The repository is not signed to install a package on Ubuntu
I'm using Salt (SaltStack) to install packages in Ubuntu 18.04. I want to install a formula for docker, for example. When I apply docker state, I get an error that a package can't be installed, because the package repository that is used in a formula isn't signed.
ID: docker package
Function: pkg.installed
Name: docker-engine
Result: False
Comment: An error was encountered while installing package(s): E: Failed to fetch https://apt.dockerproject.org/repo/dists/ubuntu-bionic/InRelease 403 Forbidden [IP: 13.33.98.216 443]
E: The repository 'https://apt.dockerproject.org/repo ubuntu-bionic InRelease' is not signed.
Same happens when I'm using another formula.
I found out that if I would install a package manually through a command-line, I would use a --allow-unauthenticated option.
But what is the way to solve this issue while using Salt and salt-formulas? How can I install a package from a not signed repository?
Answer
Disabling package verification is a very bad idea in any scenario. The Docker repository is perfectly compliant with Ubuntu package signing standards and publishes a GPG key to verify them. It can be added to the system manually:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
But this is not the primary problem here - it's that the Salt rule you're referring to is outdated and sets an incorrect Docker repo URL - in recent installation script they've changed it from https://apt.dockerproject.org/repo to https://download.docker.com/linux/ubuntu/ and while the old mirror seems to be working, the signature files for new releases don't seem to be available there, which confuses apt.
So using Ansible (sorry, I don't know Salt):
- apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
- apt_repository:
repo: 'deb https://download.docker.com/linux/ubuntu/ bionic stable'
- apt: name=docker-ce