Skip to content

devcontainer image has expired OpenSUSE signature #38464

Closed
#38477
Closed
devcontainer image has expired OpenSUSE signature#38464
#38477
Assignees
phlax
Labels
area/buildbug
@nbaws

Description

@nbaws
nbaws
opened on Feb 15, 2025

Title: Devcontainer image has expired OpenSUSE signature

Description:
Dockerfile in devcontainer fails to build due to expired signature. Appears to have expired yesterday.

Image is sourced from

envoy/.devcontainer/Dockerfile

Line 1 in e9398d3

FROM gcr.io/envoy-ci/envoy-build:d2be0c198feda0c607fa33209da01bf737ef373f@sha256:6e494ff9bcfa96868cb43f1200f2126cdab39d62db52a5dda80c8ec1694a93ee

Not sure where the image is generated from so unable to PR for a newer hash if one fixes the problem.

@phlax

Repro steps:

root@ip-172-31-18-63 ssm-user]# docker build .
[+] Building 7.9s (5/5) FINISHED                                                                                                                                                                                                                                                    docker:default
 => [internal] load build definition from Dockerfile                                                                                                                                                                                                                                          0.0s
 => => transferring dockerfile: 1.05kB                                                                                                                                                                                                                                                        0.0s
 => [internal] load metadata for gcr.io/envoy-ci/envoy-build:d2be0c198feda0c607fa33209da01bf737ef373f@sha256:6e494ff9bcfa96868cb43f1200f2126cdab39d62db52a5dda80c8ec1694a93ee                                                                                                                 0.0s
 => [internal] load .dockerignore                                                                                                                                                                                                                                                             0.0s
 => => transferring context: 2B                                                                                                                                                                                                                                                               0.0s
 => CACHED [1/2] FROM gcr.io/envoy-ci/envoy-build:d2be0c198feda0c607fa33209da01bf737ef373f@sha256:6e494ff9bcfa96868cb43f1200f2126cdab39d62db52a5dda80c8ec1694a93ee                                                                                                                            0.0s
 => ERROR [2/2] RUN apt-get -y update   && apt-get -y install --no-install-recommends libpython2.7 net-tools psmisc vim 2>&1   && groupadd --gid 501 vscode   && useradd -s /bin/bash --uid 501 --gid 501 -m vscode -G pcap -d /build   && echo vscode ALL=(root) NOPASSWD:ALL > /etc/sudoer  7.9s
------
 > [2/2] RUN apt-get -y update   && apt-get -y install --no-install-recommends libpython2.7 net-tools psmisc vim 2>&1   && groupadd --gid 501 vscode   && useradd -s /bin/bash --uid 501 --gid 501 -m vscode -G pcap -d /build   && echo vscode ALL=(root) NOPASSWD:ALL > /etc/sudoers.d/vscode   &
& chmod 0440 /etc/sudoers.d/vscode:
0.402 Get:1 https://download.docker.com/linux/ubuntu focal InRelease [57.7 kB]
0.515 Get:2 https://download.docker.com/linux/ubuntu focal/stable amd64 Packages [66.1 kB]
0.899 Get:3 http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu focal InRelease [24.6 kB]
0.931 Get:4 http://security.ubuntu.com/ubuntu focal-security InRelease [128 kB]
0.978 Get:5 http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04  InRelease [1,642 B]
1.000 Get:6 http://archive.ubuntu.com/ubuntu focal InRelease [265 kB]
1.073 Err:5 http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04  InRelease
1.073   The following signatures were invalid: EXPKEYSIG 4D64390375060AA4 devel:kubic OBS Project <devel:[email protected]>
1.553 Get:7 http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu focal/main amd64 Packages [28.7 kB]
2.143 Get:8 http://archive.ubuntu.com/ubuntu focal-updates InRelease [128 kB]
2.238 Get:9 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [1,298 kB]
2.422 Get:10 http://archive.ubuntu.com/ubuntu focal-backports InRelease [128 kB]
2.702 Get:11 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages [1,275 kB]
3.239 Get:12 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages [11.3 MB]
3.518 Get:13 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [30.9 kB]
3.521 Get:14 http://security.ubuntu.com/ubuntu focal-security/restricted amd64 Packages [4,337 kB]
4.254 Get:15 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [4,223 kB]
4.761 Get:16 http://archive.ubuntu.com/ubuntu focal/restricted amd64 Packages [33.4 kB]
4.765 Get:17 http://archive.ubuntu.com/ubuntu focal/multiverse amd64 Packages [177 kB]
4.789 Get:18 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [1,590 kB]
4.999 Get:19 http://archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [4,526 kB]
5.587 Get:20 http://archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 Packages [34.6 kB]
5.592 Get:21 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [4,699 kB]
6.203 Get:22 http://archive.ubuntu.com/ubuntu focal-backports/main amd64 Packages [55.2 kB]
6.210 Get:23 http://archive.ubuntu.com/ubuntu focal-backports/universe amd64 Packages [28.6 kB]
6.489 Reading package lists...
7.733 W: GPG error: http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04  InRelease: The following signatures were invalid: EXPKEYSIG 4D64390375060AA4 devel:kubic OBS Project <devel:[email protected]>
7.733 E: The repository 'http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04  InRelease' is not signed.
------
Dockerfile:11
--------------------
  10 |     ENV DEBIAN_FRONTEND=noninteractive
  11 | >>> RUN apt-get -y update \
  12 | >>>   && apt-get -y install --no-install-recommends libpython2.7 net-tools psmisc vim 2>&1 \
  13 | >>>   # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
  14 | >>>   && groupadd --gid $USER_GID $USERNAME \
  15 | >>>   && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME -G pcap -d /build \
  16 | >>>   # [Optional] Add sudo support for non-root user
  17 | >>>   && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
  18 | >>>   && chmod 0440 /etc/sudoers.d/$USERNAME
  19 |
--------------------
ERROR: failed to solve: process "/bin/bash -ec apt-get -y update   && apt-get -y install --no-install-recommends libpython2.7 net-tools psmisc vim 2>&1   && groupadd --gid $USER_GID $USERNAME   && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME -G pcap -d /build   && echo$USERNAME ALL=\\(root\\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME   && chmod 0440 /etc/sudoers.d/$USERNAME" did not complete successfully: exit code: 100
[root@ip-172-31-18-63 ssm-user]#

Inspecting image directly

[root@ip-172-31-18-63 ssm-user]# docker run -it gcr.io/envoy-ci/envoy-build:d2be0c198feda0c607fa33209da01bf737ef373f@sha256:6e494ff9bcfa96868cb43f1200f2126cdab39d62db52a5dda80c8ec1694a93ee /bin/bash
root@f76266effca7:/# apt-get update
Get:1 https://download.docker.com/linux/ubuntu focal InRelease [57.7 kB]
Get:2 https://download.docker.com/linux/ubuntu focal/stable amd64 Packages [66.1 kB]
Get:3 http://security.ubuntu.com/ubuntu focal-security InRelease [128 kB]
Get:4 http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu focal InRelease [24.6 kB]
Get:5 http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04  InRelease [1,642 B]
Err:5 http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04  InRelease
  The following signatures were invalid: EXPKEYSIG 4D64390375060AA4 devel:kubic OBS Project <devel:[email protected]>
Get:6 http://archive.ubuntu.com/ubuntu focal InRelease [265 kB]
Get:7 http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu focal/main amd64 Packages [28.7 kB]
Get:8 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [4,223 kB]
Get:9 http://archive.ubuntu.com/ubuntu focal-updates InRelease [128 kB]
Get:10 http://archive.ubuntu.com/ubuntu focal-backports InRelease [128 kB]
Get:11 http://archive.ubuntu.com/ubuntu focal/restricted amd64 Packages [33.4 kB]
Get:12 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages [1,275 kB]
Get:13 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [30.9 kB]
Get:14 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [1,298 kB]
Get:15 http://security.ubuntu.com/ubuntu focal-security/restricted amd64 Packages [4,337 kB]
Get:16 http://archive.ubuntu.com/ubuntu focal/multiverse amd64 Packages [177 kB]
Get:17 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages [11.3 MB]
Get:18 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [1,590 kB]
Get:19 http://archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 Packages [34.6 kB]
Get:20 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [4,699 kB]
Get:21 http://archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [4,526 kB]
Get:22 http://archive.ubuntu.com/ubuntu focal-backports/main amd64 Packages [55.2 kB]
Get:23 http://archive.ubuntu.com/ubuntu focal-backports/universe amd64 Packages [28.6 kB]
Reading package lists... Done
W: GPG error: http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04  InRelease: The following signatures were invalid: EXPKEYSIG 4D64390375060AA4 devel:kubic OBS Project <devel:[email protected]>
E: The repository 'http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04  InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
root@f76266effca7:/# apt-get install pgpdump
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  pgpdump
0 upgraded, 1 newly installed, 0 to remove and 21 not upgraded.
Need to get 19.0 kB of archives.
After this operation, 64.5 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal/universe amd64 pgpdump amd64 0.33-2 [19.0 kB]
Fetched 19.0 kB in 1s (30.0 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package pgpdump.
(Reading database ... 20341 files and directories currently installed.)
Preparing to unpack .../pgpdump_0.33-2_amd64.deb ...
Unpacking pgpdump (0.33-2) ...
Setting up pgpdump (0.33-2) ...
root@f76266effca7:/# pgpdump /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_stable.gpg
Old: Public Key Packet(tag 6)(269 bytes)
        Ver 4 - new
        Public key creation time - Fri Aug  3 13:23:19 UTC 2018
        Pub alg - RSA Encrypt or Sign(pub 1)
        RSA n(2048 bits) - ...
        RSA e(17 bits) - ...
Old: User ID Packet(tag 13)(56 bytes)
        User ID - devel:kubic OBS Project <devel:[email protected]>
Old: Signature Packet(tag 2)(318 bytes)
        Ver 4 - new
        Sig type - Positive certification of a User ID and Public Key packet(0x13).
        Pub alg - RSA Encrypt or Sign(pub 1)
        Hash alg - SHA256(hash 8)
        Hashed Sub: signature creation time(sub 2)(4 bytes)
                Time - Wed Dec  7 07:28:08 UTC 2022
        Hashed Sub: key flags(sub 27)(1 bytes)
                Flag - This key may be used to certify other keys
                Flag - This key may be used to sign data
        Hashed Sub: key expiration time(sub 9)(4 bytes)
                Time - Fri Feb 14 07:28:08 UTC 2025
        Hashed Sub: preferred symmetric algorithms(sub 11)(5 bytes)
                Sym alg - AES with 256-bit key(sym 9)
                Sym alg - AES with 192-bit key(sym 8)
                Sym alg - AES with 128-bit key(sym 7)
                Sym alg - CAST5(sym 3)
                Sym alg - Triple-DES(sym 2)
        Hashed Sub: preferred hash algorithms(sub 21)(5 bytes)
                Hash alg - SHA256(hash 8)
                Hash alg - SHA1(hash 2)
                Hash alg - SHA384(hash 9)
                Hash alg - SHA512(hash 10)
                Hash alg - SHA224(hash 11)
        Hashed Sub: preferred compression algorithms(sub 22)(3 bytes)
                Comp alg - ZLIB <RFC1950>(comp 2)
                Comp alg - BZip2(comp 3)
                Comp alg - ZIP <RFC1951>(comp 1)
        Hashed Sub: features(sub 30)(1 bytes)
                Flag - Modification detection (packets 18 and 19)
        Hashed Sub: key server preferences(sub 23)(1 bytes)
                Flag - No-modify
        Sub: issuer key ID(sub 16)(8 bytes)
                Key ID - 0x4D64390375060AA4
        Hash left 2 bytes - f5 5f
        RSA m^d mod n(2048 bits) - ...
                -> PKCS-1
Old: Signature Packet(tag 2)(70 bytes)
        Ver 4 - new
        Sig type - Positive certification of a User ID and Public Key packet(0x13).
        Pub alg - DSA Digital Signature Algorithm(pub 17)
        Hash alg - SHA1(hash 2)
        Hashed Sub: signature creation time(sub 2)(4 bytes)
                Time - Fri Aug  3 13:23:19 UTC 2018
        Sub: issuer key ID(sub 16)(8 bytes)
                Key ID - 0x3B3011B76B9D6523
        Hash left 2 bytes - a8 b3
        DSA r(157 bits) - ...
        DSA s(159 bits) - ...
                -> hash(DSA q bits)
root@f76266effca7:/# date
Sat 15 Feb 2025 06:20:08 AM UTC

Metadata

Metadata

Assignees

Labels

area/buildbug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions