summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArtem Smirnov <urpylka@gmail.com>2018-09-14 00:48:37 +0300
committerArtem Smirnov <urpylka@gmail.com>2018-09-14 00:48:37 +0300
commitdef38a2ddc911c91a84b4fd694680d4a39582399 (patch)
tree02c36c4e1dd60a2eeb0c6452d765388bb8584675
parentb9da8469b75232466721ca984aca414509f74e97 (diff)
parent480ac06686d50f4e9379f4d490cdb81ceda5c796 (diff)
Merge remote-tracking branch 'jonazpiazu/master' into fix_gpg
# Conflicts: # Dockerfile
-rw-r--r--Dockerfile53
-rwxr-xr-xassets/gpg.conf.sh8
-rwxr-xr-xassets/gpg_batch.sh4
-rwxr-xr-xassets/nginx.conf.sh2
-rwxr-xr-xassets/startup.sh12
5 files changed, 38 insertions, 41 deletions
diff --git a/Dockerfile b/Dockerfile
index a50001a..40c15f5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,64 +1,47 @@
1# Copyright 2018 Artem B. Smirnov 1# Copyright 2018 Artem B. Smirnov
2# Copyright 2016 Bryan J. Hong 2# Copyright 2016 Bryan J. Hong
3# 3#
4# Licensed under the Apache License, Version 2.0 (the "License"); 4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License. 5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at 6# You may obtain a copy of the License at
7# 7#
8# http://www.apache.org/licenses/LICENSE-2.0 8# http://www.apache.org/licenses/LICENSE-2.0
9# 9#
10# Unless required by applicable law or agreed to in writing, software 10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, 11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and 13# See the License for the specific language governing permissions and
14# limitations under the License. 14# limitations under the License.
15 15
16FROM ubuntu:trusty 16FROM ubuntu:xenial
17 17
18LABEL maintainer="urpylka@gmail.com" 18LABEL maintainer="urpylka@gmail.com"
19 19
20ENV DEBIAN_FRONTEND noninteractive 20ENV DEBIAN_FRONTEND noninteractive
21 21
22# Add Aptly repository
23RUN echo "deb http://repo.aptly.info/ squeeze main" > /etc/apt/sources.list.d/aptly.list
24RUN apt-key adv --keyserver pool.sks-keyservers.net --recv-keys ED75B5A4483DA07C
25
26# Add Nginx repository
27RUN echo "deb http://nginx.org/packages/ubuntu/ trusty nginx" > /etc/apt/sources.list.d/nginx.list
28RUN echo "deb-src http://nginx.org/packages/ubuntu/ trusty nginx" >> /etc/apt/sources.list.d/nginx.list
29RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
30
31# Update APT repository and install packages 22# Update APT repository and install packages
32RUN apt-get -q update \ 23RUN apt-get -q update \
33 && apt-get -y install aptly \ 24 && apt-get -y -q install aptly \
34 bash-completion \ 25 bzip2 \
35 bzip2 \ 26 gnupg \
36 gnupg \ 27 gpgv \
37 gpgv \ 28 graphviz \
38 graphviz \ 29 supervisor \
39 supervisor \ 30 nginx \
40 nginx \ 31 wget \
41 wget \ 32 xz-utils \
42 xz-utils 33 apt-utils \
34 && apt-get clean \
35 && rm -rf /var/lib/apt/lists/*
43 36
44# Install Aptly Configuration 37# Install Aptly Configuration
45COPY assets/aptly.conf /etc/aptly.conf 38COPY assets/aptly.conf /etc/aptly.conf
46 39
47# Enable Aptly Bash completions
48RUN wget https://github.com/aptly-dev/aptly/raw/master/completion.d/aptly \
49 -O /etc/bash_completion.d/aptly \
50 && echo "if ! shopt -oq posix; then\n\
51 if [ -f /usr/share/bash-completion/bash_completion ]; then\n\
52 . /usr/share/bash-completion/bash_completion\n\
53 elif [ -f /etc/bash_completion ]; then\n\
54 . /etc/bash_completion\n\
55 fi\n\
56fi" >> /etc/bash.bashrc
57
58# Install scripts 40# Install scripts
59COPY assets/*.sh /opt/ 41COPY assets/*.sh /opt/
60 42
61# Install Nginx Config 43# Install Nginx Config
44RUN rm /etc/nginx/sites-enabled/*
62COPY assets/supervisord.nginx.conf /etc/supervisor/conf.d/nginx.conf 45COPY assets/supervisord.nginx.conf /etc/supervisor/conf.d/nginx.conf
63RUN echo "daemon off;" >> /etc/nginx/nginx.conf 46RUN echo "daemon off;" >> /etc/nginx/nginx.conf
64 47
diff --git a/assets/gpg.conf.sh b/assets/gpg.conf.sh
new file mode 100755
index 0000000..934e2b2
--- /dev/null
+++ b/assets/gpg.conf.sh
@@ -0,0 +1,8 @@
1#!/bin/bash
2mkdir -p ~/.gnupg/
3touch ~/.gnupg/gpg.conf
4cat >> ~/.gnupg/gpg.conf <<EOF
5personal-digest-preferences SHA256
6cert-digest-algo SHA256
7default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
8EOF
diff --git a/assets/gpg_batch.sh b/assets/gpg_batch.sh
index 6af2994..0b66d88 100755
--- a/assets/gpg_batch.sh
+++ b/assets/gpg_batch.sh
@@ -6,7 +6,7 @@
6cat << EOF > /opt/gpg_batch 6cat << EOF > /opt/gpg_batch
7%echo Generating a GPG key, might take a while 7%echo Generating a GPG key, might take a while
8Key-Type: RSA 8Key-Type: RSA
9Key-Length: 2048 9Key-Length: 4096
10Subkey-Type: ELG-E 10Subkey-Type: ELG-E
11Subkey-Length: 1024 11Subkey-Length: 1024
12Name-Real: ${FULL_NAME} 12Name-Real: ${FULL_NAME}
@@ -14,8 +14,6 @@ Name-Comment: Aptly Repo Signing
14Name-Email: ${EMAIL_ADDRESS} 14Name-Email: ${EMAIL_ADDRESS}
15Expire-Date: 0 15Expire-Date: 0
16Passphrase: ${GPG_PASSWORD} 16Passphrase: ${GPG_PASSWORD}
17%pubring /opt/aptly/aptly.pub
18%secring /opt/aptly/aptly.sec
19%commit 17%commit
20%echo done 18%echo done
21EOF 19EOF
diff --git a/assets/nginx.conf.sh b/assets/nginx.conf.sh
index c81740b..be25bc3 100755
--- a/assets/nginx.conf.sh
+++ b/assets/nginx.conf.sh
@@ -7,7 +7,7 @@ cat << EOF > /etc/nginx/conf.d/default.conf
7server_names_hash_bucket_size 64; 7server_names_hash_bucket_size 64;
8server { 8server {
9 root /opt/aptly/public; 9 root /opt/aptly/public;
10 server_name ${HOSTNAME}; 10 server_name _;
11 11
12 location / { 12 location / {
13 autoindex on; 13 autoindex on;
diff --git a/assets/startup.sh b/assets/startup.sh
index 5ca96a9..22888b5 100755
--- a/assets/startup.sh
+++ b/assets/startup.sh
@@ -4,12 +4,20 @@
4# Copyright 2016 Bryan J. Hong 4# Copyright 2016 Bryan J. Hong
5# Licensed under the Apache License, Version 2.0 5# Licensed under the Apache License, Version 2.0
6 6
7if [[ ! -f /root/.gnupg/gpg.conf ]]; then
8 /opt/gpg.conf.sh
9fi
10
7# If the repository GPG keypair doesn't exist, create it. 11# If the repository GPG keypair doesn't exist, create it.
8if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then 12if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
13 echo "Generating new gpg keys"
14 cp -a /dev/urandom /dev/random
9 /opt/gpg_batch.sh 15 /opt/gpg_batch.sh
10 # If your system doesn't have a lot of entropy this may, take a long time 16 # If your system doesn't have a lot of entropy this may, take a long time
11 # Google how-to create "artificial" entropy if this gets stuck 17 # Google how-to create "artificial" entropy if this gets stuck
12 gpg --batch --gen-key /opt/gpg_batch 18 gpg --batch --gen-key /opt/gpg_batch
19else
20 echo "No need to generate new gpg keys"
13fi 21fi
14 22
15# Export the GPG Public key 23# Export the GPG Public key
@@ -41,8 +49,8 @@ if [[ -f /usr/share/keyrings/debian-archive-keyring.gpg ]]; then
41fi 49fi
42 50
43# Aptly looks in /root/.gnupg for default keyrings 51# Aptly looks in /root/.gnupg for default keyrings
44ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg 52ln -sf /root/.gnupg/secring.gpg /opt/aptly/aptly.sec
45ln -sf /opt/aptly/aptly.pub /root/.gnupg/pubring.gpg 53ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub
46 54
47# Generate Nginx Config 55# Generate Nginx Config
48/opt/nginx.conf.sh 56/opt/nginx.conf.sh