Skip to content

Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), contrary to apt-key deprecation notice #22041

Closed
@ukpagrace

Description

@ukpagrace

Is this a docs issue?

  • My issue is about the documentation content or website

Type of issue

Information is incorrect

Description

The Docker installation instructions for Ubuntu currently store the GPG key in the deprecated /etc/apt/keyrings/ directory, which results in the following warning when running apt-get update:

Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

Proposed Fix:
The installation guide should be updated to use /usr/share/keyrings/ instead of /etc/apt/keyrings/, following best practices for managing repository keys.

Current Documentation (Deprecated Method)

sudo apt-get update
sudo apt-get install -y ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

Location

https://docs.docker.com/engine/install/ubuntu/

Suggestion

Recommended Fix (Using /usr/share/keyrings/)

sudo apt-get update
sudo apt-get install -y ca-certificates curl gpg
sudo install -m 0755 -d /usr/share/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker.gpg

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

This change aligns with APT's new key management best practices and prevents the warning message from appearing.

Expected Outcome:

  • No warning about trusted.gpg when running apt-get update.
  • Keyring storage follows the recommended /usr/share/keyrings/ location for security and maintainability.

Would appreciate your feedback on updating the documentation accordingly. 🚀

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions