[build] Fix issues caused by docker.com gpg key update. (sonic-net#14063)

liushilongbuaa · xumia · commit 737a50efad7c · 2023-04-05T05:42:32.000Z
Why I did it
docker.com's gpg key start to work from 2023-02-23. While debian.org's gpg key expired in 2022-11.
We used a walkaround for security checking for debian gpg keys. Now we need to exclude docker.com's gpg key.

How I did it
Update docker.com's gpg key without faketime.
Update others' gpg key with faketime '2022-11'

How to verify it
diff --git a/sonic-slave/Dockerfile b/sonic-slave/Dockerfile
@@ -332,12 +332,11 @@ RUN apt-get install -y \
            gnupg2 \
            software-properties-common
 RUN curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
-RUN add-apt-repository \
-           "deb [arch=amd64] https://download.docker.com/linux/debian \
-           $(lsb_release -cs) \
-           stable"
-RUN faketime "2022-11-01" apt-get update
+RUN echo "deb [arch={{ CONFIGURED_ARCH }}] https://download.docker.com/linux/debian $(lsb_release -cs) stable" >> /etc/apt/sources.list.d/docker.list
+
+RUN apt-get update -o Dir::Etc::sourcelist="sources.list.d/docker.list"
 RUN apt-get install -y docker-ce=17.03.2~ce-0~debian-jessie
+RUN rm /etc/apt/sources.list.d/docker.list
 RUN echo "DOCKER_OPTS=\"--experimental --storage-driver=vfs\"" >> /etc/default/docker
 
 # Remove the stale cert and refresh the certs
