環境
- Raspberry Pi 4 Model B
- Raspbian 10 (buster)
$ docker version
Client: Docker Engine - Community
Version: 19.03.12
API version: 1.40
Go version: go1.13.10
Git commit: 48a6621
Built: Mon Jun 22 15:53:41 2020
OS/Arch: linux/arm
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.12
API version: 1.40 (minimum version 1.12)
Go version: go1.13.10
Git commit: 48a6621
Built: Mon Jun 22 15:47:34 2020
OS/Arch: linux/arm
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
現象
Ubuntuコンテナ内で apt update
を実行すると失敗する
$ docker run --rm -it ubuntu:20.04
root@62face368d2c:/# apt update
Get:1 http://ports.ubuntu.com/ubuntu-ports focal InRelease [265 kB]
Get:2 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease [111 kB]
Err:1 http://ports.ubuntu.com/ubuntu-ports focal InRelease
At least one invalid signature was encountered.
Err:2 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease
At least one invalid signature was encountered.
Get:3 http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease [98.3 kB]
Err:3 http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease
At least one invalid signature was encountered.
Get:4 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease [107 kB]
Err:4 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease
At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal-security InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
原因
時刻同期が取れていなかった
root@d1c291273b66:/# yes date | head -10 | bash
Thu Feb 19 23:52:27 UTC 1970
Fri Feb 20 18:04:43 UTC 1970
Mon Feb 23 02:58:03 UTC 1970
Sun Mar 1 09:09:15 UTC 1970
Thu Feb 26 18:34:35 UTC 1970
Sun Feb 22 13:18:51 UTC 1970
Mon Feb 23 07:31:07 UTC 1970
Thu Feb 19 02:15:23 UTC 1970
Sun Feb 22 16:43:39 UTC 1970
Thu Feb 19 20:27:39 UTC 197
[追記:2020/08/09 00:48]Raspberry Piにはハードウェアクロック(RTC)がない。このためシステムクロックからホストの時刻を得る必要があるが、特権モードでないと取得ができないようだ。
$ hwclock -vs
hwclock from util-linux 2.33.1
System Time: 1596901673.743840
Trying to open: /dev/rtc0
Trying to open: /dev/rtc
Trying to open: /dev/misc/rtc
No usable clock interface found.
hwclock: Cannot access the Hardware Clock via any known method.
$ timedatectl
Local time: Sat 2020-08-08 16:48:06 BST
Universal time: Sat 2020-08-08 15:48:06 UTC
RTC time: n/a
Time zone: Europe/London (BST, +0100)
System clock synchronized: yes
NTP service: inactive
RTC in local TZ: no
対策
[暫定]特権モードでコンテナを起動する
$ docker run --rm -it --privileged ubuntu:20.04
[本質]Raspberry PiにRTCモジュールを搭載する(追記:2020/08/09 00:48)
まとめ
docker build
にどうして特権モードがないんですか!!
armhfのイメージをビルドするために時刻が欲しいだけなんです!!!