summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJon Azpiazu <jonazpiazu@users.noreply.github.com>2018-05-30 16:25:19 +0200
committerJon Azpiazu <jonazpiazu@users.noreply.github.com>2018-05-30 16:25:19 +0200
commit89f0e237922ec9a4fdb6d4002905f34445dce12d (patch)
tree4ed0dee5ce5aba0b41cf0beee40e76420de4be69
parent1f89727cea7f53ab6a6741781fb9a1d93686244d (diff)
Fixes for gpg key generation and nginx configuration
-rw-r--r--Dockerfile41
-rwxr-xr-xassets/gpg_batch.sh2
-rwxr-xr-xassets/nginx.conf.sh2
-rwxr-xr-xassets/startup.sh6
4 files changed, 17 insertions, 34 deletions
diff --git a/Dockerfile b/Dockerfile
index aad2d2c..fd11a1e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,38 +1,28 @@
1# Copyright 2016 Bryan J. Hong 1# Copyright 2016 Bryan J. Hong
2# 2#
3# Licensed under the Apache License, Version 2.0 (the "License"); 3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License. 4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at 5# You may obtain a copy of the License at
6# 6#
7# http://www.apache.org/licenses/LICENSE-2.0 7# http://www.apache.org/licenses/LICENSE-2.0
8# 8#
9# Unless required by applicable law or agreed to in writing, software 9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, 10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and 12# See the License for the specific language governing permissions and
13# limitations under the License. 13# limitations under the License.
14 14
15FROM ubuntu:trusty 15FROM ubuntu:xenial
16 16
17MAINTAINER bryan@turbojets.net 17MAINTAINER bryan@turbojets.net
18 18
19ENV DEBIAN_FRONTEND noninteractive 19ENV DEBIAN_FRONTEND noninteractive
20ENV DIST=ubuntu 20ENV DIST=ubuntu
21ENV RELEASE=trusty 21ENV RELEASE=xenial
22
23# Add Aptly repository
24RUN echo "deb http://repo.aptly.info/ squeeze main" > /etc/apt/sources.list.d/aptly.list
25RUN apt-key adv --keyserver keys.gnupg.net --recv-keys 9E3E53F19C7DE460
26
27# Add Nginx repository
28RUN echo "deb http://nginx.org/packages/$DIST/ $RELEASE nginx" > /etc/apt/sources.list.d/nginx.list
29RUN echo "deb-src http://nginx.org/packages/$DIST/ $RELEASE nginx" >> /etc/apt/sources.list.d/nginx.list
30RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
31 22
32# Update APT repository and install packages 23# Update APT repository and install packages
33RUN apt-get -q update \ 24RUN apt-get -qq update \
34 && apt-get -y install aptly \ 25 && apt-get -y -qq install aptly \
35 bash-completion \
36 bzip2 \ 26 bzip2 \
37 gnupg \ 27 gnupg \
38 gpgv \ 28 gpgv \
@@ -40,24 +30,17 @@ RUN apt-get -q update \
40 supervisor \ 30 supervisor \
41 nginx \ 31 nginx \
42 wget \ 32 wget \
43 xz-utils 33 xz-utils \
34 apt-utils \
35 && apt-get clean \
36 && rm -rf /var/lib/apt/lists/*
44 37
45# Install Aptly Configuration 38# Install Aptly Configuration
46COPY assets/aptly.conf /etc/aptly.conf 39COPY assets/aptly.conf /etc/aptly.conf
47 40
48# Enable Aptly Bash completions
49RUN wget https://github.com/smira/aptly/raw/master/bash_completion.d/aptly \
50 -O /etc/bash_completion.d/aptly \
51 && echo "if ! shopt -oq posix; then\n\
52 if [ -f /usr/share/bash-completion/bash_completion ]; then\n\
53 . /usr/share/bash-completion/bash_completion\n\
54 elif [ -f /etc/bash_completion ]; then\n\
55 . /etc/bash_completion\n\
56 fi\n\
57fi" >> /etc/bash.bashrc
58
59# Install Nginx Config 41# Install Nginx Config
60COPY assets/nginx.conf.sh /opt/nginx.conf.sh 42COPY assets/nginx.conf.sh /opt/nginx.conf.sh
43RUN rm /etc/nginx/sites-enabled/*
61COPY assets/supervisord.nginx.conf /etc/supervisor/conf.d/nginx.conf 44COPY assets/supervisord.nginx.conf /etc/supervisor/conf.d/nginx.conf
62RUN echo "daemon off;" >> /etc/nginx/nginx.conf 45RUN echo "daemon off;" >> /etc/nginx/nginx.conf
63 46
diff --git a/assets/gpg_batch.sh b/assets/gpg_batch.sh
index 79448c2..d2228c0 100755
--- a/assets/gpg_batch.sh
+++ b/assets/gpg_batch.sh
@@ -10,8 +10,6 @@ Name-Comment: Aptly Repo Signing
10Name-Email: ${EMAIL_ADDRESS} 10Name-Email: ${EMAIL_ADDRESS}
11Expire-Date: 0 11Expire-Date: 0
12Passphrase: ${GPG_PASSWORD} 12Passphrase: ${GPG_PASSWORD}
13%pubring /opt/aptly/aptly.pub
14%secring /opt/aptly/aptly.sec
15%commit 13%commit
16%echo done 14%echo done
17EOF 15EOF
diff --git a/assets/nginx.conf.sh b/assets/nginx.conf.sh
index 70d822a..f097724 100755
--- a/assets/nginx.conf.sh
+++ b/assets/nginx.conf.sh
@@ -4,7 +4,7 @@ cat << EOF > /etc/nginx/conf.d/default.conf
4server_names_hash_bucket_size 64; 4server_names_hash_bucket_size 64;
5server { 5server {
6 root /opt/aptly/public; 6 root /opt/aptly/public;
7 server_name ${HOSTNAME}; 7 server_name _;
8 8
9 location / { 9 location / {
10 autoindex on; 10 autoindex on;
diff --git a/assets/startup.sh b/assets/startup.sh
index f4f3fc8..6aa72fb 100755
--- a/assets/startup.sh
+++ b/assets/startup.sh
@@ -2,6 +2,8 @@
2 2
3# If the repository GPG keypair doesn't exist, create it. 3# If the repository GPG keypair doesn't exist, create it.
4if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then 4if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
5 echo "Generating new gpg keys"
6 cp -a /dev/urandom /dev/random
5 /opt/gpg_batch.sh 7 /opt/gpg_batch.sh
6 # If your system doesn't have a lot of entropy this may, take a long time 8 # If your system doesn't have a lot of entropy this may, take a long time
7 # Google how-to create "artificial" entropy if this gets stuck 9 # Google how-to create "artificial" entropy if this gets stuck
@@ -37,8 +39,8 @@ if [[ -f /usr/share/keyrings/debian-archive-keyring.gpg ]]; then
37fi 39fi
38 40
39# Aptly looks in /root/.gnupg for default keyrings 41# Aptly looks in /root/.gnupg for default keyrings
40ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg 42ln -sf /root/.gnupg/secring.gpg /opt/aptly/aptly.sec
41ln -sf /opt/aptly/aptly.pub /root/.gnupg/pubring.gpg 43ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub
42 44
43# Generate Nginx Config 45# Generate Nginx Config
44/opt/nginx.conf.sh 46/opt/nginx.conf.sh