From 6b12906ba556576c4bbb88ec975972461f3d1c50 Mon Sep 17 00:00:00 2001
From: Andrey Volkov <av903u@att.com>
Date: Thu, 8 Nov 2018 12:26:43 -0800
Subject: [PATCH] Add ability to build from a repo signed with custom GPG key

The UPSTREAM_KEY_URL was added.
A url for public GPG key if it is not on default location.

Change-Id: I45a283131ca4307c51bd48a8b226064ea8e40144
---
 Makefile                      | 16 ++++++++++++++--
 mini-mirror/Dockerfile        |  2 ++
 mini-mirror/assets/startup.sh |  5 +++++
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 0ea37da..8e76ca4 100644
--- a/Makefile
+++ b/Makefile
@@ -33,6 +33,10 @@ IMAGE:=${DOCKER_REGISTRY}/${IMAGE_PREFIX}/$(IMAGE_NAME):${IMAGE_TAG}
 MINI_MIRROR                := mini-mirror
 CHART                      := charts/mini-mirror
 
+UPSTREAM_URL               ?= http://archive.ubuntu.com/ubuntu/
+UPSTREAM_KEY_URL           ?=
+COMPONENTS                 ?= main
+
 .PHONY: validate
 validate: lint test
 
@@ -84,13 +88,21 @@ ifeq ($(USE_PROXY), true)
 		--build-arg HTTP_PROXY=$(PROXY) \
 		--build-arg HTTPS_PROXY=$(PROXY) \
 		--build-arg no_proxy=$(NO_PROXY) \
-		--build-arg NO_PROXY=$(NO_PROXY) .
+		--build-arg NO_PROXY=$(NO_PROXY) \
+		--build-arg UPSTREAM_URL=$(UPSTREAM_URL) \
+		--build-arg UPSTREAM_KEY_URL=$(UPSTREAM_KEY_URL) \
+		--build-arg COMPONENTS=$(COMPONENTS) \
+		.
 else
 	cd $(MINI_MIRROR); docker build --network host -t $(IMAGE) \
 		--label "org.opencontainers.image.revision=$(COMMIT)" \
 		--label "org.opencontainers.image.created=$(shell date --rfc-3339=seconds --utc)" \
 		--label "org.opencontainers.image.title=$(IMAGE_NAME)" \
-		-f Dockerfile .
+		-f Dockerfile \
+		--build-arg UPSTREAM_URL=$(UPSTREAM_URL) \
+		--build-arg UPSTREAM_KEY_URL=$(UPSTREAM_KEY_URL) \
+		--build-arg COMPONENTS=$(COMPONENTS) \
+		.
 endif
 ifeq ($(PUSH_IMAGE), true)
 	docker push $(IMAGE)
diff --git a/mini-mirror/Dockerfile b/mini-mirror/Dockerfile
index 05917dc..daae3cd 100644
--- a/mini-mirror/Dockerfile
+++ b/mini-mirror/Dockerfile
@@ -58,6 +58,7 @@ ARG MODE=packages
 ARG PACKAGE_FILE=default
 ARG UBUNTU_RELEASE=xenial
 ARG UPSTREAM_URL="http://archive.ubuntu.com/ubuntu/"
+ARG UPSTREAM_KEY_URL=""
 ARG COMPONENTS="main universe"
 ARG REPOS="${UBUNTU_RELEASE} ${UBUNTU_RELEASE}-updates ${UBUNTU_RELEASE}-security"
 
@@ -69,6 +70,7 @@ ENV MODE ${MODE}
 ENV PACKAGE_FILE=${PACKAGE_FILE}
 ENV UBUNTU_RELEASE=${UBUNTU_RELEASE}
 ENV UPSTREAM_URL=${UPSTREAM_URL}
+ENV UPSTREAM_KEY_URL=${UPSTREAM_KEY_URL}
 ENV COMPONENTS=${COMPONENTS}
 ENV REPOS=${REPOS}
 
diff --git a/mini-mirror/assets/startup.sh b/mini-mirror/assets/startup.sh
index fe2543f..47d279d 100755
--- a/mini-mirror/assets/startup.sh
+++ b/mini-mirror/assets/startup.sh
@@ -46,6 +46,11 @@ if [[ -f /usr/share/keyrings/debian-archive-keyring.gpg ]]; then
       --import
 fi
 
+if [ ! -z "$UPSTREAM_KEY_URL" ]; then
+    wget -O -  "$UPSTREAM_KEY_URL" | gpg --no-default-keyring \
+        --keyring trustedkeys.gpg --import
+fi
+
 # Aptly looks in /root/.gnupg for default keyrings
 ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg
 ln -sf /opt/aptly/aptly.pub /root/.gnupg/pubring.gpg