Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Conflicting values set for option Signed-By" reinstalling on Debian after Dec 2021 #1349

Open
2 of 3 tasks
LorenAmelang opened this issue Jan 25, 2022 · 15 comments
Open
2 of 3 tasks

"Conflicting values set for option Signed-By" reinstalling on Debian after Dec 2021 #1349

LorenAmelang opened this issue Jan 25, 2022 · 15 comments

Comments

@LorenAmelang
Copy link

  • This is a bug report
  • This is a feature request
  • I searched existing issues before opening this one

Expected behavior

Reinstall or update of previous install should "just work".

Actual behavior

I first encountered the problem reported in
#1347
back in December. The GPG key from that failed install remained after I thought I had removed all of the failed Docker via this procedure:
https://lokarithm.com/2020/05/31/how-to-completely-remove-docker-from-debian-ubuntu-or-your-raspberry-pi/

December:

pi@raspberrypi:~ $ curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor \
> | sudo tee /usr/share/keyrings/docker-ce-archive-keyring.gpg > /dev/null
pi@raspberrypi:~ $
pi@raspberrypi:~ $ echo \
> "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-ce-archive-keyring.gpg] \
> https://download.docker.com/linux/debian $(lsb_release -cs) stable" \
> | sudo tee /etc/apt/sources.list.d/docker-ce.list > /dev/null
pi@raspberrypi:~ $

January:

pi@raspberrypi:~ $ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
pi@raspberrypi:~ $
pi@raspberrypi:~ $ echo \
>   "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
>   $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
pi@raspberrypi:~ $
pi@raspberrypi:~ $ sudo apt-get update
E: Conflicting values set for option Signed-By regarding source https://download.docker.com/linux/debian/ bullseye: /usr/share/keyrings/docker-ce-archive-keyring.gpg != /usr/share/keyrings/docker-archive-keyring.gpg
E: The list of sources could not be read.
pi@raspberrypi:~ $

That problem wasted many hours of searching and struggle...

Steps to reproduce the behavior

Exploration:

pi@raspberrypi:~ $ gpg --list-keys
gpg: directory '/home/pi/.gnupg' created
gpg: keybox '/home/pi/.gnupg/pubring.kbx' created
gpg: /home/pi/.gnupg/trustdb.gpg: trustdb created
pi@raspberrypi:~ $ 

pi@raspberrypi:~ $ ls -al /etc/apt/trusted.gpg.d
total 8
drwxr-xr-x 2 root root 4096 Oct 30 04:14 .
drwxr-xr-x 8 root root 4096 Dec 16 20:45 ..
-rw-r--r-- 1 root root    0 Oct 30 04:14 microsoft.gpg
pi@raspberrypi:~ $

pi@raspberrypi:~ $ apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub   rsa2048 2012-04-01 [SC]
      A0DA 38D0 D76E 8B5D 6388  7281 9165 938D 90FD DD2E
uid           [ unknown] Mike Thompson (Raspberry Pi Debian armhf ARMv6+VFP) <mpthompson@gmail.com>
sub   rsa2048 2012-04-01 [E]

pub   rsa2048 2012-06-17 [SC]
      CF8A 1AF5 02A2 AA2D 763B  AE7E 82B1 2992 7FA3 303E
uid           [ unknown] Raspberry Pi Archive Signing Key
sub   rsa2048 2012-06-17 [E]

pub   rsa4096 2017-02-22 [SCEA]
      9DC8 5822 9FC7 DD38 854A  E2D8 8D81 803C 0EBF CD88
uid           [ unknown] Docker Release (CE deb) <docker@docker.com>
sub   rsa4096 2017-02-22 [S]

--> all of those are from the /etc/apt/trusted.gpg file

pi@raspberrypi:~ $ sudo rm /usr/share/keyrings/docker-ce-archive-keyring.gpg
pi@raspberrypi:~ $

pi@raspberrypi:~ $ sudo apt-get update
E: Conflicting values set for option Signed-By regarding source https://download.docker.com/linux/debian/ bullseye: /usr/share/keyrings/docker-ce-archive-keyring.gpg != /usr/share/keyrings/docker-archive-keyring.gpg
E: The list of sources could not be read.
pi@raspberrypi:~ $

Reboot didn't help.

What worked:

pi@raspberrypi:~ $ ls -al /etc/apt/sources.list.d
total 24
drwxr-xr-x 2 root root 4096 Jan 22 21:22 .
drwxr-xr-x 8 root root 4096 Jan 23 12:48 ..
-rw-r--r-- 1 root root  134 Dec 16 20:56 docker-ce.list
-rw-r--r-- 1 root root  133 Jan 22 21:22 docker.list
-rw-r--r-- 1 root root  191 Oct 30 04:11 raspi.list
-rw-r--r-- 1 root root   41 Oct 30 04:14 vscode.list
pi@raspberrypi:~ $ sudo rm /etc/apt/sources.list.d/docker-ce.list
pi@raspberrypi:~ $ ls -al /etc/apt/sources.list.d
total 20
drwxr-xr-x 2 root root 4096 Jan 23 13:26 .
drwxr-xr-x 8 root root 4096 Jan 23 12:48 ..
-rw-r--r-- 1 root root  133 Jan 22 21:22 docker.list
-rw-r--r-- 1 root root  191 Oct 30 04:11 raspi.list
-rw-r--r-- 1 root root   41 Oct 30 04:14 vscode.list
pi@raspberrypi:~ $
pi@raspberrypi:~ $ sudo apt-get update
Hit:1 http://archive.raspberrypi.org/debian bullseye InRelease
Get:2 http://raspbian.raspberrypi.org/raspbian bullseye InRelease [15.0 kB]
Get:3 https://download.docker.com/linux/debian bullseye InRelease [43.3 kB]
Fetched 58.3 kB in 4s (14.3 kB/s)
Reading package lists... Done
pi@raspberrypi:~ $

I don't know enough about this to say what should have happened, but what did happen was miserable. Hopefully at least other users who face this "Conflicting values set for option Signed-By" problem might stumble across this report.

I saw that "docker-ce-archive" was renamed "docker-archive" between my two install attempts. Maybe this change only affects people who have installs on both sides of the change. But it must affect people who try to update a December install?

Output of docker version:

pi@raspberrypi:~ $ docker version
Segmentation fault
pi@raspberrypi:~ $

See:
#1347

Output of docker info:

pi@raspberrypi:~ $ docker version
Segmentation fault
pi@raspberrypi:~ $

Additional environment details (AWS, VirtualBox, physical, etc.)
@jonathantullett jonathantullett mentioned this issue Mar 28, 2022
Closed
@richard-scott
Copy link

I had this on an Openmediavault setup... it turns out that the get-docker.sh script doesn't check for an existing docker repo, and just assumes it needs to create a /etc/apt/sources.list.d/docker.list file.

Openmediavault has one already:

root@nas:~# cd  /etc/apt/
root@nas:/etc/apt# grep -RH docker *
sources.list.d/omvextras.list:deb [arch=amd64] https://download.docker.com/linux/debian bullseye stable

my fix was to delete /etc/apt/sources.list.d/docker.list and then install the Docker Engine packages detailed here:
https://docs.docker.com/engine/install/debian/#install-docker-engine

@thaJeztah thaJeztah mentioned this issue May 23, 2022
Merged
@josephpro21
Copy link

Conflicting values set for option Signed-By regarding source https://dl.winehq.org/wine-builds/ubuntu/ focal: /usr/share/keyrings/winehq-archive.key != /usr/share/keyrings/winehq.gpg
E: The list of sources could not be read.
please help me with that, am trying to install wine but it has refused

@JADC362
Copy link

JADC362 commented May 27, 2022

Same issue here, on my machine seems to be a problem related with the gpg key:

  • I remove (purge) all docker related.
  • I delete all (I guess) old gpg keys and apt sources list
$ sudo rm /etc/apt/sources.list.d/docker.list
$ sudo rm /usr/share/keyrings/docker-archive-keyring.gpg

And the follow back again the install instructions:

$ sudo apt update (everything good here)
$ sudo mkdir -p /etc/apt/keyrings && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
$ echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

And then:

$ sudo apt update

E: Conflicting values set for option Signed-By regarding source https://download.docker.com/linux/ubuntu/ bionic: /etc/apt/keyrings/docker.gpg != 
E: The list of sources could not be read.

How can I solve this issue?

@JADC362
Copy link

JADC362 commented May 27, 2022
edited
Loading

Update: Turns out that I also need to remove these files:

sudo rm etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list 
sudo rm etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list.save

Installation works now.

@geekykant
Copy link

For me I had to delete this file, and Install "Docker" and "Portainer" directly on the openmediavault > omv extras.

sudo rm etc/apt/sources.list.d/docker.list

@josephpro21
Copy link

thanks problem solve,

@alizaeda
Copy link

Update: Turns out that I also need to remove these files:

sudo rm etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list 
sudo rm etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list.save

Installation works now.

Thanks man, finally its working

@ltlalt
Copy link

ltlalt commented Oct 12, 2022

similar error, always when i try sudo apt upgrade, sudo apt-get update etc. I tried sudo rm /usr/share/keyrings/deb.sury.org-php.gpg - doesn't work, also tried

${SUDO} apt-get update
${SUDO} apt-get -y install apt-transport-https lsb-release ca-certificates curl
${SUDO} curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg
${SUDO} sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
${SUDO} apt-get update

@ltlalt
Copy link

ltlalt commented Oct 13, 2022

I used sudo rm /etc/apt/sources.list.d/sury-php.list and sudo apt update gave me another mistakes:
Err:1 http://old-releases.ubuntu.com/ubuntu focal InRelease
Temporary failure resolving 'old-releases.ubuntu.com'
Err:2 https://packages.sury.org/php focal InRelease
Temporary failure resolving 'packages.sury.org'
Err:3 http://ppa.launchpad.net/ondrej/php/ubuntu focal InRelease
Temporary failure resolving 'ppa.launchpad.net'
Err:4 http://old-releases.ubuntu.com/ubuntu focal-updates InRelease
Temporary failure resolving 'old-releases.ubuntu.com'
Err:5 http://old-releases.ubuntu.com/ubuntu focal-backports InRelease
Temporary failure resolving 'old-releases.ubuntu.com'
Err:6 http://old-releases.ubuntu.com/ubuntu focal-security InRelease
Temporary failure resolving 'old-releases.ubuntu.com'
Reading package lists... Done
Building dependency tree
Reading state information... Done
7 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Failed to fetch http://old-releases.ubuntu.com/ubuntu/dists/focal/InRelease Temporary failure resolving 'old-releases.ubuntu.com'
W: Failed to fetch http://old-releases.ubuntu.com/ubuntu/dists/focal-updates/InRelease Temporary failure resolving 'old-releases.ubuntu.com
'
W: Failed to fetch http://old-releases.ubuntu.com/ubuntu/dists/focal-backports/InRelease Temporary failure resolving 'old-releases.ubuntu.c
om'
W: Failed to fetch http://old-releases.ubuntu.com/ubuntu/dists/focal-security/InRelease Temporary failure resolving 'old-releases.ubuntu.co
m'
W: Failed to fetch http://ppa.launchpad.net/ondrej/php/ubuntu/dists/focal/InRelease Temporary failure resolving 'ppa.launchpad.net'
W: Failed to fetch https://packages.sury.org/php/dists/focal/InRelease Temporary failure resolving 'packages.sury.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.

@BrianBathory98
Copy link

sudo apt-get upgrade && sudo apt-get update -y
E: Conflicting values set for option Signed-By regarding source https://download.docker.com/linux/ubuntu/ focal: /etc/apt/keyrings/docker.gpg !=
E: The list of sources could not be read.
E: Conflicting values set for option Signed-By regarding source https://download.docker.com/linux/ubuntu/ focal: /etc/apt/keyrings/docker.gpg !=
E: The list of sources could not be read.

how to fix this?

@fdkipawa
Copy link

I encountered the same problem while trying to install containerd following https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/install-guide.html#containerd
I noticed (too late) that using the copy tool, the $ sign before (lsb_release -cs) stable went missing in the command:
echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ (lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
I rerun the proper command.
I guess this led to the mismatch between values.
I also found a nvidia-docker.list : may be another source of conflict...

@Abhijets
Copy link

it worked for me too.
ls -al /etc/apt/sources.list.d
total 32
drwxr-xr-x 2 root root 4096 Feb 16 16:07 .
drwxr-xr-x 7 root root 4096 Feb 16 16:02 ..
-rw-r--r-- 1 root root 115 Feb 16 16:08 apache-pagespeed.list
-rw-r--r-- 1 root root 132 Feb 14 13:41 certbot-ubuntu-certbot-lunar.list
-rw-r--r-- 1 root root 149 Feb 14 13:41 google-cloud.list
-rw-r--r-- 1 root root 149 Feb 14 13:41 google-cloud.list.save
-rw-r--r-- 1 root root 183 Feb 16 16:02 mod-pagespeed.list
-rw-r--r-- 1 root root 76 Feb 16 09:45 varnishcache_varnish60lts.list

sudo rm /etc/apt/sources.list.d/apache-pagespeed.list
ls -al /etc/apt/sources.list.d
total 28
drwxr-xr-x 2 root root 4096 Feb 16 16:39 .
drwxr-xr-x 7 root root 4096 Feb 16 16:02 ..
-rw-r--r-- 1 root root 132 Feb 14 13:41 certbot-ubuntu-certbot-lunar.list
-rw-r--r-- 1 root root 149 Feb 14 13:41 google-cloud.list
-rw-r--r-- 1 root root 149 Feb 14 13:41 google-cloud.list.save
-rw-r--r-- 1 root root 183 Feb 16 16:02 mod-pagespeed.list
-rw-r--r-- 1 root root 76 Feb 16 09:45 varnishcache_varnish60lts.list

sudo apt-get update
Hit:1 http://packages.cloud.google.com/apt google-compute-engine-bullseye-stable InRelease
Hit:2 http://packages.cloud.google.com/apt cloud-sdk-bullseye InRelease
Ign:3 http://dl.google.com/linux/mod-pagespeed/deb stable InRelease
Get:4 http://dl.google.com/linux/mod-pagespeed/deb stable Release [2154 B]
Hit:5 http://deb.debian.org/debian bullseye InRelease
Get:6 http://security.debian.org/debian-security bullseye-security InRelease [48.4 kB]
Get:7 http://dl.google.com/linux/mod-pagespeed/deb stable Release.gpg [819 B]
Get:8 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
Get:9 http://deb.debian.org/debian bullseye-backports InRelease [49.0 kB]
Ign:11 http://ppa.launchpad.net/certbot/certbot/ubuntu lunar InRelease
Ign:7 http://dl.google.com/linux/mod-pagespeed/deb stable Release.gpg
Err:12 http://ppa.launchpad.net/certbot/certbot/ubuntu lunar Release

@sanjukk
Copy link

sanjukk commented Mar 30, 2023

i had chrome & Kubernetes files in below path
etc/apt/sources.list.d

removing those files worked well & could able to resume with normal update & upgrades

@mdsumner mdsumner mentioned this issue Apr 14, 2023
Open
@guitarrapc guitarrapc mentioned this issue May 9, 2023
Merged
@chuc2rk
Copy link

chuc2rk commented Jul 14, 2023

I had this on an Openmediavault setup... it turns out that the get-docker.sh script doesn't check for an existing docker repo, and just assumes it needs to create a /etc/apt/sources.list.d/docker.list file.

Openmediavault has one already:

root@nas:~# cd  /etc/apt/
root@nas:/etc/apt# grep -RH docker *
sources.list.d/omvextras.list:deb [arch=amd64] https://download.docker.com/linux/debian bullseye stable

my fix was to delete /etc/apt/sources.list.d/docker.list and then install the Docker Engine packages detailed here: https://docs.docker.com/engine/install/debian/#install-docker-engine

the same error for me when install docker from OMV web interface on armbian android box. Thanks so much your solution!

@martinbrose martinbrose mentioned this issue Sep 28, 2023
Closed
@Magdy371
Copy link

How to fix
Conflicting values set for option Signed-By regarding source https://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg: /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc != /usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg
E: The list of sources could not be read.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests