search

benbalter / pi-hole-cloudflared-docker-compose-ansible-caddy

Example configuration for using Pi-Hole, Cloudflared, Docker Compose, Ansible, and Caddy to over-engineer your home network for privacy and security.
https://ben.balter.com/2021/09/01/how-i-re-over-engineered-my-home-network/
MIT License
151 stars 32 forks source link

GPG error when trying to sign the docker repo #4

Open pdemarti opened 2 years ago

pdemarti commented 2 years ago

Describe the bug

In the task: "add docker repository to apt", there is a failure:

Failed to update apt cache: W:GPG error:
https://download.docker.com/linux/debian buster InRelease: The following signatures couldn't
be verified because the public key is not available: NO_PUBKEY 7EA0A9C3F273FCD8,
E:The repository 'https://download.docker.com/linux/debian buster InRelease' is not signed.

Possibly related to: this SO issue.

As a workaround, I changed the task to not check signature (potential vulnerability):

    - name: add docker repository to apt
      become: true
      apt_repository:
        # we won't try to sign the repo. If we do, we get: "Failed to update apt cache: W:GPG error:
        # https://download.docker.com/linux/debian buster InRelease: The following signatures couldn't
        # be verified because the public key is not available: NO_PUBKEY 7EA0A9C3F273FCD8,
        # E:The repository 'https://download.docker.com/linux/debian buster InRelease' is not signed."
        # repo: deb [arch=armhf signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian buster stable
        repo: deb [arch=armhf] https://download.docker.com/linux/debian buster stable
        state: present