4

OS: Debian 10

I've tried the solution provided here: How to circumvent "apt-key output should not be parsed"?

this: APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=DontWarn - didn't work.

Then I tried to do:

DOCKER_GPG="9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88"

apt-key fingerprint 0EBFCD88 > docker_key

DOCKER_DL_GPG=$(cat docker_key | grep 9DC8)

if [[ "$DOCKER_GPG" == "$DOCKER_DL_GPG" ]]; then
  # do
else
  # don't
fi

But, that doesn't work because the apt-key error exits the script (wth!)

I need to install docker in a script, but can't verify the signature because of the error. It has to be automated, I don't want to skip the check there has to be a way people are doing it so, three questions:

  1. How else can I check a fingerprint? I tried the gpg --list-keys --with-fingerprint but, doesn't work.
  2. Is there another way to check docker fingerprint?
  3. How to properly use apt-key to check fingerprints in a script?

Thank you!

jodobear
  • 51
  • 1
  • 6

1 Answers1

1

Care to share your entire script? I'm running under bash and the warning does not cause the script to abort, even if run with set -e. Here's what I used for this purpose:

#!/bin/bash

DOCKER_FINGERPRINT="9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88"

apt-key fingerprint 0EBFCD88 > /tmp/temp_docker_fingerprint
DOWNLOADED_FINGERPRINT=$(cat /tmp/temp_docker_fingerprint | grep "0EBF CD88" | xargs)
rm /tmp/temp_docker_fingerprint

if [[ "$DOCKER_FINGERPRINT" == "$DOWNLOADED_FINGERPRINT" ]]; then
   echo "Downloaded Docker GPG fingerprint matches the expected value ($DOCKER_FINGERPRINT)"
else
   echo "ERROR:   Downloaded Docker GPG fingerprint does not match the expected value ($DOCKER_FINGERPRINT)"
   echo "ERROR:   Exiting Docker setup with error.  See scripts/docker.sh to troubleshoot."
   exit -1
fi
heckler
  • 11
  • 2