airship
/
utils
Code Issues Proposed changes

Fixes for gpg key generation and nginx configuration

This commit is contained in:
Jon Azpiazu 2018-05-30 16:25:19 +02:00
parent 1f89727cea
commit 89f0e23792
4 changed files with 17 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
Dockerfile
View File

@ -1,38 +1,28 @@
# Copyright 2016 Bryan J. Hong
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#
# http://www.apache.org/licenses/LICENSE-2.0
#
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM ubuntu:trusty
FROM ubuntu:xenial
MAINTAINER bryan@turbojets.net
ENV DEBIAN_FRONTEND noninteractive
ENV DIST=ubuntu
ENV RELEASE=trusty
# Add Aptly repository
RUN echo "deb http://repo.aptly.info/ squeeze main" > /etc/apt/sources.list.d/aptly.list
RUN apt-key adv --keyserver keys.gnupg.net --recv-keys 9E3E53F19C7DE460
# Add Nginx repository
RUN echo "deb http://nginx.org/packages/$DIST/ $RELEASE nginx" > /etc/apt/sources.list.d/nginx.list
RUN echo "deb-src http://nginx.org/packages/$DIST/ $RELEASE nginx" >> /etc/apt/sources.list.d/nginx.list
RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
ENV RELEASE=xenial
# Update APT repository and install packages
RUN apt-get -q update \
&& apt-get -y install aptly \
bash-completion \
RUN apt-get -qq update \
&& apt-get -y -qq install aptly \
bzip2 \
gnupg \
gpgv \
@ -40,24 +30,17 @@ RUN apt-get -q update \
supervisor \
nginx \
wget \
xz-utils
xz-utils \
apt-utils \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Install Aptly Configuration
COPY assets/aptly.conf /etc/aptly.conf
# Enable Aptly Bash completions
RUN wget https://github.com/smira/aptly/raw/master/bash_completion.d/aptly \
-O /etc/bash_completion.d/aptly \
&& echo "if ! shopt -oq posix; then\n\
if [ -f /usr/share/bash-completion/bash_completion ]; then\n\
. /usr/share/bash-completion/bash_completion\n\
elif [ -f /etc/bash_completion ]; then\n\
. /etc/bash_completion\n\
fi\n\
fi" >> /etc/bash.bashrc
# Install Nginx Config
COPY assets/nginx.conf.sh /opt/nginx.conf.sh
RUN rm /etc/nginx/sites-enabled/*
COPY assets/supervisord.nginx.conf /etc/supervisor/conf.d/nginx.conf
RUN echo "daemon off;" >> /etc/nginx/nginx.conf

2
assets/gpg_batch.sh
View File

@ -10,8 +10,6 @@ Name-Comment: Aptly Repo Signing
Name-Email: ${EMAIL_ADDRESS}
Expire-Date: 0
Passphrase: ${GPG_PASSWORD}
%pubring /opt/aptly/aptly.pub
%secring /opt/aptly/aptly.sec
%commit
%echo done
EOF

2
assets/nginx.conf.sh
View File

@ -4,7 +4,7 @@ cat << EOF > /etc/nginx/conf.d/default.conf
server_names_hash_bucket_size 64;
server {
root /opt/aptly/public;
server_name ${HOSTNAME};
server_name _;
location / {
autoindex on;

6
assets/startup.sh
View File

@ -2,6 +2,8 @@
# If the repository GPG keypair doesn't exist, create it.
if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
echo "Generating new gpg keys"
cp -a /dev/urandom /dev/random
/opt/gpg_batch.sh
# If your system doesn't have a lot of entropy this may, take a long time
# Google how-to create "artificial" entropy if this gets stuck
@ -37,8 +39,8 @@ if [[ -f /usr/share/keyrings/debian-archive-keyring.gpg ]]; then
fi
# Aptly looks in /root/.gnupg for default keyrings
ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg
ln -sf /opt/aptly/aptly.pub /root/.gnupg/pubring.gpg
ln -sf /root/.gnupg/secring.gpg /opt/aptly/aptly.sec
ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub
# Generate Nginx Config
/opt/nginx.conf.sh