Docker hub latest-debian out of date

I wanted to use passbolt/passbolt:latest-debian to run my passbolt (ce) docker container but I noticed that the docker hub image is really out of date:

but the Debian Dockerfile on github seems to be still maintained:

any advice?


You should follow this guide: Passbolt Help | Docker passbolt installation

This image is not the good one :slightly_smiling_face:


Okay thanks for the info. but the regular passbolt/passbolt:lastest-ce does not work on my synology (arch: x86_64)

if I run docker run passbolt/passbolt:latest-ce-non-root it immediately fails with:
gpg: keybox ‘/var/lib/passbolt/.gnupg/pubring.kbx’ created
gpg: agent_genkey failed: End of file
gpg: key generation failed: End of file

the debian and your multiarch image start fine.
(and yes I know there are envs etc missing from the run command - it also fails with all the correct env vars in place and I also did not mount any volumes/folders to rule out permission issues)

I also tried to run:
docker pull --platform linux/amd64 passbolt/passbolt:latest-ce-non-root
to specifially get the amd64 image…

any idea?

For passbolt setup on Synology, you have this doc: How to Install Passbolt on Your Synology NAS – Marius Hosting


yes I already found that…
but it should not make any difference if I run it via this portainer script or just with:

docker run passbolt/passbolt:latest-ce-non-root

the container should at least start up (and then compain about mysql etc) but it never even gets past the gpg key generation… (while the debian and multiarch dont have this problem)

I’m sorry, I don’t know, you have to wait Synology users help :confused:

I tried the portainer tutorial you posted - but as I expected it runs into the same error…

why should I not use the debian image? its seems to be still maintained at least in the github repo?


The latest Debian image is passbolt/passbolt:latest

The latest-debian image tag is not the latest one. I guess it is an old one.

Another point, all passbolt images are debian-based.

@remy / @diego maybe can you delete this image to avoid confusion?

Yes, those tags were legacy and they have been removed now. Thank you for the heads up!

1 Like

Thanks @Dani !

I have to type at least 20 characters…

okay and your multiarch images (Docker)? are they based on older passbolt images? because they dont have the gpg generation problem but I saw that they also use php 7.4 like the older debian tagged images…?

I originally built these images because passbolt docker images were not multiarch ones. I needed arm images for raspberry.

Since passbolt provide multiarch images, I stopped the build of my custom images.

Do you mean this official image doesn’t work but my image (a bit outdated now) works?


I rebuilt and pushed yesterday custom docker images, they are based on latest passbolt dockerfile.

What is your synology model reference ? The only difference between my image and the passbolt one is 32bit support with linux/386 arch.


yes exactly, since you rebuilt and published the multiarch images they also stopped working and fail immediately with:

gpg: keybox '/var/lib/passbolt/.gnupg/pubring.kbx' created
gpg: agent_genkey failed: End of file
gpg: key generation failed: End of file

is it maybe something in the “os” of the base images that is different from the old ones?

the synology model is a DS1813+ with INTEL Atom D2700


docker run -it --rm anatomicjc/passbolt:latest-ce-multiarch uname -m

gives me “x86_64”…

is it maybe a problem with the Atom CPU missing some crypto extensions? but why would the “older” images work… did something change with the gpg gen commands?

Checking a bit on Internet apparently your processor supports 64bits (long mode) but you have to enable it on the BIOS. Could be this the problem?

okay since its in a NAS there is no bios options for me to change… could the older images use a gpg library that did not depend on this?

There should not be any difference in that matter. We have never built images for i386 platforms.

I would really like to solve this mistery (since I want to use passbolt on my nas) is there anything I can do or infos to provide? maybe I try to find out starting from which tag it stopped working

If I were you I would build myself a docker image amd64 from our public dockerfiles and another one i386 to see if you can reproduce the problem and if the i386 image solves it.

Okay I will try if I can manage that… in the meantime:



does not work anymore

does this maybe help corner the problem?

thinking about it… could it be that somewhen between 4.0.2-1 and -2 linux packages had changes that made them incompatible with my nas cpu?