[Cialug] python:3 Docker image can't apt-get update
Todd Walton
tdwalton at gmail.com
Mon Jul 24 15:45:23 UTC 2023
I have a job running a Docker container with image "python:3". You know the
problem with not specifying exact versions, right? That you don't know what
you're running underneath? Yeah well it broke a few days ago.
In the past few days "python:3" updated to using Debian "Bookworm" instead
of the previous Debian release. Bookworm, unlike the previous Debian
release, puts itself into FIPS mode if it detects one of several
conditions. Since I'm running Docker on a FIPS-enabled RHEL system,
Bookworm (and thus the python:3 image) sees that and enables FIPS.
apt-get thus fails because it's trying to verify package signatures using
an algorithm on the FIPS naughty list. It gives me:
"fatal error in libgcrypt, file ../../src/misc.c, line 92, function
_gcry_fatal_error: requested algo not in md context"
Knowing what to search for, I see that it's a known issue:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014517
Solution: use "python:3.9.17-bullseye" instead. "Bullseye", the release
before "Bookworm", apparently doesn't go into FIPS mode, leaving apt-get to
work properly.
#sysadminfun
--
Todd
More information about the Cialug
mailing list