[SOLVED] Bug? Bookworm - Container Template debian-12-standard_12.0-1amd64.tar.zst

[papatikka]

Hello,

Spoiler: pveversion

pveversion --verbose
proxmox-ve: 8.0.1 (running kernel: 6.2.16-3-pve)
pve-manager: 8.0.3 (running version: 8.0.3/bbf3993334bfa916)
pve-kernel-6.2: 8.0.2
pve-kernel-5.15: 7.4-4
pve-kernel-6.2.16-3-pve: 6.2.16-3
pve-kernel-5.15.108-1-pve: 5.15.108-1
pve-kernel-5.15.102-1-pve: 5.15.102-1
ceph-fuse: 16.2.11+ds-2
corosync: 3.1.7-pve3
criu: 3.17.1-2
glusterfs-client: 10.3-5
ifupdown2: 3.2.0-1+pmx3
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-3
libknet1: 1.25-pve1
libproxmox-acme-perl: 1.4.6
libproxmox-backup-qemu0: 1.4.0
libproxmox-rs-perl: 0.3.0
libpve-access-control: 8.0.3
libpve-apiclient-perl: 3.3.1
libpve-common-perl: 8.0.5
libpve-guest-common-perl: 5.0.3
libpve-http-server-perl: 5.0.3
libpve-rs-perl: 0.8.3
libpve-storage-perl: 8.0.2
libspice-server1: 0.15.1-1
lvm2: 2.03.16-2
lxc-pve: 5.0.2-4
lxcfs: 5.0.3-pve3
novnc-pve: 1.4.0-2
proxmox-backup-client: 3.0.1-1
proxmox-backup-file-restore: 3.0.1-1
proxmox-kernel-helper: 8.0.2
proxmox-mail-forward: 0.2.0
proxmox-mini-journalreader: 1.4.0
proxmox-widget-toolkit: 4.0.5
pve-cluster: 8.0.1
pve-container: 5.0.4
pve-docs: 8.0.4
pve-edk2-firmware: 3.20230228-4
pve-firewall: 5.0.2
pve-firmware: 3.7-1
pve-ha-manager: 4.0.2
pve-i18n: 3.0.4
pve-qemu-kvm: 8.0.2-3
pve-xtermjs: 4.16.0-3
qemu-server: 8.0.6
smartmontools: 7.3-pve1
spiceterm: 3.3.0
swtpm: 0.8.0+pve1
vncterm: 1.8.0
zfsutils-linux: 2.1.12-pve1

when creating CT with following standard template

debian-12-standard_12.0-1amd64.tar.zst​

found in Proxmox VE 8.0.3 you can't run apt update or anything with apt because it says

Hit:1 http://deb.debian.org/debian bookworm InRelease
Hit:2 http://security.debian.org bookworm-security InRelease
Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
Get:4 http://download.proxmox.com/debian/pve bookworm InRelease [2768 B]
Err:4 http://download.proxmox.com/debian/pve bookworm InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1140AF8F639E0C39
Reading package lists... Done
W: GPG error: http://download.proxmox.com/debian/pve bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1140AF8F639E0C39
E: The repository 'http://download.proxmox.com/debian/pve bookworm InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

No public key available, never encountered this issue before with running apt update. I encountered this problem for first time today.

When i google on this, all leads to incorrect way of solving this problem. It seems this problem occured before only when trying to install Proxmox VE INSIDE A DEBIAN HOST. That is not what I am doing.

And yes, I have added to /etc/apt/sources.list

deb http://deb.debian.org/debian bookworm main contrib

deb http://deb.debian.org/debian bookworm-updates main contrib

# Proxmox VE pve-no-subscription repository provided by proxmox.com,
# NOT recommended for production use
deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription

deb http://security.debian.org bookworm-security main contrib

https://forum.proxmox.com/threads/wrong-gpg-key.103100/
Is the public key actually readable by apt? As apt may not use root to access it:

stat /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
stat: cannot statx '/etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg': No such file or directory

There is only one user and it's root.

There seems to be only archives in said path /etc/apt/trusted.gpg.d

/etc/apt/trusted.gpg.d# ls
debian-archive-bookworm-automatic.asc           debian-archive-bullseye-stable.asc
debian-archive-bookworm-security-automatic.asc  debian-archive-buster-automatic.asc
debian-archive-bookworm-stable.asc              debian-archive-buster-security-automatic.asc
debian-archive-bullseye-automatic.asc           debian-archive-buster-stable.asc
debian-archive-bullseye-security-automatic.asc

curl --silent http://download.proxmox.com/debian/pmg/dists/bookworm/InRelease

Spoiler: /bookworm/InRelease

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Architectures: amd64
Changelogs: https://metadata.cdn.proxmox.com/download/changelogs/pmg/dists/bookworm/@CHANGEPATH@.changelog
Codename: bookworm
Components: pmg-no-subscription pmgtest
Date: Thu, 29 Jun 2023 08:40:29 +0000
Label: Proxmox Mailgateway Debian Repository
Origin: Proxmox
Suite: stable
MD5Sum:
 e74474096fe86a468cfaaa45a7f75645            84950 pmg-no-subscription/binary-amd64/Packages
 d84b8f42f2a714ffc5262a9095cc667c            27897 pmg-no-subscription/binary-amd64/Packages.gz
 0bbb9c9b8a6dad220e1a889d3a5b000a            83918 pmgtest/binary-amd64/Packages
 39332566fb36b0da3abb08ba35dbe8a4            27855 pmgtest/binary-amd64/Packages.gz
SHA256:
 f1ffb3521e54de31b115da72d234f936e93d310f73e612d93db7051c18a41a7a            84950 pmg-no-subscription/binary-amd64/Packages
 41bd550849b51d62c7f61307abec8180dabaaeed0e4339346847961656b1ab27            27897 pmg-no-subscription/binary-amd64/Packages.gz
 9786cc132d152f0519b7056e00ab67906f38a56543bc3e93cb0f148262fe16f4            83918 pmgtest/binary-amd64/Packages
 2dbebaeca1f52882eed12e74370b3445b786ad9cbf2c13d2cfcacec1000d6ca8            27855 pmgtest/binary-amd64/Packages.gz
SHA512:
 b1fdd275707a899daf6c487cb27293a32e06de6899627bfe020bb870e375b7dbe645c5b7701fe5b2ccf1eb8e1d5242a552d760b9cce0cda43a49cd68966d6db3            84950 pmg-no-subscription/binary-amd64/Packages
 934c93572794d58f86c59c528390cd4c2db8b5c18c601dedd834e33a0f3411f98247abd4dd118914adfe606304ea05cfcc989ee77be2017634fd2fca7bd1c503            27897 pmg-no-subscription/binary-amd64/Packages.gz
 d48abbfd5287ab39a1f09e8cd445dee6cd435d89b1796e149414a21f3679eda03908ceac8b7b7826e3c1081f2fee3c69541e21afefb038c0fa6e5d97ce325228            83918 pmgtest/binary-amd64/Packages
 b328181ad44b201fdf3626cde2a859865ec492db6e1bfff538a8f1a209b0d5540d94f5552c15c5e20e0db966c444bf07546f2c8289a3731bfefbf452b237da2e            27855 pmgtest/binary-amd64/Packages.gz
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE9OE2xnzc5Brm3m/IEUCvj2OeDDkFAmSdQ4EACgkQEUCvj2Oe
DDlguQ/8CezDZGaTw+rX7JFvzuXfi6+6+YuOpcTmLm1WnAJvddIiMkPjXMzMlKWu
tvcjBPfldj1qeHNUMUcCqS77pHwaib6/ofXifpW3MDCvYaM42YT/DDOddFWeDpns
a5lIxx5UT6EPtxJ55FBWIjTkCnW/dca5/IlkAAmcLYkC9nJKU2nzv4/c2Fr5f9r3
po/IkRtbbfj1DWy+rpDunp3P+l1Jn0GZhxn0SuvBBRYQEkwXgxSQvC6u5wLq2PNr
MlfpLvKaALKpBme2qM+4M6obKKHjRocUn9nrfzzHpDgKz2XkXrMGabWT3gnUbAJK
UL8y0j4xx5qemDEOY+1P6aItX1sou7+aHBipOCa8O2jchwbWd0B1rlRUI920+a4m
kbqRsdLQd1hkIY/D6qDFAKr9BloX/C9XgA/k8/SQKtHOKibOhoKoJRKr0WiA5JWU
oQh87BriKSX4JuoKFIJIfvxBnIVs1FwZXg/qFM64NaJjXXkZLX/Hf+vP9Y81ET8W
n9Y+wRbzm33nPU4dwglb0W51n/QjQzj/LM/3ndl7or+6bW6U2fvcEE/DqKNT7kGd
6G4MbvD1laJqCXVKV0xzOyJQfWlHkQbfQuv2ywmrnQCw0yMKsyZypO7HjEcpzeTw
lg6QEDuPRx9ASizHqbMQHe4pe0JhSsigBxC3AiYWvJwir2uLidg=
=R36J
-----END PGP SIGNATURE-----

seems to be ok! Checking with sq tool

sq verify --signer-cert /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
Error: Failed to load certs from file "/etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg"

Caused by:
    0: Reading "/etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg": No such file or directory (os error 2)
    1: No such file or directory (os error 2)

cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

How do I proceed from here?

 

[papatikka]

Solution:

Type in following command in your container terminal

wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg

 

[pixy_dixy]

Solution:

Type in following command in your container terminal

wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg

Thank you!!

 

[fabian]

the Debian template does not contain an APT repo entry for the PVE repository.. if you add the PVE repository (why? in a container?) then you also need to provide the matching key..