Fixes for gpg key generation and nginx configuration
This commit is contained in:
parent
1f89727cea
commit
89f0e23792
41
Dockerfile
41
Dockerfile
|
@ -1,38 +1,28 @@
|
||||||
# Copyright 2016 Bryan J. Hong
|
# Copyright 2016 Bryan J. Hong
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
# you may not use this file except in compliance with the License.
|
# you may not use this file except in compliance with the License.
|
||||||
# You may obtain a copy of the License at
|
# You may obtain a copy of the License at
|
||||||
#
|
#
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
#
|
#
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
FROM ubuntu:trusty
|
FROM ubuntu:xenial
|
||||||
|
|
||||||
MAINTAINER bryan@turbojets.net
|
MAINTAINER bryan@turbojets.net
|
||||||
|
|
||||||
ENV DEBIAN_FRONTEND noninteractive
|
ENV DEBIAN_FRONTEND noninteractive
|
||||||
ENV DIST=ubuntu
|
ENV DIST=ubuntu
|
||||||
ENV RELEASE=trusty
|
ENV RELEASE=xenial
|
||||||
|
|
||||||
# Add Aptly repository
|
|
||||||
RUN echo "deb http://repo.aptly.info/ squeeze main" > /etc/apt/sources.list.d/aptly.list
|
|
||||||
RUN apt-key adv --keyserver keys.gnupg.net --recv-keys 9E3E53F19C7DE460
|
|
||||||
|
|
||||||
# Add Nginx repository
|
|
||||||
RUN echo "deb http://nginx.org/packages/$DIST/ $RELEASE nginx" > /etc/apt/sources.list.d/nginx.list
|
|
||||||
RUN echo "deb-src http://nginx.org/packages/$DIST/ $RELEASE nginx" >> /etc/apt/sources.list.d/nginx.list
|
|
||||||
RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
|
|
||||||
|
|
||||||
# Update APT repository and install packages
|
# Update APT repository and install packages
|
||||||
RUN apt-get -q update \
|
RUN apt-get -qq update \
|
||||||
&& apt-get -y install aptly \
|
&& apt-get -y -qq install aptly \
|
||||||
bash-completion \
|
|
||||||
bzip2 \
|
bzip2 \
|
||||||
gnupg \
|
gnupg \
|
||||||
gpgv \
|
gpgv \
|
||||||
|
@ -40,24 +30,17 @@ RUN apt-get -q update \
|
||||||
supervisor \
|
supervisor \
|
||||||
nginx \
|
nginx \
|
||||||
wget \
|
wget \
|
||||||
xz-utils
|
xz-utils \
|
||||||
|
apt-utils \
|
||||||
|
&& apt-get clean \
|
||||||
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
# Install Aptly Configuration
|
# Install Aptly Configuration
|
||||||
COPY assets/aptly.conf /etc/aptly.conf
|
COPY assets/aptly.conf /etc/aptly.conf
|
||||||
|
|
||||||
# Enable Aptly Bash completions
|
|
||||||
RUN wget https://github.com/smira/aptly/raw/master/bash_completion.d/aptly \
|
|
||||||
-O /etc/bash_completion.d/aptly \
|
|
||||||
&& echo "if ! shopt -oq posix; then\n\
|
|
||||||
if [ -f /usr/share/bash-completion/bash_completion ]; then\n\
|
|
||||||
. /usr/share/bash-completion/bash_completion\n\
|
|
||||||
elif [ -f /etc/bash_completion ]; then\n\
|
|
||||||
. /etc/bash_completion\n\
|
|
||||||
fi\n\
|
|
||||||
fi" >> /etc/bash.bashrc
|
|
||||||
|
|
||||||
# Install Nginx Config
|
# Install Nginx Config
|
||||||
COPY assets/nginx.conf.sh /opt/nginx.conf.sh
|
COPY assets/nginx.conf.sh /opt/nginx.conf.sh
|
||||||
|
RUN rm /etc/nginx/sites-enabled/*
|
||||||
COPY assets/supervisord.nginx.conf /etc/supervisor/conf.d/nginx.conf
|
COPY assets/supervisord.nginx.conf /etc/supervisor/conf.d/nginx.conf
|
||||||
RUN echo "daemon off;" >> /etc/nginx/nginx.conf
|
RUN echo "daemon off;" >> /etc/nginx/nginx.conf
|
||||||
|
|
||||||
|
|
|
@ -10,8 +10,6 @@ Name-Comment: Aptly Repo Signing
|
||||||
Name-Email: ${EMAIL_ADDRESS}
|
Name-Email: ${EMAIL_ADDRESS}
|
||||||
Expire-Date: 0
|
Expire-Date: 0
|
||||||
Passphrase: ${GPG_PASSWORD}
|
Passphrase: ${GPG_PASSWORD}
|
||||||
%pubring /opt/aptly/aptly.pub
|
|
||||||
%secring /opt/aptly/aptly.sec
|
|
||||||
%commit
|
%commit
|
||||||
%echo done
|
%echo done
|
||||||
EOF
|
EOF
|
||||||
|
|
|
@ -4,7 +4,7 @@ cat << EOF > /etc/nginx/conf.d/default.conf
|
||||||
server_names_hash_bucket_size 64;
|
server_names_hash_bucket_size 64;
|
||||||
server {
|
server {
|
||||||
root /opt/aptly/public;
|
root /opt/aptly/public;
|
||||||
server_name ${HOSTNAME};
|
server_name _;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
autoindex on;
|
autoindex on;
|
||||||
|
|
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
# If the repository GPG keypair doesn't exist, create it.
|
# If the repository GPG keypair doesn't exist, create it.
|
||||||
if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
|
if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
|
||||||
|
echo "Generating new gpg keys"
|
||||||
|
cp -a /dev/urandom /dev/random
|
||||||
/opt/gpg_batch.sh
|
/opt/gpg_batch.sh
|
||||||
# If your system doesn't have a lot of entropy this may, take a long time
|
# If your system doesn't have a lot of entropy this may, take a long time
|
||||||
# Google how-to create "artificial" entropy if this gets stuck
|
# Google how-to create "artificial" entropy if this gets stuck
|
||||||
|
@ -37,8 +39,8 @@ if [[ -f /usr/share/keyrings/debian-archive-keyring.gpg ]]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Aptly looks in /root/.gnupg for default keyrings
|
# Aptly looks in /root/.gnupg for default keyrings
|
||||||
ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg
|
ln -sf /root/.gnupg/secring.gpg /opt/aptly/aptly.sec
|
||||||
ln -sf /opt/aptly/aptly.pub /root/.gnupg/pubring.gpg
|
ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub
|
||||||
|
|
||||||
# Generate Nginx Config
|
# Generate Nginx Config
|
||||||
/opt/nginx.conf.sh
|
/opt/nginx.conf.sh
|
||||||
|
|
Loading…
Reference in New Issue