As another data point, I've tried the following:
$ docker run -it debian apt update
$ docker run -it debian:bullseye apt update
$ docker run -it debian@sha256:c141beaa9e0767774221cc82efe3a6712a1cc4f75d2699334dfd9a28a6f7357b apt update
And these all complete successfully:
❯ docker run -it
debian@sha256:c141beaa9e0767774221cc82efe3a6712a1cc4f75d2699334dfd9a28a6f7357b
apt update
Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]
Get:2 http://deb.debian.org/debian-security bullseye-security
InRelease [48.4 kB]
Get:3 http://deb.debian.org/debian bullseye-updates InRelease
[44.1 kB]
Get:4 http://deb.debian.org/debian bullseye/main amd64 Packages
[8062 kB]
Get:5 http://deb.debian.org/debian-security bullseye-security/main
amd64 Packages [256 kB]
Get:6 http://deb.debian.org/debian bullseye-updates/main amd64
Packages [17.4 kB]
Fetched 8544 kB in 2s (4269 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
So this would rule out an issue with the docker image. Instead,
the only difference would be which mirror you pulled from.
https://deb.debian.org/ is the mirror service provided by Fastly.
Fetching URLs on deb.debian.org will transparently redirect you to
a mirror close to you.
Now, it's possible that the mirror was in the process of updating. It's also (less likely) possible that someone tampered with the mirror (and so the failing signatures did exactly what they're supposed to do, prevent you downloading malicious software).
Unfortunately, unless you can identify which mirror you were
directed to, it will be difficult for you to know who to notify.
Hello,
since yesterday (2023-10-25) I received an error during the apt update command:
docker run -it debian:bullseye /bin/bash
Unable to find image 'debian:bullseye' locally
bullseye: Pulling from library/debian
69b3efbf67c2: Pull complete
Digest: sha256:c141beaa9e0767774221cc82efe3a6712a1cc4f75d2699334dfd9a28a6f7357b
Status: Downloaded newer image for debian:bullseye
root@eb335ad71846:/# apt-get update
Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]
Get:2 http://deb.debian.org/debian-security bullseye-security InRelease [48.4 kB]
Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
Err:1 http://deb.debian.org/debian bullseye InRelease
At least one invalid signature was encountered.
Err:2 http://deb.debian.org/debian-security bullseye-security InRelease
At least one invalid signature was encountered.
Err:3 http://deb.debian.org/debian bullseye-updates InRelease
At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://deb.debian.org/debian bullseye InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian bullseye InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian-security bullseye-security InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian-security bullseye-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian bullseye-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian bullseye-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.Where I should send this problem?
Regards
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature