NGINX signing key is out of date in Dockerfiles

[chris-dickson]

Describe the bug

Dockerfile.oss no longer builds anymore due to an out of date signing key

To reproduce

Steps to reproduce the behavior:

1. docker build -f Dockerfile.oss -t nginx-s3-gateway .
2. See error

   > [6/6] RUN set -eux     export DEBIAN_FRONTEND=noninteractive;     mkdir -p /var/cache/nginx/s3_proxy;     chown nginx:nginx /var/cache/nginx/s3_proxy;     chmod -R -v +x /docker-entrypoint.sh /docker-entrypoint.d/*.sh;     echo "deb [signed-by=/etc/apt/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/mainline/debian/ $(echo 1~bookworm | cut -f2 -d~) nginx" >> /etc/apt/sources.list.d/nginx.list;     apt-get update;     apt-get install --no-install-recommends --no-install-suggests --yes       curl       libedit2       nginx-module-njs=1.25.5+0.8.4-3~bookworm;     apt-get remove --purge --auto-remove --yes;     rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list:                    
   0.085 + mkdir -p /var/cache/nginx/s3_proxy                                                                                                                                         
   0.086 + chown nginx:nginx /var/cache/nginx/s3_proxy
   0.086 + chmod -R -v +x /docker-entrypoint.sh /docker-entrypoint.d/00-check-for-required-env.sh /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.d/22-enable_js_fetch_trusted_certificate.sh /docker-entrypoint.d/30-tune-worker-processes.sh
   0.090 mode of '/docker-entrypoint.sh' changed from 0644 (rw-r--r--) to 0755 (rwxr-xr-x)
   0.090 mode of '/docker-entrypoint.d/00-check-for-required-env.sh' retained as 0755 (rwxr-xr-x)
   0.090 mode of '/docker-entrypoint.d/10-listen-on-ipv6-by-default.sh' retained as 0755 (rwxr-xr-x)
   0.090 mode of '/docker-entrypoint.d/20-envsubst-on-templates.sh' retained as 0755 (rwxr-xr-x)
   0.090 mode of '/docker-entrypoint.d/22-enable_js_fetch_trusted_certificate.sh' retained as 0755 (rwxr-xr-x)
   0.090 mode of '/docker-entrypoint.d/30-tune-worker-processes.sh' retained as 0755 (rwxr-xr-x)
   0.091 + + echo 1~bookworm
   0.091 cut -f2 -d~
   0.091 + echo deb [signed-by=/etc/apt/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/mainline/debian/ bookworm nginx
   0.091 + apt-get update
   0.127 Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
   0.152 Get:2 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
   0.162 Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
   0.183 Get:4 http://deb.debian.org/debian bookworm/main arm64 Packages [8685 kB]
   0.313 Get:5 http://deb.debian.org/debian bookworm-updates/main arm64 Packages [13.7 kB]
   0.314 Get:6 http://deb.debian.org/debian-security bookworm-security/main arm64 Packages [157 kB]
   0.485 Get:7 https://nginx.org/packages/mainline/debian bookworm InRelease [2869 B]
   0.502 Err:7 https://nginx.org/packages/mainline/debian bookworm InRelease
   0.502   The following signatures were invalid: EXPKEYSIG ABF5BD827BD9BF62 nginx signing key <signing-key@nginx.com>
   0.958 Reading package lists...
   1.218 W: GPG error: https://nginx.org/packages/mainline/debian bookworm InRelease: The following signatures were invalid: EXPKEYSIG ABF5BD827BD9BF62 nginx signing key <signing-key@nginx.com>
   1.218 E: The repository 'https://nginx.org/packages/mainline/debian bookworm InRelease' is not signed.
   ------
   Dockerfile.oss:32
   --------------------
   31 |     
   32 | >>> RUN set -eux \
   33 | >>>     export DEBIAN_FRONTEND=noninteractive; \
   34 | >>>     mkdir -p /var/cache/nginx/s3_proxy; \
   35 | >>>     chown nginx:nginx /var/cache/nginx/s3_proxy; \
   36 | >>>     chmod -R -v +x /docker-entrypoint.sh /docker-entrypoint.d/*.sh; \
   37 | >>>     echo "deb [signed-by=/etc/apt/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/mainline/debian/ $(echo $PKG_RELEASE | cut -f2 -d~) nginx" >> /etc/apt/sources.list.d/nginx.list; \
   38 | >>>     apt-get update; \
   39 | >>>     apt-get install --no-install-recommends --no-install-suggests --yes \
   40 | >>>       curl \
   41 | >>>       libedit2 \
   42 | >>>       nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE}; \
   43 | >>>     apt-get remove --purge --auto-remove --yes; \
   44 | >>>     rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list
   45 |     
   --------------------
   ERROR: failed to solve: process "/bin/sh -c set -eux     export DEBIAN_FRONTEND=noninteractive;     mkdir -p /var/cache/nginx/s3_proxy;     chown nginx:nginx /var/cache/nginx/s3_proxy;     chmod -R -v +x /docker-entrypoint.sh /docker-entrypoint.d/*.sh;     echo \"deb [signed-by=/etc/apt/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/mainline/debian/ $(echo $PKG_RELEASE | cut -f2 -d~) nginx\" >> /etc/apt/sources.list.d/nginx.list;     apt-get update;     apt-get install --no-install-recommends --no-install-suggests --yes       curl       libedit2       nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE};     apt-get remove --purge --auto-remove --yes;     rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list" did not complete successfully: exit code: 100

Expected behavior

The container builds successfully

Your environment

Building OSS container from source on an Apple M2 Pro with Docker Desktop 4.27.1 (136059) (Engine v25.0.2)

[alessfg]

Heya @chris-dickson! Thanks for reporting the issue! https://github.com/nginxinc/nginx-s3-gateway/commit/2fcb617108499199756e0e8139bbac995bb01cdc should have fixed it the OSS Dockerfile!