#5866: feat: add optional Docker official repo APT source
docs
docker
Cluster:
Docker Integration and Documentation
## Summary
- Adds a new `OPENCLAW_DOCKER_OFFICIAL_REPO` build arg to the Dockerfile
- When set, configures Docker's official APT repository (download.docker.com) with proper GPG key verification
- Plumbs the arg through `docker-setup.sh` (export, `.env` persistence, `--build-arg`)
- Documents the feature in `docs/install/docker.md` (quick-reference list + dedicated subsection with usage example)
The repo step runs before `OPENCLAW_DOCKER_APT_PACKAGES`, so packages like `docker-ce-cli` can be installed in the same build.
## Test plan
- [x] Build image without the arg — no change in behavior
- [x] Build with `--build-arg OPENCLAW_DOCKER_OFFICIAL_REPO=1` — Docker official repo is added
- [x] Build with both args (e.g. `OPENCLAW_DOCKER_OFFICIAL_REPO=1 OPENCLAW_DOCKER_APT_PACKAGES=docker-ce-cli`) — package installs successfully
- [x] Run `docker-setup.sh` with `OPENCLAW_DOCKER_OFFICIAL_REPO=1` exported — value persists in `.env` and is passed to build
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- greptile_comment -->
<h2>Greptile Overview</h2>
<h3>Greptile Summary</h3>
This PR adds an optional `OPENCLAW_DOCKER_OFFICIAL_REPO` build arg to the root `Dockerfile` and plumbs it through `docker-setup.sh` so users can opt into Docker’s official APT repository during image builds. Documentation in `docs/install/docker.md` is updated to describe the new env var and how it composes with `OPENCLAW_DOCKER_APT_PACKAGES` (repo configured first so packages like `docker-ce-cli` can be installed in the same build).
Overall this fits cleanly into the existing Docker setup flow: `docker-setup.sh` persists env vars into `.env` and forwards them as `--build-arg`s, while the Dockerfile conditionally adds the repository and key before the existing “install extra apt packages” hook runs.
<h3>Confidence Score: 4/5</h3>
- This PR is likely safe to merge; changes are scoped and mostly additive.
- Main functional path remains unchanged unless the new build arg is set. The primary concerns are maintainability/security-hardening details in the Docker APT repo setup (hard-coded Debian codename; key download not fingerprint-verified).
- Dockerfile (APT repo configuration and key handling).
<!-- greptile_other_comments_section -->
<sub>(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!</sub>
**Context used:**
- Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=fd949e91-5c3a-4ab5-90a1-cbe184fd6ce8))
- Context from `dashboard` - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=0d0c8278-ef8e-4d6c-ab21-f5527e322f13))
<!-- /greptile_comment -->
Most Similar PRs
#23313: feat(docker): add optional build-arg OPENCLAW_INSTALL_DOCKER_CLI to...
by zhuxuwei88-bot · 2026-02-22
87.1%
#22344: feat(docker): add pre-built image mode for docker-setup
by AIflow-Labs · 2026-02-21
81.5%
#6698: feat: Add CLI wrapper for Docker integration and update documentation
by barshopen · 2026-02-01
81.4%
#7133: feat: Automated Docker setup with environment-based configuration
by synetalsolutions · 2026-02-02
81.3%
#7986: feature/OPENCLAW_IMAGE
by ozbillwang · 2026-02-03
80.1%
#9190: feat(docker): Add autonomous container self-restart and runtime pac...
by alexdredmon · 2026-02-05
79.1%
#9999: Docker: fix token mismatch and add dev setup workflow
by benclarkeio · 2026-02-06
78.4%
#2609: bugfix: Docker build fails on main: .dockerignore excludes required...
by yanquankun · 2026-01-27
77.7%
#13953: feat(docker): add .env template and improve Dockerfile
by n24q02m · 2026-02-11
77.0%
#12629: Dockerfile: pre-install common CLI tools for agent runtime
by jhs129 · 2026-02-09
76.6%