発生した問題
Docker Desktop(WSL2 backend)でUbuntuコンテナを立て,パッケージリストを更新するためにapt update
を行うと,パッケージミラーサーバへの接続が拒否されて(403 Forbidddenエラーが出て)更新に失敗する.
Ubuntu20.04, 22.04のコンテナで問題発生を確認している.
(2023/07/07追記)Python:latestでもエラーが出るが,Alpine:latestだと問題は発生しないことが判明.
Forbiddenが出る症状について調べるとGPG鍵のエラーがヒットするが,そうしたエラーは出て来ない.
環境
- Windows 11 Pro
- バージョン: 22H2
- OS ビルド: 22621.1265
- Docker Desktop v4.16.3
- Docker Engine v20.10.22
- WSL2
問題解決のために試したこと
以下を試したが無理だった.
- Docker DesktopやWSL2の再インストール
sed -ie 's/credsStore/credStore/' ~/.docker/config.json
- Docker Desktopの設定でexperimental featuresをオフに
- virtualboxのホストオンリーアダプタを全消し
- Windowsセキュリティ→ファイアウォールとネットワーク保護→ファイアウォールを規定値に復元する
- Windowsの設定→ネットワークとインターネット→ネットワークのリセット
- コンテナ作成時に
--net=host
を指定してホストネットワークで動くように設定
素のUbuntuコンテナにはpingもvimも何も入っていないので,原因究明が難しい...
問題発生時のログ
適当なUbuntuイメージを持ってきて動かした際のログ↓
ここを押して展開
$ docker run -it ubuntu:20.04 bash Unable to find image 'ubuntu:20.04' locally 20.04: Pulling from library/ubuntu b549f31133a9: Already exists Digest: sha256:4a45212e9518f35983a976eead0de5eecc555a2f047134e9dd2cfc589076a00d Status: Downloaded newer image for ubuntu:20.04 root@fe72fca7cf13:/# apt update Err:1 http://archive.ubuntu.com/ubuntu focal InRelease 403 Forbidden [IP: 91.189.91.39 80] Err:2 http://security.ubuntu.com/ubuntu focal-security InRelease 403 Forbidden [IP: 185.125.190.36 80] Err:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease 403 Forbidden [IP: 91.189.91.39 80] Err:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease 403 Forbidden [IP: 91.189.91.39 80] Reading package lists... Done N: See apt-secure(8) manpage for repository creation and user configuration details. N: Updating from such a repository can't be done securely, and is therefore disabled by default. E: The repository 'http://archive.ubuntu.com/ubuntu focal InRelease' is not signed. E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal/InRelease 403 Forbidden [IP: 91.189.91.39 80] N: See apt-secure(8) manpage for repository creation and user configuration details. N: Updating from such a repository can't be done securely, and is therefore disabled by default. E: The repository 'http://security.ubuntu.com/ubuntu focal-security InRelease' is not signed. E: Failed to fetch http://security.ubuntu.com/ubuntu/dists/focal-security/InRelease 403 Forbidden [IP: 185.125.190.36 80] E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease 403 Forbidden [IP: 91.189.91.39 80] E: The repository 'http://archive.ubuntu.com/ubuntu focal-updates InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease 403 Forbidden [IP: 91.189.91.39 80] E: The repository 'http://archive.ubuntu.com/ubuntu focal-backports InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.
/etc/apt/sources.list の中身は以下の通り.特に変更していないのでデフォルトのままだと思う.
ここを押して展開
root@fe72fca7cf13:/# cat /etc/apt/sources.list # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://archive.ubuntu.com/ubuntu/ focal main restricted # deb-src http://archive.ubuntu.com/ubuntu/ focal main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://archive.ubuntu.com/ubuntu/ focal-updates main restricted # deb-src http://archive.ubuntu.com/ubuntu/ focal-updates main restricted ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http://archive.ubuntu.com/ubuntu/ focal universe # deb-src http://archive.ubuntu.com/ubuntu/ focal universe deb http://archive.ubuntu.com/ubuntu/ focal-updates universe # deb-src http://archive.ubuntu.com/ubuntu/ focal-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://archive.ubuntu.com/ubuntu/ focal multiverse # deb-src http://archive.ubuntu.com/ubuntu/ focal multiverse deb http://archive.ubuntu.com/ubuntu/ focal-updates multiverse # deb-src http://archive.ubuntu.com/ubuntu/ focal-updates multiverse ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. deb http://archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse # deb-src http://archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. # deb http://archive.canonical.com/ubuntu focal partner # deb-src http://archive.canonical.com/ubuntu focal partner deb http://security.ubuntu.com/ubuntu/ focal-security main restricted # deb-src http://security.ubuntu.com/ubuntu/ focal-security main restricted deb http://security.ubuntu.com/ubuntu/ focal-security universe # deb-src http://security.ubuntu.com/ubuntu/ focal-security universe deb http://security.ubuntu.com/ubuntu/ focal-security multiverse # deb-src http://security.ubuntu.com/ubuntu/ focal-security multiverse
なぜか解決した
これとこれをみてftpでパッケージリストを更新することにしたところ成功.
具体的には,以下を実行すると,
sed -i s/http/ftp/g /etc/apt/sources.list echo 'Dir::Bin::Methods::ftp "ftp";' > /etc/apt/apt.conf.d/99local-ftp apt update
次のようにアップデートできた.
root@fe72fca7cf13:/# sed -i s/http/ftp/g /etc/apt/sources.list root@fe72fca7cf13:/# cd /etc/apt/apt.conf.d root@fe72fca7cf13:/etc/apt/apt.conf.d# echo 'Dir::Bin::Methods::ftp "ftp";' > 99local-ftp root@fe72fca7cf13:/etc/apt/apt.conf.d# cat 99local-ftp Dir::Bin::Methods::ftp "ftp"; root@fe72fca7cf13:/etc/apt/apt.conf.d# apt update Get:1 ftp://archive.ubuntu.com/ubuntu focal InRelease [265 kB] Get:2 ftp://security.ubuntu.com/ubuntu focal-security InRelease [114 kB] Get:3 ftp://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB] Get:4 ftp://security.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [28.5 kB] Get:5 ftp://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [2496 kB] Get:6 ftp://archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB] Get:7 ftp://archive.ubuntu.com/ubuntu focal/multiverse amd64 Packages [177 kB] Get:8 ftp://security.ubuntu.com/ubuntu focal-security/restricted amd64 Packages [1937 kB] Get:9 ftp://archive.ubuntu.com/ubuntu focal/main amd64 Packages [1275 kB] Get:10 ftp://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [998 kB] Get:11 ftp://archive.ubuntu.com/ubuntu focal/restricted amd64 Packages [33.4 kB] Get:12 ftp://archive.ubuntu.com/ubuntu focal/universe amd64 Packages [11.3 MB] Get:13 ftp://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [2970 kB] Get:14 ftp://archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [2066 kB] Get:15 ftp://archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 Packages [31.2 kB] Get:16 ftp://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [1297 kB] Get:17 ftp://archive.ubuntu.com/ubuntu focal-backports/main amd64 Packages [55.2 kB] Get:18 ftp://archive.ubuntu.com/ubuntu focal-backports/universe amd64 Packages [28.6 kB] Fetched 25.3 MB in 24s (1057 kB/s) Reading package lists... Done Building dependency tree Reading state information... Done 4 packages can be upgraded. Run 'apt list --upgradable' to see them.
2023/07/07追記:原因判明
ftp経由でcurlをインストール後,先ほどforbiddenが出たサーバへの接続を試みたところ,フィルタリングサービスによりアクセスが遮断されていることが明らかになった.
google.com
へのアクセスも遮断されたので,おそらくDocker経由のアクセスすべてが遮断されているAlpine:latest
では接続できたので,Docker上のUbuntuに特有の問題の可能性あり.表示からして,プロキシ経由の通信と思われて遮断された可能性がある(実際,手頃なプロキシサービスのWebサイトは軒並みブロックされていた).
2023/07/28追記:一部をhttps経由で接続する方法
ftpで接続はできるが,非常に低速である.そこで解決策を探してみた.
※ 他の環境でも動くかは不明.
上の画像を見るとProxy.HTTP
と書かれている.それならhttpsではどうかと思い試してみたところ,apt update
に成功した.
ただし,security.ubuntu.com
についてはhttps接続できなかったので,ftp経由で接続することにした.
echo 'Dir::Bin::Methods::ftp "ftp";' > /etc/apt/apt.conf.d/99local-ftp sed -i.bak "s/http/ftp/g" /etc/apt/sources.list sed -i -e "s%ftp://archive.ubuntu.com/ubuntu/%https://ftp.jaist.ac.jp/pub/Linux/ubuntu/%g" /etc/apt/sources.list touch /etc/apt/apt.conf.d/99verify-peer.conf \ && echo >>/etc/apt/apt.conf.d/99verify-peer.conf "Acquire { https::Verify-Peer false }" apt update apt install ca-certificates -y apt update
2023/07/30追記:ひとまず解決
プロキシの問題だとわかったため, 設定→ネットワークとインターネット→プロキシ→設定を自動的に検出する
をオフにし,再度ネットワークのリセットをしたところ,Ubuntuコンテナでも問題なくapt update
できるようになった.