Rasbianに入れたDockerのUbuntuコンテナでapt updateが実行できない

環境

  • Raspberry Pi 4 Model B
  • Raspbian 10 (buster)
$ docker version
Client: Docker Engine - Community
 Version:           19.03.12
 API version:       1.40
 Go version:        go1.13.10
 Git commit:        48a6621
 Built:             Mon Jun 22 15:53:41 2020
 OS/Arch:           linux/arm
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.12
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.10
  Git commit:       48a6621
  Built:            Mon Jun 22 15:47:34 2020
  OS/Arch:          linux/arm
  Experimental:     false
 containerd:
  Version:          1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

現象

Ubuntuコンテナ内で apt update を実行すると失敗する

$ docker run --rm -it ubuntu:20.04
root@62face368d2c:/# apt update
Get:1 http://ports.ubuntu.com/ubuntu-ports focal InRelease [265 kB]
Get:2 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease [111 kB]
Err:1 http://ports.ubuntu.com/ubuntu-ports focal InRelease
  At least one invalid signature was encountered.
Err:2 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease
  At least one invalid signature was encountered.
Get:3 http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease [98.3 kB]
Err:3 http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease
  At least one invalid signature was encountered.
Get:4 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease [107 kB]
Err:4 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease
  At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal-security InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

原因

時刻同期が取れていなかった

root@d1c291273b66:/# yes date | head -10 | bash
Thu Feb 19 23:52:27 UTC 1970
Fri Feb 20 18:04:43 UTC 1970
Mon Feb 23 02:58:03 UTC 1970
Sun Mar  1 09:09:15 UTC 1970
Thu Feb 26 18:34:35 UTC 1970
Sun Feb 22 13:18:51 UTC 1970
Mon Feb 23 07:31:07 UTC 1970
Thu Feb 19 02:15:23 UTC 1970
Sun Feb 22 16:43:39 UTC 1970
Thu Feb 19 20:27:39 UTC 197

[追記:2020/08/09 00:48]Raspberry Piにはハードウェアクロック(RTC)がない。このためシステムクロックからホストの時刻を得る必要があるが、特権モードでないと取得ができないようだ。

$ hwclock -vs
hwclock from util-linux 2.33.1
System Time: 1596901673.743840
Trying to open: /dev/rtc0
Trying to open: /dev/rtc
Trying to open: /dev/misc/rtc
No usable clock interface found.
hwclock: Cannot access the Hardware Clock via any known method.

$ timedatectl
               Local time: Sat 2020-08-08 16:48:06 BST
           Universal time: Sat 2020-08-08 15:48:06 UTC
                 RTC time: n/a
                Time zone: Europe/London (BST, +0100)
System clock synchronized: yes
              NTP service: inactive
          RTC in local TZ: no

対策

[暫定]特権モードでコンテナを起動する

$ docker run --rm -it --privileged ubuntu:20.04

[本質]Raspberry PiにRTCモジュールを搭載する(追記:2020/08/09 00:48)

まとめ

docker buildにどうして特権モードがないんですか!!
armhfのイメージをビルドするために時刻が欲しいだけなんです!!!

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です