Add ability to build from a repo signed with custom GPG key

The UPSTREAM_KEY_URL was added. A url for public GPG key if it is not on default location. Change-Id: I45a283131ca4307c51bd48a8b226064ea8e40144
2018-11-08 12:26:43 -08:00 · 2018-11-08 12:26:43 -08:00 · 6b12906ba5
parent aaec69bebe
commit 6b12906ba5
3 changed files with 21 additions and 2 deletions
--- a/16
+++ b/16
@ -33,6 +33,10 @@ IMAGE:=${DOCKER_REGISTRY}/${IMAGE_PREFIX}/$(IMAGE_NAME):${IMAGE_TAG}
 MINI_MIRROR                := mini-mirror
 CHART                      := charts/mini-mirror

+UPSTREAM_URL               ?= http://archive.ubuntu.com/ubuntu/
+UPSTREAM_KEY_URL           ?=
+COMPONENTS                 ?= main
+
 .PHONY: validate
 validate: lint test

@ -84,13 +88,21 @@ ifeq ($(USE_PROXY), true)
 		--build-arg HTTP_PROXY=$(PROXY) \
 		--build-arg HTTPS_PROXY=$(PROXY) \
 		--build-arg no_proxy=$(NO_PROXY) \
-		--build-arg NO_PROXY=$(NO_PROXY) .
+		--build-arg NO_PROXY=$(NO_PROXY) \
+		--build-arg UPSTREAM_URL=$(UPSTREAM_URL) \
+		--build-arg UPSTREAM_KEY_URL=$(UPSTREAM_KEY_URL) \
+		--build-arg COMPONENTS=$(COMPONENTS) \
+		.
 else
 	cd $(MINI_MIRROR); docker build --network host -t $(IMAGE) \
 		--label "org.opencontainers.image.revision=$(COMMIT)" \
 		--label "org.opencontainers.image.created=$(shell date --rfc-3339=seconds --utc)" \
 		--label "org.opencontainers.image.title=$(IMAGE_NAME)" \
-		-f Dockerfile .
+		-f Dockerfile \
+		--build-arg UPSTREAM_URL=$(UPSTREAM_URL) \
+		--build-arg UPSTREAM_KEY_URL=$(UPSTREAM_KEY_URL) \
+		--build-arg COMPONENTS=$(COMPONENTS) \
+		.
 endif
 ifeq ($(PUSH_IMAGE), true)
 	docker push $(IMAGE)
--- a/mini-mirror/Dockerfile
+++ b/mini-mirror/Dockerfile
@ -58,6 +58,7 @@ ARG MODE=packages
 ARG PACKAGE_FILE=default
 ARG UBUNTU_RELEASE=xenial
 ARG UPSTREAM_URL="http://archive.ubuntu.com/ubuntu/"
+ARG UPSTREAM_KEY_URL=""
 ARG COMPONENTS="main universe"
 ARG REPOS="${UBUNTU_RELEASE} ${UBUNTU_RELEASE}-updates ${UBUNTU_RELEASE}-security"

@ -69,6 +70,7 @@ ENV MODE ${MODE}
 ENV PACKAGE_FILE=${PACKAGE_FILE}
 ENV UBUNTU_RELEASE=${UBUNTU_RELEASE}
 ENV UPSTREAM_URL=${UPSTREAM_URL}
+ENV UPSTREAM_KEY_URL=${UPSTREAM_KEY_URL}
 ENV COMPONENTS=${COMPONENTS}
 ENV REPOS=${REPOS}

--- a/mini-mirror/assets/startup.sh
+++ b/mini-mirror/assets/startup.sh
@ -46,6 +46,11 @@ if [[ -f /usr/share/keyrings/debian-archive-keyring.gpg ]]; then
      --import
 fi

+if [ ! -z "$UPSTREAM_KEY_URL" ]; then
+    wget -O -  "$UPSTREAM_KEY_URL" | gpg --no-default-keyring \
+        --keyring trustedkeys.gpg --import
+fi
+
 # Aptly looks in /root/.gnupg for default keyrings
 ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg
 ln -sf /opt/aptly/aptly.pub /root/.gnupg/pubring.gpg