The repository is not signed to install a package on Ubuntu

Vitalii Plagov picture Vitalii Plagov · Jul 21, 2018 · Viewed 11.8k times · Source

I'm using Salt (SaltStack) to install packages in Ubuntu 18.04. I want to install a formula for docker, for example. When I apply docker state, I get an error that a package can't be installed, because the package repository that is used in a formula isn't signed.

ID: docker package
Function: pkg.installed
Name: docker-engine
Result: False
Comment: An error was encountered while installing package(s): E: Failed to fetch https://apt.dockerproject.org/repo/dists/ubuntu-bionic/InRelease  403  Forbidden [IP: 13.33.98.216 443]
              E: The repository 'https://apt.dockerproject.org/repo ubuntu-bionic InRelease' is not signed.

Same happens when I'm using another formula.

I found out that if I would install a package manually through a command-line, I would use a --allow-unauthenticated option.

But what is the way to solve this issue while using Salt and salt-formulas? How can I install a package from a not signed repository?

Answer

kravietz picture kravietz · Sep 4, 2018

Disabling package verification is a very bad idea in any scenario. The Docker repository is perfectly compliant with Ubuntu package signing standards and publishes a GPG key to verify them. It can be added to the system manually:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

But this is not the primary problem here - it's that the Salt rule you're referring to is outdated and sets an incorrect Docker repo URL - in recent installation script they've changed it from https://apt.dockerproject.org/repo to https://download.docker.com/linux/ubuntu/ and while the old mirror seems to be working, the signature files for new releases don't seem to be available there, which confuses apt.

So using Ansible (sorry, I don't know Salt):

- apt_key:
    url: https://download.docker.com/linux/ubuntu/gpg

- apt_repository:
    repo: 'deb https://download.docker.com/linux/ubuntu/ bionic stable'

- apt: name=docker-ce