(devcontainer): Dockerfile error Correto GPG key

[phuhung273]

Describe the bug

Open in DevContainer results in error:

GPG error: https://apt.corretto.aws stable InRelease: The following signatures were invalid: EXPKEYSIG A122542AB04F24E3 Amazon Services LLC (Amazon Corretto release) <corretto-team@amazon.com>

Regression Issue

• Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

Able to open in DevContainer

Current Behavior

DevContainer build fail

Reproduction Steps

Open in DevContainer

Possible Solution

Do like this corretto/corretto-21#83

sudo apt-key del A122542AB04F24E3 && sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys A122542AB04F24E3

Additional Information/Context

No response

CDK CLI Version

main

Framework Version

No response

Node.js Version

v20.18.0

OS

Dev container

Language

TypeScript

Language Version

No response

Other information

Corretto PGP Key Renewal Announcement corretto/corretto-21#83

[pahud]

Are you using the .devcontainer configuration from the repository?
https://github.com/aws/aws-cdk/tree/main/.devcontainer

[pahud]

Yes I can reproduce this error.

2.319 W: https://deb.nodesource.com/node_20.x/dists/nodistro/InRelease:
[2024-12-09T16:41:39.249Z]  Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
2.319 W: https://apt.corretto.aws/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
2.319 W: GPG error: https://apt.corretto.aws stable InRelease: The following signatures were invalid: EXPKEYSIG A122542AB04F24E3 Amazon Services LLC (Amazon Corretto release) <corretto-team@amazon.com>
2.319 E: The repository 'https://apt.corretto.aws stable InRelease' is not signed.
2.319 W: https://download.docker.com/linux/debian/dists/bookworm/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
2.319 W: https://dl.yarnpkg.com/debian/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
2.319 W: https://download.mono-project.com/
[2024-12-09T16:41:39.249Z] repo/debian/dists/stable-buster/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
2.319 ERROR: Feature "Docker (Docker-in-Docker)" (docker-in-docker) failed to install! Look at the documentation at https://github.com/devcontainers/features/tree/main/src/docker-in-docker for help troubleshooting this error.
------
[2024-12-09T16:41:39.249Z] Dockerfile-with-features:44
--------------------
  43 |     ENV DOCKER_BUILDKIT="1"
  44 | >>> RUN --mount=type=bind,from=dev_containers_feature_content_source,source=docker-in-docker_0,target=/tmp/build-features-src/docker-in-docker_0 \
  45 | >>>     cp -ar /tmp/build-features-src/docker-in-docker_0 /tmp/dev-container-features \
  46 | >>>  && chmod -R 0755 /tmp/dev-container-features/docker-in-docker_0 \
[2024-12-09T16:41:39.249Z]   47 | >>>  && cd /tmp/dev-container-features/docker-in-docker_0 \
  48 | >>>  && chmod +x ./devcontainer-features-install.sh \
  49 | >>>  && ./devcontainer-features-install.sh \
  50 | >>>  && rm -rf /tmp/dev-container-features/docker-in-docker_0
  51 |     

[pahud]

Making this a p1 as it's been blocking devcontainer users.

[mrgrain]

Hey, we have released a fix for this a few days ago and I cannot reproduce this error.

Can please you check you have the latest version of the image?

Expected digest is sha256:810d5bf8603a9a0719d3d396f1624a9060245946f234e634f6169bdc3b718d56

docker image ls --digests jsii/superchain:1-bookworm-slim-node20

[pahud]

Thank you @mrgrain I just noticed I was using stale image.

% docker image ls --digests jsii/superchain:1-bookworm-slim-node20
REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE
jsii/superchain 1-bookworm-slim-node20 26c9fd3cfbef 3 months ago 4.63GB

Just docker rmi all jsii relevant local images and reopened the dev container. The issue is gone but I am still having

docker-in-docker issue, which is not relevant to this issue and I am not sure if it's related to my local environment.

4.728 Docker / Moby CLI and Engine already inst
[2024-12-09T18:34:12.771Z] alled.
4.728 Finished installing docker / moby!
4.804 creating virtual environment...
4.825 creating shared libraries...
6.869 upgrading shared libraries...
8.205 installing docker-compose...
11.29 Fatal error from pip prevented installation. Full pip output in file:
11.29     /usr/local/pipx/logs/cmd_2024-12-09_18.34.06_pip_errors.log
11.29 
11.29 pip seemed to fail to build package:
11.29     PyYAML<6,>=3.10
11.29 
11.29 Some possibly relevant errors from pip install:
11.29     error: subprocess-exited-with-error
11.29     AttributeError: cython_sources
11.29 Error installing docker-compose.
11.29 
11.31 ERROR: Feature "Docker (Docker-in-Docker)" (docker-in-docker) failed to install! Look at the documentation at https://github.com/devcontainers/features/tree/main/src/docker-in-docker for help troubleshooting this error.
------

[phuhung273]

Confirm latest image fixed the issue. Thanks team

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.