add --no-gpg-mirror option

This ensures that the GPG key is always downloaded from a trusted source.

Author: tiankaima

install.sh

@@ -75,6 +75,11 @@ set -e
 #
 #   $ sudo sh install-docker.sh --mirror AzureChinaCloud
 #
+# --no-gpg-mirror
+#
+# Use the --no-gpg-mirror to always download the GPG from download.docker.com.
+# This ensures that the GPG key is always downloaded from a trusted source.
+#
 # ==============================================================================
 
 
@@ -105,6 +110,7 @@ fi
 
 mirror=''
 DRY_RUN=${DRY_RUN:-}
+NO_GPG_MIRROR=${NO_GPG_MIRROR:-}
 while [ $# -gt 0 ]; do
 	case "$1" in
 		--channel)
@@ -114,6 +120,9 @@ while [ $# -gt 0 ]; do
 		--dry-run)
 			DRY_RUN=1
 			;;
+		--no-gpg-mirror)
+			NO_GPG_MIRROR=1
+			;;
 		--mirror)
 			mirror="$2"
 			shift
@@ -129,6 +138,11 @@ while [ $# -gt 0 ]; do
 	shift $(( $# > 0 ? 1 : 0 ))
 done
 
+GPG_KEY_URL="$DOWNLOAD_URL/linux/$lsb_dist/gpg"
+if [ -n "$NO_GPG_MIRROR" ]; then
+	GPG_KEY_URL="https://download.docker.com/linux/$lsb_dist/gpg"
+fi
+
 case "$mirror" in
 	Aliyun)
 		DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce"
@@ -501,7 +515,7 @@ do_install() {
 				$sh_c 'apt-get -qq update >/dev/null'
 				$sh_c "DEBIAN_FRONTEND=noninteractive apt-get -y -qq install $pre_reqs >/dev/null"
 				$sh_c 'install -m 0755 -d /etc/apt/keyrings'
-				$sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" -o /etc/apt/keyrings/docker.asc"
+				$sh_c "curl -fsSL \"$GPG_KEY_URL\" -o /etc/apt/keyrings/docker.asc"
 				$sh_c "chmod a+r /etc/apt/keyrings/docker.asc"
 				$sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list"
 				$sh_c 'apt-get -qq update >/dev/null'