diff --git a/Dockerfile b/Dockerfile index aad2d2c..fd11a1e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,38 +1,28 @@ # Copyright 2016 Bryan J. Hong -# +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM ubuntu:trusty +FROM ubuntu:xenial MAINTAINER bryan@turbojets.net ENV DEBIAN_FRONTEND noninteractive ENV DIST=ubuntu -ENV RELEASE=trusty - -# Add Aptly repository -RUN echo "deb http://repo.aptly.info/ squeeze main" > /etc/apt/sources.list.d/aptly.list -RUN apt-key adv --keyserver keys.gnupg.net --recv-keys 9E3E53F19C7DE460 - -# Add Nginx repository -RUN echo "deb http://nginx.org/packages/$DIST/ $RELEASE nginx" > /etc/apt/sources.list.d/nginx.list -RUN echo "deb-src http://nginx.org/packages/$DIST/ $RELEASE nginx" >> /etc/apt/sources.list.d/nginx.list -RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 +ENV RELEASE=xenial # Update APT repository and install packages -RUN apt-get -q update \ - && apt-get -y install aptly \ - bash-completion \ +RUN apt-get -qq update \ + && apt-get -y -qq install aptly \ bzip2 \ gnupg \ gpgv \ @@ -40,24 +30,17 @@ RUN apt-get -q update \ supervisor \ nginx \ wget \ - xz-utils + xz-utils \ + apt-utils \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* # Install Aptly Configuration COPY assets/aptly.conf /etc/aptly.conf -# Enable Aptly Bash completions -RUN wget https://github.com/smira/aptly/raw/master/bash_completion.d/aptly \ - -O /etc/bash_completion.d/aptly \ - && echo "if ! shopt -oq posix; then\n\ - if [ -f /usr/share/bash-completion/bash_completion ]; then\n\ - . /usr/share/bash-completion/bash_completion\n\ - elif [ -f /etc/bash_completion ]; then\n\ - . /etc/bash_completion\n\ - fi\n\ -fi" >> /etc/bash.bashrc - # Install Nginx Config COPY assets/nginx.conf.sh /opt/nginx.conf.sh +RUN rm /etc/nginx/sites-enabled/* COPY assets/supervisord.nginx.conf /etc/supervisor/conf.d/nginx.conf RUN echo "daemon off;" >> /etc/nginx/nginx.conf diff --git a/assets/gpg_batch.sh b/assets/gpg_batch.sh index 79448c2..d2228c0 100755 --- a/assets/gpg_batch.sh +++ b/assets/gpg_batch.sh @@ -10,8 +10,6 @@ Name-Comment: Aptly Repo Signing Name-Email: ${EMAIL_ADDRESS} Expire-Date: 0 Passphrase: ${GPG_PASSWORD} -%pubring /opt/aptly/aptly.pub -%secring /opt/aptly/aptly.sec %commit %echo done EOF diff --git a/assets/nginx.conf.sh b/assets/nginx.conf.sh index 70d822a..f097724 100755 --- a/assets/nginx.conf.sh +++ b/assets/nginx.conf.sh @@ -4,7 +4,7 @@ cat << EOF > /etc/nginx/conf.d/default.conf server_names_hash_bucket_size 64; server { root /opt/aptly/public; - server_name ${HOSTNAME}; + server_name _; location / { autoindex on; diff --git a/assets/startup.sh b/assets/startup.sh index f4f3fc8..6aa72fb 100755 --- a/assets/startup.sh +++ b/assets/startup.sh @@ -2,6 +2,8 @@ # If the repository GPG keypair doesn't exist, create it. if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then + echo "Generating new gpg keys" + cp -a /dev/urandom /dev/random /opt/gpg_batch.sh # If your system doesn't have a lot of entropy this may, take a long time # Google how-to create "artificial" entropy if this gets stuck @@ -37,8 +39,8 @@ if [[ -f /usr/share/keyrings/debian-archive-keyring.gpg ]]; then fi # Aptly looks in /root/.gnupg for default keyrings -ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg -ln -sf /opt/aptly/aptly.pub /root/.gnupg/pubring.gpg +ln -sf /root/.gnupg/secring.gpg /opt/aptly/aptly.sec +ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub # Generate Nginx Config /opt/nginx.conf.sh