[Ubuntu] Pin Docker 24.0.7 to avoid bugs (#9205)

* [Ubuntu] Pin Docker 24.0.7 to avoid bugs * Fix character escaping for jq * Fix order of install
2025-12-15 14:17:22 +00:00 · 2024-01-23 14:44:07 +01:00
parent 097e28c9d7
commit cbc79f8a0c
3 changed files with 33 additions and 6 deletions
--- a/images/ubuntu/scripts/build/install-docker.sh
+++ b/images/ubuntu/scripts/build/install-docker.sh
@@ -11,18 +11,31 @@ source $HELPER_SCRIPTS/install.sh
 REPO_URL="https://download.docker.com/linux/ubuntu"
 GPG_KEY="/usr/share/keyrings/docker.gpg"
 REPO_PATH="/etc/apt/sources.list.d/docker.list"
+os_codename=$(lsb_release -cs)

 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o $GPG_KEY
-echo "deb [arch=amd64 signed-by=$GPG_KEY] $REPO_URL $(lsb_release -cs) stable" > $REPO_PATH
+echo "deb [arch=amd64 signed-by=$GPG_KEY] $REPO_URL ${os_codename} stable" > $REPO_PATH
 apt-get update
-apt-get install --no-install-recommends docker-ce docker-ce-cli containerd.io docker-buildx-plugin
+
+for pkg in containerd.io docker-ce-cli docker-ce docker-buildx-plugin; do
+    version=$(get_toolset_value ".docker.components.\"$pkg\"")
+    if [[ $version == "latest" ]]; then
+        components_to_install+="${pkg} "
+    else
+        version_string=$(apt-cache madison "${pkg}" | awk '{ print $3 }' | grep "${version}" | grep "${os_codename}" | head -1)
+        components_to_install+="${pkg}=${version_string} "
+    fi
+done
+apt-get install -y --no-install-recommends $components_to_install
+
 # Download docker compose v2 from releases
 # Temporaty pinned to v2.23.3 due https://github.com/actions/runner-images/issues/9172
-URL=$(resolve_github_release_asset_url "docker/compose" "endswith(\"compose-linux-x86_64\")" "2.23.3")
+compose_version=$(get_toolset_value ".docker.components.compose")
+URL=$(resolve_github_release_asset_url "docker/compose" "endswith(\"compose-linux-x86_64\")" "${compose_version}")
 compose_binary_path=$(download_with_retry "${URL}" "/tmp/docker-compose-v2")

 # Supply chain security - Docker Compose v2
-compose_hash_url=$(resolve_github_release_asset_url "docker/compose" "endswith(\"checksums.txt\")" "2.23.3")
+compose_hash_url=$(resolve_github_release_asset_url "docker/compose" "endswith(\"checksums.txt\")" "${compose_version}")
 compose_external_hash=$(get_checksum_from_url "${compose_hash_url}" "compose-linux-x86_64" "SHA256")
 use_checksum_comparison "${compose_binary_path}" "${compose_external_hash}"