Public key not available when trying to run torizon QT frontend in docker container

Hi,
1I am running Torizon 5.7.3 build 17 on an Apalis iMX8 board with a IxoraV1.2A carrier board. On it I am trying to run a docker (version 19.03.15-ce) container with QT (6.4.3) as a frontend. The problem is when I try to run through a VSCode launch configuration I get a series of “signatures couldn’t be verified
because the public key is not available” errors. Anyone know how to fix these errors?

The output from trying to start the container

 Building 49.1s (21/23)                                                                                 docker:remote
 => [nxt-api internal] load build definition from Dockerfile                                                        0.1s
 => => transferring dockerfile: 32B                                                                                 0.0s
 => [nxt-api internal] load .dockerignore                                                                           0.1s
 => => transferring context: 34B                                                                                    0.0s
 => [nxt-ui internal] load build definition from Dockerfile                                                         0.1s
 => => transferring dockerfile: 973B                                                                                0.0s
 => [nxt-ui internal] load .dockerignore                                                                            0.1s
 => => transferring context: 198B                                                                                   0.0s
 => [nxt-api internal] load metadata for docker.io/torizon/debian:2-bullseye                                        0.6s
 => [nxt-ui internal] load metadata for docker.io/torizon/wayland-base-vivante:3                                    1.8s
 => [nxt-api auth] sharing credentials for registry-1.docker.io                                                     0.0s
 => [nxt-ui auth] sharing credentials for registry-1.docker.io                                                      0.0s
 => [nxt-api 1/9] FROM docker.io/torizon/debian:2-bullseye@sha256:07da096631b739ccd21f6d5f702e444fc2b2c2606fb819eb  0.0s
 => [nxt-api internal] load build context                                                                           0.0s
 => => transferring context: 4.53kB                                                                                 0.0s
 => CACHED [nxt-api 2/9] RUN apt-get update     && apt-get install -y --no-install-recommends     dos2unix     pyt  0.0s
 => CACHED [nxt-api 3/9] RUN pip3 install --upgrade pip                                                             0.0s
 => CACHED [nxt-api 4/9] RUN if [ ! -z "" ]; then     apt-get -q -y update     && apt-get -q -y install      && rm  0.0s
 => CACHED [nxt-api 5/9] COPY requirements.txt /                                                                    0.0s
 => CACHED [nxt-api 6/9] RUN dos2unix requirements.txt &&    pip install -r requirements.txt                        0.0s
 => CACHED [nxt-api 7/9] RUN if [ "true" = "true" ] ; then pip install debugpy ; fi                                 0.0s
 => CACHED [nxt-api 8/9] COPY source /nxt-api/                                                                      0.0s
 => [nxt-api] exporting to image                                                                                    0.1s
 => => exporting layers                                                                                             0.0s
 => => writing image sha256:728af2b4041db73127271ced9415d6cb5c3a35b67f10f165aa8be1e31f2c437f                        0.0s
 => => naming to docker.io/library/nxt-api-local                                                                    0.0s
 => [nxt-ui 1/4] FROM docker.io/torizon/wayland-base-vivante:3@sha256:38ab0c7a5dc884d94f16bc7a19b963ab13dbe0c72d5  44.3s
 => => resolve docker.io/torizon/wayland-base-vivante:3@sha256:38ab0c7a5dc884d94f16bc7a19b963ab13dbe0c72d5398a25aa  0.0s
 => => sha256:90524f7dc01b4ce9b387992acc6cbdbcc2a9ee8c6addfd632429ca06ea18751e 29.16MB / 29.16MB                    2.9s
 => => sha256:38ab0c7a5dc884d94f16bc7a19b963ab13dbe0c72d5398a25aa594c08138f058 3.86kB / 3.86kB                      0.0s
 => => sha256:e2a6f25e0e396610c45e88dcdbe6e7b432d0ba61ac2fb84211c3618f08089aa6 10.25kB / 10.25kB                    0.0s
 => => sha256:d9650be870c56976f43903b602fc44ea96360ce49cdac814cbb29c20b0afeaaa 273B / 273B                          0.2s
 => => sha256:f107395cce57dd7e5f14ff8ed557c3e41ed1775d8e8ebe336ef04be4fd2bfd2e 6.36MB / 6.36MB                      0.6s
 => => sha256:45f342083b2cdcbefbd82111d6a96cbaad42af2b419562186c606db470a5dcc6 259B / 259B                          0.4s
 => => sha256:a4510caf0583f843d92ae0ab18068e05dacb161b50951b35855404dbc9890709 641B / 641B                          0.7s
 => => sha256:b3748ae0809c84e605195e14fe5cf23fa604150af8d9ee9a030cd026f799474c 3.50kB / 3.50kB                      0.9s
 => => sha256:d7569aca07e037037f1b1b17921c6030e0c5019c41055a43eec648c437baba51 2.02kB / 2.02kB                      1.0s
 => => sha256:ecb4446ffc73f5f80b5c192c65d2cb9bb1a4cf7835c9c10a6a8c51cca45d9aa1 399B / 399B                          1.0s
 => => sha256:d66dce8dd0be90b77af1a13aabf68d8b52603b750ba04e0c9c37758c56b60cea 93B / 93B                            3.6s
 => => sha256:680ca8fc1b611259f68b0155b2b21cd53b13154e55e478caebc49579767bdb2b 351.68kB / 351.68kB                  2.9s
 => => sha256:e55ce8fa4687b78cc68271584f9c26b93aabbd9b7858219f3c839f2d86397e9c 6.37kB / 6.37kB                      3.0s
 => => sha256:855e1294399d301b5ae274f4eaea46e34e502921c5daaf8583ff5252033552d3 2.67MB / 2.67MB                      3.6s
 => => sha256:8c769a9d1f25dbe3e2d6701084384104fd93e4b24d52af778dd54ec3e2e96e78 32.24kB / 32.24kB                    3.2s
 => => extracting sha256:90524f7dc01b4ce9b387992acc6cbdbcc2a9ee8c6addfd632429ca06ea18751e                          11.5s
 => => sha256:97d907e6c8604003318c93e29b7f003059e4c59cf4eda1954affb581d4d8e1ab 768B / 768B                          3.9s
 => => sha256:4cc67c53089d774fe450e8bb1b96df8ea68a12b6d8abdde107c197602de2403b 20.15MB / 20.15MB                    4.9s
 => => sha256:6e01b414d5ce0927fc8e78fd480faa7189900531c7407938ead8687c9c97e97d 1.11kB / 1.11kB                      3.8s
 => => sha256:73157913e217888cca86333123b883cc0c9910bea48ae8ec10b9f573e377889f 180B / 180B                          4.9s
 => => extracting sha256:f107395cce57dd7e5f14ff8ed557c3e41ed1775d8e8ebe336ef04be4fd2bfd2e                           1.9s
 => => extracting sha256:d9650be870c56976f43903b602fc44ea96360ce49cdac814cbb29c20b0afeaaa                           0.0s
 => => extracting sha256:45f342083b2cdcbefbd82111d6a96cbaad42af2b419562186c606db470a5dcc6                           0.0s
 => => extracting sha256:a4510caf0583f843d92ae0ab18068e05dacb161b50951b35855404dbc9890709                           0.0s
 => => extracting sha256:b3748ae0809c84e605195e14fe5cf23fa604150af8d9ee9a030cd026f799474c                           0.0s
 => => extracting sha256:d7569aca07e037037f1b1b17921c6030e0c5019c41055a43eec648c437baba51                           0.0s
 => => extracting sha256:ecb4446ffc73f5f80b5c192c65d2cb9bb1a4cf7835c9c10a6a8c51cca45d9aa1                           0.0s
 => => extracting sha256:680ca8fc1b611259f68b0155b2b21cd53b13154e55e478caebc49579767bdb2b                           0.2s
 => => extracting sha256:e55ce8fa4687b78cc68271584f9c26b93aabbd9b7858219f3c839f2d86397e9c                           0.0s
 => => extracting sha256:855e1294399d301b5ae274f4eaea46e34e502921c5daaf8583ff5252033552d3                           1.0s
 => => extracting sha256:8c769a9d1f25dbe3e2d6701084384104fd93e4b24d52af778dd54ec3e2e96e78                           0.2s
 => => extracting sha256:d66dce8dd0be90b77af1a13aabf68d8b52603b750ba04e0c9c37758c56b60cea                           0.0s
 => => extracting sha256:4cc67c53089d774fe450e8bb1b96df8ea68a12b6d8abdde107c197602de2403b                          10.2s
 => => extracting sha256:6e01b414d5ce0927fc8e78fd480faa7189900531c7407938ead8687c9c97e97d                           0.0s
 => => extracting sha256:97d907e6c8604003318c93e29b7f003059e4c59cf4eda1954affb581d4d8e1ab                           0.0s
 => => extracting sha256:73157913e217888cca86333123b883cc0c9910bea48ae8ec10b9f573e377889f                           0.0s
 => [nxt-ui internal] load build context                                                                            2.9s
 => => transferring context: 73.54MB                                                                                1.1s
 => ERROR [nxt-ui 2/4] RUN apt-get update && apt-get install       imx-gpu-viv-wayland                     qt6-bas  2.7s
------
 > [nxt-ui 2/4] RUN apt-get update && apt-get install       imx-gpu-viv-wayland                     qt6-base-dev                            qt6-wayland                             qml6-module-qtquick                     qml6-module-qtquick-controls            qml6-module-qtquick-layouts             qml6-module-qtqml-workerscript          qml6-module-qtquick-templates           qml6-module-qtquick-window              qml6-module-qt-labs-folderlistmodel     qml6-module-qtquick-virtualkeyboard         qml6-module-qt-labs-lottieqt            qml6-module-qtcharts:
1.453 Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
1.526 Get:2 http://deb.debian.org/debian bookworm-updates InRelease [52.1 kB]
1.538 Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
1.801 Err:1 http://deb.debian.org/debian bookworm InRelease
1.801   The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481
1.905 Get:4 https://feeds.toradex.com/debian/snapshots/20230602T160948Z testing InRelease [13.0 kB]
2.045 Err:2 http://deb.debian.org/debian bookworm-updates InRelease
2.045   The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
2.316 Err:3 http://deb.debian.org/debian-security bookworm-security InRelease
2.316   The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
2.540 Err:4 https://feeds.toradex.com/debian/snapshots/20230602T160948Z testing InRelease
2.540   The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 116A149EBBC0779B
2.562 Reading package lists...
2.626 W: GPG error: http://deb.debian.org/debian bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481
2.626 E: The repository 'http://deb.debian.org/debian bookworm InRelease' is not signed.
2.626 W: GPG error: http://deb.debian.org/debian bookworm-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
2.626 E: The repository 'http://deb.debian.org/debian bookworm-updates InRelease' is not signed.
2.626 W: GPG error: http://deb.debian.org/debian-security bookworm-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
2.626 E: The repository 'http://deb.debian.org/debian-security bookworm-security InRelease' is not signed.
2.626 W: GPG error: https://feeds.toradex.com/debian/snapshots/20230602T160948Z testing InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 116A149EBBC0779B
2.626 E: The repository 'https://feeds.toradex.com/debian/snapshots/20230602T160948Z testing InRelease' is not signed.
------
failed to solve: failed to solve with frontend dockerfile.v0: failed to build LLB: executor failed running [/bin/sh -c apt-get update && apt-get install       imx-gpu-viv-wayland                     qt6-base-dev                            qt6-wayland                             qml6-module-qtquick                     qml6-module-qtquick-controls            qml6-module-qtquick-layouts             qml6-module-qtqml-workerscript          qml6-module-qtquick-templates           qml6-module-qtquick-window              qml6-module-qt-labs-folderlistmodel     qml6-module-qtquick-virtualkeyboard      qml6-module-qt-labs-lottieqt            qml6-module-qtcharts]: runc did not terminate sucessfully

 *  The terminal process "/bin/bash '-c', 'docker-compose -f docker-compose.yml -f override.backend.local.yml -f override.frontend.local.yml -f override.debug.yml up -d --build'" terminated with exit code: 17.

The VSCode launch configuration

{
             "name": "Backend: Remote Attach (Local Frontend)",
             "type": "python",
             "request": "attach",
             "connect": {
                 "host": "${config:TORIZON_HOSTNAME}",
                 "port": 6502
             },
             "pathMappings": [
                 {
                     "localRoot": "${workspaceFolder}/backend/source",
                     "remoteRoot": "/nxt-api"
                 }
             ],
             "justMyCode": true,
             "preLaunchTask": "Start debug containers (local frontend)",
             "postDebugTask": "Stop debug containers"
         },

The DockerFile

FROM --platform=linux/arm64/v8 torizon/wayland-base-vivante:3
 
 RUN apt-get update && apt-get install   \
     imx-gpu-viv-wayland                 \
     qt6-base-dev                        \
     qt6-wayland                         \
     qml6-module-qtquick                 \
     qml6-module-qtquick-controls        \
     qml6-module-qtquick-layouts         \
     qml6-module-qtqml-workerscript      \
     qml6-module-qtquick-templates       \
     qml6-module-qtquick-window          \
     qml6-module-qt-labs-folderlistmodel \
     qml6-module-qtquick-virtualkeyboard	\
     qml6-module-qt-labs-lottieqt        \
     qml6-module-qtcharts
 
 ENV WAYLAND_USER=torizon
 ENV XDG_RUNTIME_DIR=/tmp/1000-runtime-dir
 ENV WAYLAND_DISPLAY=wayland-0
 
 ENV DISPLAY=:0
 ENV QT_QPA_PLATFORM=wayland
 ENV QT_QPA_EGLFS_INTEGRATION=eglfs_kms
 ENV QT_QPA_EGLFS_KMS_ATOMIC=1
 
 COPY build-output/NXTUIApp /app/
 
 RUN chmod 755 /app/*
 
 USER torizon
 
 CMD /app/NXTUIApp

Greetings @hhinkel,

Looking at your logs this seems to be a strange issue. You’re getting signature issues for multiple feeds, not just Toradex controlled feeds. Could perhaps be some kind of transient network issue or something similar.

If you do a clean build does this happen every time for you?

What version of our VSCode extension are you using here?

Also are you running VSCode in a Windows or Linux machine?

Best Regards,
Jeremias

Hi Jeremias,

Yes this happens every time even with a clean build. I am not running in the Toradex VSCode extension, but through a remote connection to the Toradex board through WSL2. I did not set it up, so I am not completely sure how it works and can no longer ask the person that did set it up. But here is the script for connecting to the remote.

"tasks": [
        {
            "label": "Initialize remote context",
            "type": "shell",
            "command": "docker context create remote --docker \ "host=tcp://${config:TORIZON_HOSTNAME}:2375\" && docker context use remote",
            "presentation": {
                "reveal": "always",
            },
            "dependsOn": [
                "Teardown remote context"
            ],
        },

I see, well then I can’t really comment much regarding the unique setup you have here.

I did do a test where I ran apt-get update in a torizon/wayland-base-vivante:3 based container. In your situation this leads to the signature verification issues that you see. But for me it just works. So I can’t seem to reproduce this issue. Also other customers who are using our containers aren’t seeing this issue either as far as I know.

I even tried building your Dockerfile, at least the parts not related to your application files since I don’t have access to these. Anyways the build worked for me including the step that failed on your side.

I don’t know for certain if the issue is your setup here, as I don’t fully understand your setup.

What happens if you try to build this Dockerfile locally on the target module instead?

Best Regards,
Jeremias

Interesting. I am going to try going back to the Toradex extension and see if I get the same error. I will let you know.

If it still doesn’t work with our extension it could also possibly be some network related issue. These are more common on Windows/WSL setups since they tend to be more restrictive or have unique configurations.

Otherwise let us know if it works.

Best Regards,
Jeremias

Jeremias,

I am trying to install the Torizon extension I used previously and I can no longer find torizon extension that is not depreciated Or works with 64bit VSCode. Am I missing somoething?

image3137×707 196 KB

So there’s two versions of our IDE extension. The one that you’re seeing here as “deprecated” is the initial version (v1). This can still be used and works with TorizonCore 5.7. The deprecated just means that the extension is in a maintenance mode and does not see any further new features or developments just minor bug fixes.

In your screenshot I see what looks like the other version of our IDE extension (v2). This is the newer version of our extension that is now the focus of our development efforts. While this extension was designed for TorizonCore 6.X in mind, it can still be used with TorizonCore 5.7.

If you want to use the v1 then see here: Visual Studio Code Extension for Torizon | Toradex Developer Center

For v2 see here: Set up the Torizon IDE Extension 2 Environment | Toradex Developer Center

No matter which you choose be careful not to mix up documentation meant for the other version of the extension.

If you’re looking for a recommendation on which to use, then v2 is more up-to-date. It’s also better for users who are more knowledgeable about containers and Docker.

Best Regards,
Jeremias