Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

The repository is not signed to install a package on Ubuntu

Tags:

salt-stack

I'm using Salt (SaltStack) to install packages in Ubuntu 18.04. I want to install a formula for docker, for example. When I apply docker state, I get an error that a package can't be installed, because the package repository that is used in a formula isn't signed.

ID: docker package
Function: pkg.installed
Name: docker-engine
Result: False
Comment: An error was encountered while installing package(s): E: Failed to fetch https://apt.dockerproject.org/repo/dists/ubuntu-bionic/InRelease  403  Forbidden [IP: 13.33.98.216 443]
              E: The repository 'https://apt.dockerproject.org/repo ubuntu-bionic InRelease' is not signed.

Same happens when I'm using another formula.

I found out that if I would install a package manually through a command-line, I would use a --allow-unauthenticated option.

But what is the way to solve this issue while using Salt and salt-formulas? How can I install a package from a not signed repository?

like image 225
Vitali Plagov Avatar asked Jul 20 '18 22:07

Vitali Plagov

2 Answers

Disabling package verification is a very bad idea in any scenario. The Docker repository is perfectly compliant with Ubuntu package signing standards and publishes a GPG key to verify them. It can be added to the system manually:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

But this is not the primary problem here - it's that the Salt rule you're referring to is outdated and sets an incorrect Docker repo URL - in recent installation script they've changed it from https://apt.dockerproject.org/repo to https://download.docker.com/linux/ubuntu/ and while the old mirror seems to be working, the signature files for new releases don't seem to be available there, which confuses apt.

So using Ansible (sorry, I don't know Salt):

- apt_key:
    url: https://download.docker.com/linux/ubuntu/gpg

- apt_repository:
    repo: 'deb https://download.docker.com/linux/ubuntu/ bionic stable'

- apt: name=docker-ce
like image 114
kravietz Avatar answered Oct 02 '22 21:10

kravietz

You can use skip_verify to avoid GPG verification check (e.g., --allow-unauthenticated, or --force-bad-verify),

httpd:
  pkg.installed:
    - fromrepo: mycustomrepo
    - skip_verify: True
like image 39
Sufiyan Ghori Avatar answered Oct 02 '22 23:10

Sufiyan Ghori
Sign in to Comment

Related questions

How to change ownership, or chown -R user:user equivalent with saltstack?
How to seamlessly rename a minion?
replacing a file with a symbolic link in a salt state
How can I get the free memory available on minions using on salt?
saltstack: creating directory only if does not exists
Passing variables between salt states
SaltStack: Properties (computed values) for data from SLS files?
SaltStack: getting No top file or master_tops data matches found
Salt: manage 100+ virtualenvs on one host
Is it possible to use variables in cloud-config
What's the difference between state.sls and state.apply?
How do i add the contents of a pillar variable to a file with salt?
(SaltStack) ID dog in SLS dog is not a dictionary
Configuring Salt API - Java
What does 'with context' mean when doing an import?
How to I retrieve the home directory of a user
Salt minion inside docker container?
Compare version numbers using jinja2
Jinja2 map list to dictionary

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!