Atleast one invalid signature was encountered

I am trying to build and deploy microservices images to a single-node Kubernetes cluster running on my development machine using minikube. I am using the cloud-native microservices demo application Online Boutique by Google to understand the use of technologies like Kubernetes, Istio etc.

Link to github repo: microservices-demo

While following the installation process, and on running command skaffold run to build and deploy my application, I get some errors:

Step 10/11 : RUN apt-get -qq update     && apt-get install -y --no-install-recommends         curl
 ---> Running in 43d61232617c
W: GPG error: http://deb.debian.org/debian buster InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian buster InRelease' is not signed.
W: GPG error: http://deb.debian.org/debian buster-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian buster-updates InRelease' is not signed.
W: GPG error: http://security.debian.org/debian-security buster/updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://security.debian.org/debian-security buster/updates InRelease' is not signed.
failed to build: couldn't build "loadgenerator": unable to stream build output: The command '/bin/sh -c apt-get -qq update     && apt-get install -y --no-install-recommends         curl' returned a non-zero code: 100

I receive these errors when trying to build loadgenerator. How can I resolve this issue?

There are a few reasons why you encounter these errors:

1. There might be an issue with the existing cache and/or disc space. In order to fix it you need to clear the APT cache by executing: sudo apt-get clean and sudo apt-get update.

2. The same goes with existing docker images. Execute: docker image prune -f and docker container prune -f in order to remove unused data and free disc space.

3. If you don't care about the security risks, you can try to run the apt-get command with the --allow-unauthenticated or --allow-insecure-repositories flag. According to the docs:

> Ignore if packages can't be authenticated and don't prompt about it. > This can be useful while working with local repositories, but is a > huge security risk if data authenticity isn't ensured in another way > by the user itself.

Please let me know if that helped.

I had this same issue and none of the previous responses saying to prune images or containers worked. The reason was that my Docker Build Cache was taking up the bulk of the space. Running the below command fixed the issue:

docker system prune

You can then check to see if it worked by running:

docker system df

UPDATE:

The above command will clear the whole Docker system. If you want to clear only the build cache, you can do it with the below command (credit to saraf.gahl):

docker builder prune

The reason I usually see this is because docker has run out of disk space, which is frustrating because the error gives little indication that this is the problem. First try cleaning up images and containers you don't need using the prune command https://docs.docker.com/config/pruning/.

$ docker image prune 
$ docker container prune 

If you have a lot of images accumulated and want to remove all of them that aren't associated with an existing container try:

$ docker image prune -a 

Or you can remove only older images:

$ docker image prune -a --filter "until=24h"

Finally, on MacOS, where Docker runs inside a dedicated VM, you may need to increase the disk available to Docker from the Docker Desktop application (Settings -> Resources -> Advanced -> Disk image size).

I think that is related to some LSM component of the docker official image (in this case armhf) and exec/capabilities permissions. In this simple case sid flavour is unable to handle time corectly. And this related to the certificate check, is the cause of invalid signature. It happends too in ubuntu focal.

# docker run -it debian:buster /bin/date
Sun Nov 15 11:30:44 UTC 2020
# docker run -it debian:sid /bin/date 
Thu Jan  1 00:00:00 UTC 1970

I had the same problem. It looks like it was lack of space. I've removed old images and it started to work.

$ docker images

Select the ones you don't care anymore (to delete).

$ docker rmi <image_id>

@Jack Kawell got it right.

docker builder prune

This command does the trick. Beware of the command "docker system prune" as this would delete all your images (very destructive). The builder prune only deletes the build cache that is where your have all your previous (cached) builds steps.

None of these worked for me. This command did the trick though:

docker volume prune

Literally had 249GB worth of volumes that I was able to reclaim.

I tried a few of the above answers, and none of them worked for me. The real trigger was when I used --allow-unauthenticated and --allow-insecure-repositories from @Wytrzymały Wiktor's answer, and I got a notification showing

tar: ./conffiles: Cannot utime: Operation not permitted
tar: ./control: Cannot utime: Operation not permitted
tar: ./md5sums: Cannot utime: Operation not permitted
tar: ./postinst: Cannot utime: Operation not permitted
tar: .: Cannot utime: Operation not permitted
tar: Exiting with failure status due to previous errors

This lead me down a route where I found this post which suggested that the issue may be where libseccomp2 was outdated.

The fix there was to do:

# Get signing keys to verify the new packages, otherwise they will not install
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138

# Add the Buster backport repository to apt sources.list
echo 'deb http://httpredir.debian.org/debian buster-backports main contrib non-free' | sudo tee -a /etc/apt/sources.list.d/debian-backports.list

sudo apt update ; sudo apt install libseccomp2 -t buster-backports

Note that this assumes that you're using Raspbian and a version of docker after 19.04

Make your own sid image in x64

# variables
$WORKPLACE=/space_change_me
$BASEIMG=debian:buster
$TAG=my/debian
$RELEASE=sid
$PLATFORM=arm

# multiarch preparation
apt-get update
apt-get -y install apt-transport-https ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get -y install qemu binfmt-support qemu-user-static docker-ce byobu make
export DOCKER_CLI_EXPERIMENTAL=enabled

#build image
docker run  -i --rm -v $WORKPLACE:/data $BASEIMG /bin/bash  << EOF
export DEBIAN_FRONTEND="noninteractive" 
apt-get -y update
apt-get -y install debootstrap
debootstrap --verbose --include=iputils-ping --arch $PLATFORM $RELEASE /data/$RELEASE-$PLATFORM $REPO
chroot /data/$RELEASE-$PLATFORM/ /bin/bash << SEOF 
export DEBIAN_FRONTEND="noninteractive"
apt-get -y update
apt-get -y upgrade
apt-get -y clean
SEOF
rm -R /data/$RELEASE-$PLATFORM/debootstrap
EOF

cd $WORKPLACE/$RELEASE-$PLATFORM
tar cpf - . | docker import - $TAG:$RELEASE-$PLATFORM --platform $PLATFORM
docker save $TAG:$RELEASE-$PLATFORM  > debian-$RELEASE-$PLATFORM.tar

You can load later in the arm host with

cat debian-$RELEASE-$PLATFORM.tar |docker load

> At least one invalid signature was encountered

The error suggests that one of the files in /var/lib/apt/lists consist at least one invalid/corrupted signature (could be the result of apt-key misuse or something else).

Try to run Apt update with the debug messages:

apt-get -oDebug::pkgAcquire::Worker=1 update

which should point you to the corrupted file, e.g.

> 0% [Working] <- gpgv:400%20URI%20Failure%0aMessage:%20At%20least%20one%20invalid%20signature%20was%20encountered.%0aURI:%20gpgv:/var/lib/apt/lists/partial/CorruptedFile_InRelease

Edit the file, find and remove the corrupted parts, or remove the whole file, so it can be recreated.