You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@solr.apache.org by gnandre <ar...@gmail.com> on 2023/06/01 16:38:40 UTC
Not able to create custom Solr docker image on top of the base image (Solr 9.2.1)
Hi,
I am running into the following issue while creating a custom docker image
on top of the official Solr docker image (9.2.1).
The key(s) in the keyring
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the
file is not readable by user '_apt' executing apt-key
Because of this, it further fails with the following error message:
http://archive.ubuntu.com/ubuntu jammy InRelease: The following signatures
couldn't be verified because the public key is not available: NO_PUBKEY
871920D1991BC93C
It fails on the RUN step. What might be the problem? Is this a genuine
issue with the base image?
FROM solr:9.2.1
USER root
RUN apt-get update && \
apt-get upgrade --yes && \
apt-get install --yes locales
Re: Not able to create custom Solr docker image on top of the base image (Solr 9.2.1)
Posted by gnandre <ar...@gmail.com>.
Thanks, Chris. I tried this workflow with Debian 11 and I can confirm that
I am no longer running into this issue anymore
On Fri, Jun 2, 2023 at 6:36 PM Chris Hostetter <ho...@fucit.org>
wrote:
>
> : FWIW, if I just replace FROM solr:9.2.1 with FROM solr:8.5.2, I do not
> run
> : into these issues.
> : 8.5.2 is our current prod version.
> :
> : That is why I was thinking maybe there is something in the base image
> that
> : is causing this.
>
> Did you read all the details in the link Jan provided?
>
> The underlying base linux image of solr:8.5.2 (inherited via our jdk
> base image) is Debian 11, while solr:9.2.1 is based on Ubuntu 22.04.
>
> So just saying that using 8.5.2 as your base image doesn't have this
> problem doesn't really rule out the explanation Jan offered -- it's
> consistent with the offered explanation.
>
> 1) what is the output of your `docker version` ?
>
> 2) have you tried a test Dockerfile that directly extends 'ubuntu:22.04'
> to see if that rules out anything related to solr/openjdk as the problem?
>
> 3) have you tried upgrading docker ? (or aparently just upgrading `runc`
> can help? ... not really clear)
>
>
> -Hoss
> http://www.lucidworks.com/
>
Re: Not able to create custom Solr docker image on top of the base image (Solr 9.2.1)
Posted by Chris Hostetter <ho...@fucit.org>.
: FWIW, if I just replace FROM solr:9.2.1 with FROM solr:8.5.2, I do not run
: into these issues.
: 8.5.2 is our current prod version.
:
: That is why I was thinking maybe there is something in the base image that
: is causing this.
Did you read all the details in the link Jan provided?
The underlying base linux image of solr:8.5.2 (inherited via our jdk
base image) is Debian 11, while solr:9.2.1 is based on Ubuntu 22.04.
So just saying that using 8.5.2 as your base image doesn't have this
problem doesn't really rule out the explanation Jan offered -- it's
consistent with the offered explanation.
1) what is the output of your `docker version` ?
2) have you tried a test Dockerfile that directly extends 'ubuntu:22.04'
to see if that rules out anything related to solr/openjdk as the problem?
3) have you tried upgrading docker ? (or aparently just upgrading `runc`
can help? ... not really clear)
-Hoss
http://www.lucidworks.com/
Re: Not able to create custom Solr docker image on top of the base image (Solr 9.2.1)
Posted by gnandre <ar...@gmail.com>.
Ok, I tried direct docker build and am still running into the same issue.
01:58:26 |base|gnandre@ah-gnandre-l docker ±|solr_9-2-1 ✗|→ docker build
-t test/test:9.2.1-SNAPSHOT -f Dockerfile .
[+] Building 33.1s (6/23)
=> [internal] load build definition from Dockerfile
0.1s
=> => transferring dockerfile: 2.35kB
0.0s
=> [internal] load .dockerignore
0.0s
=> => transferring context: 350B
0.0s
=> [internal] load metadata for docker.io/library/solr:9.2.1
0.2s
=> [1/19] FROM
docker.io/library/solr:9.2.1@sha256:6ccb04c2023108c5e1fd442a988105bba9f811fda7bad07e3c5f8b53588710d1
25.3s
=> => resolve
docker.io/library/solr:9.2.1@sha256:6ccb04c2023108c5e1fd442a988105bba9f811fda7bad07e3c5f8b53588710d1
0.0s
=> =>
sha256:0d0e0ecb256ae3e8b7625494ed35189f845766552b7159a17f634706e28a9687
17.05MB / 17.05MB
4.5s
=> =>
sha256:6ccb04c2023108c5e1fd442a988105bba9f811fda7bad07e3c5f8b53588710d1
1.21kB / 1.21kB
0.0s
=> =>
sha256:1834fb31cef88412abd38ce6974066c01862735866d795be8d4d28a214981b9d
17.86kB / 17.86kB
0.0s
=> =>
sha256:1bc677758ad7fa4503417ae5be18809c5a8679b5b36fcd1464d5a8e41cb13305
30.43MB / 30.43MB
4.9s
=> =>
sha256:ea22efe92db6c2cde26dcc95a3749f4e3253712695b88b2e75f389945584a883
2.21kB / 2.21kB
0.0s
=> =>
sha256:212512b6dedf98570eba8badaed0483b69b98f2cce832ac2ad06c6513b35e6a8
47.01MB / 47.01MB
8.0s
=> =>
sha256:648d9d5446958f872ce7d9a5d6cc809701342f8c8db5d870f260d8c0eb4376ed
160B / 160B
4.6s
=> =>
sha256:ae4d1091c493de5ef0ceda99af55bb9446b4f6cc21399b63a1fb3b995094c3af
278.99MB / 278.99MB
16.6s
=> =>
sha256:5848e44a1a2f337260d6d21b573c30ae907f296e9ab12a6c7e46226255b78dec
4.29kB / 4.29kB
5.0s
=> => extracting
sha256:1bc677758ad7fa4503417ae5be18809c5a8679b5b36fcd1464d5a8e41cb13305
1.8s
=> =>
sha256:ddd2db2e437b6b94911aeae06676ee2ecfec99685f4e2184d190457579e26dad
220B / 220B
5.5s
=> =>
sha256:e68c340673268f3429a98d11d98f2497a5208ca93b73511bd92dc4ffd24aaeb1
8.27kB / 8.27kB
5.7s
=> =>
sha256:9ab7d551d9e855a33bf2fcc4516dee17c68057ca03f717944c8f4b8f1d0f9c34
1.83MB / 1.83MB
7.0s
=> => extracting
sha256:0d0e0ecb256ae3e8b7625494ed35189f845766552b7159a17f634706e28a9687
1.1s
=> => extracting
sha256:212512b6dedf98570eba8badaed0483b69b98f2cce832ac2ad06c6513b35e6a8
1.9s
=> => extracting
sha256:648d9d5446958f872ce7d9a5d6cc809701342f8c8db5d870f260d8c0eb4376ed
0.0s
=> => extracting
sha256:ae4d1091c493de5ef0ceda99af55bb9446b4f6cc21399b63a1fb3b995094c3af
5.4s
=> => extracting
sha256:5848e44a1a2f337260d6d21b573c30ae907f296e9ab12a6c7e46226255b78dec
0.1s
=> => extracting
sha256:ddd2db2e437b6b94911aeae06676ee2ecfec99685f4e2184d190457579e26dad
0.0s
=> => extracting
sha256:e68c340673268f3429a98d11d98f2497a5208ca93b73511bd92dc4ffd24aaeb1
0.0s
=> => extracting
sha256:9ab7d551d9e855a33bf2fcc4516dee17c68057ca03f717944c8f4b8f1d0f9c34
0.1s
=> [internal] load build context
6.9s
=> => transferring context: 681.71MB
6.9s
=> ERROR [2/19] RUN apt-get update && apt-get upgrade --yes &&
apt-get install --yes locales && apt-get install -y vim && apt-get
install -y wget && apt-get install -y curl && a 7.5s
------
> [2/19] RUN apt-get update && apt-get upgrade --yes && apt-get
install --yes locales && apt-get install -y vim && apt-get install
-y wget && apt-get install -y curl && apt-get install --yes
software-properties-common && apt-get install --yes apt-transport-https
ca-certificates:
#5 0.355 Get:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
[110 kB]
#5 0.490 Err:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
#5 0.491 The following signatures couldn't be verified because the public
key is not available: NO_PUBKEY 871920D1991BC93C
#5 0.501 Get:2 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
#5 0.914 Get:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
[119 kB]
#5 1.013 Get:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
[108 kB]
#5 1.023 Err:2 http://archive.ubuntu.com/ubuntu jammy InRelease
#5 1.023 The following signatures couldn't be verified because the public
key is not available: NO_PUBKEY 871920D1991BC93C
#5 1.154 Err:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
#5 1.154 The following signatures couldn't be verified because the public
key is not available: NO_PUBKEY 871920D1991BC93C
#5 1.284 Err:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
#5 1.285 The following signatures couldn't be verified because the public
key is not available: NO_PUBKEY 871920D1991BC93C
#5 1.287 Reading package lists...
#5 1.298 W: http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease:
The key(s) in the keyring
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the
file is not readable by user '_apt' executing apt-key.
#5 1.298 W: http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease:
The key(s) in the keyring
/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the
file is not readable by user '_apt' executing apt-key.
#5 1.299 W: GPG error: http://security.ubuntu.com/ubuntu jammy-security
InRelease: The following signatures couldn't be verified because the public
key is not available: NO_PUBKEY 871920D1991BC93C
#5 1.299 E: The repository 'http://security.ubuntu.com/ubuntu
jammy-security InRelease' is not signed.
#5 1.300 W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The
key(s) in the keyring
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the
file is not readable by user '_apt' executing apt-key.
#5 1.300 W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The
key(s) in the keyring
/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the
file is not readable by user '_apt' executing apt-key.
#5 1.300 W: GPG error: http://archive.ubuntu.com/ubuntu jammy InRelease:
The following signatures couldn't be verified because the public key is not
available: NO_PUBKEY 871920D1991BC93C
#5 1.301 E: The repository 'http://archive.ubuntu.com/ubuntu jammy
InRelease' is not signed.
#5 1.302 W: http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease:
The key(s) in the keyring
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the
file is not readable by user '_apt' executing apt-key.
#5 1.302 W: http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease:
The key(s) in the keyring
/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the
file is not readable by user '_apt' executing apt-key.
#5 1.302 W: GPG error: http://archive.ubuntu.com/ubuntu jammy-updates
InRelease: The following signatures couldn't be verified because the public
key is not available: NO_PUBKEY 871920D1991BC93C
#5 1.302 E: The repository 'http://archive.ubuntu.com/ubuntu jammy-updates
InRelease' is not signed.
#5 1.302 W: http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease:
The key(s) in the keyring
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the
file is not readable by user '_apt' executing apt-key.
#5 1.302 W: http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease:
The key(s) in the keyring
/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the
file is not readable by user '_apt' executing apt-key.
#5 1.302 W: GPG error: http://archive.ubuntu.com/ubuntu jammy-backports
InRelease: The following signatures couldn't be verified because the public
key is not available: NO_PUBKEY 871920D1991BC93C
#5 1.302 E: The repository 'http://archive.ubuntu.com/ubuntu
jammy-backports InRelease' is not signed.
#5 1.302 E: Problem executing scripts APT::Update::Post-Invoke 'rm -f
/var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb
/var/cache/apt/*.bin || true'
#5 1.302 E: Sub-process returned an error code
------
failed to solve with frontend dockerfile.v0: failed to build LLB: executor
failed running [/bin/sh -c apt-get update && apt-get upgrade --yes &&
apt-get install --yes locales && apt-get install -y vim &&
apt-get install -y wget && apt-get install -y curl && apt-get
install --yes software-properties-common && apt-get install --yes
apt-transport-https ca-certificates]: runc did not terminate sucessfully
On Fri, Jun 2, 2023 at 12:21 PM gnandre <ar...@gmail.com> wrote:
> Thanks for all the replies.
>
> FWIW, if I just replace FROM solr:9.2.1 with FROM solr:8.5.2, I do not
> run into these issues.
> 8.5.2 is our current prod version.
>
> That is why I was thinking maybe there is something in the base image that
> is causing this.
>
> Few things I will try next are:
> 1. Try to build this with docker directly instead of the wrapper maven
> build system.
> 2. Try this in Debian 11
>
> I will report back.
>
> On Fri, Jun 2, 2023 at 3:58 AM Jan Høydahl <ja...@cominvent.com> wrote:
>
>> Some googling suggests that you may have an aged linux kernel on the
>> BUILD machine/image used to run the docker build command, see
>> https://stackoverflow.com/questions/66319610/gpg-error-in-ubuntu-21-04-after-second-apt-get-update-during-docker-build
>>
>> Try upgrading linux (or
>>
>> Jan
>>
>> > 2. jun. 2023 kl. 06:36 skrev Chris Hostetter <hossman_lucene@fucit.org
>> >:
>> >
>> >
>> > : @Jan: I am using Debian 10 (Buster). I am switching to the solr user
>> at the
>> >
>> > based on the logs you posted, you seem to be building the docker
>> container
>> > inside of some other build system...
>> >
>> > 1) are you certain you know exactly what command/options your build
>> system
>> > is using to invoke 'docker build' ?
>> >
>> > 2) have you tried just building manually on the command line?
>> >
>> > 3) are you certain you are using the 'solr:9.2.1' from docker hub (and
>> not
>> > sme other weird locally built version) ... have you tried 'docker build
>> > --pull ...'
>> >
>> > 4) do you have any firewall rules that might be allowing apt to talk to
>> > the ubuntu distribution servers, but not the keyserver?
>> >
>> > 5) This particular set of error msgs strike me as evience of something
>> > very, very wrong happening with your docker build, since the files in
>> > question is world readable inside the solr docker image...
>> >
>> > : 41593 [INFO] DOCKER> [91mhttp://
>> > : security.ubuntu.com/ubuntu/dists/jammy-security/InRelease: The
>> key(s) in
>> > : the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are
>> > : ignored as the file is not readable by user '_apt' executing apt-key.
>> >
>> > $ docker run --rm -it --entrypoint /bin/bash solr:9.2.1 -c 'ls -al
>> /etc/apt/trusted.gpg.d/'
>> > total 16
>> > drwxr-xr-x 2 root root 4096 Apr 25 14:06 .
>> > drwxr-xr-x 8 root root 4096 Apr 25 14:03 ..
>> > -rw-r--r-- 1 root root 2794 Mar 26 2021 ubuntu-keyring-2012-cdimage.gpg
>> > -rw-r--r-- 1 root root 1733 Mar 26 2021 ubuntu-keyring-2018-archive.gpg
>> >
>> >
>> > 6) As jan mentioned - what are you are trying to do seems to work fine
>> for
>> > both of us....
>> >
>> >
>> > hossman@slate:~/tmp/dockerbase$ ls -l
>> > total 4
>> > -rw-rw-r-- 1 hossman hossman 117 Jun 1 21:08 Dockerfile
>> > hossman@slate:~/tmp/dockerbase$ cat Dockerfile
>> > FROM solr:9.2.1
>> >
>> > USER root
>> >
>> > RUN apt-get update && \
>> > apt-get upgrade --yes && \
>> > apt-get install --yes locales
>> > hossman@slate:~/tmp/dockerbase$ docker build -t tmp-extened-solr .
>> > Sending build context to Docker daemon 2.048kB
>> > Step 1/3 : FROM solr:9.2.1
>> > 9.2.1: Pulling from library/solr
>> > 1bc677758ad7: Pull complete
>> > 0d0e0ecb256a: Pull complete
>> > 212512b6dedf: Pull complete
>> > 648d9d544695: Pull complete
>> > ae4d1091c493: Pull complete
>> > 5848e44a1a2f: Pull complete
>> > ddd2db2e437b: Pull complete
>> > e68c34067326: Pull complete
>> > 9ab7d551d9e8: Pull complete
>> > Digest:
>> > sha256:a46e8f2cc8b0e3e1a50be289cc0b4718e61fa5a5a745454c2da9e51a0312b612
>> > Status: Downloaded newer image for solr:9.2.1
>> > ---> 1834fb31cef8
>> > Step 2/3 : USER root
>> > ---> Running in 3a0727367865
>> > Removing intermediate container 3a0727367865
>> > ---> 0592892b6da1
>> > Step 3/3 : RUN apt-get update && apt-get upgrade --yes &&
>> apt-get
>> > install --yes locales
>> > ---> Running in a25792bbd3ae
>> > Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
>> > Get:2 http://security.ubuntu.com/ubuntu jammy-security InRelease [110
>> kB]
>> > ...
>> >
>> >
>> >
>> >
>> > -Hoss
>> >
>>
>>
Re: Not able to create custom Solr docker image on top of the base image (Solr 9.2.1)
Posted by gnandre <ar...@gmail.com>.
Thanks for all the replies.
FWIW, if I just replace FROM solr:9.2.1 with FROM solr:8.5.2, I do not run
into these issues.
8.5.2 is our current prod version.
That is why I was thinking maybe there is something in the base image that
is causing this.
Few things I will try next are:
1. Try to build this with docker directly instead of the wrapper maven
build system.
2. Try this in Debian 11
I will report back.
On Fri, Jun 2, 2023 at 3:58 AM Jan Høydahl <ja...@cominvent.com> wrote:
> Some googling suggests that you may have an aged linux kernel on the BUILD
> machine/image used to run the docker build command, see
> https://stackoverflow.com/questions/66319610/gpg-error-in-ubuntu-21-04-after-second-apt-get-update-during-docker-build
>
> Try upgrading linux (or
>
> Jan
>
> > 2. jun. 2023 kl. 06:36 skrev Chris Hostetter <ho...@fucit.org>:
> >
> >
> > : @Jan: I am using Debian 10 (Buster). I am switching to the solr user
> at the
> >
> > based on the logs you posted, you seem to be building the docker
> container
> > inside of some other build system...
> >
> > 1) are you certain you know exactly what command/options your build
> system
> > is using to invoke 'docker build' ?
> >
> > 2) have you tried just building manually on the command line?
> >
> > 3) are you certain you are using the 'solr:9.2.1' from docker hub (and
> not
> > sme other weird locally built version) ... have you tried 'docker build
> > --pull ...'
> >
> > 4) do you have any firewall rules that might be allowing apt to talk to
> > the ubuntu distribution servers, but not the keyserver?
> >
> > 5) This particular set of error msgs strike me as evience of something
> > very, very wrong happening with your docker build, since the files in
> > question is world readable inside the solr docker image...
> >
> > : 41593 [INFO] DOCKER> [91mhttp://
> > : security.ubuntu.com/ubuntu/dists/jammy-security/InRelease: The key(s)
> in
> > : the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are
> > : ignored as the file is not readable by user '_apt' executing apt-key.
> >
> > $ docker run --rm -it --entrypoint /bin/bash solr:9.2.1 -c 'ls -al
> /etc/apt/trusted.gpg.d/'
> > total 16
> > drwxr-xr-x 2 root root 4096 Apr 25 14:06 .
> > drwxr-xr-x 8 root root 4096 Apr 25 14:03 ..
> > -rw-r--r-- 1 root root 2794 Mar 26 2021 ubuntu-keyring-2012-cdimage.gpg
> > -rw-r--r-- 1 root root 1733 Mar 26 2021 ubuntu-keyring-2018-archive.gpg
> >
> >
> > 6) As jan mentioned - what are you are trying to do seems to work fine
> for
> > both of us....
> >
> >
> > hossman@slate:~/tmp/dockerbase$ ls -l
> > total 4
> > -rw-rw-r-- 1 hossman hossman 117 Jun 1 21:08 Dockerfile
> > hossman@slate:~/tmp/dockerbase$ cat Dockerfile
> > FROM solr:9.2.1
> >
> > USER root
> >
> > RUN apt-get update && \
> > apt-get upgrade --yes && \
> > apt-get install --yes locales
> > hossman@slate:~/tmp/dockerbase$ docker build -t tmp-extened-solr .
> > Sending build context to Docker daemon 2.048kB
> > Step 1/3 : FROM solr:9.2.1
> > 9.2.1: Pulling from library/solr
> > 1bc677758ad7: Pull complete
> > 0d0e0ecb256a: Pull complete
> > 212512b6dedf: Pull complete
> > 648d9d544695: Pull complete
> > ae4d1091c493: Pull complete
> > 5848e44a1a2f: Pull complete
> > ddd2db2e437b: Pull complete
> > e68c34067326: Pull complete
> > 9ab7d551d9e8: Pull complete
> > Digest:
> > sha256:a46e8f2cc8b0e3e1a50be289cc0b4718e61fa5a5a745454c2da9e51a0312b612
> > Status: Downloaded newer image for solr:9.2.1
> > ---> 1834fb31cef8
> > Step 2/3 : USER root
> > ---> Running in 3a0727367865
> > Removing intermediate container 3a0727367865
> > ---> 0592892b6da1
> > Step 3/3 : RUN apt-get update && apt-get upgrade --yes &&
> apt-get
> > install --yes locales
> > ---> Running in a25792bbd3ae
> > Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
> > Get:2 http://security.ubuntu.com/ubuntu jammy-security InRelease [110
> kB]
> > ...
> >
> >
> >
> >
> > -Hoss
> >
>
>
Re: Not able to create custom Solr docker image on top of the base image (Solr 9.2.1)
Posted by Jan Høydahl <ja...@cominvent.com>.
Some googling suggests that you may have an aged linux kernel on the BUILD machine/image used to run the docker build command, see https://stackoverflow.com/questions/66319610/gpg-error-in-ubuntu-21-04-after-second-apt-get-update-during-docker-build
Try upgrading linux (or
Jan
> 2. jun. 2023 kl. 06:36 skrev Chris Hostetter <ho...@fucit.org>:
>
>
> : @Jan: I am using Debian 10 (Buster). I am switching to the solr user at the
>
> based on the logs you posted, you seem to be building the docker container
> inside of some other build system...
>
> 1) are you certain you know exactly what command/options your build system
> is using to invoke 'docker build' ?
>
> 2) have you tried just building manually on the command line?
>
> 3) are you certain you are using the 'solr:9.2.1' from docker hub (and not
> sme other weird locally built version) ... have you tried 'docker build
> --pull ...'
>
> 4) do you have any firewall rules that might be allowing apt to talk to
> the ubuntu distribution servers, but not the keyserver?
>
> 5) This particular set of error msgs strike me as evience of something
> very, very wrong happening with your docker build, since the files in
> question is world readable inside the solr docker image...
>
> : 41593 [INFO] DOCKER> [91mhttp://
> : security.ubuntu.com/ubuntu/dists/jammy-security/InRelease: The key(s) in
> : the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are
> : ignored as the file is not readable by user '_apt' executing apt-key.
>
> $ docker run --rm -it --entrypoint /bin/bash solr:9.2.1 -c 'ls -al /etc/apt/trusted.gpg.d/'
> total 16
> drwxr-xr-x 2 root root 4096 Apr 25 14:06 .
> drwxr-xr-x 8 root root 4096 Apr 25 14:03 ..
> -rw-r--r-- 1 root root 2794 Mar 26 2021 ubuntu-keyring-2012-cdimage.gpg
> -rw-r--r-- 1 root root 1733 Mar 26 2021 ubuntu-keyring-2018-archive.gpg
>
>
> 6) As jan mentioned - what are you are trying to do seems to work fine for
> both of us....
>
>
> hossman@slate:~/tmp/dockerbase$ ls -l
> total 4
> -rw-rw-r-- 1 hossman hossman 117 Jun 1 21:08 Dockerfile
> hossman@slate:~/tmp/dockerbase$ cat Dockerfile
> FROM solr:9.2.1
>
> USER root
>
> RUN apt-get update && \
> apt-get upgrade --yes && \
> apt-get install --yes locales
> hossman@slate:~/tmp/dockerbase$ docker build -t tmp-extened-solr .
> Sending build context to Docker daemon 2.048kB
> Step 1/3 : FROM solr:9.2.1
> 9.2.1: Pulling from library/solr
> 1bc677758ad7: Pull complete
> 0d0e0ecb256a: Pull complete
> 212512b6dedf: Pull complete
> 648d9d544695: Pull complete
> ae4d1091c493: Pull complete
> 5848e44a1a2f: Pull complete
> ddd2db2e437b: Pull complete
> e68c34067326: Pull complete
> 9ab7d551d9e8: Pull complete
> Digest:
> sha256:a46e8f2cc8b0e3e1a50be289cc0b4718e61fa5a5a745454c2da9e51a0312b612
> Status: Downloaded newer image for solr:9.2.1
> ---> 1834fb31cef8
> Step 2/3 : USER root
> ---> Running in 3a0727367865
> Removing intermediate container 3a0727367865
> ---> 0592892b6da1
> Step 3/3 : RUN apt-get update && apt-get upgrade --yes && apt-get
> install --yes locales
> ---> Running in a25792bbd3ae
> Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
> Get:2 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
> ...
>
>
>
>
> -Hoss
>
Re: Not able to create custom Solr docker image on top of the base image (Solr 9.2.1)
Posted by Chris Hostetter <ho...@fucit.org>.
: @Jan: I am using Debian 10 (Buster). I am switching to the solr user at the
based on the logs you posted, you seem to be building the docker container
inside of some other build system...
1) are you certain you know exactly what command/options your build system
is using to invoke 'docker build' ?
2) have you tried just building manually on the command line?
3) are you certain you are using the 'solr:9.2.1' from docker hub (and not
sme other weird locally built version) ... have you tried 'docker build
--pull ...'
4) do you have any firewall rules that might be allowing apt to talk to
the ubuntu distribution servers, but not the keyserver?
5) This particular set of error msgs strike me as evience of something
very, very wrong happening with your docker build, since the files in
question is world readable inside the solr docker image...
: 41593 [INFO] DOCKER> [91mhttp://
: security.ubuntu.com/ubuntu/dists/jammy-security/InRelease: The key(s) in
: the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are
: ignored as the file is not readable by user '_apt' executing apt-key.
$ docker run --rm -it --entrypoint /bin/bash solr:9.2.1 -c 'ls -al /etc/apt/trusted.gpg.d/'
total 16
drwxr-xr-x 2 root root 4096 Apr 25 14:06 .
drwxr-xr-x 8 root root 4096 Apr 25 14:03 ..
-rw-r--r-- 1 root root 2794 Mar 26 2021 ubuntu-keyring-2012-cdimage.gpg
-rw-r--r-- 1 root root 1733 Mar 26 2021 ubuntu-keyring-2018-archive.gpg
6) As jan mentioned - what are you are trying to do seems to work fine for
both of us....
hossman@slate:~/tmp/dockerbase$ ls -l
total 4
-rw-rw-r-- 1 hossman hossman 117 Jun 1 21:08 Dockerfile
hossman@slate:~/tmp/dockerbase$ cat Dockerfile
FROM solr:9.2.1
USER root
RUN apt-get update && \
apt-get upgrade --yes && \
apt-get install --yes locales
hossman@slate:~/tmp/dockerbase$ docker build -t tmp-extened-solr .
Sending build context to Docker daemon 2.048kB
Step 1/3 : FROM solr:9.2.1
9.2.1: Pulling from library/solr
1bc677758ad7: Pull complete
0d0e0ecb256a: Pull complete
212512b6dedf: Pull complete
648d9d544695: Pull complete
ae4d1091c493: Pull complete
5848e44a1a2f: Pull complete
ddd2db2e437b: Pull complete
e68c34067326: Pull complete
9ab7d551d9e8: Pull complete
Digest:
sha256:a46e8f2cc8b0e3e1a50be289cc0b4718e61fa5a5a745454c2da9e51a0312b612
Status: Downloaded newer image for solr:9.2.1
---> 1834fb31cef8
Step 2/3 : USER root
---> Running in 3a0727367865
Removing intermediate container 3a0727367865
---> 0592892b6da1
Step 3/3 : RUN apt-get update && apt-get upgrade --yes && apt-get
install --yes locales
---> Running in a25792bbd3ae
Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
Get:2 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
...
-Hoss
Re: Not able to create custom Solr docker image on top of the base image (Solr 9.2.1)
Posted by gnandre <ar...@gmail.com>.
Thanks for the replies.
@Vincenzo: Please find the full error at the bottom.
@Jan: I am using Debian 10 (Buster). I am switching to the solr user at the
end of the dockerfile.
I did not paste the whole dockerfile here but only the relevant part. It
fails on that RUN instruction and does not go any further.
So, I think the later part in the Dockerfile becomes irrelevant for this
error.
37597 [INFO] DOCKER> Step 1/32 : FROM solr:9.2.1
37612 [INFO] DOCKER>
37615 [INFO] DOCKER> ---> 1834fb31cef8
37615 [INFO] DOCKER> Step 2/32 : USER root
37615 [INFO] DOCKER>
39769 [INFO] DOCKER> ---> Running in 923bd0b0f3c8
39959 [INFO] DOCKER> Removing intermediate container 923bd0b0f3c8
39959 [INFO] DOCKER> ---> 2b5502f09462
39967 [INFO] DOCKER> Step 3/32 : RUN apt-get update && apt-get upgrade
--yes && apt-get install --yes locales
39967 [INFO] DOCKER>
40054 [INFO] DOCKER> ---> Running in b20c1b8bebbc
40416 [INFO] DOCKER> Get:1 http://security.ubuntu.com/ubuntu jammy-security
InRelease [110 kB]
40549 [INFO] DOCKER> Err:1 http://security.ubuntu.com/ubuntu jammy-security
InRelease
40550 [INFO] DOCKER> The following signatures couldn't be verified because
the public key is not available: NO_PUBKEY 871920D1991BC93C
40562 [INFO] DOCKER> Get:2 http://archive.ubuntu.com/ubuntu jammy InRelease
[270 kB]
41157 [INFO] DOCKER> Get:3 http://archive.ubuntu.com/ubuntu jammy-updates
InRelease [119 kB]
41251 [INFO] DOCKER> Err:2 http://archive.ubuntu.com/ubuntu jammy InRelease
41252 [INFO] DOCKER> The following signatures couldn't be verified because
the public key is not available: NO_PUBKEY 871920D1991BC93C
41361 [INFO] DOCKER> Get:4 http://archive.ubuntu.com/ubuntu jammy-backports
InRelease [108 kB]
41415 [INFO] DOCKER> Err:3 http://archive.ubuntu.com/ubuntu jammy-updates
InRelease
41416 [INFO] DOCKER> The following signatures couldn't be verified because
the public key is not available: NO_PUBKEY 871920D1991BC93C
41554 [INFO] DOCKER> Err:4 http://archive.ubuntu.com/ubuntu jammy-backports
InRelease
41554 [INFO] DOCKER> The following signatures couldn't be verified because
the public key is not available: NO_PUBKEY 871920D1991BC93C
41556 [INFO] DOCKER> Reading package lists...
41578 [INFO] DOCKER>
41589 [INFO] DOCKER> [91mW
41589 [INFO] DOCKER> [91m:
41593 [INFO] DOCKER> [91mhttp://
security.ubuntu.com/ubuntu/dists/jammy-security/InRelease: The key(s) in
the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are
ignored as the file is not readable by user '_apt' executing apt-key.
41601 [INFO] DOCKER> [91m
41605 [INFO] DOCKER> [91mW
41605 [INFO] DOCKER> [91m:
41605 [INFO] DOCKER> [91mhttp://
security.ubuntu.com/ubuntu/dists/jammy-security/InRelease: The key(s) in
the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are
ignored as the file is not readable by user '_apt' executing apt-key.
41605 [INFO] DOCKER> [91m
41606 [INFO] DOCKER> [91mW
41606 [INFO] DOCKER> [91m:
41606 [INFO] DOCKER> [91mGPG error: http://security.ubuntu.com/ubuntu
jammy-security InRelease: The following signatures couldn't be verified
because the public key is not available: NO_PUBKEY 871920D1991BC93C41606
[INFO] DOCKER> [91m
41606 [INFO] DOCKER> [91mE
41607 [INFO] DOCKER> [91m:
41607 [INFO] DOCKER> [91mThe repository 'http://security.ubuntu.com/ubuntu
jammy-security InRelease' is not signed.
41607 [INFO] DOCKER> [91m
41607 [INFO] DOCKER> [91mW
41607 [INFO] DOCKER> [91m:
41608 [INFO] DOCKER> [91mhttp://
archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the keyring
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the
file is not readable by user '_apt' executing apt-key.
41613 [INFO] DOCKER> [91m
41613 [INFO] DOCKER> [91mW
41613 [INFO] DOCKER> [91m:
41613 [INFO] DOCKER> [91mhttp://
archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the keyring
/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the
file is not readable by user '_apt' executing apt-key.
41613 [INFO] DOCKER> [91m
41617 [INFO] DOCKER> [91mW
41617 [INFO] DOCKER> [91m:
41617 [INFO] DOCKER> [91mGPG error: http://archive.ubuntu.com/ubuntu jammy
InRelease: The following signatures couldn't be verified because the public
key is not available: NO_PUBKEY 871920D1991BC93C
41623 [INFO] DOCKER> [91m
E: The repository 'http://archive.ubuntu.com/ubuntu jammy InRelease' is not
signed.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease: The
key(s) in the keyring
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the
file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease: The
key(s) in the keyring
/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the
file is not readable by user '_apt' executing apt-key.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-updates InRelease: The
following signatures couldn't be verified because the public key is not
available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-updates
InRelease' is not signed.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease: The
key(s) in the keyring
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the
file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease: The
key(s) in the keyring
/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the
file is not readable by user '_apt' executing apt-key.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-backports InRelease:
The following signatures couldn't be verified because the public key is not
available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-backports
InRelease' is not signed.
E: Problem executing scripts APT::Update::Post-Invoke 'rm -f
/var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb
/var/cache/apt/*.bin || true'
E: Sub-process returned an error code
On Thu, Jun 1, 2023 at 5:23 PM Jan Høydahl <ja...@cominvent.com> wrote:
> I cannot reproduce this. Copied your Dockerfile and all succeeds
> (MacBook). You should consider adding USER solr as the last line of your
> file.
>
> Jan
>
> > 1. jun. 2023 kl. 18:38 skrev gnandre <ar...@gmail.com>:
> >
> > Hi,
> >
> > I am running into the following issue while creating a custom docker
> image
> > on top of the official Solr docker image (9.2.1).
> >
> > The key(s) in the keyring
> > /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the
> > file is not readable by user '_apt' executing apt-key
> >
> > Because of this, it further fails with the following error message:
> >
> > http://archive.ubuntu.com/ubuntu jammy InRelease: The following
> signatures
> > couldn't be verified because the public key is not available: NO_PUBKEY
> > 871920D1991BC93C
> >
> > It fails on the RUN step. What might be the problem? Is this a genuine
> > issue with the base image?
> >
> > FROM solr:9.2.1
> >
> > USER root
> >
> > RUN apt-get update && \
> > apt-get upgrade --yes && \
> > apt-get install --yes locales
>
>
Re: Not able to create custom Solr docker image on top of the base image (Solr 9.2.1)
Posted by Jan Høydahl <ja...@cominvent.com>.
I cannot reproduce this. Copied your Dockerfile and all succeeds (MacBook). You should consider adding USER solr as the last line of your file.
Jan
> 1. jun. 2023 kl. 18:38 skrev gnandre <ar...@gmail.com>:
>
> Hi,
>
> I am running into the following issue while creating a custom docker image
> on top of the official Solr docker image (9.2.1).
>
> The key(s) in the keyring
> /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the
> file is not readable by user '_apt' executing apt-key
>
> Because of this, it further fails with the following error message:
>
> http://archive.ubuntu.com/ubuntu jammy InRelease: The following signatures
> couldn't be verified because the public key is not available: NO_PUBKEY
> 871920D1991BC93C
>
> It fails on the RUN step. What might be the problem? Is this a genuine
> issue with the base image?
>
> FROM solr:9.2.1
>
> USER root
>
> RUN apt-get update && \
> apt-get upgrade --yes && \
> apt-get install --yes locales
Re: Not able to create custom Solr docker image on top of the base image (Solr 9.2.1)
Posted by Vincenzo D'Amore <v....@gmail.com>.
Maybe apt-get was outdated by the apt command. Can you post the error
message?
On Thu, 1 Jun 2023 at 18:39, gnandre <ar...@gmail.com> wrote:
> Hi,
>
> I am running into the following issue while creating a custom docker image
> on top of the official Solr docker image (9.2.1).
>
> The key(s) in the keyring
> /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the
> file is not readable by user '_apt' executing apt-key
>
> Because of this, it further fails with the following error message:
>
> http://archive.ubuntu.com/ubuntu jammy InRelease: The following
> signatures
> couldn't be verified because the public key is not available: NO_PUBKEY
> 871920D1991BC93C
>
> It fails on the RUN step. What might be the problem? Is this a genuine
> issue with the base image?
>
> FROM solr:9.2.1
>
> USER root
>
> RUN apt-get update && \
> apt-get upgrade --yes && \
> apt-get install --yes locales
>
--
Vincenzo D'Amore