1. Summary of Identified Errors
The primary issue encountered was an APT (Advanced Package Tool) GPG (GNU Privacy Guard) error when attempting to update package lists after adding the Docker official repository. This error manifested as:
- NO_PUBKEY 7EA0A9C3F273FCD8: This indicated that the system lacked the public GPG key required to verify the digital signature of the Docker repository.
- The following signatures couldn’t be verified because the public key is not available: A direct message confirming the absence of the necessary key.
- E: The repository ‘https://download.docker.com/linux/ubuntu jammy InRelease’ is not signed.: APT’s conclusion that, without a verifiable signature, the repository was untrusted.
- N: Updating from such a repository can’t be done securely, and is therefore disabled by default.: A critical warning stating that packages from this repository would not be downloaded or installed due to security concerns.
2. Analysis of Root Causes
The root cause of the error was the absence or improper association of the Docker GPG public key with the Docker repository entry in the system’s APT sources.
Initially, while the Docker repository line was added to /etc/apt/sources.list.d/archive_uri-https_download_docker_com_linux_ubuntu-jammy.list, the apt package manager could not find or correctly utilize the corresponding GPG key to authenticate the packages from that repository. This often happens if:
- The GPG key is not imported into the system’s keyring.
- The repository entry itself does not explicitly specify which GPG key to use for signing, especially with modern APT versions that prefer the
signed-bydirective.
In this specific case, after the initial add-apt-repository command, the repository entry was present but lacked the signed-by=/etc/apt/keyrings/docker.gpg attribute. This omission meant APT didn’t know to look in the newly created /etc/apt/keyrings/docker.gpg file for the necessary public key, even if the key was correctly present on the system.
3. Implemented Fixes and Resolutions
The problem was successfully resolved by a series of steps focused on correctly adding and linking the Docker GPG public key:
Ensured Required Tools were Installed: The necessary packages like ca-certificates, curl, and gnupg were confirmed to be present to handle secure connections and GPG key management.
$ sudo apt-get update
$ sudo apt-get install -y ca-certificates curl gnupgCreated Keyrings Directory: The standard and recommended directory for APT keyrings was created:
$ sudo install -m 0755 -d /etc/apt/keyringsDownloaded and Added Docker GPG Key: The official Docker GPG public key was securely downloaded and stored in the appropriate keyring location:
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpgSet Correct Key Permissions: File permissions for the GPG key were adjusted to ensure apt could read it:
$ sudo chmod a+r /etc/apt/keyrings/docker.gpgReconfigured Docker Repository Entry: This was the most critical step. The problematic, older repository entry was removed, and a new, correctly formatted entry was added. This new entry explicitly includes the signed-by attribute, pointing to the location of the Docker GPG key.
Removed old entry:
$ sudo rm /etc/apt/sources.list.d/archive_uri-https_download_docker_com_linux_ubuntu-jammy.listAdded new, correct entry:
$ echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/nullThis command dynamically inserted the correct architecture (amd64) and Ubuntu codename (jammy) along with the crucial signed-by=/etc/apt/keyrings/docker.gpg directive.
Updated APT Package Index: Finally, apt was instructed to refresh its package lists, which successfully recognized the trusted Docker repository:
$ sudo apt-get updateNext Steps
Now that your APT sources are correctly configured and trusted, you can proceed with installing Docker Engine and Docker Compose (or any other Docker-related packages) securely:
$ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-pluginConclusion
The comprehensive resolution of the GPG key error has successfully enabled the system to securely interact with the Docker package repository. The installation of Docker Engine, CLI, containerd, and both Buildx and Compose plugins proceeded without issues, confirming the system is now ready for Docker operations.
