Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

I am trying to build and deploy microservices images to a single-node Kubernetes cluster running on my development machine using minikube. I am using the cloud-native microservices demo application Online Boutique by Google to understand the use of technologies like Kubernetes, Istio etc.

Link to github repo: microservices-demo

While following the installation process, and on running command skaffold run to build and deploy my application, I get some errors:

Step 10/11 : RUN apt-get -qq update     && apt-get install -y --no-install-recommends         curl
 ---> Running in 43d61232617c
W: GPG error: http://deb.debian.org/debian buster InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian buster InRelease' is not signed.
W: GPG error: http://deb.debian.org/debian buster-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian buster-updates InRelease' is not signed.
W: GPG error: http://security.debian.org/debian-security buster/updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://security.debian.org/debian-security buster/updates InRelease' is not signed.
failed to build: couldn't build "loadgenerator": unable to stream build output: The command '/bin/sh -c apt-get -qq update     && apt-get install -y --no-install-recommends         curl' returned a non-zero code: 100
I receive these errors when trying to build loadgenerator.
How can I resolve this issue? 
There are a few reasons why you encounter these errors:
There might be an issue with the existing cache and/or disc space. In order to fix it you need to clear the APT cache by executing: sudo apt-get clean and sudo apt-get update.
The same goes with existing docker images. Execute: docker image prune -f and docker container prune -f in order to remove unused data and free disc space. Executing docker image prune -f will delete all the unused images. To delete some selective images of large size, run docker images and identify the images you want to remove, and then run docker rmi -f <IMAGE-ID1> <IMAGE-ID2> <IMAGE-ID3>.
If you don't care about the security risks, you can try to run the apt-get command with the --allow-unauthenticated or --allow-insecure-repositories flag. According to the docs:
Ignore if packages can't be authenticated and don't prompt about it.
This can be useful while working with local repositories, but is a
huge security risk if data authenticity isn't ensured in another way
by the user itself.
Please let me know if that helped.
                Hi, I have tried all the three methods, and it still does not work, is there anything else I could possibly do? Thanks!
– Saranya Gupta
                Jun 23, 2020 at 3:26
I had this same issue and none of the previous responses saying to prune images or containers worked. The reason was that my Docker Build Cache was taking up the bulk of the space. Running the below command fixed the issue:
docker system prune
You can then check to see if it worked by running:
docker system df
UPDATE:
The above command will clear the whole Docker system. If you want to clear only the build cache, you can do it with the below command (credit to saraf.gahl):
docker builder prune
                Thanks! This was a pointer in the right direction. Note you can also clear the build cache directly - docker builder prune. :)
– saraf.gahl
                May 16, 2021 at 9:41
                I had this issue on my mac while builder a docker image and I had no idea what was going on. This worked, thanks a lot!
– rrlamichhane
                Apr 19, 2022 at 20:16
                This was very helpful! I didn't relate "invalid signature" with disc space issue, thanks! However I would recommend to move docker system prune in your answer lower as a final step as usually it may be better to clear only build cache and not whole docker system (which will remove also volume data). In most cases docker builder prune should be fair enough.
– Krzysiek
                Aug 5, 2022 at 8:56
The reason I usually see this is because docker has run out of disk space, which is frustrating because the error gives little indication that this is the problem. First try cleaning up images and containers you don't need using the prune command https://docs.docker.com/config/pruning/.
 this would delete all your images
$ docker image prune 
$ docker container prune 
If you have a lot of images accumulated and want to remove all of them that aren't associated with an existing container try:
$ docker image prune -a 
Or you can remove only older images:
$ docker image prune -a --filter "until=24h"
Finally, on MacOS, where Docker runs inside a dedicated VM, you may need to increase the disk available to Docker from the Docker Desktop application (Settings -> Resources -> Advanced -> Disk image size).
This command does the trick.
Beware of the command "docker system prune" as this would delete all your images (very destructive).
The builder prune only deletes the build cache that is where your have all your previous (cached) builds steps.
I had the same problem. It looks like it was lack of space. I've removed old images and it started to work.
$ docker images
Select the ones you don't care anymore (to delete).
$ docker rmi <image_id>
The following command filter the dangling images and remove those.
docker rmi $(docker images -q --filter "dangling=true")
I think that is related to some LSM component of the docker official image (in this case armhf) and exec/capabilities  permissions. In this simple case sid flavour is unable to handle time corectly. And this related to the certificate check, is the cause of invalid signature. It happends too in ubuntu focal.
# docker run -it debian:buster /bin/date
Sun Nov 15 11:30:44 UTC 2020
# docker run -it debian:sid /bin/date 
Thu Jan  1 00:00:00 UTC 1970
                Upgrading pi kernel to buster, upgrading to docker-ce and building my own image from debootstrap with qemu, see comment below.
– Juan Pedro Paredes
                May 5, 2021 at 7:30
                Thank you so much! Same issue with e.g. balenalib/raspberry-pi-node. Using debian:buster, I can now build my Dockerfile without any errors.
– Michael
                Oct 20, 2021 at 22:28
                thanks a lot! had the same issue trying to build a docker image for raspberry pi using a latest image for some tag that used bullseye as its base, switching to buster fixed the issue.
– Noam Yizraeli
                Dec 11, 2021 at 9:57
I tried a few of the above answers, and none of them worked for me. The real trigger was when I used --allow-unauthenticated and --allow-insecure-repositories from @Wytrzymały Wiktor's answer, and I got a notification showing
tar: ./conffiles: Cannot utime: Operation not permitted
tar: ./control: Cannot utime: Operation not permitted
tar: ./md5sums: Cannot utime: Operation not permitted
tar: ./postinst: Cannot utime: Operation not permitted
tar: .: Cannot utime: Operation not permitted
tar: Exiting with failure status due to previous errors
This lead me down a route where I found this post which suggested that the issue may be where libseccomp2 was outdated.
The fix there was to do:
# Get signing keys to verify the new packages, otherwise they will not install
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
# Add the Buster backport repository to apt sources.list
echo 'deb http://httpredir.debian.org/debian buster-backports main contrib non-free' | sudo tee -a /etc/apt/sources.list.d/debian-backports.list
sudo apt update ; sudo apt install libseccomp2 -t buster-backports
Note that this assumes that you're using Raspbian and a version of docker after 19.04
                Thanks, that fixed it for me. ( php:8.0-apache-bullseye container in a raspbian docker environment )
– Dominik
                Nov 13, 2021 at 12:15
                Thanks a lot, that was the issue on my Raspberry Pi as well. Should have a lot more upvotes.
– Tobias
                Feb 3, 2022 at 10:26
In my case I was trying to run a Docker debian:stable (bullseye at the moment) in a Raspberry PI with a buster distribution of the OS.
Changed to debian:busterand it worked
Hope this will help someone out there
                This helped me quite a bit, even when using: --allow-unauthenticated --allow-insecure-repositories, I was getting several "not signed error". Looks like it is a debian stable (bullseye) problem, but with debian:buster works fine, still don't know why but happy to have a workaround for it. Thanks!
– ArgiesDario
                Nov 25, 2022 at 23:39
@BoyArmy_89 solves my similar problem; I tried all the other solutions but only the following worked:
docker volume prune
At least one invalid signature was encountered
The error suggests that one of the files in /var/lib/apt/lists consist at least one invalid/corrupted signature (could be the result of apt-key misuse or something else).
Try to run Apt update with the debug messages:
apt-get -oDebug::pkgAcquire::Worker=1 update
which should point you to the corrupted file, e.g.
0% [Working] <- gpgv:400%20URI%20Failure%0aMessage:%20At%20least%20one%20invalid%20signature%20was%20encountered.%0aURI:%20gpgv:/var/lib/apt/lists/partial/CorruptedFile_InRelease
Edit the file, find and remove the corrupted parts, or remove the whole file, so it can be recreated.
# multiarch preparation
apt-get update
apt-get -y install apt-transport-https ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get -y install qemu binfmt-support qemu-user-static docker-ce byobu make
export DOCKER_CLI_EXPERIMENTAL=enabled
#build image
docker run  -i --rm -v $WORKPLACE:/data $BASEIMG /bin/bash  << EOF
export DEBIAN_FRONTEND="noninteractive" 
apt-get -y update
apt-get -y install debootstrap
debootstrap --verbose --include=iputils-ping --arch $PLATFORM $RELEASE /data/$RELEASE-$PLATFORM $REPO
chroot /data/$RELEASE-$PLATFORM/ /bin/bash << SEOF 
export DEBIAN_FRONTEND="noninteractive"
apt-get -y update
apt-get -y upgrade
apt-get -y clean
rm -R /data/$RELEASE-$PLATFORM/debootstrap
cd $WORKPLACE/$RELEASE-$PLATFORM
tar cpf - . | docker import - $TAG:$RELEASE-$PLATFORM --platform $PLATFORM
docker save $TAG:$RELEASE-$PLATFORM  > debian-$RELEASE-$PLATFORM.tar
You can load later in the arm host with
cat debian-$RELEASE-$PLATFORM.tar |docker load
        
Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.