Can't install sqlite client on 1.25.0 docker

Hello,

I’ve been running Vaultwarden (and previously Bitwarden RS) for a while. When using old Docker image versions the Sqlite client was available in the docker container so I could backup the database. Sometime ago it was removed so every time I updated the version I needed to docker exec into the running container and then execute apt update && apt install sqlite3 to install it. It wasn’t a big deal and I was happy with that.

Now I’ve updated to 1.25.0 (I was running 1.23.0) and when trying to install again the Sqlite client it doesn’t work anymore. I run this in my Raspberry Pi 3B:

$ docker run -it --rm vaultwarden/server:1.25.0

# In another terminal
$ docker exec -it peaceful_agnesi bash

# And then in the docker container
root@a24a55f10e9b:/# apt update
Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]                      
Get:2 http://security.debian.org/debian-security bullseye-security InRelease [44.1 kB]
Get:3 http://deb.debian.org/debian bullseye-updates InRelease [39.4 kB]
Err:2 http://security.debian.org/debian-security bullseye-security InRelease
  At least one invalid signature was encountered.
Err:1 http://deb.debian.org/debian bullseye InRelease
  At least one invalid signature was encountered.
Err:3 http://deb.debian.org/debian bullseye-updates InRelease
  At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://security.debian.org/debian-security bullseye-security InRelease: At least one invalid signature was encountered.
E: The repository 'http://security.debian.org/debian-security bullseye-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian bullseye InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian bullseye InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian bullseye-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian bullseye-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

I’ve tried running apt update --allow-insecure-repositories which does the trick for updating the packages, but then, when trying to install Sqlite client with apt install --allow-unauthenticated sqlite3, the installation fails with:

Get:1 http://deb.debian.org/debian bullseye/main armhf sqlite3 armhf 3.34.1-3 [1055 kB]
Fetched 1055 kB in 10s (103 kB/s)          
debconf: delaying package configuration, since apt-utils is not installed
tar: ./control: Cannot utime: Operation not permitted
tar: ./md5sums: Cannot utime: Operation not permitted
tar: .: Cannot utime: Operation not permitted
tar: Exiting with failure status due to previous errors
dpkg-deb: error: tar subprocess returned error exit status 2
dpkg: error processing archive /var/cache/apt/archives/sqlite3_3.34.1-3_armhf.deb (--unpack):
 dpkg-deb --control subprocess returned error exit status 2
Errors were encountered while processing:
 /var/cache/apt/archives/sqlite3_3.34.1-3_armhf.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Running the same directly on my Linux laptop (x86_64) works perfectly without the extra flags I needed to pass to apt.

Is there something I’m doing wrong? Maybe it would be better if the Vaultwarden docker image is released again with the Sqlite client install so we can do the backups.

Thanks.

Regards, Iván.

Update:

I’ve tried the same commands with fresh new 1.23.0 and 1.24.0 docker containers and it works as expected so this should be something changes between 1.24.0 and 1.25.0

It looks like your host is running an older version of Debian/Ubuntu or an other base os which is using an older kernel/glibc. This causes issues with the newer base images of the containers.

See: cannot start docker container v1.25.0 · Discussion #2510 · dani-garcia/vaultwarden · GitHub

Either update the host to a later OS version of try to use the Alpine images.

Thanks for the pointer. I’m running Raspbian Buster and I had everything up-to-date. The problem was with the version of libseccomp2.

For future references, with the following steps from Fix/Workaround - libseccomp2 and Alpine 3.13 - Installing Raspbian Docker 19.04+ on Raspberry Pi 4 Buster I was able to fix the problem:

# Get signing keys to verify the new packages, otherwise they will not install
rpi ~$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138

# Add the Buster backport repository to apt sources.list
rpi ~$ echo 'deb http://httpredir.debian.org/debian buster-backports main contrib non-free' | sudo tee -a /etc/apt/sources.list.d/debian-backports.list

rpi ~$ sudo apt update
rpi ~$ sudo apt install libseccomp2 -t buster-backports