[Bug] Dockerfile.noble build fails - GPG key error for Jetson repo (NO_PUBKEY 0D296FFB880FB004) #12
Description
Environment
- Platform: Jetson Thor (aarch64)
- JetPack: 7.1
- OS: Ubuntu 24.04 (Noble)
- isaac-ros-cli: release-4.0
Description
isaac-ros activate --build-local fails during Docker image build at Dockerfile.noble:229. The
NVIDIA Jetson apt repository GPG key cannot be verified.
Error Log
#19 5.567 W: GPG error: https://repo.download.nvidia.com/jetson/common r38.2 InRelease:
The following signatures couldn't be verified because the public key is not available:
NO_PUBKEY 0D296FFB880FB004
#19 5.567 E: The repository 'http://repo.download.nvidia.com/jetson/common r38.2 InRelease' is not
signed.
ERROR: failed to solve: process "/bin/bash -c apt-key adv --fetch-key
https://repo.download.nvidia.com/jetson/jetson-ota-public.asc ; ..." did not complete
successfully: exit code: 100
Root Cause
Dockerfile.noble (line 229) uses apt-key adv --fetch-key to import the Jetson repo GPG key. This
method is deprecated in Ubuntu 24.04 (Noble) and does not properly register the key, causing
apt-get update to fail signature verification.
Current (broken)
RUN --mount=type=cache,target=/var/cache/apt \
apt-key adv --fetch-key https://repo.download.nvidia.com/jetson/jetson-ota-public.asc ; \
if [[ ${PLATFORM} == 'arm64' ]]; then \
add-apt-repository "deb http://repo.download.nvidia.com/jetson/common r38.2 main" ; \
...
Fix
Replace apt-key with the modern signed-by approach using a dearmored keyring file:
Fixed
RUN --mount=type=cache,target=/var/cache/apt \
curl -fsSL https://repo.download.nvidia.com/jetson/jetson-ota-public.asc | gpg --dearmor -o
/usr/share/keyrings/nvidia-jetson.gpg ; \
if [[ ${PLATFORM} == 'arm64' ]]; then \
echo "deb [signed-by=/usr/share/keyrings/nvidia-jetson.gpg]
http://repo.download.nvidia.com/jetson/common r38.2 main" >
/etc/apt/sources.list.d/nvidia-jetson.list ; \
elif [[ ${PLATFORM} == 'amd64' ]]; then \
echo "deb [signed-by=/usr/share/keyrings/nvidia-jetson.gpg]
http://repo.download.nvidia.com/jetson/x86_64/noble r38.2 main" >
/etc/apt/sources.list.d/nvidia-jetson.list ; \
else \
echo "Unrecognized platform: ${PLATFORM}" && exit 1 ; \
fi ; \
apt-get update
Workaround
Manually edit /etc/isaac-ros-cli/docker/Dockerfile.noble on the host and replace lines 229–238 with
the fixed version above, then re-run:
cd ~/workspaces/isaac_ros-dev && isaac-ros activate --build-local
References
- https://wiki.debian.org/DebianRepository/UseThirdParty
- File: /etc/isaac-ros-cli/docker/Dockerfile.noble (installed by isaac-ros-cli package