[RFI] Adding the docker repo's GPG key to the system. #10347
Description
Problem description
apt-key(8)
Note that if usage of apt-key is desired the additional installation of the GNU Privacy Guard suite packaged in gnupg) is required.
For this reason alone the programmatic usage (especially in package maintainer scripts!) is strongly discouraged.
- Current
aptexpects keys from packages to be put inside/etc/apt/trusted.gpg.d- binary keys ending in
.gpg - ASCII-armored keys ending in
.asc
- binary keys ending in
Problem location
File: https://docs.docker.com/install/linux/docker-ce/ubuntu/#set-up-the-repository
- ubuntu.md#L114 (and maybe other documentation also) instructs to download the docker repo's gpg key, which is actually an ASCII-armored file, and pipe it into
apt-keywhich is deprecated on modern systems. - ubuntu.md#L153-L156 and similar lines.
Suggestions for a fix
- The
apt-keycommand should not be used in the instructions. - The recommended command to retrieve the gpg-key should be changed into:
(As a single command-line)
sudo curl -LR https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/trusted.gpg.d/docker.gpg.asc- Notes:
- The
-fsSflags tocurlshould not be used so the user has visual feedback and can retry in case of failures. - The time-stamp of the source is used for the output file to aid in version checking.
- The output is put into a file under
/etc/apt/trusted.gpg.dending in.ascto indicate an ASCII-armored key toapt.
- The
- Notes:
- The recommended command to check that the key is properly installed should be changed into:
apt-key list docker - The recommended command(s) to set up the "stable" repository should be changed into:
> printf "%s %s %s %s %s\n" \ "deb" \ "[arch=amd64]" \ "https://download.docker.com/linux/ubuntu" \ "$(lsb_release -cs)" \ "stable" \ > /tmp/docker.list > sudo install \ --mode=a=r,u+w \ /tmp/docker.list \ /etc/apt/sources.list.d > rm /tmp/docker.list