[docker] Add Debian Trixie to the docker-in-docker and docker-outside-of-docker distro lists #1442
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@microsoft-github-policy-service agree |
|
@AlvaroRausell , any chance you can review and approve? |
meytalt
previously approved these changes
Aug 15, 2025
|
Is there a way to use this without it being merged? |
|
@svallebro , you could try the following: Assuming you are using https://raw.githubusercontent.com/devcontainers/features/refs/heads/main/src/docker-outside-of-docker/install.sh
https://raw.githubusercontent.com/devcontainers/features/refs/heads/main/src/docker-outside-of-docker/devcontainer-feature.jsonUpdate the values of following in MICROSOFT_GPG_KEYS_URI="https://packages.microsoft.com/keys/microsoft-2025.asc"
DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES="trixie bookworm buster bullseye bionic focal jammy noble plucky"
DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES="trixie bookworm buster bullseye bionic focal hirsute impish jammy noble plucky"Update "features": {
"./docker-outside-of-docker": {}
},Rebuild without cache. @skatsubo , I think you need to update the MICROSOFT_GPG_KEYS_URI="https://packages.microsoft.com/keys/microsoft-2025.asc"Thanks. |
Thanks for pointing out! It took some time to find info about the change:
FixThe fix should somehow include both keys 🫤
See the test script/results below behind spoilers. Test debian versions vs MS GPG keysScriptTRY_UPDATE=$(cat <<'EOF'
MICROSOFT_GPG_KEYS_URI="$MICROSOFT_GPG_KEYS_URI"
. /etc/os-release
architecture="$(dpkg --print-architecture)"
apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y gpg curl
curl -sSL ${MICROSOFT_GPG_KEYS_URI} | gpg --dearmor > /usr/share/keyrings/microsoft-archive-keyring.gpg
echo "deb [arch=${architecture} signed-by=/usr/share/keyrings/microsoft-archive-keyring.gpg] https://packages.microsoft.com/repos/microsoft-${ID}-${VERSION_CODENAME}-prod ${VERSION_CODENAME} main" > /etc/apt/sources.list.d/microsoft.list
apt-get update
EOF
)
for ver in bookworm trixie ; do
for key in https://packages.microsoft.com/keys/microsoft.asc https://packages.microsoft.com/keys/microsoft-2025.asc ; do
echo ; echo "--- $ver vs $key ---"
echo "$TRY_UPDATE" | docker run --rm -i -e MICROSOFT_GPG_KEYS_URI="$key" debian:"$ver"-slim bash | grep -A10 -B3 'packages.microsoft.com'
done
doneResults--- bookworm vs microsoft.asc ---
pub rsa2048 2015-10-28 [SC]
BC528686B50D79E339D3721CEB3E94ADBE1229CF
uid Microsoft (Release signing) <gpgsecurity@microsoft.com>
Hit:1 http://deb.debian.org/debian bookworm InRelease
Hit:2 http://deb.debian.org/debian bookworm-updates InRelease
Hit:3 http://deb.debian.org/debian-security bookworm-security InRelease
Get:4 https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm InRelease [3618 B]
Get:5 https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm/main arm64 Packages [31.4 kB]
Get:6 https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm/main all Packages [573 B]
Fetched 35.6 kB in 1s (53.9 kB/s)
Reading package lists...
--- bookworm vs microsoft-2025.asc ---
pub rsa4096 2023-11-15 [SC]
AA86F75E427A19DD33346403EE4D7792F748182B
uid Microsoft Corporation - General GPG Signer <gpgsign@microsoft.com>
Hit:1 http://deb.debian.org/debian bookworm InRelease
Hit:2 http://deb.debian.org/debian bookworm-updates InRelease
Hit:3 http://deb.debian.org/debian-security bookworm-security InRelease
Get:4 https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm InRelease [3618 B]
Err:4 https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EB3E94ADBE1229CF
Reading package lists...
W: GPG error: https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EB3E94ADBE1229CF
E: The repository 'https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm InRelease' is not signed.
--- bookworm vs microsoft-rolling.asc ---
pub rsa4096 2023-11-15 [SC]
AA86F75E427A19DD33346403EE4D7792F748182B
uid Microsoft Corporation - General GPG Signer <gpgsign@microsoft.com>
Hit:1 http://deb.debian.org/debian bookworm InRelease
Hit:2 http://deb.debian.org/debian bookworm-updates InRelease
Hit:3 http://deb.debian.org/debian-security bookworm-security InRelease
Get:4 https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm InRelease [3618 B]
Err:4 https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EB3E94ADBE1229CF
Reading package lists...
W: GPG error: https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EB3E94ADBE1229CF
E: The repository 'https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm InRelease' is not signed.
--- trixie vs microsoft.asc ---
pub rsa2048 2015-10-28 [SC]
BC528686B50D79E339D3721CEB3E94ADBE1229CF
uid Microsoft (Release signing) <gpgsecurity@microsoft.com>
Hit:1 http://deb.debian.org/debian trixie InRelease
Hit:2 http://deb.debian.org/debian trixie-updates InRelease
Hit:3 http://deb.debian.org/debian-security trixie-security InRelease
Get:4 https://packages.microsoft.com/repos/microsoft-debian-trixie-prod trixie InRelease [3952 B]
Err:4 https://packages.microsoft.com/repos/microsoft-debian-trixie-prod trixie InRelease
Sub-process /usr/bin/sqv returned an error code (1), error message is: Missing key EE4D7792F748182B, which is needed to verify signature.
Reading package lists...
W: OpenPGP signature verification failed: https://packages.microsoft.com/repos/microsoft-debian-trixie-prod trixie InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Missing key EE4D7792F748182B, which is needed to verify signature.
E: The repository 'https://packages.microsoft.com/repos/microsoft-debian-trixie-prod trixie InRelease' is not signed.
--- trixie vs microsoft-2025.asc ---
pub rsa4096 2023-11-15 [SC]
AA86F75E427A19DD33346403EE4D7792F748182B
uid Microsoft Corporation - General GPG Signer <gpgsign@microsoft.com>
Hit:1 http://deb.debian.org/debian trixie InRelease
Hit:2 http://deb.debian.org/debian trixie-updates InRelease
Hit:3 http://deb.debian.org/debian-security trixie-security InRelease
Get:4 https://packages.microsoft.com/repos/microsoft-debian-trixie-prod trixie InRelease [3952 B]
Get:5 https://packages.microsoft.com/repos/microsoft-debian-trixie-prod trixie/main all Packages [342 B]
Fetched 4294 B in 1s (5364 B/s)
Reading package lists...
--- trixie vs microsoft-rolling.asc ---
pub rsa4096 2023-11-15 [SC]
AA86F75E427A19DD33346403EE4D7792F748182B
uid Microsoft Corporation - General GPG Signer <gpgsign@microsoft.com>
Hit:1 http://deb.debian.org/debian trixie InRelease
Hit:2 http://deb.debian.org/debian trixie-updates InRelease
Hit:3 http://deb.debian.org/debian-security trixie-security InRelease
Get:4 https://packages.microsoft.com/repos/microsoft-debian-trixie-prod trixie InRelease [3952 B]
Get:5 https://packages.microsoft.com/repos/microsoft-debian-trixie-prod trixie/main all Packages [342 B]
Fetched 4294 B in 1s (4115 B/s)
Reading package lists... |
osman856
approved these changes
Aug 18, 2025
|
skatsubo
force-pushed
the
docker-support-debian-trixie
branch
from
e6b8649 to
0c61683
Compare
|
Ready for review. Fixing MS keys
Added both Test two keys in keyring (script and its output)Script TRY_UPDATE_WITH_BOTH_KEYS=$(cat <<'EOF'
MICROSOFT_GPG_KEY_OLD_URI="https://packages.microsoft.com/keys/microsoft.asc"
MICROSOFT_GPG_KEY_ROLLING_URI="https://packages.microsoft.com/keys/microsoft-rolling.asc"
. /etc/os-release
architecture="$(dpkg --print-architecture)"
apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y gpg curl 2>&1
{
curl -sSL ${MICROSOFT_GPG_KEY_OLD_URI}
curl -sSL ${MICROSOFT_GPG_KEY_ROLLING_URI}
} | gpg --show-keys 2>&1
{
curl -sSL ${MICROSOFT_GPG_KEY_OLD_URI}
curl -sSL ${MICROSOFT_GPG_KEY_ROLLING_URI}
} | gpg --dearmor > /usr/share/keyrings/microsoft-archive-keyring.gpg
echo "deb [arch=${architecture} signed-by=/usr/share/keyrings/microsoft-archive-keyring.gpg] https://packages.microsoft.com/repos/microsoft-${ID}-${VERSION_CODENAME}-prod ${VERSION_CODENAME} main" > /etc/apt/sources.list.d/microsoft.list
cat /etc/apt/sources.list.d/microsoft.list
apt-get update
EOF
)
for ver in bookworm trixie ; do
echo "\n\n--- $ver ---"
echo "$TRY_UPDATE_WITH_BOTH_KEYS" | docker run --rm -i debian:"$ver"-slim bash | grep -A8 -B2 -i 'microsoft'
doneOutput Installling MS moby ...oh, waitAnyway, there are no packages yet in the trixie repo https://packages.microsoft.com/debian/13/prod/pool/main/ (compare to bookworm https://packages.microsoft.com/debian/12/prod/pool/main/).
"features": {
"./docker-outside-of-docker": { "moby": false }
},@samstride Thanks for the hint about local testing. |
Kaniska244
suggested changes
Aug 21, 2025
There was a problem hiding this comment.
Hello @skatsubo ,
Thank you for the contribution. Would you kindly add test cases for debian trixie for both docker-outside-of-docker and docker-in-docker features.
skatsubo
changed the title
|
Hey @Kaniska244
Added tests using devcontainer features test -f docker-outside-of-docker --filter "trixie"
devcontainer features test -f docker-in-docker --filter "trixie"
|
|
Is there any reason to hold this for longer? We are using moby: false and would happily migrate to Trixie rather sooner than later. |
AlvaroRausell
approved these changes
Aug 28, 2025
There was a problem hiding this comment.
LGTM! I removed the failing test for trixie with moby enabled, as we currently do not have a mechanism to test failures.
Also, apologies for the delay shipping this, I was away and did not have a direct backup. I am actively working on getting more people on board so this does not happen again!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #1059.
Related: #1367.
I'm wondering too if we can relax the distro check a bit and improve support for newly arriving distros in these docker-* extensions. For example, print the "unsupported ..." text in big red letters and then continue setup, in hopes it will work out. Maybe with extra knob (env var) to manage this, keeping current behavior by default.