From 19cc1765c78337a82343bc34469fe1423aa37da5 Mon Sep 17 00:00:00 2001 From: Bryan Hong Date: Tue, 23 May 2017 23:58:29 -0700 Subject: [PATCH 1/2] added option to build debian-based aptly just run ```build.sh Dockerfile.debian``` instead --- Dockerfile | 1 + Dockerfile.debian | 72 ++++++++++++++++++ README.md | 6 +- assets/startup.sh | 29 +++++-- assets/update_mirror/update_mirror_debian.sh | 75 +++++++++++++++++++ .../update_mirror_ubuntu.sh} | 0 build.sh | 5 +- 7 files changed, 177 insertions(+), 11 deletions(-) create mode 100644 Dockerfile.debian create mode 100755 assets/update_mirror/update_mirror_debian.sh rename assets/{update_mirror.sh => update_mirror/update_mirror_ubuntu.sh} (100%) diff --git a/Dockerfile b/Dockerfile index cba071e..aad2d2c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -63,6 +63,7 @@ RUN echo "daemon off;" >> /etc/nginx/nginx.conf # Install scripts COPY assets/*.sh /opt/ +COPY assets/update_mirror/update_mirror_ubuntu.sh /opt/update_mirror.sh # Bind mount location VOLUME [ "/opt/aptly" ] diff --git a/Dockerfile.debian b/Dockerfile.debian new file mode 100644 index 0000000..ea6a63b --- /dev/null +++ b/Dockerfile.debian @@ -0,0 +1,72 @@ +# Copyright 2016 Bryan J. Hong +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM debian:jessie + +MAINTAINER bryan@turbojets.net + +ENV DEBIAN_FRONTEND noninteractive +ENV DIST=debian +ENV RELEASE=jessie + +# Add Aptly repository +RUN echo "deb http://repo.aptly.info/ squeeze main" > /etc/apt/sources.list.d/aptly.list +RUN apt-key adv --keyserver keys.gnupg.net --recv-keys 9E3E53F19C7DE460 + +# Add Nginx repository +RUN echo "deb http://nginx.org/packages/$DIST/ $RELEASE nginx" > /etc/apt/sources.list.d/nginx.list +RUN echo "deb-src http://nginx.org/packages/$DIST/ $RELEASE nginx" >> /etc/apt/sources.list.d/nginx.list +RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 + +# Update APT repository and install packages +RUN apt-get -q update \ + && apt-get -y install aptly \ + bash-completion \ + bzip2 \ + gnupg \ + gpgv \ + graphviz \ + supervisor \ + nginx \ + wget \ + xz-utils + +# Install Aptly Configuration +COPY assets/aptly.conf /etc/aptly.conf + +# Enable Aptly Bash completions +RUN wget https://github.com/smira/aptly/raw/master/bash_completion.d/aptly \ + -O /etc/bash_completion.d/aptly \ + && echo "if ! shopt -oq posix; then\n\ + if [ -f /usr/share/bash-completion/bash_completion ]; then\n\ + . /usr/share/bash-completion/bash_completion\n\ + elif [ -f /etc/bash_completion ]; then\n\ + . /etc/bash_completion\n\ + fi\n\ +fi" >> /etc/bash.bashrc + +# Install Nginx Config +COPY assets/nginx.conf.sh /opt/nginx.conf.sh +COPY assets/supervisord.nginx.conf /etc/supervisor/conf.d/nginx.conf +RUN echo "daemon off;" >> /etc/nginx/nginx.conf + +# Install scripts +COPY assets/*.sh /opt/ +COPY assets/update_mirror/update_mirror_debian.sh /opt/update_mirror.sh + +# Bind mount location +VOLUME [ "/opt/aptly" ] + +# Execute Startup script when container starts +ENTRYPOINT [ "/opt/startup.sh" ] diff --git a/README.md b/README.md index aa01a75..e8dd7e2 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ aptly in a container backed by nginx >nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP proxy server, originally written by Igor Sysoev [nginx.org](http://nginx.org/en/) -**NOTE:** This container and the scripts within are written to make hosting an Ubuntu mirror "as-close-to-turnkey" as possible. If there is enough demand or I end up building it for my own purposes, I'll publish a branch or separate repo to support a "turnkey" Aptly Docker image for Debian. +**NOTE:** This container and the scripts within are written to make hosting an Ubuntu mirror "as-close-to-turnkey" as possible. If you want to host a Debian mirror, you'll need to build the image yourself, see [Building the Container](#building-the-container) below Quickstart -- @@ -116,7 +116,7 @@ git clone https://github.com/bryanhong/docker-aptly.git ### Commands and variables * ```vars```: Variables for Docker registry, the application, and aptly repository data location -* ```build.sh```: Build the Docker image locally +* ```build.sh```: Build the Docker image locally, this script will take the name of a Dockerfile as an argument, by default will build Dockerfile. * ```run.sh```: Starts the Docker container, it the image hasn't been built locally, it is fetched from the repository set in vars * ```push.sh```: Pushes the latest locally built image to the repository set in vars * ```shell.sh```: get a shell within the container @@ -142,6 +142,8 @@ The GPG password you set in ```vars``` is stored in plain text and is visible as 1. Run ```./build.sh``` +>To build a Debian-based mirror/aptly run ```./build.sh Dockerfile.debian``` + #### Start the container 1. Run ```./run.sh``` diff --git a/assets/startup.sh b/assets/startup.sh index 49c6b70..10318da 100755 --- a/assets/startup.sh +++ b/assets/startup.sh @@ -13,14 +13,27 @@ if [[ ! -f /opt/aptly/public/aptly_repo_signing.key ]]; then gpg --export --armor > /opt/aptly/public/aptly_repo_signing.key fi -# Import Ubuntu keyrings -gpg --list-keys -gpg --no-default-keyring \ - --keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg \ - --export | \ -gpg --no-default-keyring \ - --keyring trustedkeys.gpg \ - --import +# Import Ubuntu keyrings if they exist +if [[ -f /usr/share/keyrings/ubuntu-archive-keyring.gpg ]]; then + gpg --list-keys + gpg --no-default-keyring \ + --keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg \ + --export | \ + gpg --no-default-keyring \ + --keyring trustedkeys.gpg \ + --import +fi + +# Import Debian keyrings if they exist +if [[ -f /usr/share/keyrings/debian-archive-keyring.gpg ]]; then + gpg --list-keys + gpg --no-default-keyring \ + --keyring /usr/share/keyrings/debian-archive-keyring.gpg \ + --export | \ + gpg --no-default-keyring \ + --keyring trustedkeys.gpg \ + --import +fi # Aptly looks in /root/.gnupg for default keyrings ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg diff --git a/assets/update_mirror/update_mirror_debian.sh b/assets/update_mirror/update_mirror_debian.sh new file mode 100755 index 0000000..f58bf0f --- /dev/null +++ b/assets/update_mirror/update_mirror_debian.sh @@ -0,0 +1,75 @@ +#! /bin/bash +set -e + +# Automate the initial creation and update of a Debian package mirror in aptly + +# The variables (as set below) will create a mirror of the Debian jessie repo +# with the main and update components. If you do mirror these, you'll want to +# include "deb http://security.debian.org jessie/updates main" in your sources.list +# file or mirror it similarly as done below to keep up with security updates. + +DEBIAN_RELEASE=jessie +UPSTREAM_URL="http://deb.debian.org/debian/" +COMPONENTS=( main ) +REPOS=( ${DEBIAN_RELEASE} ${DEBIAN_RELEASE}-updates ) + +# Create repository mirrors if they don't exist +set +e +for component in ${COMPONENTS[@]}; do + for repo in ${REPOS[@]}; do + aptly mirror list -raw | grep "^${repo}$" + if [[ $? -ne 0 ]]; then + echo "Creating mirror of ${repo} repository." + aptly mirror create \ + -architectures=amd64 ${repo} ${UPSTREAM_URL} ${repo} ${component} + fi + done +done +set -e + +# Update all repository mirrors +for component in ${COMPONENTS[@]}; do + for repo in ${REPOS[@]}; do + echo "Updating ${repo} repository mirror.." + aptly mirror update ${repo} + done +done + +# Create snapshots of updated repositories +for component in ${COMPONENTS[@]}; do + for repo in ${REPOS[@]}; do + echo "Creating snapshot of ${repo} repository mirror.." + SNAPSHOTARRAY+="${repo}-`date +%Y%m%d%H` " + aptly snapshot create ${repo}-`date +%Y%m%d%H` from mirror ${repo} + done +done + +echo ${SNAPSHOTARRAY[@]} + +# Merge snapshots into a single snapshot with updates applied +echo "Merging snapshots into one.." +aptly snapshot merge -latest \ + ${DEBIAN_RELEASE}-merged-`date +%Y%m%d%H` \ + ${SNAPSHOTARRAY[@]} + +# Publish the latest merged snapshot +set +e +aptly publish list -raw | awk '{print $2}' | grep "^${DEBIAN_RELEASE}$" +if [[ $? -eq 0 ]]; then + aptly publish switch \ + -passphrase="${GPG_PASSWORD}" \ + ${DEBIAN_RELEASE} ${DEBIAN_RELEASE}-merged-`date +%Y%m%d%H` +else + aptly publish snapshot \ + -passphrase="${GPG_PASSWORD}" \ + -distribution=${DEBIAN_RELEASE} ${DEBIAN_RELEASE}-merged-`date +%Y%m%d%H` +fi +set -e + +# Export the GPG Public key +if [[ ! -f /opt/aptly/public/aptly_repo_signing.key ]]; then + gpg --export --armor > /opt/aptly/public/aptly_repo_signing.key +fi + +# Generate Aptly Graph +aptly graph -output /opt/aptly/public/aptly_graph.png diff --git a/assets/update_mirror.sh b/assets/update_mirror/update_mirror_ubuntu.sh similarity index 100% rename from assets/update_mirror.sh rename to assets/update_mirror/update_mirror_ubuntu.sh diff --git a/build.sh b/build.sh index 71db177..1d84922 100755 --- a/build.sh +++ b/build.sh @@ -2,7 +2,10 @@ source vars -docker build -t "${REPO_NAME}/${APP_NAME}:${TAG}" . +DOCKERFILE="${1:-Dockerfile}" +SUFFIX=`echo $1 | cut -d. -f2` + +docker build -t "${REPO_NAME}/${APP_NAME}:${TAG}" -f ${DOCKERFILE} . # If the build was successful (0 exit code)... if [ $? -eq 0 ]; then From d489f8c8abcd5a6ff21a2b2af77b9bf83dc3144c Mon Sep 17 00:00:00 2001 From: Bryan Hong Date: Wed, 24 May 2017 00:02:22 -0700 Subject: [PATCH 2/2] remove suffix var --- build.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/build.sh b/build.sh index 1d84922..4904b8c 100755 --- a/build.sh +++ b/build.sh @@ -3,7 +3,6 @@ source vars DOCKERFILE="${1:-Dockerfile}" -SUFFIX=`echo $1 | cut -d. -f2` docker build -t "${REPO_NAME}/${APP_NAME}:${TAG}" -f ${DOCKERFILE} .