Merge remote-tracking branch 'jonazpiazu/master' into fix_gpg

# Conflicts:
#	Dockerfile
This commit is contained in:
Artem Smirnov 2018-09-14 00:48:37 +03:00
commit def38a2ddc
5 changed files with 38 additions and 41 deletions

View File

@ -1,64 +1,47 @@
# Copyright 2018 Artem B. Smirnov
# Copyright 2016 Bryan J. Hong
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#
# http://www.apache.org/licenses/LICENSE-2.0
#
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM ubuntu:trusty
FROM ubuntu:xenial
LABEL maintainer="urpylka@gmail.com"
ENV DEBIAN_FRONTEND noninteractive
# Add Aptly repository
RUN echo "deb http://repo.aptly.info/ squeeze main" > /etc/apt/sources.list.d/aptly.list
RUN apt-key adv --keyserver pool.sks-keyservers.net --recv-keys ED75B5A4483DA07C
# Add Nginx repository
RUN echo "deb http://nginx.org/packages/ubuntu/ trusty nginx" > /etc/apt/sources.list.d/nginx.list
RUN echo "deb-src http://nginx.org/packages/ubuntu/ trusty nginx" >> /etc/apt/sources.list.d/nginx.list
RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
# Update APT repository and install packages
RUN apt-get -q update \
&& apt-get -y install aptly \
bash-completion \
bzip2 \
gnupg \
gpgv \
graphviz \
supervisor \
nginx \
wget \
xz-utils
RUN apt-get -q update \
&& apt-get -y -q install aptly \
bzip2 \
gnupg \
gpgv \
graphviz \
supervisor \
nginx \
wget \
xz-utils \
apt-utils \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Install Aptly Configuration
COPY assets/aptly.conf /etc/aptly.conf
# Enable Aptly Bash completions
RUN wget https://github.com/aptly-dev/aptly/raw/master/completion.d/aptly \
-O /etc/bash_completion.d/aptly \
&& echo "if ! shopt -oq posix; then\n\
if [ -f /usr/share/bash-completion/bash_completion ]; then\n\
. /usr/share/bash-completion/bash_completion\n\
elif [ -f /etc/bash_completion ]; then\n\
. /etc/bash_completion\n\
fi\n\
fi" >> /etc/bash.bashrc
# Install scripts
COPY assets/*.sh /opt/
# Install Nginx Config
RUN rm /etc/nginx/sites-enabled/*
COPY assets/supervisord.nginx.conf /etc/supervisor/conf.d/nginx.conf
RUN echo "daemon off;" >> /etc/nginx/nginx.conf

8
assets/gpg.conf.sh Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash
mkdir -p ~/.gnupg/
touch ~/.gnupg/gpg.conf
cat >> ~/.gnupg/gpg.conf <<EOF
personal-digest-preferences SHA256
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
EOF

View File

@ -6,7 +6,7 @@
cat << EOF > /opt/gpg_batch
%echo Generating a GPG key, might take a while
Key-Type: RSA
Key-Length: 2048
Key-Length: 4096
Subkey-Type: ELG-E
Subkey-Length: 1024
Name-Real: ${FULL_NAME}
@ -14,8 +14,6 @@ Name-Comment: Aptly Repo Signing
Name-Email: ${EMAIL_ADDRESS}
Expire-Date: 0
Passphrase: ${GPG_PASSWORD}
%pubring /opt/aptly/aptly.pub
%secring /opt/aptly/aptly.sec
%commit
%echo done
EOF

View File

@ -7,7 +7,7 @@ cat << EOF > /etc/nginx/conf.d/default.conf
server_names_hash_bucket_size 64;
server {
root /opt/aptly/public;
server_name ${HOSTNAME};
server_name _;
location / {
autoindex on;

View File

@ -4,12 +4,20 @@
# Copyright 2016 Bryan J. Hong
# Licensed under the Apache License, Version 2.0
if [[ ! -f /root/.gnupg/gpg.conf ]]; then
/opt/gpg.conf.sh
fi
# If the repository GPG keypair doesn't exist, create it.
if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
echo "Generating new gpg keys"
cp -a /dev/urandom /dev/random
/opt/gpg_batch.sh
# If your system doesn't have a lot of entropy this may, take a long time
# Google how-to create "artificial" entropy if this gets stuck
gpg --batch --gen-key /opt/gpg_batch
else
echo "No need to generate new gpg keys"
fi
# Export the GPG Public key
@ -41,8 +49,8 @@ if [[ -f /usr/share/keyrings/debian-archive-keyring.gpg ]]; then
fi
# Aptly looks in /root/.gnupg for default keyrings
ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg
ln -sf /opt/aptly/aptly.pub /root/.gnupg/pubring.gpg
ln -sf /root/.gnupg/secring.gpg /opt/aptly/aptly.sec
ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub
# Generate Nginx Config
/opt/nginx.conf.sh