关键词:
问题
我在ubuntu22.04的容器里面运行apt update的时候出现了以下报错
[root@VM-16-9-centos docker-kubuntu]# docker run --rm -it ubuntu:22.04 bash
root@8ac245b487e6:/# apt update
Get:1 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
Err:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Err:2 http://archive.ubuntu.com/ubuntu jammy InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Get:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [109 kB]
Err:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Get:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [90.7 kB]
Err:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Reading package lists... Done
W: http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://security.ubuntu.com/ubuntu jammy-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://security.ubuntu.com/ubuntu jammy-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-backports InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Problem executing scripts APT::Update::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
E: Sub-process returned an error code
原因
经过查询,发现是ubuntu21.10和fedora35开始使用glibc2.34甚至更高的版本。在glibc2.34版本里面,开始使用一个名为clone3的系统调用。通常情况下,容器里面所有的系统调用都会被docker捕获,然后docker决定如何处理它们。如果docker中没有为特定系统调用指定策略,则默认的策略会通知容器这边"Permission Denied"。但是,如果 Glibc 收到此错误,它不会回退。它仅在收到响应“此系统调用不可用”时才执行此操作。
解决
办法一:
运行容器的时候,加上这个参数来绕过docker系统调用限制
--security-opt seccomp=unconfined
不过这会有很大的问题,一个是你的容器将变得不安全,另一个是这些参数在构建镜像的时候是不可用的。所以,请参考办法二
办法二:
将docker升级到20.10.14以上的版本(> =20.10.14)
思考
由于生产环境调整docker版本不是一件容易的事情,所以生产环境在构建镜像时候要避免使用ubuntu21.10和fedora35以更高版本的镜像,以及使用它们作为基础镜像的其他镜像。目前官方大部分镜像基于debian,后续要确认debian系列镜像是否受此影响
参考链接:
- https://stackoverflow.com/questions/71941032/why-i-cannot-run-apt-update-inside-a-fresh-ubuntu22-04
- https://pascalroeleven.nl/2021/09/09/ubuntu-21-10-and-fedora-35-in-docker/
- https://github.com/moby/moby/pull/42681
- https://github.com/docker/labs/blob/master/security/seccomp/README.md
docker运行ubuntu22.04出现异常(代码片段)
...里面运行aptupdate的时候出现了以下报错[root@VM-16-9-centosdocker-kubuntu]#dockerrun--rm-itubuntu:22.04bashroot@8ac245b487e6:/#aptupdateGet:1http://security.ubuntu.com/ubuntujammy-securityInRelease[110kB]Get:2http://archive.ubuntu.com/ubuntujammyInRelease[270kB]Err:1http://securi... 查看详情
linux/ubuntu22.04安装docker
更新日志2022年6月26日发布。测试环境命令行工具:WindowsTerminal(PowerShell7.2.2)主机操作系统:WindowsServer2022Datacenterx64虚拟机:VMwareWorkstation16Prox64Linux系统版本文来自博客园,作者:重庆熊猫,转载请注明原文链接:https://www.cnblo... 查看详情
系统篇:ubuntu22.04iptables运行失败解决方法(代码片段)
一、现象可能出现如下类似错误iptables/1.8.7Failedtoinitializenft:Protocolnotsupportediptablesv1.8.7(nf_tables):CHAIN_ADDfailed(Nosuchfileordirectory)二、原因ubuntu22.04默认使用nftables作为防火墙,而非iptables。三、解决方法sudoupdate-alternatives--setiptables/... 查看详情
ubuntu22.04x64下运行.netcore3.1程序报错usableversionoflibsslwasfound(代码片段)
问题Ubuntu22.04x64下运行.NETCore3.1程序报错:usableversionoflibsslwasfound解决办法wgethttp://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.0.0_1.0.2g-1ubuntu4.20_amd64.deb$sudodpkg-ilibssl1.0.0_1.0.2g-1ubu 查看详情
ubuntu22.04lts正式发布及新功能
Ubuntu22.04LTS已经正式发布LTS(LongTermSupport)长期支持版本,官方提供长达5年支持,LTS版本号特征为偶数年份+当年4月。比如20.04,22.04这些都是长期支持版。V22.04是UBuntu主要版本升级,采用Linux5.17内核,包括桌... 查看详情
docker异常docker-composeupthrowunicodedecodeerror:'ascii'codeccan'tdecodebyte0x(代(代码片段)
一、异常[root@VM_0_4_centosprometheus-grafana-linux]#docker-composeupTraceback(mostrecentcalllast):File"/usr/bin/docker-compose",line9,in<module>load_entry_point(‘docker-compose==1.18.0‘,‘cons 查看详情
微软和canonical宣布适用于ubuntu22.04lts的原生.net6
...过一个“aptinstall”命令从Ubuntu22.04LTS安装ASP.NET和.NETSDK和运行时Canonical为.NET6LTS和ASP.NET运行时发布新的、超小型OCI-compliant设备镜像,无需shell或p 查看详情
ubuntu22.04lts正式发布及新功能
Ubuntu22.04LTS已经正式发布LTS(LongTermSupport)长期支持版本,官方提供长达5年支持,LTS版本号特征为偶数年份+当年4月。比如20.04,22.04这些都是长期支持版。V22.04是UBuntu主要版本升级,采用Linux5.17内核,包括桌... 查看详情
使用ubuntu22.04搭建k8s环境和一些k8s基础知识(代码片段)
...集群,用于在本地测试和开发首先使用官方脚本安装dockercurl-fsSLhttps://test.docker.com-otest-docker.shsudoshtest-docker.sh然后参考官方文档安装minikube安装好了以后启动minikubestart报错我没有添加用户到docker中,执行sudousermod-aGdockervbox... 查看详情
解决方法:ubuntu22.04编译linux内核提示错误multipledefinitionof`yylloc‘(代码片段)
一、问题在使用Ubuntu22.04系统时,编译Linux内核出现错误scripts/dtc/dtc-parser.tab.o:(.bss+0x10):multipledefinitionof`yylloc’;scripts/dtc/dtc-lexer.lex.o:(.bss+0x0):firstdefinedhere二、原因因为gcc的版本比较高 查看详情
解决方法:ubuntu22.04编译linux内核提示错误multipledefinitionof`yylloc‘(代码片段)
一、问题在使用Ubuntu22.04系统时,编译Linux内核出现错误scripts/dtc/dtc-parser.tab.o:(.bss+0x10):multipledefinitionof`yylloc’;scripts/dtc/dtc-lexer.lex.o:(.bss+0x0):firstdefinedhere二、原因因为gcc的版本比较高 查看详情
解决方法:ubuntu22.04编译linux内核提示错误multipledefinitionof`yylloc‘(代码片段)
一、问题在使用Ubuntu22.04系统时,编译Linux内核出现错误scripts/dtc/dtc-parser.tab.o:(.bss+0x10):multipledefinitionof`yylloc’;scripts/dtc/dtc-lexer.lex.o:(.bss+0x0):firstdefinedhere二、原因因为gcc的版本比较高 查看详情
ubuntu22.04如何安装java环境
1、系统信息root@ubuntu2204test01:~#lsb_release-aNoLSBmodulesareavailable.DistributorID:UbuntuDescription:Ubuntu22.04LTSRelease:22.04Coden 查看详情
ubuntu22.04上安装vmware
在Ubuntu22.04上安装VMware16.2.3踩坑在Ubuntu22.04上安装VMware16.2.3踩坑本文来自博客园,作者:零衣,转载请注明原文链接:https://www.cnblogs.com/wthuskyblog/p/16349940.html 查看详情
解决方法:ubuntu22.04网络无法连接,没有网络图标(代码片段)
一、问题在使用Ubuntu22.04系统时,在一次重启后桌面右上角并没有有线网络图标,并且打开浏览器无法访问百度。虚拟机网络连接方式是NAT模式,电脑主机也是有网络的。二、解决方法删除NetworkManager缓存文件,重... 查看详情
ubuntu22.04,aosp编译报错:libncurses.so.5:cannotopensharedobjectfile:nosuchfile(代码片段)
文章目录1.前言2.编译报错3.解决办法1.前言在更换Ubuntu22.04之后,按AOSP官方配置,依旧会出现一些编译问题,如下遇到常见的libncurses.so.5:Nosuchfileordirectory问题.2.编译报错[0%1058/140211]bc:libclcore.bc_32<=frameworks/rs/driver/ 查看详情
ubuntu22.04安装ssh(代码片段)
目录Ubuntu22.04安装ssh一、环境配置二、启动远程连接三、开放端口四、远程连接Ubuntu22.04安装ssh一、环境配置安装Ubuntu系统后,我们首先需要配置管理员root用户:sudopasswdroot然后,进行软件源的更换:sudosed-i"s@http://.*archive.ubuntu.co... 查看详情
ubuntu22.04+tigervnc(代码片段)
...证连接#vncserver-xstartupnautilus-localhostno:1#启动文件管理器并运行外部访问#vncserver-xstartupgnome-session-localhostno:1#启动gnome会话NewXtigervncserver\'localhost.localdomain:1(root)\'onport5901fordisplay:1.Usextigervncviewer-SecurityTypesVncAuth,TLSVnc-passwd/root/.vnc/passw... 查看详情