docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Offering an alternative to the deprecated apt-key tool (#11990) 

* Offering an alternative to apt-key (deprecated)

[Use trusted.gpg.d instead of apt-key · Issue #11625 · docker/docker.github.io](https://github.com/docker/docker.github.io/issues/11625)

As of Debian 10 / Ubuntu 20.10, apt-key is deprecated and will not be available after Debian 11 / Ubuntu 22.04

Although adding keys directly to `/etc/apt/trusted.gpg.d`/ is suggested by apt-key deprecation message, as per [Debian Wiki](https://wiki.debian.org/DebianRepository/UseThirdParty) GPG keys for third party repositories should be added to `/usr/share/keyrings` and referenced with the `signed-by` option in the source.list.d entry.

Providing a binary .gpg key instead of an ASCII Armored one might help shorten the lengthy command by removing the ` | gpg --dearmor ` bit.

This removes the software-properties-common provides add-apt-repository which we don't use anymore
This commit is contained in:
denis-roy 2021-03-02 05:30:37 -05:00 committed by GitHub
parent 26f07f716a
commit 760bb64ea3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
engine/install/debian.md
View File

@ -84,27 +84,14 @@ from the repository.
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
gnupg
```
2. Add Docker's official GPG key:
```bash
$ curl -fsSL {{ download-url-base }}/gpg | sudo apt-key add -
```
$ curl -fsSL {{ download-url-base }}/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
Verify that you now have the key with the fingerprint
`9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88`, by searching for the
last 8 characters of the fingerprint.
```bash
$ sudo apt-key fingerprint 0EBFCD88
pub 4096R/0EBFCD88 2017-02-22
Key fingerprint = 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
uid Docker Release (CE deb) <docker@docker.com>
sub 4096R/F273FCD8 2017-02-22
```
3. Use the following command to set up the **stable** repository. To add the
@ -127,30 +114,27 @@ from the repository.
<div id="x86_64_repo" class="tab-pane fade in active" markdown="1">
```bash
$ sudo add-apt-repository \
"deb [arch=amd64] {{ download-url-base }} \
$(lsb_release -cs) \
stable"
$ echo \
"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] {{ download-url-base }} \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
```
</div>
<div id="armhf_repo" class="tab-pane fade" markdown="1">
```bash
$ sudo add-apt-repository \
"deb [arch=armhf] {{ download-url-base }} \
$(lsb_release -cs) \
stable"
$ echo \
"deb [arch=armhf signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] {{ download-url-base }} \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
```
</div>
<div id="arm64_repo" class="tab-pane fade" markdown="1">
```bash
$ sudo add-apt-repository \
"deb [arch=arm64] {{ download-url-base }} \
$(lsb_release -cs) \
stable"
$ echo \
"deb [arch=arm64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] {{ download-url-base }} \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
```
</div>

39
engine/install/ubuntu.md
View File

@ -92,27 +92,13 @@ from the repository.
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
gnupg
```
2. Add Docker's official GPG key:
```bash
$ curl -fsSL {{ download-url-base }}/gpg | sudo apt-key add -
```
Verify that you now have the key with the fingerprint
<span><code>9DC8 5822 9FC7 DD38 854A&nbsp;&nbsp;E2D8 8D81 803C 0EBF CD88</code></span>, by searching for the
last 8 characters of the fingerprint.
```bash
$ sudo apt-key fingerprint 0EBFCD88
pub rsa4096 2017-02-22 [SCEA]
9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
uid [ unknown] Docker Release (CE deb) <docker@docker.com>
sub rsa4096 2017-02-22 [S]
$ curl -fsSL {{ download-url-base }}/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
```
3. Use the following command to set up the **stable** repository. To add the
@ -135,30 +121,27 @@ from the repository.
<div id="x86_64_repo" class="tab-pane fade in active" markdown="1">
```bash
$ sudo add-apt-repository \
"deb [arch=amd64] {{ download-url-base }} \
$(lsb_release -cs) \
stable"
$ echo \
"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] {{ download-url-base }} \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
```
</div>
<div id="armhf_repo" class="tab-pane fade" markdown="1">
```bash
$ sudo add-apt-repository \
"deb [arch=armhf] {{ download-url-base }} \
$(lsb_release -cs) \
stable"
$ echo \
"deb [arch=armhf signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] {{ download-url-base }} \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
```
</div>
<div id="arm64_repo" class="tab-pane fade" markdown="1">
```bash
$ sudo add-apt-repository \
"deb [arch=arm64] {{ download-url-base }} \
$(lsb_release -cs) \
stable"
$ echo \
"deb [arch=arm64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] {{ download-url-base }} \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
```
</div>