Gitlab registry pipeline error on python:3.7 image : The following signatures couldn't be verified because the public key is not available

Question

Description

I am currently trying to automate the process of docker registry using the gitlab ci, but i'm facing issues with the update of packages on the container inside the registry. Everything works fine running locally on docker, the build and run process, but when pushing to the pipeline ci, it breaks.

Error

Here is the error message:

Step 3/15 : RUN apt-get update -y &&     apt-get -qq -y install default-jdk ant git
 ---> Running in 3bd8eda5a481
Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Err:1 http://deb.debian.org/debian bookworm InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481

The error repeats for other public keys

Code

Here is my DockerFile:

FROM python:3.7
 
ENV TZ=America/Sao_Paulo
 
RUN apt-get update -y && \
    apt-get -qq -y install default-jdk ant git

# Clonar o repositório do Mallet
RUN git clone https://github.com/mimno/Mallet.git /mallet

# Entra no diretório do repositório
WORKDIR /mallet

# Executa o comando "ant" para compilar o Mallet
RUN ant

...

And here my pipeline ci configuration:

.build_image:
  image: docker:stable
  services:
    - docker:stable-dind
  before_script:
    - docker login
        -u $CI_REGISTRY_USER
        -p $CI_REGISTRY_PASSWORD
        registry.gitlab.com
  script:
    - docker build $BUILD_CONTEXT
        --file $BUILD_FILE
        --tag $TAG
        --build-arg CI_COMMIT_TAG=$CI_COMMIT_TAG
        $EXTRA_ARGS
  after_script:
    - docker push $TAG

What i've tried

• changing the package manager to apt-get
• Changing the python version
  • Curiously on python:3.6 works fine. I need at least python 3.7 because of a dependency
• some add-key commands (not really sure if i've use it right)

If anyone can help it would be really nice, i've found other forums where other people had similar problems

Answer 1

I've solved the problem changing the python image to a debian 11 based image. I can't understand why, but for some reason on docker:stable image when i try do build python:3.8 (which is based on debia-12(bookworm)) it raises the public key errors.

The public key errors can be solved directly on container build, i'm leaving some related questions about it, but the fastest way i've solved was changing the base image to python:3.8-bullseye

Hope it can help

public keys problem links

• GPG error: https://apt.releases.hashicorp.com bionic InRelease: The following signatures couldn't be verified because the public key is not available