Skip to content

Commit

Permalink
add --no-gpg-mirror option
Browse files Browse the repository at this point in the history
This ensures that the GPG key is always downloaded from a trusted source.

Signed-off-by: TianKai Ma <tiankaima@163.com>
  • Loading branch information
tiankaima committed Sep 18, 2024
1 parent 4bf098d commit 4854e51
Showing 1 changed file with 15 additions and 1 deletion.
16 changes: 15 additions & 1 deletion install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,11 @@ set -e
#
# $ sudo sh install-docker.sh --mirror AzureChinaCloud
#
# --no-gpg-mirror
#
# Use the --no-gpg-mirror to always download the GPG from download.docker.com.
# This ensures that the GPG key is always downloaded from a trusted source.
#
# ==============================================================================


Expand Down Expand Up @@ -105,6 +110,7 @@ fi

mirror=''
DRY_RUN=${DRY_RUN:-}
NO_GPG_MIRROR=${NO_GPG_MIRROR:-}
while [ $# -gt 0 ]; do
case "$1" in
--channel)
Expand All @@ -114,6 +120,9 @@ while [ $# -gt 0 ]; do
--dry-run)
DRY_RUN=1
;;
--no-gpg-mirror)
NO_GPG_MIRROR=1
;;
--mirror)
mirror="$2"
shift
Expand All @@ -129,6 +138,11 @@ while [ $# -gt 0 ]; do
shift $(( $# > 0 ? 1 : 0 ))
done

GPG_KEY_URL="$DOWNLOAD_URL/linux/$lsb_dist/gpg"
if [ -n "$NO_GPG_MIRROR" ]; then
GPG_KEY_URL="https://download.docker.com/linux/$lsb_dist/gpg"
fi

case "$mirror" in
Aliyun)
DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce"
Expand Down Expand Up @@ -501,7 +515,7 @@ do_install() {
$sh_c 'apt-get -qq update >/dev/null'
$sh_c "DEBIAN_FRONTEND=noninteractive apt-get -y -qq install $pre_reqs >/dev/null"
$sh_c 'install -m 0755 -d /etc/apt/keyrings'
$sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" -o /etc/apt/keyrings/docker.asc"
$sh_c "curl -fsSL \"$GPG_KEY_URL\" -o /etc/apt/keyrings/docker.asc"
$sh_c "chmod a+r /etc/apt/keyrings/docker.asc"
$sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list"
$sh_c 'apt-get -qq update >/dev/null'
Expand Down

0 comments on commit 4854e51

Please sign in to comment.