Improve image build script

- Ensure all build-packages are removed afterwards
- Load the GPG key via HTTP instead of keyserver

Signed-off-by: Knut Ahlers <knut@ahlers.me>

build.sh

@@ -3,28 +3,36 @@ set -euxo pipefail
 
 export DEBIAN_FRONTEND=noninteractive
 
+build_packages=(
+	apt-transport-https
+	lsb-release
+)
+
+install_packages=(
+	docker-ce
+	jq
+	make
+	sudo
+)
+
 apt-get update
 
-# Install helper utils
-apt-get install -y --no-install-recommends \
-	apt-transport-https \
-	jq \
-	lsb-release \
-	make \
-	sudo
-
-# Install docker-ce
-apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+# Install packages required for building the image
+apt-get install -y --no-install-recommends ${build_packages[@]}
 
+# Activate docker repo
+curl -sSfL https://download.docker.com/linux/debian/gpg | apt-key add -
 echo "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -sc) stable" >/etc/apt/sources.list.d/docker.list
 apt-get update
-apt-get install -y --no-install-recommends docker-ce
+
+# Install packages to stay in the image
+apt-get install -y --no-install-recommends ${install_packages[@]}
 
 # Allow jenkins to use `sudo` and docker
 echo "jenkins ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers.d/jenkins
 usermod -a -G docker jenkins
 
 # Cleanup
-apt-get purge -y lsb-release
+apt-get purge -y ${build_packages[@]}
 apt-get autoremove --purge -y
 rm -rf /var/lib/apt/lists/*