From 4854e51d123703b5401951f6bd23337458dcac6c Mon Sep 17 00:00:00 2001 From: TianKai Ma Date: Wed, 18 Sep 2024 21:40:16 +0800 Subject: [PATCH] add --no-gpg-mirror option This ensures that the GPG key is always downloaded from a trusted source. Signed-off-by: TianKai Ma --- install.sh | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 3350d695..ee8850b9 100755 --- a/install.sh +++ b/install.sh @@ -75,6 +75,11 @@ set -e # # $ sudo sh install-docker.sh --mirror AzureChinaCloud # +# --no-gpg-mirror +# +# Use the --no-gpg-mirror to always download the GPG from download.docker.com. +# This ensures that the GPG key is always downloaded from a trusted source. +# # ============================================================================== @@ -105,6 +110,7 @@ fi mirror='' DRY_RUN=${DRY_RUN:-} +NO_GPG_MIRROR=${NO_GPG_MIRROR:-} while [ $# -gt 0 ]; do case "$1" in --channel) @@ -114,6 +120,9 @@ while [ $# -gt 0 ]; do --dry-run) DRY_RUN=1 ;; + --no-gpg-mirror) + NO_GPG_MIRROR=1 + ;; --mirror) mirror="$2" shift @@ -129,6 +138,11 @@ while [ $# -gt 0 ]; do shift $(( $# > 0 ? 1 : 0 )) done +GPG_KEY_URL="$DOWNLOAD_URL/linux/$lsb_dist/gpg" +if [ -n "$NO_GPG_MIRROR" ]; then + GPG_KEY_URL="https://download.docker.com/linux/$lsb_dist/gpg" +fi + case "$mirror" in Aliyun) DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce" @@ -501,7 +515,7 @@ do_install() { $sh_c 'apt-get -qq update >/dev/null' $sh_c "DEBIAN_FRONTEND=noninteractive apt-get -y -qq install $pre_reqs >/dev/null" $sh_c 'install -m 0755 -d /etc/apt/keyrings' - $sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" -o /etc/apt/keyrings/docker.asc" + $sh_c "curl -fsSL \"$GPG_KEY_URL\" -o /etc/apt/keyrings/docker.asc" $sh_c "chmod a+r /etc/apt/keyrings/docker.asc" $sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list" $sh_c 'apt-get -qq update >/dev/null'