1

While following the Docker installation guide for my Ubuntu 18.04 OS, I ran into this warning after running the command for adding Docker’s official gpg key:

$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
gpg: WARNING: unsafe ownership on homedir '/home/marcoluis/.gnupg'

This is the ls -l output the contents of the directory:

$ ll /home/marcoluis/.gnupg

total 20
drwx------  3 marcoluis marcoluis 4096 out 12 13:35 ./
drwxr-xr-x 17 marcoluis marcoluis 4096 out 13 10:55 ../
drwx------  2 marcoluis marcoluis 4096 out 12 13:16 private-keys-v1.d/
-rw-------  1 marcoluis marcoluis   32 out 12 13:35 pubring.kbx
-rw-------  1 marcoluis marcoluis 1200 out 12 13:35 trustdb.gpg

I need to know if I can proceed with this warning, and if not, what must I do to avoid any future problems.

Stephen Kitt
  • 411,918
  • 54
  • 1,065
  • 1,164
Marco Luís
  • 13
  • 4

1 Answers1

2

The warning is produced for similar reasons to those given in gpg: WARNING: unsafe ownership on homedir '/home/user/.gnupg': you’re running

sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

so gpg runs as root, and complains about your user’s .gnupg directory permissions (which are correct).

You can ignore the warning; the gpg invocation here is innocuous. You could avoid it by splitting the operation up:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /tmp/docker-archive-keyring.gpg
sudo mv /tmp/docker-archive-keyring.gpg /usr/share/keyrings/docker-archive-keyring.gpg
sudo chown root:root /usr/share/keyrings/docker-archive-keyring.gpg

Instead of adding the Docker repository, you could install Docker from the Ubuntu repositories:

sudo apt install docker.io
Stephen Kitt
  • 411,918
  • 54
  • 1,065
  • 1,164
  • Thanks! Just a follow up question, I tried solving the problem previously by following the answer from a similar question https://unix.stackexchange.com/questions/452020/gpg-warning-unsafe-ownership-on-homedir-home-user-gnupg. I added the command " $ sudo chown -R $USER ~/.gnupg". Does this affect in any way my installation process? If yes, should I proceed to restart the installation process? – Marco Luís Oct 13 '21 at 14:01
  • That would only restore the situation to what it should be, there’s no need to restart anything. (But again, please consider installing Docker from the Ubuntu repositories, it would be much simpler!) – Stephen Kitt Oct 13 '21 at 14:04
  • So from here on could I just Install from the link you provided without the need to roll back what I have did so far on the terminal? – Marco Luís Oct 13 '21 at 14:06
  • Yes, you could. The only significant change you’ve made is adding `/usr/share/keyrings/docker-archive-keyring.gpg`, so deleting that would effectively roll back what you’ve done so far, should you want to (and it would be a good idea anyway, it’s best not to have trusted keyrings which aren’t actually needed). – Stephen Kitt Oct 13 '21 at 14:09
  • Sounds like a good Idea, but seems like there is not an updated package for my Ubuntu Version (18.04.6 LTS). – Marco Luís Oct 13 '21 at 14:12
  • There’s a Docker 20.10.7 package in 18.04, isn’t that good enough? – Stephen Kitt Oct 13 '21 at 14:15
  • Yes, forgive my ignorance, just thought that it would make a difference from 18.04.2 from 18.04.6 – Marco Luís Oct 13 '21 at 14:18
  • 1
    No need to apologise ;-). The “18.04.2” suffix in the package version means it’s the second update of Docker 20.10.7 for 18.04; it’s not a reference to a full Ubuntu point-release. (It’s all rather confusing!) – Stephen Kitt Oct 13 '21 at 14:19
  • 1
    Ok, thanks once again! – Marco Luís Oct 13 '21 at 14:26