Sometimes repository signing keys have become expired. This can make Dockerfile changes fail during the Environment rebuild.
You may see messages such as:
An error occurred during the signature verification. The repository is not updated and the previous index files will be used
The following signatures were invalid: KEYEXPIRED ....
Failed to fetch ....
Some index files failed to download. They have been ignored, or old ones used instead
Error executing command, exiting
To refresh the key:
# RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 51716619E084DAB9
This replaces or is equivalent to a command commonly seen in support documents:
# RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E298A3A825C0D65DFD57CBB651716619E084DAB9
The above command may fail if your egress ACL forbids TCP port 11371 (the hkp protocol). Then you can use this method:
# RUN curl -sSL 'http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x51716619E084DAB9' | apt-key add -
Replace the key in the search string as required, remember to include the 0x in front.
If you experience error message such as:
You need to refresh the key or delete it in the same way. If you trust the APT command to fetch it again:
RUN apt-key del 1602869253
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 1602869253
Why does this happen?
The owner of the repository has invalidated, updated a key or the expiration date has passed.
The Domino Environment files are generated on a regular basis, however, an Environment created before these events will include the expired key.
Normal OS usage for a permanent host will run APT/YUM commands on a regular basis which will result in the notification about an update appearing before the expiry.