docker
build_error
ai_generated
true
W: GPG错误:http://deb.debian.org/debian bullseye InRelease:无法验证签名,因为没有公钥
W: GPG error: http://deb.debian.org/debian bullseye InRelease: The following signatures couldn't be verified because the public key is not available
ID: docker/gpg-key-expired
90%修复率
82%置信度
1证据数
2023-11-20首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Docker 24.0.6 | active | — | — | — |
| Debian 11 (bullseye) | active | — | — | — |
| Ubuntu 22.04 | active | — | — | — |
根因分析
Docker构建使用了带有过时apt仓库GPG密钥的缓存基础镜像,导致apt-get update在签名验证时失败。
English
Docker build uses a cached base image with outdated apt repository GPG keys, causing apt-get update to fail on signature verification.
官方文档
https://docs.docker.com/engine/reference/builder/#no-cache解决方案
-
添加--no-cache标志强制重建:docker build --no-cache -t my_image .
-
更新基础镜像到最新版本:RUN apt-get update && apt-get install -y --allow-unauthenticated gnupg && curl -fsSL https://deb.debian.org/debian/archive-keyring.gpg | gpg --dearmor -o /usr/share/keyrings/debian-archive-keyring.gpg
无效尝试
常见但无效的做法:
-
50% 失败
Manually importing the key in Dockerfile with apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <key> often fails because apt-key is deprecated and keyserver may be unreachable.
-
80% 失败
Removing the entire apt list and retrying without updating the base image still uses the same cached layer with broken keys.