search

openhab / openhab-docker

Repository for building Docker containers for openHAB
https://www.openhab.org/
Eclipse Public License 2.0
209 stars 128 forks source link

apt update / apt install fails #373

Closed alexf2015 closed 2 years ago

alexf2015 commented 2 years ago

Summary

apt fails with signature error since openhab 3.1.1.

Expected Behavior

In openhab 3.1.0 it was possible to run apt update and apt install to add missing packages. This was necessary as network binding requires "iputils--ping" to work properly. See also https://github.com/openhab/openhab-addons/issues/10675

Current Behavior

apt update already fails with a fatal error:

root@openhab-test:/openhab# apt update
Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]
Get:2 http://security.debian.org/debian-security bullseye-security InRelease [44.1 kB]
Get:3 http://deb.debian.org/debian bullseye-updates InRelease [39.4 kB]
Err:2 http://security.debian.org/debian-security bullseye-security InRelease
  At least one invalid signature was encountered.
Err:1 http://deb.debian.org/debian bullseye InRelease
  At least one invalid signature was encountered.
Err:3 http://deb.debian.org/debian bullseye-updates InRelease
  At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://security.debian.org/debian-security bullseye-security InRelease: At least one invalid signature was encountered.
E: The repository 'http://security.debian.org/debian-security bullseye-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian bullseye InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian bullseye InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian bullseye-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian bullseye-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Possible Solution

Steps to Reproduce

run a fresh instance of openhab 3.2.0 on a raspberry pi. run a bash shell inside the container and execute "apt update"

Context

I need to install iputils-ping to be able to use the network binding.

Your Environment

Raspberry Pi3 with Raspberry Pi OS and Docker installed

Image

Docker Host

wborn commented 2 years ago

These apt commands work fine for me in the OH 3.2.0 Debian based amd64/arm64 images. I currently don't have a 32-bit ARM OS running somewhere to test this on.

alexf2015 commented 2 years ago

You are right, on amd64 it works just fine. Unfortunately I do not want to run openhab on my Synology NAS.

wborn commented 2 years ago

These apt commands also work fine on my Raspberry Pi 3B when running a 32-bit Raspberry Pi OS and when using the openhab:3.2.0 linux/arm/v7 image:

aptarmhf

alexf2015 commented 2 years ago

This is really weird. The main difference between your and my setup is the OS version on the PI itself. I am still on buster but that should not make any difference I believe. I tried it on two of my Raspberry Pi devices and it is the same on both.

alexf2015 commented 2 years ago

So yes it is related to the host operating system. On buster it does not work, the error above occours. I did a in place upgrade to bullseye (as discribed here https://www.linuxmaker.com/tutorials/upgrade-von-debian-10-buster-zu-debian-11-bulleye.html) and afterwards it works fine. Still, I wonder why the container has a different behaviour dependeing on the host environment. This should not happen and in my opinion the container should also support older OS versions like Debian/Raspbian 10.

wborn commented 2 years ago

If you have the same issues with apt when using the base debian:11 image there is probably not much to fix in the openHAB image and you will have similar issues with any other Debian 11 based image on your Docker host.

Maybe it can be fixed by updating libseccomp2 on your Debian 10 host? See this community thread.

alexf2015 commented 2 years ago

Yes, same issue with debian:11 base image.

wborn commented 2 years ago

Let's close this because it needs to be fixed on your Docker host by either updating libseccomp2 or your OS.