not recognized
9.723 strip: /usr/glibc-compat/bin/xtrace: file format not recognized
9.729 strip: /usr/glibc-compat/bin/catchsegv: file format not recognized
9.733 strip: /usr/glibc-compat/bin/tzselect: file format not recognized
9.734 strip: /usr/glibc-compat/bin/sotruss: file format not recognized
9.752 strip: /usr/glibc-compat/lib/libm.a: file format not recognized
9.796 strip: /usr/glibc-compat/lib/libm.so: file format not recognized
10.25 strip: /usr/glibc-compat/lib/gconv/gconv-modules: file format not recognized
10.39 strip: /usr/glibc-compat/lib/libc.so: file format not recognized
11.01 writing RSA key
11.01 >>>
11.01 >>> You'll need to install /home/abuild/.abuild/-66405f37.rsa.pub into
11.01 >>> /etc/apk/keys to be able to install packages and repositories signed with
11.01 >>> /home/abuild/.abuild/-66405f37.rsa
11.01 >>>
11.01 >>> Please remember to make a safe backup of your private key:
11.01 >>> /home/abuild/.abuild/-66405f37.rsa
11.01 >>>
11.02 >>> glibc-ldconfig-trigger: Building /glibc-ldconfig-trigger 1.0-r0 (using abuild 3.11.1-r0) started Sun, 12 May 2024 06:18:32 +0000
11.03 >>> glibc-ldconfig-trigger: Checking sanity of /tmp/APKBUILD...
11.03 >>> WARNING: glibc-ldconfig-trigger: No maintainer
11.03 >>> glibc-ldconfig-trigger: Analyzing dependencies...
11.04 >>> glibc-ldconfig-trigger: Cleaning up srcdir
11.04 >>> glibc-ldconfig-trigger: Cleaning up pkgdir
11.04 >>> WARNING: glibc-ldconfig-trigger: APKBUILD does not run any tests!
11.04     Alpine policy will soon require that packages have any relevant testsuites run during the build process.
11.04     To fix, either define a check() function, or declare !check in $options to indicate the package does not have a testsuite.
11.04 >>> glibc-ldconfig-trigger: Entering fakeroot...
11.17 >>> glibc-ldconfig-trigger*: Running postcheck for glibc-ldconfig-trigger
11.17 >>> glibc-ldconfig-trigger*: Preparing package glibc-ldconfig-trigger...
11.18 >>> glibc-ldconfig-trigger*: Script found. /bin/sh added as a dependency for glibc-ldconfig-trigger-1.0-r0.apk
11.18 >>> glibc-ldconfig-trigger*: Adding .trigger
11.19 >>> glibc-ldconfig-trigger*: Tracing dependencies...
11.19 >>> glibc-ldconfig-trigger*: Package size: 4.0 KB
11.19 >>> glibc-ldconfig-trigger*: Compressing data...
11.19 >>> glibc-ldconfig-trigger*: Create checksum...
11.21 >>> glibc-ldconfig-trigger*: Create glibc-ldconfig-trigger-1.0-r0.apk
11.22 >>> glibc-ldconfig-trigger: Build complete at Sun, 12 May 2024 06:18:32 +0000 elapsed time 0h 0m 0s
11.22 >>> glibc-ldconfig-trigger: Cleaning up srcdir
11.22 >>> glibc-ldconfig-trigger: Cleaning up pkgdir
11.22 >>> glibc-ldconfig-trigger: Updating the /x86_64 repository index...
11.22 ERROR: glibc-ldconfig-trigger-1.0-r0.apk: UNTRUSTED signature
11.22 >>> ERROR: glibc-ldconfig-trigger: Failed to create index
jiatern commented 4 months ago

I tried this workaround, so far it worked. But not sure if this is a proper way:

I replaced this part

&& install-glibc \
&& add-pkg font-wqy-zenhei --repository https://dl-cdn.alpinelinux.org/alpine/edge/community \
&& cd /tmp \
&& wget -q http://downloads.rclone.org/rclone-${RCLONE_VERSION}-linux-${ARCH}.zip \

with

&& add-pkg font-wqy-zenhei --repository https://dl-cdn.alpinelinux.org/alpine/edge/community \
&& cd /tmp \
&& wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub \
&& wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.35-r1/glibc-2.35-r1.apk \
&& apk add glibc-2.35-r1.apk \
&& rm glibc-2.35-r1.apk \
&& wget -q http://downloads.rclone.org/rclone-${RCLONE_VERSION}-linux-${ARCH}.zip \

Basically instead of install-glibc, I manually download glibc package, install it and remove the file.

kevinzfjiang commented 4 months ago

Thank you for the workaround solution. It works on my side as well, and the workaround has been applied to my personal Dockerfile. The latest Docker Hub image is yadiman/rclonebrowser:20240513, built from this latest Dockerfile.

Actually, the old Dockerfile was able to successfully build the image in March (Docker Hub image: yadiman/rclonebrowser:20240313). However, it seems that there is a defect in the 'install-glibc' command, as its public signing key has changed. This command is a built-in on the baseimage 'jlesage/baseimage-gui'.

Once the built-in defect is fixed, the workaround will be replaced.

kevinzfjiang commented 4 months ago

issue closed