Comment 2 for bug 1930281

Hi Darren,

I think there's some confusion here, and hopefully this is not-a-bug. You are probably trying to translate the "Install Docker Engine on Ubuntu" instructions [1] in cloud-init terms. The instructions basically tell you to:

1. Install the (dearmoured) Docker repository gpg key as /usr/share/keyrings/docker-archive-keyring.gpg
2. Add an apt source which uses that key to verify the package signatures. This is done using the sources.list "signed-by=" parameter.

When you add a repository via cloud-init the key you specify is added to the default location for trusted repository keys, so you should drop the signed-by=/usr/share/keyrings/docker-archive-keyring.gpg option from the 'source' line. This is basically what James suggested, what I'm adding is that it's not a workaround: it's working as intended, and the signatures are verified.

I'm setting the status of this report to Incomplete for now, leaving it open for further discussion. If you agree with my analysis please change its status to Invalid, otherwise comment back and we'll look at it again. Thanks!

[1] https://docs.docker.com/engine/install/ubuntu/