docker
build_error
ai_generated
true
W: GPG error: http://deb.debian.org/debian bullseye InRelease: The following signatures couldn't be verified because the public key is not available
ID: docker/gpg-key-expired
90%Fix Rate
82%Confidence
1Evidence
2023-11-20First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| Docker 24.0.6 | active | — | — | — |
| Debian 11 (bullseye) | active | — | — | — |
| Ubuntu 22.04 | active | — | — | — |
Root Cause
Docker build uses a cached base image with outdated apt repository GPG keys, causing apt-get update to fail on signature verification.
generic中文
Docker构建使用了带有过时apt仓库GPG密钥的缓存基础镜像,导致apt-get update在签名验证时失败。
Official Documentation
https://docs.docker.com/engine/reference/builder/#no-cacheWorkarounds
-
90% success Add --no-cache flag to force rebuild: docker build --no-cache -t my_image .
Add --no-cache flag to force rebuild: docker build --no-cache -t my_image .
-
85% success Update the base image to latest version: RUN apt-get update && apt-get install -y --allow-unauthenticated gnupg && curl -fsSL https://deb.debian.org/debian/archive-keyring.gpg | gpg --dearmor -o /usr/share/keyrings/debian-archive-keyring.gpg
Update the base image to latest version: RUN apt-get update && apt-get install -y --allow-unauthenticated gnupg && curl -fsSL https://deb.debian.org/debian/archive-keyring.gpg | gpg --dearmor -o /usr/share/keyrings/debian-archive-keyring.gpg
中文步骤
添加--no-cache标志强制重建:docker build --no-cache -t my_image .
更新基础镜像到最新版本:RUN apt-get update && apt-get install -y --allow-unauthenticated gnupg && curl -fsSL https://deb.debian.org/debian/archive-keyring.gpg | gpg --dearmor -o /usr/share/keyrings/debian-archive-keyring.gpg
Dead Ends
Common approaches that don't work:
-
50% fail
Manually importing the key in Dockerfile with apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <key> often fails because apt-key is deprecated and keyserver may be unreachable.
-
80% fail
Removing the entire apt list and retrying without updating the base image still uses the same cached layer with broken keys.