add --no-gpg-mirror option

This ensures that the GPG key is always downloaded from a trusted source. Signed-off-by: TianKai Ma <tiankaima@163.com>
docker · Sep 18, 2024 · 4854e51 · 4854e51
1 parent 4bf098d
commit 4854e51
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/install.sh b/install.sh
@@ -75,6 +75,11 @@ set -e
 #
 # $ sudo sh install-docker.sh --mirror AzureChinaCloud
 #
+# --no-gpg-mirror
+#
+# Use the --no-gpg-mirror to always download the GPG from download.docker.com.
+# This ensures that the GPG key is always downloaded from a trusted source.
+#
 # ==============================================================================
 
 
@@ -105,6 +110,7 @@ fi
 
 mirror=''
 DRY_RUN=${DRY_RUN:-}
+NO_GPG_MIRROR=${NO_GPG_MIRROR:-}
 while [ $# -gt 0 ]; do
  case "$1" in
  --channel)
@@ -114,6 +120,9 @@ while [ $# -gt 0 ]; do
  --dry-run)
  DRY_RUN=1
  ;;
+ --no-gpg-mirror)
+ NO_GPG_MIRROR=1
+ ;;
  --mirror)
  mirror="$2"
  shift
@@ -129,6 +138,11 @@ while [ $# -gt 0 ]; do
  shift $(( $# > 0 ? 1 : 0 ))
 done
 
+GPG_KEY_URL="$DOWNLOAD_URL/linux/$lsb_dist/gpg"
+if [ -n "$NO_GPG_MIRROR" ]; then
+ GPG_KEY_URL="https://download.docker.com/linux/$lsb_dist/gpg"
+fi
+
 case "$mirror" in
  Aliyun)
  DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce"
@@ -501,7 +515,7 @@ do_install() {
  $sh_c 'apt-get -qq update >/dev/null'
  $sh_c "DEBIAN_FRONTEND=noninteractive apt-get -y -qq install $pre_reqs >/dev/null"
  $sh_c 'install -m 0755 -d /etc/apt/keyrings'
- $sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" -o /etc/apt/keyrings/docker.asc"
+ $sh_c "curl -fsSL \"$GPG_KEY_URL\" -o /etc/apt/keyrings/docker.asc"
  $sh_c "chmod a+r /etc/apt/keyrings/docker.asc"
  $sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list"
  $sh_c 'apt-get -qq update >/dev/null'