for-linux
for-linux copied to clipboard
docker
"Conflicting values set for option Signed-By" reinstalling on Debian after Dec 2021
- [x] This is a bug report
- [ ] This is a feature request
- [x] I searched existing issues before opening this one
Expected behavior
Reinstall or update of previous install should "just work".
Actual behavior
I first encountered the problem reported in https://github.com/docker/for-linux/issues/1347 back in December. The GPG key from that failed install remained after I thought I had removed all of the failed Docker via this procedure: https://lokarithm.com/2020/05/31/how-to-completely-remove-docker-from-debian-ubuntu-or-your-raspberry-pi/
December:
pi@raspberrypi:~ $ curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor \
> | sudo tee /usr/share/keyrings/docker-ce-archive-keyring.gpg > /dev/null
pi@raspberrypi:~ $
pi@raspberrypi:~ $ echo \
> "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-ce-archive-keyring.gpg] \
> https://download.docker.com/linux/debian $(lsb_release -cs) stable" \
> | sudo tee /etc/apt/sources.list.d/docker-ce.list > /dev/null
pi@raspberrypi:~ $
January:
pi@raspberrypi:~ $ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
pi@raspberrypi:~ $
pi@raspberrypi:~ $ echo \
> "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
> $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
pi@raspberrypi:~ $
pi@raspberrypi:~ $ sudo apt-get update
E: Conflicting values set for option Signed-By regarding source https://download.docker.com/linux/debian/ bullseye: /usr/share/keyrings/docker-ce-archive-keyring.gpg != /usr/share/keyrings/docker-archive-keyring.gpg
E: The list of sources could not be read.
pi@raspberrypi:~ $
That problem wasted many hours of searching and struggle...
Steps to reproduce the behavior
Exploration:
pi@raspberrypi:~ $ gpg --list-keys
gpg: directory '/home/pi/.gnupg' created
gpg: keybox '/home/pi/.gnupg/pubring.kbx' created
gpg: /home/pi/.gnupg/trustdb.gpg: trustdb created
pi@raspberrypi:~ $
pi@raspberrypi:~ $ ls -al /etc/apt/trusted.gpg.d
total 8
drwxr-xr-x 2 root root 4096 Oct 30 04:14 .
drwxr-xr-x 8 root root 4096 Dec 16 20:45 ..
-rw-r--r-- 1 root root 0 Oct 30 04:14 microsoft.gpg
pi@raspberrypi:~ $
pi@raspberrypi:~ $ apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub rsa2048 2012-04-01 [SC]
A0DA 38D0 D76E 8B5D 6388 7281 9165 938D 90FD DD2E
uid [ unknown] Mike Thompson (Raspberry Pi Debian armhf ARMv6+VFP) <[email protected]>
sub rsa2048 2012-04-01 [E]
pub rsa2048 2012-06-17 [SC]
CF8A 1AF5 02A2 AA2D 763B AE7E 82B1 2992 7FA3 303E
uid [ unknown] Raspberry Pi Archive Signing Key
sub rsa2048 2012-06-17 [E]
pub rsa4096 2017-02-22 [SCEA]
9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
uid [ unknown] Docker Release (CE deb) <[email protected]>
sub rsa4096 2017-02-22 [S]
--> all of those are from the /etc/apt/trusted.gpg file
pi@raspberrypi:~ $ sudo rm /usr/share/keyrings/docker-ce-archive-keyring.gpg
pi@raspberrypi:~ $
pi@raspberrypi:~ $ sudo apt-get update
E: Conflicting values set for option Signed-By regarding source https://download.docker.com/linux/debian/ bullseye: /usr/share/keyrings/docker-ce-archive-keyring.gpg != /usr/share/keyrings/docker-archive-keyring.gpg
E: The list of sources could not be read.
pi@raspberrypi:~ $
Reboot didn't help.
What worked:
pi@raspberrypi:~ $ ls -al /etc/apt/sources.list.d
total 24
drwxr-xr-x 2 root root 4096 Jan 22 21:22 .
drwxr-xr-x 8 root root 4096 Jan 23 12:48 ..
-rw-r--r-- 1 root root 134 Dec 16 20:56 docker-ce.list
-rw-r--r-- 1 root root 133 Jan 22 21:22 docker.list
-rw-r--r-- 1 root root 191 Oct 30 04:11 raspi.list
-rw-r--r-- 1 root root 41 Oct 30 04:14 vscode.list
pi@raspberrypi:~ $ sudo rm /etc/apt/sources.list.d/docker-ce.list
pi@raspberrypi:~ $ ls -al /etc/apt/sources.list.d
total 20
drwxr-xr-x 2 root root 4096 Jan 23 13:26 .
drwxr-xr-x 8 root root 4096 Jan 23 12:48 ..
-rw-r--r-- 1 root root 133 Jan 22 21:22 docker.list
-rw-r--r-- 1 root root 191 Oct 30 04:11 raspi.list
-rw-r--r-- 1 root root 41 Oct 30 04:14 vscode.list
pi@raspberrypi:~ $
pi@raspberrypi:~ $ sudo apt-get update
Hit:1 http://archive.raspberrypi.org/debian bullseye InRelease
Get:2 http://raspbian.raspberrypi.org/raspbian bullseye InRelease [15.0 kB]
Get:3 https://download.docker.com/linux/debian bullseye InRelease [43.3 kB]
Fetched 58.3 kB in 4s (14.3 kB/s)
Reading package lists... Done
pi@raspberrypi:~ $
I don't know enough about this to say what should have happened, but what did happen was miserable. Hopefully at least other users who face this "Conflicting values set for option Signed-By" problem might stumble across this report.
I saw that "docker-ce-archive" was renamed "docker-archive" between my two install attempts. Maybe this change only affects people who have installs on both sides of the change. But it must affect people who try to update a December install?
Output of docker version:
pi@raspberrypi:~ $ docker version
Segmentation fault
pi@raspberrypi:~ $
See: https://github.com/docker/for-linux/issues/1347
Output of docker info:
pi@raspberrypi:~ $ docker version
Segmentation fault
pi@raspberrypi:~ $
Additional environment details (AWS, VirtualBox, physical, etc.)
I had this on an Openmediavault setup... it turns out that the get-docker.sh script doesn't check for an existing docker repo, and just assumes it needs to create a /etc/apt/sources.list.d/docker.list file.
Openmediavault has one already:
root@nas:~# cd /etc/apt/
root@nas:/etc/apt# grep -RH docker *
sources.list.d/omvextras.list:deb [arch=amd64] https://download.docker.com/linux/debian bullseye stable
my fix was to delete /etc/apt/sources.list.d/docker.list and then install the Docker Engine packages detailed here: https://docs.docker.com/engine/install/debian/#install-docker-engine
Conflicting values set for option Signed-By regarding source https://dl.winehq.org/wine-builds/ubuntu/ focal: /usr/share/keyrings/winehq-archive.key != /usr/share/keyrings/winehq.gpg E: The list of sources could not be read. please help me with that, am trying to install wine but it has refused
Same issue here, on my machine seems to be a problem related with the gpg key:
- I remove (purge) all docker related.
- I delete all (I guess) old gpg keys and apt sources list
$ sudo rm /etc/apt/sources.list.d/docker.list
$ sudo rm /usr/share/keyrings/docker-archive-keyring.gpg
And the follow back again the install instructions:
$ sudo apt update (everything good here)
$ sudo mkdir -p /etc/apt/keyrings && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
$ echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
And then:
$ sudo apt update
E: Conflicting values set for option Signed-By regarding source https://download.docker.com/linux/ubuntu/ bionic: /etc/apt/keyrings/docker.gpg !=
E: The list of sources could not be read.
How can I solve this issue?
Update: Turns out that I also need to remove these files:
sudo rm etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list
sudo rm etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list.save
Installation works now.
For me I had to delete this file, and Install "Docker" and "Portainer" directly on the openmediavault > omv extras.
sudo rm etc/apt/sources.list.d/docker.list
Update: Turns out that I also need to remove these files:
sudo rm etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list sudo rm etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list.saveInstallation works now.
Thanks man, finally its working
similar error, always when i try sudo apt upgrade, sudo apt-get update etc. I tried sudo rm /usr/share/keyrings/deb.sury.org-php.gpg - doesn't work, also tried
${SUDO} apt-get update
${SUDO} apt-get -y install apt-transport-https lsb-release ca-certificates curl
${SUDO} curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg
${SUDO} sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
${SUDO} apt-get update
I used sudo rm /etc/apt/sources.list.d/sury-php.list and sudo apt update gave me another mistakes:
Err:1 http://old-releases.ubuntu.com/ubuntu focal InRelease
Temporary failure resolving 'old-releases.ubuntu.com'
Err:2 https://packages.sury.org/php focal InRelease
Temporary failure resolving 'packages.sury.org'
Err:3 http://ppa.launchpad.net/ondrej/php/ubuntu focal InRelease
Temporary failure resolving 'ppa.launchpad.net'
Err:4 http://old-releases.ubuntu.com/ubuntu focal-updates InRelease
Temporary failure resolving 'old-releases.ubuntu.com'
Err:5 http://old-releases.ubuntu.com/ubuntu focal-backports InRelease
Temporary failure resolving 'old-releases.ubuntu.com'
Err:6 http://old-releases.ubuntu.com/ubuntu focal-security InRelease
Temporary failure resolving 'old-releases.ubuntu.com'
Reading package lists... Done
Building dependency tree
Reading state information... Done
7 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Failed to fetch http://old-releases.ubuntu.com/ubuntu/dists/focal/InRelease Temporary failure resolving 'old-releases.ubuntu.com'
W: Failed to fetch http://old-releases.ubuntu.com/ubuntu/dists/focal-updates/InRelease Temporary failure resolving 'old-releases.ubuntu.com
'
W: Failed to fetch http://old-releases.ubuntu.com/ubuntu/dists/focal-backports/InRelease Temporary failure resolving 'old-releases.ubuntu.c
om'
W: Failed to fetch http://old-releases.ubuntu.com/ubuntu/dists/focal-security/InRelease Temporary failure resolving 'old-releases.ubuntu.co
m'
W: Failed to fetch http://ppa.launchpad.net/ondrej/php/ubuntu/dists/focal/InRelease Temporary failure resolving 'ppa.launchpad.net'
W: Failed to fetch https://packages.sury.org/php/dists/focal/InRelease Temporary failure resolving 'packages.sury.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.
sudo apt-get upgrade && sudo apt-get update -y E: Conflicting values set for option Signed-By regarding source https://download.docker.com/linux/ubuntu/ focal: /etc/apt/keyrings/docker.gpg != E: The list of sources could not be read. E: Conflicting values set for option Signed-By regarding source https://download.docker.com/linux/ubuntu/ focal: /etc/apt/keyrings/docker.gpg != E: The list of sources could not be read.
how to fix this?
I encountered the same problem while trying to install containerd following https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/install-guide.html#containerd
I noticed (too late) that using the copy tool, the $ sign before (lsb_release -cs) stable went missing in the command:
echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ (lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
I rerun the proper command.
I guess this led to the mismatch between values.
I also found a nvidia-docker.list : may be another source of conflict...
it worked for me too. ls -al /etc/apt/sources.list.d total 32 drwxr-xr-x 2 root root 4096 Feb 16 16:07 . drwxr-xr-x 7 root root 4096 Feb 16 16:02 .. -rw-r--r-- 1 root root 115 Feb 16 16:08 apache-pagespeed.list -rw-r--r-- 1 root root 132 Feb 14 13:41 certbot-ubuntu-certbot-lunar.list -rw-r--r-- 1 root root 149 Feb 14 13:41 google-cloud.list -rw-r--r-- 1 root root 149 Feb 14 13:41 google-cloud.list.save -rw-r--r-- 1 root root 183 Feb 16 16:02 mod-pagespeed.list -rw-r--r-- 1 root root 76 Feb 16 09:45 varnishcache_varnish60lts.list
sudo rm /etc/apt/sources.list.d/apache-pagespeed.list ls -al /etc/apt/sources.list.d total 28 drwxr-xr-x 2 root root 4096 Feb 16 16:39 . drwxr-xr-x 7 root root 4096 Feb 16 16:02 .. -rw-r--r-- 1 root root 132 Feb 14 13:41 certbot-ubuntu-certbot-lunar.list -rw-r--r-- 1 root root 149 Feb 14 13:41 google-cloud.list -rw-r--r-- 1 root root 149 Feb 14 13:41 google-cloud.list.save -rw-r--r-- 1 root root 183 Feb 16 16:02 mod-pagespeed.list -rw-r--r-- 1 root root 76 Feb 16 09:45 varnishcache_varnish60lts.list
sudo apt-get update
Hit:1 http://packages.cloud.google.com/apt google-compute-engine-bullseye-stable InRelease
Hit:2 http://packages.cloud.google.com/apt cloud-sdk-bullseye InRelease
Ign:3 http://dl.google.com/linux/mod-pagespeed/deb stable InRelease
Get:4 http://dl.google.com/linux/mod-pagespeed/deb stable Release [2154 B]
Hit:5 http://deb.debian.org/debian bullseye InRelease
Get:6 http://security.debian.org/debian-security bullseye-security InRelease [48.4 kB]
Get:7 http://dl.google.com/linux/mod-pagespeed/deb stable Release.gpg [819 B]
Get:8 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
Get:9 http://deb.debian.org/debian bullseye-backports InRelease [49.0 kB]
Ign:11 http://ppa.launchpad.net/certbot/certbot/ubuntu lunar InRelease
Ign:7 http://dl.google.com/linux/mod-pagespeed/deb stable Release.gpg
Err:12 http://ppa.launchpad.net/certbot/certbot/ubuntu lunar Release
i had chrome & Kubernetes files in below path etc/apt/sources.list.d
removing those files worked well & could able to resume with normal update & upgrades
I had this on an Openmediavault setup... it turns out that the get-docker.sh script doesn't check for an existing docker repo, and just assumes it needs to create a /etc/apt/sources.list.d/docker.list file.
Openmediavault has one already:
root@nas:~# cd /etc/apt/ root@nas:/etc/apt# grep -RH docker * sources.list.d/omvextras.list:deb [arch=amd64] https://download.docker.com/linux/debian bullseye stablemy fix was to delete /etc/apt/sources.list.d/docker.list and then install the Docker Engine packages detailed here: https://docs.docker.com/engine/install/debian/#install-docker-engine
the same error for me when install docker from OMV web interface on armbian android box. Thanks so much your solution!
How to fix Conflicting values set for option Signed-By regarding source https://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg: /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc != /usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg E: The list of sources could not be read.
