前提
以下のような、Dockerfileとcompose.ymlを使った環境がある
Dockerfile
FROM php:7.2.11-apache
# Install MySQL Extention
RUN docker-php-ext-install mysqli pdo_mysql
# Install GD Extention
RUN apt update && apt install -y \
libfreetype6-dev \
libjpeg62-turbo-dev \
libpng-dev \
&& docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ \
&& docker-php-ext-install -j$(nproc) gd \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
compose.yml
services:
server:
build:
context: .
ports:
- 80:80
volumes:
- ./src:/var/www/html
db:
image: mysql:5.7
user: root
secrets:
- db-password
volumes:
- db-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db-password
- MYSQL_DATABASE=example
ports:
- 3306:3306
volumes:
db-data:
secrets:
db-password:
file: password.txt
ディレクトリ構成
$ tree
.
├── Dockerfile
├── compose.yml
├── password.txt
└── src
└── index.php
状況
docker compose buildをすると
$ docker compose build
[+] Building 15.2s (6/6) FINISHED docker:default
=> [server internal] load build definition from Dockerfile 0.3s
=> => transferring dockerfile: 411B 0.0s
=> [server internal] load .dockerignore 0.2s
=> => transferring context: 2B 0.0s
=> [server internal] load metadata for docker.io/library/php:7.2.11-apache 0.0s
=> [server 1/3] FROM docker.io/library/php:7.2.11-apache 0.0s
=> CACHED [server 2/3] RUN docker-php-ext-install mysqli pdo_mysql 0.0s
=> ERROR [server 3/3] RUN apt-get update && apt-get install -y libfreetype6-dev libjpeg62-turbo-dev libpng-dev && docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr 13.6s
------
> [server 3/3] RUN apt-get update && apt-get install -y libfreetype6-dev libjpeg62-turbo-dev libpng-dev && docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ && docker-php-ext-install -j$(nproc) gd:
1.330 Ign:1 http://security.debian.org/debian-security stretch/updates InRelease
1.589 Ign:2 http://deb.debian.org/debian stretch InRelease
:
:
:
3.902 Err:8 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
3.902 404 Not Found [IP: 151.101.194.132 80]
:
:
:
11.67 Err:16 http://deb.debian.org/debian stretch/main amd64 Packages
11.67 404 Not Found
:
12.54 Err:18 http://deb.debian.org/debian stretch-updates/main amd64 Packages
12.54 404 Not Found
12.55 Fetched 8706 kB in 11s (772 kB/s)
12.55 Reading package lists...
13.01 W: The repository 'http://security.debian.org/debian-security stretch/updates Release' does not have a Release file.
13.01 W: GPG error: http://security.debian.org/debian-security buster/updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 112695A0E562B32A NO_PUBKEY 54404762BBB6E853
13.01 W: The repository 'http://security.debian.org/debian-security buster/updates InRelease' is not signed.
13.01 W: GPG error: http://deb.debian.org/debian buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY DCC9EFBF77E11517
13.01 W: The repository 'http://deb.debian.org/debian buster InRelease' is not signed.
13.01 W: GPG error: http://deb.debian.org/debian buster-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9
13.01 W: The repository 'http://deb.debian.org/debian buster-updates InRelease' is not signed.
13.01 W: The repository 'http://deb.debian.org/debian stretch Release' does not have a Release file.
13.01 W: The repository 'http://deb.debian.org/debian stretch-updates Release' does not have a Release file.
13.01 E: Failed to fetch http://security.debian.org/debian-security/dists/stretch/updates/main/binary-amd64/Packages 404 Not Found [IP: 151.101.194.132 80]
13.01 E: Failed to fetch http://deb.debian.org/debian/dists/stretch/main/binary-amd64/Packages 404 Not Found
13.01 E: Failed to fetch http://deb.debian.org/debian/dists/stretch-updates/main/binary-amd64/Packages 404 Not Found
13.01 E: Some index files failed to download. They have been ignored, or old ones used instead.
------
failed to solve: process "/bin/sh -c apt-get update && apt-get install -y libfreetype6-dev libjpeg62-turbo-dev libpng-dev && docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ && docker-php-ext-install -j$(nproc) gd" did not complete successfully: exit code: 100
エラー内容から http://deb.debian.org/debian にアクセスすると、dists以下にstretchが見つからない。
【Debianサポート終了】Google Cloud RunにDockerfileを使ってデプロイしようとしたらエラーが出た によると、Debian 9.0(stretch)のサポートが2022年6月30日で終了したため、パッケージリポジトリは http://archive.debian.org に移動したとのこと。
そのため、Dockerfile内でapt updateをすると、エラーとなってしまっていた。
そこで、PHPイメージ内の/etc/apt/source.listにあるURLを書き換える。
対応
書き換え前
# cat /etc/apt/sources.list
deb http://deb.debian.org/debian stretch main
deb http://security.debian.org/debian-security stretch/updates main
deb http://deb.debian.org/debian stretch-updates main
http://deb.debian.org , http://security.debian.org を http://archive.debian.org に変更する。 また、スイートのstretch-updatesはなくなったため削除する。
sed -i -e 's#deb.debian.org#archive.debian.org#' -e 's#security.debian.org#archive.debian.org#' -e '/stretch-updates/d' /etc/apt/sources.list
この状態でapt udpate
を実行すると、/etc/apt/sources.list.d/buster.list
で NO_PUBKEY エラーが発生する。
# apt update
Get:1 http://deb.debian.org/debian buster InRelease [122 kB]
Err:1 http://deb.debian.org/debian buster InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY DCC9EFBF77E11517
Get:2 http://deb.debian.org/debian buster-updates InRelease [56.6 kB]
Err:2 http://deb.debian.org/debian buster-updates InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9
Get:3 http://security.debian.org/debian-security buster/updates InRelease [34.8 kB]
Err:3 http://security.debian.org/debian-security buster/updates InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 112695A0E562B32A NO_PUBKEY 54404762BBB6E853
Ign:4 http://archive.debian.org/debian stretch InRelease
Get:5 http://archive.debian.org/debian-security stretch/updates InRelease [59.1 kB]
Get:6 http://archive.debian.org/debian stretch Release [118 kB]
Get:7 http://archive.debian.org/debian stretch Release.gpg [3177 B]
Get:8 http://archive.debian.org/debian-security stretch/updates/main amd64 Packages [782 kB]
Get:9 http://archive.debian.org/debian stretch/main amd64 Packages [7080 kB]
Reading package lists... Done
W: GPG error: http://deb.debian.org/debian buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY DCC9EFBF77E11517
E: The repository 'http://deb.debian.org/debian buster InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian buster-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9
E: The repository 'http://deb.debian.org/debian buster-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://security.debian.org/debian-security buster/updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 112695A0E562B32A NO_PUBKEY 54404762BBB6E853
E: The repository 'http://security.debian.org/debian-security buster/updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
/etc/apt/sources.list.d/buster.list
を削除しても今回の場合問題ないが、そのままにしておく場合、debian-archive-keyring
をインストールする
# apt update
# apt install -y debian-archive-keyring
apt update
もすべて成功する
# apt update
Get:1 http://security.debian.org/debian-security buster/updates InRelease [34.8 kB]
:
:
:
Reading package lists... Done
Building dependency tree
Reading state information... Done
71 packages can be upgraded. Run 'apt list --upgradable' to see them.
最終的なDockerfileは
/etc/apt/sources.list.d/buster.list
をなくした場合
@@ -1,5 +1,8 @@
FROM php:7.2.11-apache
+RUN sed -i -e 's#deb.debian.org#archive.debian.org#' -e 's#security.debian.org#archive.debian.org#' -e '/stretch-updates/d' /etc/apt/sources.list \
+ && rm /etc/apt/sources.list.d/buster.list
+
# Install MySQL Extention
RUN docker-php-ext-install mysqli pdo_mysql
/etc/apt/sources.list.d/buster.list
を残す場合
@@ -1,5 +1,13 @@
FROM php:7.2.11-apache
+RUN sed -i -e 's#deb.debian.org#archive.debian.org#' -e 's#security.debian.org#archive.debian.org#' -e '/stretch-updates/d' /etc/apt/sources.list \
+ && mv /etc/apt/sources.list.d/buster.list /etc/apt/sources.list.d/buster.list.disabled \
+ && apt update \
+ && apt install -y debian-archive-keyring \
+ && mv /etc/apt/sources.list.d/buster.list.disabled /etc/apt/sources.list.d/buster.list \
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/*
+
# Install MySQL Extention
RUN docker-php-ext-install mysqli pdo_mysql
debian stretchを使っていることを明確にするためにベースイメージをphp:7.2.11-apache-stretch
変更しても可能でした
参考
- 【ロボット】WebフロントエンジニアがDebianのOSアプデに対応して苦労した話【備忘録】 #Linux – Qiita
- The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY AA8E81B4331F7F50 NO_PUBKEY 112695A0E562B32A – Plugins – openmediavault
- docker build時にapt-get updateでPackages Not Found #Debian – Qiita
- apt – Security repo for Debian stretch not working anymore – Unix & Linux Stack Exchange
- Debian9 “stretch” はサポートを終了しました。そのうちパッケージも取得できなくなるよ #Debian – Qiita
- php:8.2-fpmのdocker imageでapt-getしたらエラーが出まくった #PHP – Qiita
- Debian apt update GPG error #Docker – Qiita