I am attempting to run a Dockerfile for a multistage image I cloned from github. The Dockerfile reads:

FROM openjdk:9-jdk-slim AS build
COPY certificates /usr/local/share/ca-certificates/certificates
RUN apt-get update && apt-get install --no-install-recommends -y -qq ca-certificates-java && \ 
apt-update ca-certificates --verbose

FROM openjdk:9-jre-slim
COPY --from=build /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts
RUN groupadd --gid 1000 java && \
  useradd --uid 1000 --gid java --shell /bin/bash --create-home java && \
  chmod -R a w /home/java
WORKDIR /home/java
USER java

When I attempt to run it with the command:

docker image build . -t layers:5

I get the following response:

executor failed running [/bin/sh -c apt-get update && apt-get install --no-install-recommends -y -qq ca-certificates-java &&   update-ca-certificates --verbose]: exit code: 100

I have tried solving this by removing '-y' and attaching 'apt-' to 'update-ca-certificates' and removing the dash between 'ca' and 'certificates', but none of them have worked. I'm unsure how to tackle this; your help would be most appreciated.

CodePudding user response：

The base image, openjdk:9-jdk-slim, is an older image based on Debian Buster.

The apt-get update is the cause of the issue because of no public key existing.

  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9

Normally, you'd import the key and be on your way. However, use of the image is not recommended because the Debian version is Debian GNU/Linux buster/sid. The Debian release docs say: "The unstable distribution is always called sid." You'd be better off upgrading to a stable version of Debian like an image built more recently for a newer version of Java.

Another option, that could cause more problems is to copy /etc/apt/trusted.gpg.d from a newer Buster release like buster-20221205-slim and then run your commands.