Why Docker Installation on Ubuntu Requires Custom APT Repo Setup Instead of Simple apt-get


5 views

As a developer who's set up countless Ubuntu environments, I've always found it intriguing why Docker requires this multi-step installation process when most packages can be installed with a simple apt-get install. Let's unpack the technical and organizational reasons behind this design choice.

Most software in Ubuntu's universe repository follows the standard Debian packaging guidelines. When you run:

sudo apt-get install nginx

The system:

  1. Checks the default /etc/apt/sources.list
  2. Validates packages against Ubuntu's official GPG keys
  3. Downloads and installs dependencies automatically

Docker maintains its own APT repository for several technical reasons:

  • Version control - Docker needs to release updates faster than Ubuntu's release cycle
  • Component separation - The Docker Engine, CLI, and Containerd have different release cadences
  • Enterprise requirements - Some components require commercial licenses

Here's what actually happens when you follow Docker's installation instructions:

# Add Docker's official GPG key
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Docker's installation process reflects its evolution from an open-source project to a commercial entity:

  • 2013: Docker initially included in Ubuntu repositories
  • 2015: Docker Inc. splits into CE/EE versions
  • 2017: Need for more frequent updates than LTS cycles
  • 2019: Introduction of Docker Desktop business model

The custom repository approach provides several advantages:

# Check which versions are available
apt-cache madison docker-ce

# Pin specific versions in production
sudo apt-get install docker-ce=5:24.0.6-1~ubuntu.22.04~jammy docker-ce-cli=5:24.0.6-1~ubuntu.22.04~jammy

This level of version control wouldn't be possible through the standard Ubuntu repositories.

While convenient, adding third-party repositories requires trust:

  • Docker's GPG key verifies package authenticity
  • The separate repository isolates Docker updates from system updates
  • Security teams can audit Docker packages independently

For those who prefer simpler methods, consider:

# Snap installation (not recommended for production)
sudo snap install docker

# Convenience script (use with caution)
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

However, these methods sacrifice the control and reliability of the official repository approach.

As an experienced Ubuntu user, you've probably noticed that installing Docker requires more than the usual apt-get install command. Unlike most packages in Ubuntu's repositories, Docker demands a multi-step process involving:

sudo apt-get remove docker docker-engine docker.io containerd runc
sudo apt-get update
sudo apt-get install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

The primary reason is version control and release cadence. Docker maintains its own repositories because:

  • They need to release updates more frequently than Ubuntu's release cycle
  • They want to provide the same Docker version across all Linux distributions
  • They maintain separate channels for stable, test, and nightly builds

Adding third-party repositories requires several security measures:

# Adding the GPG key ensures package authenticity
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

# The signed-by parameter in sources.list provides cryptographic verification
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

For those who prefer simpler methods, consider these alternatives:

# Using the convenience script (not recommended for production)
curl -fsSL https://get.docker.com | sh

# Using snap (may have version lag)
sudo snap install docker

# Using the official .deb package
wget https://download.docker.com/linux/ubuntu/dists/focal/pool/stable/amd64/docker-ce_20.10.9~3-0~ubuntu-focal_amd64.deb
sudo dpkg -i docker-ce*.deb

Future Ubuntu versions might include Docker in their official repositories, but this would likely mean:

  • Older Docker versions aligned with Ubuntu's release cycle
  • Potential compatibility issues with Docker's ecosystem
  • Delayed security updates