Add ability to build from a repo signed with custom GPG key
The UPSTREAM_KEY_URL was added. A url for public GPG key if it is not on default location. Change-Id: I45a283131ca4307c51bd48a8b226064ea8e40144
This commit is contained in:
parent
aaec69bebe
commit
6b12906ba5
16
Makefile
16
Makefile
|
@ -33,6 +33,10 @@ IMAGE:=${DOCKER_REGISTRY}/${IMAGE_PREFIX}/$(IMAGE_NAME):${IMAGE_TAG}
|
||||||
MINI_MIRROR := mini-mirror
|
MINI_MIRROR := mini-mirror
|
||||||
CHART := charts/mini-mirror
|
CHART := charts/mini-mirror
|
||||||
|
|
||||||
|
UPSTREAM_URL ?= http://archive.ubuntu.com/ubuntu/
|
||||||
|
UPSTREAM_KEY_URL ?=
|
||||||
|
COMPONENTS ?= main
|
||||||
|
|
||||||
.PHONY: validate
|
.PHONY: validate
|
||||||
validate: lint test
|
validate: lint test
|
||||||
|
|
||||||
|
@ -84,13 +88,21 @@ ifeq ($(USE_PROXY), true)
|
||||||
--build-arg HTTP_PROXY=$(PROXY) \
|
--build-arg HTTP_PROXY=$(PROXY) \
|
||||||
--build-arg HTTPS_PROXY=$(PROXY) \
|
--build-arg HTTPS_PROXY=$(PROXY) \
|
||||||
--build-arg no_proxy=$(NO_PROXY) \
|
--build-arg no_proxy=$(NO_PROXY) \
|
||||||
--build-arg NO_PROXY=$(NO_PROXY) .
|
--build-arg NO_PROXY=$(NO_PROXY) \
|
||||||
|
--build-arg UPSTREAM_URL=$(UPSTREAM_URL) \
|
||||||
|
--build-arg UPSTREAM_KEY_URL=$(UPSTREAM_KEY_URL) \
|
||||||
|
--build-arg COMPONENTS=$(COMPONENTS) \
|
||||||
|
.
|
||||||
else
|
else
|
||||||
cd $(MINI_MIRROR); docker build --network host -t $(IMAGE) \
|
cd $(MINI_MIRROR); docker build --network host -t $(IMAGE) \
|
||||||
--label "org.opencontainers.image.revision=$(COMMIT)" \
|
--label "org.opencontainers.image.revision=$(COMMIT)" \
|
||||||
--label "org.opencontainers.image.created=$(shell date --rfc-3339=seconds --utc)" \
|
--label "org.opencontainers.image.created=$(shell date --rfc-3339=seconds --utc)" \
|
||||||
--label "org.opencontainers.image.title=$(IMAGE_NAME)" \
|
--label "org.opencontainers.image.title=$(IMAGE_NAME)" \
|
||||||
-f Dockerfile .
|
-f Dockerfile \
|
||||||
|
--build-arg UPSTREAM_URL=$(UPSTREAM_URL) \
|
||||||
|
--build-arg UPSTREAM_KEY_URL=$(UPSTREAM_KEY_URL) \
|
||||||
|
--build-arg COMPONENTS=$(COMPONENTS) \
|
||||||
|
.
|
||||||
endif
|
endif
|
||||||
ifeq ($(PUSH_IMAGE), true)
|
ifeq ($(PUSH_IMAGE), true)
|
||||||
docker push $(IMAGE)
|
docker push $(IMAGE)
|
||||||
|
|
|
@ -58,6 +58,7 @@ ARG MODE=packages
|
||||||
ARG PACKAGE_FILE=default
|
ARG PACKAGE_FILE=default
|
||||||
ARG UBUNTU_RELEASE=xenial
|
ARG UBUNTU_RELEASE=xenial
|
||||||
ARG UPSTREAM_URL="http://archive.ubuntu.com/ubuntu/"
|
ARG UPSTREAM_URL="http://archive.ubuntu.com/ubuntu/"
|
||||||
|
ARG UPSTREAM_KEY_URL=""
|
||||||
ARG COMPONENTS="main universe"
|
ARG COMPONENTS="main universe"
|
||||||
ARG REPOS="${UBUNTU_RELEASE} ${UBUNTU_RELEASE}-updates ${UBUNTU_RELEASE}-security"
|
ARG REPOS="${UBUNTU_RELEASE} ${UBUNTU_RELEASE}-updates ${UBUNTU_RELEASE}-security"
|
||||||
|
|
||||||
|
@ -69,6 +70,7 @@ ENV MODE ${MODE}
|
||||||
ENV PACKAGE_FILE=${PACKAGE_FILE}
|
ENV PACKAGE_FILE=${PACKAGE_FILE}
|
||||||
ENV UBUNTU_RELEASE=${UBUNTU_RELEASE}
|
ENV UBUNTU_RELEASE=${UBUNTU_RELEASE}
|
||||||
ENV UPSTREAM_URL=${UPSTREAM_URL}
|
ENV UPSTREAM_URL=${UPSTREAM_URL}
|
||||||
|
ENV UPSTREAM_KEY_URL=${UPSTREAM_KEY_URL}
|
||||||
ENV COMPONENTS=${COMPONENTS}
|
ENV COMPONENTS=${COMPONENTS}
|
||||||
ENV REPOS=${REPOS}
|
ENV REPOS=${REPOS}
|
||||||
|
|
||||||
|
|
|
@ -46,6 +46,11 @@ if [[ -f /usr/share/keyrings/debian-archive-keyring.gpg ]]; then
|
||||||
--import
|
--import
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$UPSTREAM_KEY_URL" ]; then
|
||||||
|
wget -O - "$UPSTREAM_KEY_URL" | gpg --no-default-keyring \
|
||||||
|
--keyring trustedkeys.gpg --import
|
||||||
|
fi
|
||||||
|
|
||||||
# Aptly looks in /root/.gnupg for default keyrings
|
# Aptly looks in /root/.gnupg for default keyrings
|
||||||
ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg
|
ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg
|
||||||
ln -sf /opt/aptly/aptly.pub /root/.gnupg/pubring.gpg
|
ln -sf /opt/aptly/aptly.pub /root/.gnupg/pubring.gpg
|
||||||
|
|
Loading…
Reference in New Issue