I am attempting to run a Dockerfile for a multistage image I cloned from github. The Dockerfile reads:
FROM openjdk:9-jdk-slim AS build
COPY certificates /usr/local/share/ca-certificates/certificates
RUN apt-get update && apt-get install --no-install-recommends -y -qq ca-certificates-java && \
apt-update ca-certificates --verbose
FROM openjdk:9-jre-slim
COPY --from=build /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts
RUN groupadd --gid 1000 java && \
useradd --uid 1000 --gid java --shell /bin/bash --create-home java && \
chmod -R a w /home/java
WORKDIR /home/java
USER java
When I attempt to run it with the command:
docker image build . -t layers:5
I get the following response:
executor failed running [/bin/sh -c apt-get update && apt-get install --no-install-recommends -y -qq ca-certificates-java && update-ca-certificates --verbose]: exit code: 100
I have tried solving this by removing '-y' and attaching 'apt-' to 'update-ca-certificates' and removing the dash between 'ca' and 'certificates', but none of them have worked. I'm unsure how to tackle this; your help would be most appreciated.
CodePudding user response:
The base image, openjdk:9-jdk-slim
, is an older image based on Debian Buster.
The apt-get update
is the cause of the issue because of no public key existing.
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9
Normally, you'd import the key and be on your way. However, use of the image is not recommended because the Debian version is Debian GNU/Linux buster/sid
. The Debian release docs say: "The unstable distribution is always called sid." You'd be better off upgrading to a stable version of Debian like an image built more recently for a newer version of Java.
Another option, that could cause more problems is to copy /etc/apt/trusted.gpg.d
from a newer Buster release like buster-20221205-slim
and then run your commands.