moby: apt repo for Xenial says the package cannot be authenticated

I have 4 brand new, out of the box pieces of hardware, I’ve installed Xenial 16.04 on them and updated all packages.

Having added the key for docker and the xenial package repository and attempted to install docker-engine on each of the four machines, I get the following error;

user@Machine:~$ sudo apt-get install -y docker-engine
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  aufs-tools cgroupfs-mount libltdl7
Suggested packages:
  mountall
The following NEW packages will be installed
  aufs-tools cgroupfs-mount docker-engine libltdl7
0 to upgrade, 4 to newly install, 0 to remove and 0 not to upgrade.
Need to get 14.6 MB of archives.
After this operation, 73.8 MB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
  docker-engine
E: There were unauthenticated packages and -y was used without --allow-unauthenticated
user@Machine:~$ 

Is the package in the Xenial repository not signed?

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 54 (24 by maintainers)

Commits related to this issue

Most upvoted comments

I am using this:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
sudo apt-get update

It worked.

I just encountered the very same problem. I managed to reproduce it under 16.04 VM.

If I do the following, the problem doesn’t appear:

apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
echo "deb https://apt.dockerproject.org/repo ubuntu-xenial main" > /etc/apt/sources.list.d/apt_dockerproject_org_repo.list
apt-get update
apt-get install docker-engine

However, I can reproduce this problem in a fresh VM if I add the repo first, and only add the key after apt-get update. Rerunning apt-get update doesn’t solve the problem:

echo "deb https://apt.dockerproject.org/repo ubuntu-xenial main" > /etc/apt/sources.list.d/apt_dockerproject_org_repo.list
# here it complains about missing F76221572C52609D key
apt-get update
apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
# this second update changes nothing (albeit it doesn't complain about keys anymore)
apt-get update
# apt-get install complains now (I abort here)
apt-get install docker-engine

Once it gets into this state, the only way to recover seems to be manually removing apt cache files:

rm /var/lib/apt/lists/apt.dockerproject.org_repo_dists_ubuntu-xenial_*
apt-get update
# and now it works
apt-get install docker-engine

It appears to me to be some apt-get quirk - adding a key after retrieving the repo list should be perfectly fine, AFAIK. Hope that helps.

Website instructions are wrong, here is what works in 16.04:

curl -s https://yum.dockerproject.org/gpg | sudo apt-key add
apt-key fingerprint 58118E89F3A912897C070ADBF76221572C52609D
sudo add-apt-repository "deb https://apt.dockerproject.org/repo ubuntu-$(lsb_release -cs) main"
sudo apt-get update
sudo apt-get install docker-engine=1.13.0-0~ubuntu-xenial

I don’t have a physical box to test on, but I just created a fresh Ubuntu Xenial droplet on DigitalOcean, but I’m not able to reproduce, using these steps;

apt-get update
apt-get install apt-transport-https ca-certificates
apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
echo "deb https://apt.dockerproject.org/repo ubuntu-xenial main" > /etc/apt/sources.list.d/docker.list
apt-get update
apt-get install docker-engine

For Linux Mint 18 this fixed it for me: Menu -> Administration -> Software Sources -> Additional Repositories -> Edit the URL of the docker entry -> Replace sarah with xenial

@hamid-elaosta which region did you run on on DigitalOcean?

Here’s what I did;

  1. Created a new droplet (Ubuntu 16.04 x64, AMS3 region, 2GB memory)
  2. Logged in, then:
apt-get update
apt-get install apt-transport-https ca-certificates
apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
echo 'deb https://apt.dockerproject.org/repo ubuntu-xenial main' > /etc/apt/sources.list.d/docker.list
apt-get update
apt-get install linux-image-extra-$(uname -r)
apt-get install docker-engine

After that, running docker version

Client:
 Version:      1.11.1
 API version:  1.23
 Go version:   go1.5.4
 Git commit:   5604cbe
 Built:        Tue Apr 26 23:43:49 2016
 OS/Arch:      linux/amd64

Server:
 Version:      1.11.1
 API version:  1.23
 Go version:   go1.5.4
 Git commit:   5604cbe
 Built:        Tue Apr 26 23:43:49 2016
 OS/Arch:      linux/amd64

Getting same issue

apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D

not getting pubkey for ubuntu 16.04 LTS

So this is the key in question;

http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xF76221572C52609D

If you install it using the fingerprint as documented here “Update your apt sources”, section 4; https://docs.docker.com/engine/installation/linux/ubuntulinux/

sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D

The apt update will succeed but the apt install docker-engine will fail.

If you then remove the key and install it again using;

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F76221572C52609D

Importantly, using the F7622157 and NOT the fingerprint, followed by and apt update and the apt install docker-engine succeeds.

Hopefully this can point us at the cause.

Here was the solution for me, similar to iEmiya:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553

I Have also been seeing this issue for the last couple of days.I am using Vagrant shell provisioning to run

sudo curl -sSL “https://get.docker.com/” | sh

Up unit 5/6/16, I was able to provision my Ubuntu Trusty VM (Virtual Box) using this script. As of 5/6/16, I started getting:

WARNING: The following packages cannot be authenticated! docker-engine E: There are problems and -y was used without --force-yes

I am operating behind a firewall and proxy. Using my company’s proxy credentials I have been able to set up docker this way for the past few months without issue.