GPG error while installing packages

[briemla]

Installing packages fails because one of the GPG signatures is invalid. Is it possible to update GPG signatures before installing the packages?

Minimal working example to reproduce the failure:

devcontainer.json:

{
    "name": "OTLabels",
    "image": "mcr.microsoft.com/devcontainers/python:3.10-bullseye",
    "features": {
        "ghcr.io/rocker-org/devcontainer-features/apt-packages:1": {
            "packages": "libgl1,gdal-bin,libgdal-dev"
        }
    }
}

Failure:

#0 2.303 W: GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <yarn@dan.cx>
#0 2.303 E: The repository 'https://dl.yarnpkg.com/debian stable InRelease' is not signed.
#0 2.305 ERROR: Feature "apt packages" (ghcr.io/rocker-org/devcontainer-features/apt-packages) failed to install!

There is also a stackoverflow article which covers the topic: https://askubuntu.com/questions/1306111/why-yarn-key-update-failes-all-the-time-gpg-error-https-dl-yarnpkg-com-debia

[eitsupi]

I think you need to do that on the Dockerfile. That means something like:

{
    "name": "OTLabels",
    "build": {
      "dockerfile": "Dockerfile"
    },
    "features": {
        "ghcr.io/rocker-org/devcontainer-features/apt-packages:1": {
            "packages": "libgl1,gdal-bin,libgdal-dev"
        }
    }
}

FROM mcr.microsoft.com/devcontainers/python:3.10-bullseye
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor > /usr/share/keyrings/yarn-archive-keyring.gpg

By the way, since this image seems to have been updated you could simply pull the new image and this would solve this. Please check devcontainers/images#370