小贝子编程

Docker:如何在安装 docker 时解决 ubuntu 中的公钥错误



我在运行以下命令以在 Ubuntu 服务器中安装 docker 和 kubernetes 时收到以下错误消息。

root@master:/home/ubuntu# add-apt-repository 
>   "deb [arch=amd64] https://download.docker.com/linux/ubuntu 
>   $(lsb_release -cs) 
>   stable"
Hit:1 http://in.archive.ubuntu.com/ubuntu bionic InRelease
Get:2 https://download.docker.com/linux/ubuntu bionic InRelease [64.4 kB]
Hit:3 http://in.archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:4 http://in.archive.ubuntu.com/ubuntu bionic-backports InRelease
Hit:5 http://in.archive.ubuntu.com/ubuntu bionic-security InRelease
**Err:2 https://download.docker.com/linux/ubuntu bionic InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7EA0A9C3F273FCD8**
Reading package lists... Done
W: GPG error: https://download.docker.com/linux/ubuntu bionic InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7EA0A9C3F273FCD8
**E: The repository 'https://download.docker.com/linux/ubuntu bionic InRelease' is not signed.**
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
root@master:/home/ubuntu#

我也运行了以下命令,但没有运气

root@master:/# sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7EA0A9C3F273FCD8
Executing: /tmp/apt-key-gpghome.rDOuMCVLF2/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 7EA0A9C3F273FCD8
gpg: keyserver receive failed: No keyserver available

我遇到了这个确切的问题。 我相信这是由我的默认 umask 引起的,这导致某些 Docker 文件以不正确的权限安装。 我能够通过更正 docker 密钥文件的文件权限来修复它:

sudo chmod a+r /usr/share/keyrings/docker-archive-keyring.gpg

编辑:这个答案显然不再有效

运行以下命令以添加正确的密钥:

# Does not work any more
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

来源:https://docs.docker.com/install/linux/docker-ce/ubuntu/

首先,添加 Docker 的官方 GPG 密钥:

sudo mkdir -p /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor --yes -o /etc/apt/keyrings/docker.gpg

或其他情况 (macOS(

sudo mkdir -p /usr/share/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor --yes -o /usr/share/keyrings/docker-archive-keyring.gpg

PS对于某些人来说,gpgp --dearmor部分很有用。

其次,更新它的权限:

sudo chmod a+r /etc/apt/keyrings/docker.gpg

或其他情况 (macOS(

sudo chmod a+r /usr/share/keyrings/docker-archive-keyring.gpg

在 Ubuntu 上安装 Docker 引擎 - 官方 Docker 文档

Debian 测试存在问题(靶心(:

警告:apt-key 已弃用。改为在 trusted.gpg.d 中管理密钥环文件(参见 apt-key(8((。

但可以通过以下方式解决:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

来自: https://docs.docker.com/engine/install/ubuntu/它适用于 ubuntu 20.04

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo 
"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu 
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get --assume-yes install docker-ce docker-ce-cli containerd.io

确保/usr/share/keyrings/docker-archive-keyring.gpg 是全局可读的。

# ls -l /usr/share/keyrings/docker-archive-keyring.gpg
-rw-rw---- 1 root root 2760 Aug 17 06:46 /usr/share/keyrings/docker-archive-keyring.gpg
strace -f apt update 2>&1 | grep docker-archive-keyring
[pid  9453] faccessat(AT_FDCWD, "/usr/share/keyrings/docker-archive-keyring.gpg", R_OK) = -1 EACCES (Permission denied)
# chmod o+r /usr/share/keyrings/docker-archive-keyring.gpg
# strace -f apt update 2>&1 | grep docker-archive-keyring
[pid  9772] faccessat(AT_FDCWD, "/usr/share/keyrings/docker-archive-keyring.gpg", R_OK) = 0
[pid  9795] openat(AT_FDCWD, "/usr/share/keyrings/docker-archive-keyring.gpg", O_RDONLY) = 4
[pid  9795] access("/usr/share/keyrings/docker-archive-keyring.gpg", F_OK) = 0
[pid  9795] access("/usr/share/keyrings/docker-archive-keyring.gpg", R_OK) = 0
[pid  9795] openat(AT_FDCWD, "/usr/share/keyrings/docker-archive-keyring.gpg", O_RDONLY) = 6
[pid  9795] openat(AT_FDCWD, "/usr/share/keyrings/docker-archive-keyring.gpg", O_RDONLY) = 7
[pid  9795] openat(AT_FDCWD, "/usr/share/keyrings/docker-archive-keyring.gpg", O_RDONLY) = 8

这是错误

W: GPG error: https://download.docker.com/linux/ubuntu bionic InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7EA0A9C3F273FCD8

复制NO_PUBKEY后面的密钥并执行

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys <the key>

确保将<the key>替换为您复制的密钥
然后再次运行您的命令

对于 22.04,我必须做:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/docker.gpg

具体来说,让输出转到/etc/apt/trusted.gpg.d/docker.gpg

您可以获得"公钥不可用"的原因有很多,上面列出了大多数原因。然而,我最近遇到了一个意想不到的。

我相信在 20.04 到 22.04 之间的某个地方,适当的行为发生了变化。两个版本都支持装甲 gpg 密钥(从 1.4 开始,大约在 2017 年(。但有一个区别:

  1. 在 20.04 中,apt v2.0 接受扩展名为.gpg的文件的装甲密钥
  2. 在 22.04 apt v2.4 IGNORES 装甲键中,如果它们具有.gpg扩展名。它要求他们有一个.asc.pub扩展名。

当一个经过测试且稳定的 ansible 剧本安装 docker 在切换到 22.04 后停止工作时,这有点令人费解。更改文件扩展名解决了该问题。

如果您确实遵循了在 Ubuntu 上安装 Docker 引擎的步骤,请参阅您的权限文件/usr/share/keyrings/

应该是-rw-r--r-- 1 root root 2.7K Sep 13 05:46 docker-archive-keyring.gpg

-rw-r--r--

我在它-rw-r------rw-r--r--之前更改了权限 使用此命令

sudo chmod o+r /usr/share/keyrings/docker-archive-keyring.gpg

然后使用 apt update 检查它,它对我有用。

> Ubuntu 20.04,这是你应该做的:

echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

而不是

echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

在 docker 网站上,这条线得到了更新,/usr/share/keyrings/docker-archive-keyring.gpg变得/etc/apt/keyrings/docker.gpg

就我而言,有必要检查存储库是否已在/etc/apt/sources.list.d/中正确指定。

具体来说,就我而言,我删除了该文件:/etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list.

我在 Ubuntu 22.04 中安装 docker 时遇到了这个问题。 虽然我没有花时间了解我错过了什么,但我发现这个链接对此有所帮助。在 ubuntu 22.04 中安装 docker

就我而言,我使用的是不支持的操作系统版本的 Ubuntu(14.04.6 LTS(。确保将您的操作系统版本与此处提到的支持版本进行比较 https://docs.docker.com/engine/install/ubuntu/#os-requirements

我之所以来到这里,是因为我试图通过将他们的存储库添加到 apt 配置中来在 Ubuntu 22.04.1 上安装 Docker。我正在建立一个可识别的剧本来做到这一点。

像上面的许多其他人一样,我遇到了The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ...**错误的问题。

我最终选择了以下几件安斯布来完成工作:

- name: setting up docker apt repo
block:
- name: get docker gpg key
become: true
get_url:
url: https://download.docker.com/linux/ubuntu/gpg
dest: /usr/share/keyrings/docker-archive-keyring-armored.gpg
- name: CMD - process docker key
become: true
shell:
cmd: cat /usr/share/keyrings/docker-archive-keyring-armored.gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
- name: configure docker apt source
become: true        
apt_repository:
repo: "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
state: present

把这个放在这里,给下一个想要做到这一点的可怜的草皮。

In file sources.list -> 在指定存储库的行中,您需要在地址之前添加一个条目(方括号中(

[arch=amd64 signed-by=/etc/apt/keyrings/docker-archive-keyrings.gpg] https://download.docker.com/linux/debian 稳定

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium