Skip to content

FIX MS Package Signing Key issue #1353 to enable DevContainers after Feb-01-2026#1356

Merged
romanlutz merged 5 commits intoAzure:mainfrom
nmolivo:pull-latest-ms-repo
Feb 6, 2026
Merged

FIX MS Package Signing Key issue #1353 to enable DevContainers after Feb-01-2026#1356
romanlutz merged 5 commits intoAzure:mainfrom
nmolivo:pull-latest-ms-repo

Conversation

@nmolivo
Copy link
Contributor

@nmolivo nmolivo commented Feb 5, 2026
edited
Loading

Fixes #1353: Bug Report: Dev Container Build Fails Due to Microsoft Package Signing Key Issue

Root Cause:

The Microsoft package repository signing key uses SHA1 hashing, which Debian/APT now considers insecure as of February 1, 2026. The security policy has been tightened, causing the signature to be rejected.

Changes (minimal, transparent):

In .devcontainer/Dockerfile

  1. Downloads Microsoft's CURRENT GPG key (hopefully SHA256+)
  2. Stores it properly in keyring
  3. Creates /etc/apt/sources.list.d/microsoft.list
  4. Points to Microsoft's repository with explicit key reference

romanlutz
romanlutz reviewed Feb 5, 2026
View reviewed changes
Copy link
Contributor

@romanlutz romanlutz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it succeed for you with these changes?

Before merging, I definitely want one of the maintainers to try this as well. I don't have objections with the changes themselves, but we should be sure that it works.

@nmolivo
Copy link
Contributor Author

nmolivo commented Feb 5, 2026

Thanks for reviewing! I agree - it would be great to have a maintainer verify this works in their environment as well.

For context: I successfully built and opened the dev container with these changes on my machine (macOS 13.0.1, Docker Desktop 3.5.2, VS Code 1.109.0-insider).

Happy to provide any additional testing information or logs if needed. Let me know if there's anything else I should add to help with verification

@romanlutz
Copy link
Contributor

romanlutz commented Feb 6, 2026

@nmolivo please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.

@microsoft-github-policy-service agree [company="{your company}"]

Options:

  • (default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer.
@microsoft-github-policy-service agree
  • (when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer.
@microsoft-github-policy-service agree company="Microsoft"

Contributor License Agreement

@nmolivo please read and decide whether you want to accept the CLA. Otherwise, we won't be able to accept the contribution.

@nmolivo
Copy link
Contributor Author

nmolivo commented Feb 6, 2026

@microsoft-github-policy-service agree

@romanlutz romanlutz merged commit bd3dcf7 into Azure:main Feb 6, 2026
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@romanlutz romanlutz romanlutz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug Report: Dev Container Build Fails Due to Microsoft Package Signing Key Issue

2 participants

@nmolivo @romanlutz