diff --git a/Dockerfile b/Dockerfile index dc358f5..c3b9ff4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ FROM ubuntu:xenial -LABEL maintainer="urpylka@gmail.com" +LABEL maintainer="airship-team@att.com" ENV DEBIAN_FRONTEND noninteractive @@ -50,8 +50,15 @@ RUN rm /etc/nginx/sites-enabled/* COPY assets/supervisord.nginx.conf /etc/supervisor/conf.d/nginx.conf RUN echo "daemon off;" >> /etc/nginx/nginx.conf -# Bind mount location -VOLUME [ "/opt/aptly" ] +ENV FULL_NAME="First Last" +ENV EMAIL_ADDRESS="youremail@example.com" +ENV GPG_PASSWORD="PickAPassword" +ENV HOSTNAME=localhost + +COPY assets/packages /opt/packages + +RUN /opt/startup.sh # Execute Startup script when container starts -ENTRYPOINT [ "/opt/startup.sh" ] + +CMD [ "/opt/run.sh" ] diff --git a/assets/packages b/assets/packages new file mode 100644 index 0000000..2662170 --- /dev/null +++ b/assets/packages @@ -0,0 +1,596 @@ +accountsservice +acl +acpid +adduser +amd64-microcode +apparmor +apport +apport-symptoms +apt +apt-transport-https +apt-utils +arping +at +base-files +base-passwd +bash +bash-completion +bc +bcache-tools +bind9-host +binfmt-support +binutils +bsdmainutils +bsdutils +btrfs-tools +build-essential +busybox-initramfs +busybox-static +byobu +bzip2 +ca-certificates +ceph-common +cloud-guest-utils +cloud-init +cloud-initramfs-copymods +cloud-initramfs-dyn-netconf +command-not-found +command-not-found-data +console-setup +console-setup-linux +coreutils +cpio +cpp +cpp-5 +crda +cron +cryptsetup +cryptsetup-bin +curl +dash +dbus +debconf +debconf-i18n +debianutils +dh-python +diffutils +distro-info-data +dkms +dmeventd +dmidecode +dmsetup +dnsmasq-base +dns-root-data +dnsutils +docker.io +docker-engine +dosfstools +dpkg +dpkg-dev +dstat +e2fslibs +e2fsprogs +eatmydata +ed +eject +ethtool +fakeroot +file +findutils +fonts-ubuntu-font-family-console +freeipmi-common +friendly-recovery +ftp +fuse +g++ +g++-5 +gawk +gcc +gcc-5 +gcc-5-base +gcc-6-base +gdisk +geoip-database +gettext-base +gir1.2-glib-2.0 +git +git-man +gnupg +gpgv +grep +groff-base +grub2-common +grub-common +grub-gfxpayload-lists +grub-legacy-ec2 +grub-pc +grub-pc-bin +gzip +hdparm +heirloom-mailx +hostname +ifenslave +ifupdown +info +init +initramfs-tools +initramfs-tools-bin +initramfs-tools-core +initscripts +init-system-helpers +insserv +installation-report +install-info +intel-microcode +iotop +iperf +ipmitool +iproute2 +iptables +iputils-arping +iputils-ping +iputils-tracepath +irqbalance +isc-dhcp-client +isc-dhcp-common +iso-codes +iucode-tool +iw +jq +kbd +keyboard-configuration +klibc-utils +kmod +krb5-locales +ksh +language-selector-common +laptop-detect +ldap-utils +less +libaccountsservice0 +libacl1 +libalgorithm-diff-perl +libalgorithm-diff-xs-perl +libalgorithm-merge-perl +libapparmor1 +libapparmor-perl +libapt-inst2.0 +libapt-pkg5.0 +libasan2 +libasn1-8-heimdal +libasprintf0v5 +libatm1 +libatomic1 +libattr1 +libaudit1 +libaudit-common +libbabeltrace1 +libbabeltrace-ctf1 +libbind9-140 +libblas3 +libblas-common +libblkid1 +libboost-iostreams1.58.0 +libboost-program-options1.58.0 +libboost-random1.58.0 +libboost-regex1.58.0 +libboost-system1.58.0 +libboost-thread1.58.0 +libbsd0 +libbz2-1.0 +libc6 +libc6-dev +libcap2 +libcap2-bin +libcap-ng0 +libc-bin +libcc1-0 +libc-dev-bin +libcephfs1 +libcilkrts5 +libcomerr2 +libcryptsetup4 +libcurl3-gnutls +libdb5.3 +libdbus-1-3 +libdbus-glib-1-2 +libdebconfclient0 +libdevmapper1.02.1 +libdevmapper-event1.02.1 +libdns162 +libdns-export162 +libdpkg-perl +libdrm2 +libdrm-common +libdumbnet1 +libdw1 +libeatmydata1 +libedit2 +libelf1 +liberror-perl +libestr0 +libevent-2.0-5 +libexpat1 +libfakeroot +libfcgi0ldbl +libfdisk1 +libffi6 +libfile-fcntllock-perl +libfreeipmi16 +libfreetype6 +libfribidi0 +libfuse2 +libgcc1 +libgcc-5-dev +libgcrypt20 +libgdbm3 +libgeoip1 +libgirepository-1.0-1 +libglib2.0-0 +libglib2.0-data +libgmp10 +libgnutls30 +libgnutls-openssl27 +libgomp1 +libgpg-error0 +libgpm2 +libgssapi3-heimdal +libgssapi-krb5-2 +libhcrypto4-heimdal +libheimbase1-heimdal +libheimntlm0-heimdal +libhogweed4 +libhx509-5-heimdal +libicu55 +libidn11 +libisc160 +libisccc140 +libisccfg140 +libisc-export160 +libisl15 +libitm1 +libjansson4 +libjson-c2 +libk5crypto3 +libkeyutils1 +libklibc +libkmod2 +libkrb5-26-heimdal +libkrb5-3 +libkrb5support0 +libldap-2.4-2 +liblinear3 +liblocale-gettext-perl +liblsan0 +libltdl7 +liblua5.2-0 +liblvm2app2.2 +liblvm2cmd2.02 +liblwres141 +liblxc1 +liblz4-1 +liblzma5 +liblzo2-2 +libmagic1 +libmnl0 +libmount1 +libmpc3 +libmpdec2 +libmpfr4 +libmpx0 +libmspack0 +libncurses5 +libncursesw5 +libnet1 +libnetfilter-conntrack3 +libnettle6 +libnewt0.52 +libnfnetlink0 +libnih1 +libnl-3-200 +libnl-genl-3-200 +libnspr4 +libnss3 +libnss3-nssdb +libnuma1 +libonig2 +libopenipmi0 +libopts25 +libp11-kit0 +libpam0g +libpam-modules +libpam-modules-bin +libpam-runtime +libpam-systemd +libparted2 +libpcap0.8 +libpci3 +libpcre3 +libperl5.22 +libpipeline1 +libplymouth4 +libpng12-0 +libpolkit-agent-1-0 +libpolkit-backend-1-0 +libpolkit-gobject-1-0 +libpopt0 +libprocps4 +libprotobuf9v5 +libpython2.7-minimal +libpython2.7-stdlib +libpython3.5 +libpython3.5-minimal +libpython3.5-stdlib +libpython3-stdlib +libpython-stdlib +libquadmath0 +librados2 +libradosstriper1 +librbd1 +libreadline5 +libreadline6 +librgw2 +libroken18-heimdal +librtmp1 +libsasl2-2 +libsasl2-modules +libsasl2-modules-db +libseccomp2 +libselinux1 +libsemanage1 +libsemanage-common +libsensors4 +libsepol1 +libsigsegv2 +libslang2 +libsmartcols1 +libsnmp30 +libsnmp-base +libsqlite3-0 +libss2 +libssl1.0.0 +libstdc++-5-dev +libstdc++6 +libsystemd0 +libtasn1-6 +libtext-charwidth-perl +libtext-iconv-perl +libtext-wrapi18n-perl +libtinfo5 +libtsan0 +libubsan0 +libudev1 +libunwind8 +libusb-0.1-4 +libusb-1.0-0 +libustr-1.0-1 +libutempter0 +libuuid1 +libuv1 +libwind0-heimdal +libwrap0 +libx11-6 +libx11-data +libxau6 +libxcb1 +libxdmcp6 +libxext6 +libxml2 +libxmlsec1 +libxmlsec1-openssl +libxmuu1 +libxslt1.1 +libxtables11 +libyaml-0-2 +linux-base +linux-cloud-tools-common +linux-firmware +linux-generic-hwe-16.04 +linux-headers-4.15.0-34 +linux-headers-4.15.0-34-generic +linux-headers-generic-hwe-16.04 +linux-image-4.15.0-34-generic +linux-image-extra-4.13.0-45-generic +linux-image-generic-hwe-16.04 +linux-libc-dev +linux-modules-4.15.0-34-generic +linux-modules-extra-4.15.0-34-generic +linux-signed-generic-hwe-16.04 +linux-signed-image-4.13.0-45-generic +linux-tools-common +lldpd +locales +login +logrotate +lsb-base +lsb-release +lshw +lsof +ltrace +lua-lpeg +lvm2 +lxc-common +lxcfs +lxd +lxd-client +make +makedev +man-db +manpages +manpages-dev +mawk +mdadm +mime-support +mlocate +mosh +mount +mtr-tiny +multiarch-support +nano +ncurses-base +ncurses-bin +ncurses-term +ndiff +netbase +netcat-openbsd +net-tools +nmap +node-commander +nodejs +node-nan +node-tinycolor +node-ws +ntfs-3g +ntp +openipmi +open-iscsi +openssh-client +openssh-server +openssh-sftp-server +openssl +open-vm-tools +os-prober +overlayroot +parted +passwd +pastebinit +patch +pciutils +perl +perl-base +perl-modules-5.22 +plymouth +plymouth-theme-ubuntu-text +policykit-1 +pollinate +popularity-contest +powermgmt-base +procps +psmisc +python +python2.7 +python2.7-minimal +python3 +python3.5 +python3.5-minimal +python3-apport +python3-apt +python3-blinker +python3-cffi-backend +python3-chardet +python3-commandnotfound +python3-configobj +python3-cryptography +python3-dbus +python3-debian +python3-distupgrade +python3-gdbm +python3-gi +python3-idna +python3-jinja2 +python3-jsonpatch +python3-json-pointer +python3-jwt +python3-markupsafe +python3-minimal +python3-newt +python3-oauthlib +python3-pkg-resources +python3-prettytable +python3-problem-report +python3-pyasn1 +python3-pycurl +python3-requests +python3-serial +python3-six +python3-software-properties +python3-systemd +python3-update-manager +python3-urllib3 +python3-yaml +python-apt +python-apt-common +python-bs4 +python-cephfs +python-chardet +python-html5lib +python-lxml +python-minimal +python-pkg-resources +python-rados +python-rbd +python-requests +python-six +python-urllib3 +readline-common +rename +resolvconf +rsync +rsyslog +run-one +sbsigntool +screen +sed +sensible-utils +sgml-base +shared-mime-info +s-nail +snapd +socat +software-properties-common +sosreport +squashfs-tools +ssh-import-id +ssmtp +strace +sudo +sysstat +systemd +systemd-sysv +sysvinit-utils +sysv-rc +tar +tasksel +tasksel-data +tcpd +tcpdump +telnet +thermald +time +tmux +traceroute +tzdata +ubuntu-cloudimage-keyring +ubuntu-core-launcher +ubuntu-keyring +ubuntu-minimal +ubuntu-release-upgrader-core +ubuntu-standard +ucf +udev +ufw +uidmap +unattended-upgrades +unzip +update-manager-core +update-notifier-common +ureadahead +usbutils +util-linux +uuid-runtime +vim +vim-common +vim-runtime +vim-tiny +vlan +wget +whiptail +wireless-regdb +xauth +xdg-user-dirs +xfsprogs +xkb-data +xml-core +xz-utils +zerofree +zlib1g diff --git a/assets/run.sh b/assets/run.sh new file mode 100755 index 0000000..e87c374 --- /dev/null +++ b/assets/run.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +set -o pipefail +set -o errexit +# set -o xtrace + +/usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf diff --git a/assets/startup.sh b/assets/startup.sh index 0ab55b6..8752c0e 100755 --- a/assets/startup.sh +++ b/assets/startup.sh @@ -5,6 +5,8 @@ # Copyright 2016 Bryan J. Hong # Licensed under the Apache License, Version 2.0 +set -o xtrace + if [[ ! -f /root/.gnupg/gpg.conf ]]; then /opt/gpg.conf.sh fi @@ -14,19 +16,15 @@ if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then echo "Generating new gpg keys" cp -a /dev/urandom /dev/random /opt/gpg_batch.sh + mkdir -p /opt/aptly # If your system doesn't have a lot of entropy this may, take a long time # Google how-to create "artificial" entropy if this gets stuck - gpg --batch --gen-key /opt/gpg_batch + gpg -v --batch --gen-key /opt/gpg_batch + else echo "No need to generate new gpg keys" fi -# Export the GPG Public key -if [[ ! -f /opt/aptly/public/aptly_repo_signing.key ]]; then - mkdir -p /opt/aptly/public - gpg --export --armor > /opt/aptly/public/aptly_repo_signing.key -fi - # Import Ubuntu keyrings if they exist if [[ -f /usr/share/keyrings/ubuntu-archive-keyring.gpg ]]; then gpg --list-keys @@ -56,5 +54,4 @@ ln -sf /opt/aptly/aptly.pub /root/.gnupg/pubring.gpg # Generate Nginx Config /opt/nginx.conf.sh -# Start Supervisor -/usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf +/opt/update_mirror_ubuntu.sh diff --git a/assets/update_mirror_ubuntu.sh b/assets/update_mirror_ubuntu.sh index c2f49e2..2a6e70e 100755 --- a/assets/update_mirror_ubuntu.sh +++ b/assets/update_mirror_ubuntu.sh @@ -1,19 +1,26 @@ #! /usr/bin/env bash set -e +set -x # Automate the initial creation and update of an Ubuntu package mirror in aptly -# The variables (as set below) will create a mirror of the Ubuntu Trusty repo +# The variables (as set below) will create a mirror of the Ubuntu repo # with the main & universe components, you can add other components like restricted # multiverse etc by adding to the array (separated by spaces). -# For more detail about each of the variables below refer to: +# For more detail about each of the variables below refer to: # https://help.ubuntu.com/community/Repositories/CommandLine -UBUNTU_RELEASE=bionic +UBUNTU_RELEASE=xenial UPSTREAM_URL="http://archive.ubuntu.com/ubuntu/" COMPONENTS=( main universe ) REPOS=( ${UBUNTU_RELEASE} ${UBUNTU_RELEASE}-updates ${UBUNTU_RELEASE}-security ) +MODE='packages' # packages - mirror specified packages or all +if [ "$MODE" = "packages" ]; then + FILTER_OPTS=(-filter="$(cat /opt/packages | paste -sd \| -)" -filter-with-deps) +else + FILTER_OPTS=() +fi # Create repository mirrors if they don't exist set +e @@ -23,7 +30,7 @@ for component in ${COMPONENTS[@]}; do if [[ $? -ne 0 ]]; then echo "Creating mirror of ${repo}-${component} repository." aptly mirror create \ - -architectures=amd64 ${repo}-${component} ${UPSTREAM_URL} ${repo} ${component} + -architectures=amd64 "${FILTER_OPTS[@]}" ${repo}-${component} ${UPSTREAM_URL} ${repo} ${component} fi done done @@ -49,7 +56,7 @@ done echo ${SNAPSHOTARRAY[@]} # Merge snapshots into a single snapshot with updates applied -echo "Merging snapshots into one.." +echo "Merging snapshots into one.." aptly snapshot merge -latest \ ${UBUNTU_RELEASE}-merged-`date +%Y%m%d%H` \ ${SNAPSHOTARRAY[@]}