Atleast one invalid signature was encountered

Saranya Gupta picture Saranya Gupta · Jun 19, 2020 · Viewed 8.2k times · Source

I am trying to build and deploy microservices images to a single-node Kubernetes cluster running on my development machine using minikube. I am using the cloud-native microservices demo application Online Boutique by Google to understand the use of technologies like Kubernetes, Istio etc.

Link to github repo: microservices-demo

While following the installation process, and on running command skaffold run to build and deploy my application, I get some errors:

Step 10/11 : RUN apt-get -qq update     && apt-get install -y --no-install-recommends         curl
 ---> Running in 43d61232617c
W: GPG error: http://deb.debian.org/debian buster InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian buster InRelease' is not signed.
W: GPG error: http://deb.debian.org/debian buster-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian buster-updates InRelease' is not signed.
W: GPG error: http://security.debian.org/debian-security buster/updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://security.debian.org/debian-security buster/updates InRelease' is not signed.
failed to build: couldn't build "loadgenerator": unable to stream build output: The command '/bin/sh -c apt-get -qq update     && apt-get install -y --no-install-recommends         curl' returned a non-zero code: 100

I receive these errors when trying to build loadgenerator. How can I resolve this issue?

Answer

Wytrzymały Wiktor picture Wytrzymały Wiktor · Jun 22, 2020

There are a few reasons why you encounter these errors:

  1. There might be an issue with the existing cache and/or disc space. In order to fix it you need to clear the APT cache by executing: sudo apt-get clean and sudo apt-get update.

  2. The same goes with existing docker images. Execute: docker image prune -f and docker container prune -f in order to remove unused data and free disc space.

  3. If you don't care about the security risks, you can try to run the apt-get command with the --allow-unauthenticated or --allow-insecure-repositories flag. According to the docs:

Ignore if packages can't be authenticated and don't prompt about it. This can be useful while working with local repositories, but is a huge security risk if data authenticity isn't ensured in another way by the user itself.

Please let me know if that helped.