更新解决方案
我必须从 centos extras 存储库安装 docker-engine。步骤如下:
首先,删除docker
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
然后添加 docker-ce repo:
sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
然后安装docker-ce
sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin
终于开始docker-ce
sudo systemctl start docker
首先让我说明一下关于更新 PUBKEY 的问题(如何修复 GPG 错误“NO_PUBKEY”?) 并不能解决这个问题,正如我下面提到的。
以下是我的流程:
docker run --rm -it ubuntu:22.04 bash -l
这将下载 ubuntu 22.04 映像、启动容器并将我放入 root shell。对于我尝试过的任何主机操作系统(MacOS、CentOS、Amazon Linux),此过程都是相同的。
下一个命令在 root shell 中运行,适用于 MacOS 和 Amazon Linux,但不适用于 Cent OS 主机:
apt update
在 CentOS 主机上,我得到以下信息:
root@b40f3c9766e7:/# apt update
Get:1 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
Err:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Get:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [109 kB]
Err:2 http://archive.ubuntu.com/ubuntu jammy InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Err:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Get:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [90.7 kB]
Err:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Reading package lists... Done
W: http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://security.ubuntu.com/ubuntu jammy-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://security.ubuntu.com/ubuntu jammy-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-backports InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Problem executing scripts APT::Update::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
E: Sub-process returned an error code
我尝试使用以下说明添加 PUBKEY:如何修复 GPG 错误“NO_PUBKEY”?但我收到此错误:
E: gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation
由于我无法使用,因此我无法安装其中任何一个apt
,那么如何解决这种情况呢?
有人知道为什么这在 MacOS 和 Amazon Linux 上运行良好但在 CentOS 上却不行吗?
此外,这在 Ubuntu 18.04 和 Ubuntu 20.04 上也有效。它仅在 22.04 上失败。
答案1
编辑:仔细查看之后,我意识到我在这里所做的只是在@extras 中使用 yum 提供的默认 docker 版本。
我删除了这些:
Removing:
docker x86_64 2:1.13.1-209.git7d71120.el7.centos @extras 64 M
docker-client x86_64 2:1.13.1-209.git7d71120.el7.centos @extras 13 M
docker-common x86_64 2:1.13.1-209.git7d71120.el7.centos @extras 4.4 k
然后我从docker安装了正确的方法https://docs.docker.com/engine/install/centos/
这个问题现在已经完全解决了。下面是我最初对此的深入研究,以便您可以看到我研究这个问题的过程。
无论出于什么原因,我在基于 CentOS 7 的 Docker 容器上也看到了同样的情况,这些容器几乎运行着每个公共 Ubuntu 镜像。我刚刚浏览了各个版本,这表明在执行此例程时,Docker 和 CentOS 7 之间存在一些较低级别的问题/错误。我真的不知道是什么。仍在挖掘。
W: http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key
这是有问题的一行。 _apt 存在于我看到的所有系统上,尽管用户 ID 往往不同。
系统损坏:
root@69a789b8893e:/# grep _apt /etc/passwd /etc/shadow /etc/group
/etc/passwd:_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
工作本机系统:
_apt:x:105:65534::/nonexistent:/usr/sbin/nologin
GID 总是常见的 65534,所以这是有道理的。这里不正确的是,实际上每个文件和目录的权限和所有权都是正确的。0755 始终是 /etc/apt 中的默认值。
root@69a789b8893e:/# find /etc/apt -type d -ls
1464065 0 drwxr-xr-x 8 root root 143 Apr 28 12:01 /etc/apt
68555287 0 drwxr-xr-x 2 root root 213 Apr 28 12:04 /etc/apt/apt.conf.d
135370920 0 drwxr-xr-x 2 root root 6 Apr 8 10:22 /etc/apt/auth.conf.d
202835524 0 drwxr-xr-x 2 root root 6 Apr 8 10:22 /etc/apt/keyrings
1467146 0 drwxr-xr-x 2 root root 6 Apr 8 10:22 /etc/apt/preferences.d
68562845 0 drwxr-xr-x 2 root root 6 Apr 8 10:22 /etc/apt/sources.list.d
135370943 0 drwxr-xr-x 2 root root 84 Apr 28 12:04 /etc/apt/trusted.gpg.d
我会继续寻找。
答案2
我确实也遇到了这个问题,但注意到在使用选项 --privileged 启动容器时 apt-get 可以正常工作。看起来问题是由于密钥环故障造成的。如果apt-ket list
不使用 --privileged 选项运行,也无法正常工作。但是,docker build 不支持此选项,因此我还必须切换到建议的方法:https://docs.docker.com/engine/install/centos