NGINX signing key is out of date in Dockerfiles
chris-dickson opened this issue · comments
Describe the bug
Dockerfile.oss
no longer builds anymore due to an out of date signing key
To reproduce
Steps to reproduce the behavior:
docker build -f Dockerfile.oss -t nginx-s3-gateway .
- See error
> [6/6] RUN set -eux export DEBIAN_FRONTEND=noninteractive; mkdir -p /var/cache/nginx/s3_proxy; chown nginx:nginx /var/cache/nginx/s3_proxy; chmod -R -v +x /docker-entrypoint.sh /docker-entrypoint.d/*.sh; echo "deb [signed-by=/etc/apt/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/mainline/debian/ $(echo 1~bookworm | cut -f2 -d~) nginx" >> /etc/apt/sources.list.d/nginx.list; apt-get update; apt-get install --no-install-recommends --no-install-suggests --yes curl libedit2 nginx-module-njs=1.25.5+0.8.4-3~bookworm; apt-get remove --purge --auto-remove --yes; rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list:
0.085 + mkdir -p /var/cache/nginx/s3_proxy
0.086 + chown nginx:nginx /var/cache/nginx/s3_proxy
0.086 + chmod -R -v +x /docker-entrypoint.sh /docker-entrypoint.d/00-check-for-required-env.sh /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.d/22-enable_js_fetch_trusted_certificate.sh /docker-entrypoint.d/30-tune-worker-processes.sh
0.090 mode of '/docker-entrypoint.sh' changed from 0644 (rw-r--r--) to 0755 (rwxr-xr-x)
0.090 mode of '/docker-entrypoint.d/00-check-for-required-env.sh' retained as 0755 (rwxr-xr-x)
0.090 mode of '/docker-entrypoint.d/10-listen-on-ipv6-by-default.sh' retained as 0755 (rwxr-xr-x)
0.090 mode of '/docker-entrypoint.d/20-envsubst-on-templates.sh' retained as 0755 (rwxr-xr-x)
0.090 mode of '/docker-entrypoint.d/22-enable_js_fetch_trusted_certificate.sh' retained as 0755 (rwxr-xr-x)
0.090 mode of '/docker-entrypoint.d/30-tune-worker-processes.sh' retained as 0755 (rwxr-xr-x)
0.091 + + echo 1~bookworm
0.091 cut -f2 -d~
0.091 + echo deb [signed-by=/etc/apt/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/mainline/debian/ bookworm nginx
0.091 + apt-get update
0.127 Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
0.152 Get:2 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
0.162 Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
0.183 Get:4 http://deb.debian.org/debian bookworm/main arm64 Packages [8685 kB]
0.313 Get:5 http://deb.debian.org/debian bookworm-updates/main arm64 Packages [13.7 kB]
0.314 Get:6 http://deb.debian.org/debian-security bookworm-security/main arm64 Packages [157 kB]
0.485 Get:7 https://nginx.org/packages/mainline/debian bookworm InRelease [2869 B]
0.502 Err:7 https://nginx.org/packages/mainline/debian bookworm InRelease
0.502 The following signatures were invalid: EXPKEYSIG ABF5BD827BD9BF62 nginx signing key <signing-key@nginx.com>
0.958 Reading package lists...
1.218 W: GPG error: https://nginx.org/packages/mainline/debian bookworm InRelease: The following signatures were invalid: EXPKEYSIG ABF5BD827BD9BF62 nginx signing key <signing-key@nginx.com>
1.218 E: The repository 'https://nginx.org/packages/mainline/debian bookworm InRelease' is not signed.
------
Dockerfile.oss:32
--------------------
31 |
32 | >>> RUN set -eux \
33 | >>> export DEBIAN_FRONTEND=noninteractive; \
34 | >>> mkdir -p /var/cache/nginx/s3_proxy; \
35 | >>> chown nginx:nginx /var/cache/nginx/s3_proxy; \
36 | >>> chmod -R -v +x /docker-entrypoint.sh /docker-entrypoint.d/*.sh; \
37 | >>> echo "deb [signed-by=/etc/apt/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/mainline/debian/ $(echo $PKG_RELEASE | cut -f2 -d~) nginx" >> /etc/apt/sources.list.d/nginx.list; \
38 | >>> apt-get update; \
39 | >>> apt-get install --no-install-recommends --no-install-suggests --yes \
40 | >>> curl \
41 | >>> libedit2 \
42 | >>> nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE}; \
43 | >>> apt-get remove --purge --auto-remove --yes; \
44 | >>> rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list
45 |
--------------------
ERROR: failed to solve: process "/bin/sh -c set -eux export DEBIAN_FRONTEND=noninteractive; mkdir -p /var/cache/nginx/s3_proxy; chown nginx:nginx /var/cache/nginx/s3_proxy; chmod -R -v +x /docker-entrypoint.sh /docker-entrypoint.d/*.sh; echo \"deb [signed-by=/etc/apt/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/mainline/debian/ $(echo $PKG_RELEASE | cut -f2 -d~) nginx\" >> /etc/apt/sources.list.d/nginx.list; apt-get update; apt-get install --no-install-recommends --no-install-suggests --yes curl libedit2 nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE}; apt-get remove --purge --auto-remove --yes; rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list" did not complete successfully: exit code: 100
Expected behavior
The container builds successfully
Your environment
Building OSS container from source on an Apple M2 Pro with Docker Desktop 4.27.1 (136059) (Engine v25.0.2)
Heya @chris-dickson! Thanks for reporting the issue! 2fcb617 should have fixed it the OSS Dockerfile!