I’m having to upgrade a docker container from a node:16-slim to a node:18-slim base. I’ve been having issues so have cut the dockerfile back to absolute basics, but still can’t get it to work when running through my gitlab pipeline.

This is the first (incredibly brief) dockerfile:

FROM node:18-slim

RUN apt-key adv --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys 0E98404D386FA1D9 && 
    apt-key adv --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys 6ED0E7B82643E131 && 
    apt-key adv --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys F8D2585B8783D481 && 
    apt-key adv --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys 54404762BBB6E853 && 
    apt-key adv --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys BDE6D2B9216EC7A8

This gives me the error “gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation”, so I try to add gnupg2 (I’ve also tried gnupg and gnupg1, out of interest, same issue):

FROM node:18-slim

RUN apt-get update && apt-get install -y gnupg2

RUN apt-key adv --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys 0E98404D386FA1D9 && 
    apt-key adv --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys 6ED0E7B82643E131 && 
    apt-key adv --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys F8D2585B8783D481 && 
    apt-key adv --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys 54404762BBB6E853 && 
    apt-key adv --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys BDE6D2B9216EC7A8

And now I get the issue that prompted me to add the keys in the first place:

> [2/3] RUN apt-get update && apt-get install -y gnupg2:
0.375   The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
0.377 Reading package lists...
0.385 W: GPG error: http://deb.debian.org/debian bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481
0.385 E: The repository 'http://deb.debian.org/debian bookworm InRelease' is not signed.
0.385 W: GPG error: http://deb.debian.org/debian bookworm-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
0.385 E: The repository 'http://deb.debian.org/debian bookworm-updates InRelease' is not signed.
0.385 W: GPG error: http://deb.debian.org/debian-security bookworm-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
0.385 E: The repository 'http://deb.debian.org/debian-security bookworm-security InRelease' is not signed.
0.385 E: Problem executing scripts APT::Update::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
0.386 E: Sub-process returned an error code

So it seems I need the public keys to do an apt-get update, but I need gnupg for that, and to install that, I need to do apt-get update. This is all feeling very circular.

Can anyone offer some insight? Thanks!