If you’ve ever attempted to install Docker CLI and found yourself wrestling with an error that suggests the system can’t verify the Docker package’s source because of a missing GPG key, know that you’re not the only one. This issue is quite common, and it happens when the system lacks the necessary GPG key to authenticate the software’s source. Fortunately, there’s a solution to this problem. This blog post will provide a detailed, step-by-step guide to help you navigate this hurdle and successfully install Docker CLI on your system.
Understanding the Problem:
One of the common error messages encountered during Docker CLI installation is “The following signatures couldn’t be verified because the public key is not available.” This error typically emerges when you’re trying to install a package from a repository that is signed with a GPG key, but the key is not installed on your system.
So, what does this mean? GPG, or GNU Privacy Guard, is a data encryption and decryption program that provides cryptographic privacy and authentication for data communication. In simpler terms, GPG keys are used to verify that the software you’re installing is genuinely from the source it claims to be from and hasn’t been tampered with.
Docker documentation itself foresees this GPG error and offers a solution in its installation page:
However, this solution did not work for me and I kept getting the same “signatures couldn’t be verified” error.
The Solution: Downloading and Adding a New Key
The solution to this problem lies in downloading the new key and adding it to your system’s keyring. Here is a breakdown of the steps involved in resolving this issue:
Step 1: Check for and Install
type -p curl >/dev/null || sudo apt install curl -ychecks if
curlis installed on your system and installs it if it’s not.
curlis a utility used for transferring data from or to a server, using one of the supported protocols.
Step 2: Download the GitHub CLI GPG Keyring:
curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpgdownloads the GitHub CLI GPG keyring from the specified URL and saves it to your system’s keyring directory.
Step 3: Change the Permissions of the Downloaded Keyring File:
sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpgalters the permissions of the GitHub CLI keyring file to make it readable by all system users.
Step 4: Add the GitHub CLI Package Repository to Your System’s List of Package Sources:
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/nulladds the GitHub CLI package repository to your system’s list of package sources and associates it with the GPG keyring file you’ve just downloaded and installed.
Step 5: Update Your System’s Package Index Files:
sudo apt updateupdates your system’s package index files to include package information from the newly added GitHub CLI repository.
Step 6: Install the GitHub CLI:
Finally, the command
sudo apt install gh -yinstalls the GitHub CLI.
Mastering the handling of GPG key errors can save you a significant amount of time and frustration when installing Docker CLI or other software packages. This step-by-step guide provides an easy solution to a common problem, ensuring a smooth installation process.