Collection of common tools for the Airship projects
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Andrey Volkov 96fb4e1aba Add tests target 7 months ago
assets Add shellcheck 7 months ago
tools Add tests target 7 months ago
Dockerfile Add hadolint 7 months ago
LICENSE Initial commit 3 years ago
Makefile Add tests target 7 months ago
NOTICE Little fix after merge 9 months ago Update readme 7 months ago
Vagrantfile Alternative cmd for nginx only 7 months ago



  • Packages are downloaded during the docker image build
  • GPG keys for signature may be generated during the docker image build or existing ones are used
  • Nginx blacklist support at runtime


The main difference with the upstream repo is packages saved inside a docker image. During the image building /opt/ is called to create mirrors, update them, merge all in one snapshot and publish it. By default, a new GPG key is generated for making a signature for repo.

There are two modes: filtered build that fetches only packages specified in assets/packages and unfiltered build that fetches all packages. The filtered build is used by default.

To fetch all packages the following command can be used:

git clone
docker build docker-aptly --build-arg MODE=all

By default GPG key for making package signature are generated during the build. You may configure GPG key params via build arguments: FULL_NAME, EMAIL_ADDRESS, and GPG_PASSWORD, like:

docker build docker-aptly \
  --build-arg FULL_NAME="First Last" \
  --build-arg EMAIL_ADDRESS="" \
  --build-arg GPG_PASSWORD="PickAPassword"

If you have a GPG key already you can put private and public key in assets/gpg dir. Keys must have special names: aptly.sec and For example:

cp <my private key> docker-aptly/assets/gpg/aptly.sec
cp <my public key> docker-aptly/assets/gpg/

docker build docker-aptly \
  --build-arg GPG_PASSWORD="GPG passphrase for my private key"

To use the Nginx blacklist feature a volume with Nginx config has to be mounted at runtime. By default, the following keywords are blocked: telnet, ftp. If no volume is mounted then no blacklist will be used.

docker run \
  --name aptly \
  --detach \
  --publish 8080:80 \
  --volume $(pwd)/assets/nginx:/opt/nginx \

For additional docs see

  • Copyright 2018 Artem B. Smirnov
  • Copyright 2016 Bryan J. Hong
  • Licensed under the Apache License, Version 2.0