Add ability to build from a repo signed with custom GPG key

As a test case UPSTREAM_URL=http://ubuntumirror.it.att.com/ubuntu/ UPSTREAM_KEY_URL=http://ubuntumirror.it.att.com/keys/mirror_key.pub were used. Change-Id: I45a283131ca4307c51bd48a8b226064ea8e40144
2018-11-08 12:26:43 -08:00 · 2018-11-08 12:26:43 -08:00 · 7ef061f60f
parent 0c157b195d
commit 7ef061f60f
3 changed files with 22 additions and 3 deletions
--- a/2
+++ b/2
@ -58,6 +58,7 @@ ARG MODE=packages
 ARG PACKAGE_FILE=default
 ARG UBUNTU_RELEASE=xenial
 ARG UPSTREAM_URL="http://archive.ubuntu.com/ubuntu/"
+ARG UPSTREAM_KEY_URL=""
 ARG COMPONENTS="main universe"
 ARG REPOS="${UBUNTU_RELEASE} ${UBUNTU_RELEASE}-updates ${UBUNTU_RELEASE}-security"

@ -69,6 +70,7 @@ ENV MODE ${MODE}
 ENV PACKAGE_FILE=${PACKAGE_FILE}
 ENV UBUNTU_RELEASE=${UBUNTU_RELEASE}
 ENV UPSTREAM_URL=${UPSTREAM_URL}
+ENV UPSTREAM_KEY_URL=${UPSTREAM_KEY_URL}
 ENV COMPONENTS=${COMPONENTS}
 ENV REPOS=${REPOS}

--- a/18
+++ b/18
@ -30,7 +30,11 @@ UBUNTU_BASE_IMAGE          ?= ubuntu:16.04

 IMAGE:=${DOCKER_REGISTRY}/${IMAGE_PREFIX}/$(IMAGE_NAME):${IMAGE_TAG}

-CHART                       := charts/mini-mirror
+CHART                      := charts/mini-mirror
+
+UPSTREAM_URL               ?= http://archive.ubuntu.com/ubuntu/
+UPSTREAM_KEY_URL           ?=
+COMPONENTS                 ?= main

 .PHONY: validate
 validate: lint test
@ -78,13 +82,21 @@ ifeq ($(USE_PROXY), true)
 		--build-arg HTTP_PROXY=$(PROXY) \
 		--build-arg HTTPS_PROXY=$(PROXY) \
 		--build-arg no_proxy=$(NO_PROXY) \
-		--build-arg NO_PROXY=$(NO_PROXY) .
+		--build-arg NO_PROXY=$(NO_PROXY) \
+		--build-arg UPSTREAM_URL=$(UPSTREAM_URL) \
+		--build-arg UPSTREAM_KEY_URL=$(UPSTREAM_KEY_URL) \
+		--build-arg COMPONENTS=$(COMPONENTS) \
+		.
 else
 	docker build --network host -t $(IMAGE) \
 		--label "org.opencontainers.image.revision=$(COMMIT)" \
 		--label "org.opencontainers.image.created=$(shell date --rfc-3339=seconds --utc)" \
 		--label "org.opencontainers.image.title=$(IMAGE_NAME)" \
-		-f Dockerfile .
+		-f Dockerfile \
+		--build-arg UPSTREAM_URL=$(UPSTREAM_URL) \
+		--build-arg UPSTREAM_KEY_URL=$(UPSTREAM_KEY_URL) \
+		--build-arg COMPONENTS=$(COMPONENTS) \
+		.
 endif
 ifeq ($(PUSH_IMAGE), true)
 	docker push $(IMAGE)
--- a/assets/startup.sh
+++ b/assets/startup.sh
@ -46,6 +46,11 @@ if [[ -f /usr/share/keyrings/debian-archive-keyring.gpg ]]; then
      --import
 fi

+if [ ! -z "$UPSTREAM_KEY_URL" ]; then
+    wget -O -  "$UPSTREAM_KEY_URL" | gpg --no-default-keyring \
+        --keyring trustedkeys.gpg --import
+fi
+
 # Aptly looks in /root/.gnupg for default keyrings
 ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg
 ln -sf /opt/aptly/aptly.pub /root/.gnupg/pubring.gpg