Browse Source

Deprecate airship/utils

This deprecates the airship/utils project, which is
unnecessary and unused.

Change-Id: I95131bc57c162fe7a637c450108b3727c48645aa
changes/42/671042/1
Matt McEuen 3 years ago
parent
commit
47bfe47c1c
  1. 84
      Dockerfile
  2. 201
      LICENSE
  3. 81
      Makefile
  4. 13
      NOTICE
  5. 70
      README.md
  6. 112
      Vagrantfile
  7. 17
      assets/aptly.conf
  8. 13
      assets/gpg.conf.sh
  9. 0
      assets/gpg/.empty
  10. 21
      assets/gpg_batch.sh
  11. 19
      assets/nginx.conf.sh
  12. 3
      assets/nginx/blacklist.conf
  13. 596
      assets/packages/default
  14. 7
      assets/run_nginx.sh
  15. 7
      assets/run_supervisord.sh
  16. 56
      assets/startup.sh
  17. 5
      assets/supervisord.nginx.conf
  18. 85
      assets/update_mirror_ubuntu.sh
  19. 13
      tools/install_packages.sh

84
Dockerfile

@ -1,84 +0,0 @@
# Copyright 2018 Artem B. Smirnov
# Copyright 2018 Jon Azpiazu
# Copyright 2016 Bryan J. Hong
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM ubuntu:xenial
LABEL maintainer="airship-team@att.com"
ENV DEBIAN_FRONTEND noninteractive
RUN apt-key adv --keyserver pool.sks-keyservers.net --recv-keys ED75B5A4483DA07C \
&& echo "deb http://repo.aptly.info/ squeeze main" >> /etc/apt/sources.list
# Update APT repository & install packages
RUN apt-get -q update \
&& apt-get -y install --no-install-recommends \
aptly=1.3.0 \
bzip2=1.0.6-8 \
gnupg=1.4.20-1ubuntu3.3 \
gpgv=1.4.20-1ubuntu3.3 \
graphviz=2.38.0-12ubuntu2.1 \
supervisor=3.2.0-2ubuntu0.2 \
nginx=1.10.3-0ubuntu0.16.04.2 \
wget=1.17.1-1ubuntu1.4 \
xz-utils=5.1.1alpha+20120614-2ubuntu2 \
apt-utils=1.2.27 \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Install Aptly Configuration
COPY assets/aptly.conf /etc/aptly.conf
# Install scripts
COPY assets/*.sh /opt/
# Install Nginx Config
RUN rm /etc/nginx/sites-enabled/*
COPY assets/supervisord.nginx.conf /etc/supervisor/conf.d/nginx.conf
RUN echo "daemon off;" >> /etc/nginx/nginx.conf
ARG FULL_NAME="First Last"
ARG EMAIL_ADDRESS="youremail@example.com"
ARG GPG_PASSWORD="PickAPassword"
ARG HOSTNAME=localhost
ARG MODE=packages
ARG PACKAGE_FILE=default
ARG UBUNTU_RELEASE=xenial
ARG UPSTREAM_URL="http://archive.ubuntu.com/ubuntu/"
ARG COMPONENTS="main universe"
ARG REPOS="${UBUNTU_RELEASE} ${UBUNTU_RELEASE}-updates ${UBUNTU_RELEASE}-security"
ENV FULL_NAME ${FULL_NAME}
ENV EMAIL_ADDRESS ${EMAIL_ADDRESS}
ENV GPG_PASSWORD ${GPG_PASSWORD}
ENV HOSTNAME ${HOSTNAME}
ENV MODE ${MODE}
ENV PACKAGE_FILE=${PACKAGE_FILE}
ENV UBUNTU_RELEASE=${UBUNTU_RELEASE}
ENV UPSTREAM_URL=${UPSTREAM_URL}
ENV COMPONENTS=${COMPONENTS}
ENV REPOS=${REPOS}
COPY assets/packages/* /opt/packages/
COPY assets/gpg/* /opt/aptly/
RUN /opt/startup.sh
# Execute Startup script when container starts
VOLUME [ "/opt/nginx" ]
CMD [ "/opt/run_supervisord.sh" ]

201
LICENSE

@ -1,201 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

81
Makefile

@ -1,81 +0,0 @@
# Copyright 2018 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
IMAGE_PREFIX ?= airshipit
IMAGE_TAG ?= untagged
IMAGE_NAME := aptly
COMMIT ?= commit-id
DOCKER_REGISTRY ?= quay.io
PUSH_IMAGE ?= false
HELM := $(BUILD_DIR)/helm
PROXY ?= http://proxy.foo.com:8000
NO_PROXY ?= localhost,127.0.0.1,.svc.cluster.local
USE_PROXY ?= false
UBUNTU_BASE_IMAGE ?= ubuntu:16.04
IMAGE:=${DOCKER_REGISTRY}/${IMAGE_PREFIX}/$(IMAGE_NAME):${IMAGE_TAG}
.PHONY: validate
validate: lint tests
.PHONY: tests
tests: clean build
docker run -d \
--publish 8080:80 \
--volume $(shell pwd)/assets/nginx:/opt/nginx \
--name aptly \
${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${IMAGE_TAG}
docker run --network host \
--name target \
--volume $(shell pwd)/tools:/opt \
$(UBUNTU_BASE_IMAGE) /opt/install_packages.sh
.PHONY: clean
clean:
docker rm -f aptly || true
docker rm -f target || true
.PHONY: lint
lint:
shellcheck assets/*.sh
hadolint Dockerfile
.PHONY: build
build:
ifeq ($(USE_PROXY), true)
docker build --network host -t $(IMAGE) \
--label "org.opencontainers.image.revision=$(COMMIT)" \
--label "org.opencontainers.image.created=$(shell date --rfc-3339=seconds --utc)" \
--label "org.opencontainers.image.title=$(IMAGE_NAME)" \
-f Dockerfile \
--build-arg http_proxy=$(PROXY) \
--build-arg https_proxy=$(PROXY) \
--build-arg HTTP_PROXY=$(PROXY) \
--build-arg HTTPS_PROXY=$(PROXY) \
--build-arg no_proxy=$(NO_PROXY) \
--build-arg NO_PROXY=$(NO_PROXY) .
else
docker build --network host -t $(IMAGE) \
--label "org.opencontainers.image.revision=$(COMMIT)" \
--label "org.opencontainers.image.created=$(shell date --rfc-3339=seconds --utc)" \
--label "org.opencontainers.image.title=$(IMAGE_NAME)" \
-f Dockerfile .
endif
ifeq ($(PUSH_IMAGE), true)
docker push $(IMAGE)
endif

13
NOTICE

@ -1,13 +0,0 @@
docker-aptly
Copyright 2018 Artem B. Smirnov
This product contains software (https://github.com/urpylka/docker-aptly) developed
by Artem Smirnov (http://github.com/urpylka), and Jon Azpiazu (https://github.com/jonazpiazu)
licensed under the Apache License.
Copyright 2016 Bryan J. Hong
This product contains software (https://github.com/bryanhong/docker-aptly) developed
by Bryan Hong (http://github.com/bryanhong), and Jan Čapek (https://github.com/honzik666)
licensed under the Apache License.

70
README.md

@ -1,65 +1,11 @@
# docker-aptly
This project is no longer maintained.
## Features
The contents of this repository are still available in the Git
source code management system. To see the contents of this
repository before it reached its end of life, please check out the
previous commit with "git checkout HEAD^1".
- Packages are downloaded during the docker image build
- GPG keys for signature may be generated during the docker image build or existing ones are used
- Nginx blacklist support at runtime
For any further questions, please email
airship-discuss@lists.airshipit.org or join #airshipit on
Freenode.
## Quickstart
The main difference with the upstream repo is packages saved inside a docker image.
During the image building /opt/update_mirror_ubuntu.sh is called to create mirrors, update them,
merge all in one snapshot and publish it. By default, a new GPG key is generated for making a signature for repo.
There are two modes: filtered build that fetches only packages specified in assets/packages and
unfiltered build that fetches all packages. The filtered build is used by default.
To fetch all packages the following command can be used:
```bash
git clone https://github.com/urpylka/docker-aptly.git
docker build docker-aptly --build-arg MODE=all
```
By default GPG key for making package signature are generated during the build.
You may configure GPG key params via build arguments: FULL_NAME, EMAIL_ADDRESS, and GPG_PASSWORD, like:
```bash
docker build docker-aptly \
--build-arg FULL_NAME="First Last" \
--build-arg EMAIL_ADDRESS="youremail@example.com" \
--build-arg GPG_PASSWORD="PickAPassword"
```
If you have a GPG key already you can put private and public key in assets/gpg dir.
Keys must have special names: aptly.sec and aptly.pub
For example:
```bash
cp <my private key> docker-aptly/assets/gpg/aptly.sec
cp <my public key> docker-aptly/assets/gpg/aptly.pub
docker build docker-aptly \
--build-arg GPG_PASSWORD="GPG passphrase for my private key"
```
To use the Nginx blacklist feature a volume with Nginx config has to be mounted at runtime.
By default, the following keywords are blocked: telnet, ftp.
If no volume is mounted then no blacklist will be used.
```bash
docker run \
--name aptly \
--detach \
--publish 8080:80 \
--volume $(pwd)/assets/nginx:/opt/nginx \
aptly:test
```
___
For additional docs see https://github.com/amadev/docker-aptly
* Copyright 2018 Artem B. Smirnov
* Copyright 2016 Bryan J. Hong
* Licensed under the Apache License, Version 2.0

112
Vagrantfile vendored

@ -1,112 +0,0 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://vagrantcloud.com/search.
config.vm.box = "generic/ubuntu1604"
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# NOTE: This will enable public access to the opened port
# config.vm.network "forwarded_port", guest: 80, host: 8080
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine and only allow access
# via 127.0.0.1 to disable public access
# config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
# config.vm.network "public_network"
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#config.vm.provider "virtualbox" do |vb|
# # Display the VirtualBox GUI when booting the machine
# # vb.gui = true
#end
[:virtualbox, :parallels, :libvirt, :hyperv].each do |provider|
config.vm.provider provider do |vplh, override|
vplh.cpus = 1
vplh.memory = 2048
end
end
[:vmware_fusion, :vmware_workstation, :vmware_desktop].each do |provider|
config.vm.provider provider do |vmw, override|
vmw.vmx["memsize"] = "2048"
vmw.vmx["numvcpus"] = "1"
end
end
#
# View the documentation for the provider you are using for more
# information on available options.
# Enable provisioning with a shell script. Additional provisioners such as
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
# documentation for more information about their specific syntax and use.
# config.vm.provision "shell", inline: <<-SHELL
# apt-get update
# apt-get install -y apache2
# SHELL
config.vm.define "aptly" do |node|
node.vm.hostname = "aptly"
node.vm.provision "file", source: ".", destination: "$HOME/docker-aptly"
node.vm.provision :shell, inline: <<-SHELL
echo htop > /home/vagrant/docker-aptly/assets/packages/list
echo telnetd >> /home/vagrant/docker-aptly/assets/packages/list
echo openbsd-inetd >> /home/vagrant/docker-aptly/assets/packages/list
echo inet-superserver >> /home/vagrant/docker-aptly/assets/packages/list
echo 'mysql-client (>= 3.6)' >> /home/vagrant/docker-aptly/assets/packages/list
SHELL
node.vm.provision "docker" do |d|
d.build_image "/home/vagrant/docker-aptly -t aptly:test --build-arg PACKAGE_FILE=list"
d.run "aptly",
args: "-p '8080:80' -v '/home/vagrant/docker-aptly/assets/nginx:/opt/nginx'",
image: "aptly:test",
cmd: "/opt/run_nginx.sh"
end
node.vm.provision :shell, inline: <<-SHELL
sleep 5
curl -s localhost:8080/aptly_repo_signing.key | apt-key add -
mv /etc/apt/sources.list /etc/apt/sources.list.backup
touch /etc/apt/sources.list
add-apt-repository 'deb http://localhost:8080 xenial main'
apt-get update
apt-cache policy htop
apt-get install -y htop mysql-client
apt-get install -y telnetd || echo "telnetd was not installed due to blacklist"
SHELL
end
end

17
assets/aptly.conf

@ -1,17 +0,0 @@
{
"rootDir": "/opt/aptly",
"downloadConcurrency": 4,
"downloadSpeedLimit": 0,
"architectures": [],
"dependencyFollowSuggests": false,
"dependencyFollowRecommends": false,
"dependencyFollowAllVariants": false,
"dependencyFollowSource": false,
"gpgDisableSign": false,
"gpgDisableVerify": false,
"downloadSourcePackages": false,
"ppaDistributorID": "ubuntu",
"ppaCodename": "",
"S3PublishEndpoints": {},
"SwiftPublishEndpoints": {}
}

13
assets/gpg.conf.sh

@ -1,13 +0,0 @@
#! /usr/bin/env bash
# Copyright 2018 Artem B. Smirnov
# Copyright 2018 Jon Azpiazu
# Licensed under the Apache License, Version 2.0
mkdir -p /root/.gnupg/
touch /root/.gnupg/gpg.conf
cat >> /root/.gnupg/gpg.conf <<EOF
personal-digest-preferences SHA256
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
EOF

0
assets/gpg/.empty

21
assets/gpg_batch.sh

@ -1,21 +0,0 @@
#! /usr/bin/env bash
# Copyright 2016 Bryan J. Hong
# Licensed under the Apache License, Version 2.0
cat << EOF > /opt/gpg_batch
%echo Generating a GPG key, might take a while
Key-Type: RSA
Key-Length: 4096
Subkey-Type: ELG-E
Subkey-Length: 1024
Name-Real: ${FULL_NAME}
Name-Comment: Aptly Repo Signing
Name-Email: ${EMAIL_ADDRESS}
Expire-Date: 0
Passphrase: ${GPG_PASSWORD}
%pubring /opt/aptly/aptly.pub
%secring /opt/aptly/aptly.sec
%commit
%echo done
EOF

19
assets/nginx.conf.sh

@ -1,19 +0,0 @@
#! /usr/bin/env bash
# Copyright 2018 Artem B. Smirnov
# Copyright 2016 Bryan J. Hong
# Licensed under the Apache License, Version 2.0
cat << EOF > /etc/nginx/conf.d/default.conf
server_names_hash_bucket_size 64;
server {
root /opt/aptly/public;
server_name ${HOSTNAME};
location / {
autoindex on;
}
include /opt/nginx/*.conf;
}
EOF

3
assets/nginx/blacklist.conf

@ -1,3 +0,0 @@
location ~ (telnet|ftp) {
return 404;
}

596
assets/packages/default

@ -1,596 +0,0 @@
accountsservice
acl
acpid
adduser
amd64-microcode
apparmor
apport
apport-symptoms
apt
apt-transport-https
apt-utils
arping
at
base-files
base-passwd
bash
bash-completion
bc
bcache-tools
bind9-host
binfmt-support
binutils
bsdmainutils
bsdutils
btrfs-tools
build-essential
busybox-initramfs
busybox-static
byobu
bzip2
ca-certificates
ceph-common
cloud-guest-utils
cloud-init
cloud-initramfs-copymods
cloud-initramfs-dyn-netconf
command-not-found
command-not-found-data
console-setup
console-setup-linux
coreutils
cpio
cpp
cpp-5
crda
cron
cryptsetup
cryptsetup-bin
curl
dash
dbus
debconf
debconf-i18n
debianutils
dh-python
diffutils
distro-info-data
dkms
dmeventd
dmidecode
dmsetup
dnsmasq-base
dns-root-data
dnsutils
docker.io
docker-engine
dosfstools
dpkg
dpkg-dev
dstat
e2fslibs
e2fsprogs
eatmydata
ed
eject
ethtool
fakeroot
file
findutils
fonts-ubuntu-font-family-console
freeipmi-common
friendly-recovery
ftp
fuse
g++
g++-5
gawk
gcc
gcc-5
gcc-5-base
gcc-6-base
gdisk
geoip-database
gettext-base
gir1.2-glib-2.0
git
git-man
gnupg
gpgv
grep
groff-base
grub2-common
grub-common
grub-gfxpayload-lists
grub-legacy-ec2
grub-pc
grub-pc-bin
gzip
hdparm
heirloom-mailx
hostname
ifenslave
ifupdown
info
init
initramfs-tools
initramfs-tools-bin
initramfs-tools-core
initscripts
init-system-helpers
insserv
installation-report
install-info
intel-microcode
iotop
iperf
ipmitool
iproute2
iptables
iputils-arping
iputils-ping
iputils-tracepath
irqbalance
isc-dhcp-client
isc-dhcp-common
iso-codes
iucode-tool
iw
jq
kbd
keyboard-configuration
klibc-utils
kmod
krb5-locales
ksh
language-selector-common
laptop-detect
ldap-utils
less
libaccountsservice0
libacl1
libalgorithm-diff-perl
libalgorithm-diff-xs-perl
libalgorithm-merge-perl
libapparmor1
libapparmor-perl
libapt-inst2.0
libapt-pkg5.0
libasan2
libasn1-8-heimdal
libasprintf0v5
libatm1
libatomic1
libattr1
libaudit1
libaudit-common
libbabeltrace1
libbabeltrace-ctf1
libbind9-140
libblas3
libblas-common
libblkid1
libboost-iostreams1.58.0
libboost-program-options1.58.0
libboost-random1.58.0
libboost-regex1.58.0
libboost-system1.58.0
libboost-thread1.58.0
libbsd0
libbz2-1.0
libc6
libc6-dev
libcap2
libcap2-bin
libcap-ng0
libc-bin
libcc1-0
libc-dev-bin
libcephfs1
libcilkrts5
libcomerr2
libcryptsetup4
libcurl3-gnutls
libdb5.3
libdbus-1-3
libdbus-glib-1-2
libdebconfclient0
libdevmapper1.02.1
libdevmapper-event1.02.1
libdns162
libdns-export162
libdpkg-perl
libdrm2
libdrm-common
libdumbnet1
libdw1
libeatmydata1
libedit2
libelf1
liberror-perl
libestr0
libevent-2.0-5
libexpat1
libfakeroot
libfcgi0ldbl
libfdisk1
libffi6
libfile-fcntllock-perl
libfreeipmi16
libfreetype6
libfribidi0
libfuse2
libgcc1
libgcc-5-dev
libgcrypt20
libgdbm3
libgeoip1
libgirepository-1.0-1
libglib2.0-0
libglib2.0-data
libgmp10
libgnutls30
libgnutls-openssl27
libgomp1
libgpg-error0
libgpm2
libgssapi3-heimdal
libgssapi-krb5-2
libhcrypto4-heimdal
libheimbase1-heimdal
libheimntlm0-heimdal
libhogweed4
libhx509-5-heimdal
libicu55
libidn11
libisc160
libisccc140
libisccfg140
libisc-export160
libisl15
libitm1
libjansson4
libjson-c2
libk5crypto3
libkeyutils1
libklibc
libkmod2
libkrb5-26-heimdal
libkrb5-3
libkrb5support0
libldap-2.4-2
liblinear3
liblocale-gettext-perl
liblsan0
libltdl7
liblua5.2-0
liblvm2app2.2
liblvm2cmd2.02
liblwres141
liblxc1
liblz4-1
liblzma5
liblzo2-2
libmagic1
libmnl0
libmount1
libmpc3
libmpdec2
libmpfr4
libmpx0
libmspack0
libncurses5
libncursesw5
libnet1
libnetfilter-conntrack3
libnettle6
libnewt0.52
libnfnetlink0
libnih1
libnl-3-200
libnl-genl-3-200
libnspr4
libnss3
libnss3-nssdb
libnuma1
libonig2
libopenipmi0
libopts25
libp11-kit0
libpam0g
libpam-modules
libpam-modules-bin
libpam-runtime
libpam-systemd
libparted2
libpcap0.8
libpci3
libpcre3
libperl5.22
libpipeline1
libplymouth4
libpng12-0
libpolkit-agent-1-0
libpolkit-backend-1-0
libpolkit-gobject-1-0
libpopt0
libprocps4
libprotobuf9v5
libpython2.7-minimal
libpython2.7-stdlib
libpython3.5
libpython3.5-minimal
libpython3.5-stdlib
libpython3-stdlib
libpython-stdlib
libquadmath0
librados2
libradosstriper1
librbd1
libreadline5
libreadline6
librgw2
libroken18-heimdal
librtmp1
libsasl2-2
libsasl2-modules
libsasl2-modules-db
libseccomp2
libselinux1
libsemanage1
libsemanage-common
libsensors4
libsepol1
libsigsegv2
libslang2
libsmartcols1
libsnmp30
libsnmp-base
libsqlite3-0
libss2
libssl1.0.0
libstdc++-5-dev
libstdc++6
libsystemd0
libtasn1-6
libtext-charwidth-perl
libtext-iconv-perl
libtext-wrapi18n-perl
libtinfo5
libtsan0
libubsan0
libudev1
libunwind8
libusb-0.1-4
libusb-1.0-0
libustr-1.0-1
libutempter0
libuuid1
libuv1
libwind0-heimdal
libwrap0
libx11-6
libx11-data
libxau6
libxcb1
libxdmcp6
libxext6
libxml2
libxmlsec1
libxmlsec1-openssl
libxmuu1
libxslt1.1
libxtables11
libyaml-0-2
linux-base
linux-cloud-tools-common
linux-firmware
linux-generic-hwe-16.04
linux-headers-4.15.0-34
linux-headers-4.15.0-34-generic
linux-headers-generic-hwe-16.04
linux-image-4.15.0-34-generic
linux-image-extra-4.13.0-45-generic
linux-image-generic-hwe-16.04
linux-libc-dev
linux-modules-4.15.0-34-generic
linux-modules-extra-4.15.0-34-generic
linux-signed-generic-hwe-16.04
linux-signed-image-4.13.0-45-generic
linux-tools-common
lldpd
locales
login
logrotate
lsb-base
lsb-release
lshw
lsof
ltrace
lua-lpeg
lvm2
lxc-common
lxcfs
lxd
lxd-client
make
makedev
man-db
manpages
manpages-dev
mawk
mdadm
mime-support
mlocate
mosh
mount
mtr-tiny
multiarch-support
nano
ncurses-base
ncurses-bin
ncurses-term
ndiff
netbase
netcat-openbsd
net-tools
nmap
node-commander
nodejs
node-nan
node-tinycolor
node-ws
ntfs-3g
ntp
openipmi
open-iscsi
openssh-client
openssh-server
openssh-sftp-server
openssl
open-vm-tools
os-prober
overlayroot
parted
passwd
pastebinit
patch
pciutils
perl
perl-base
perl-modules-5.22
plymouth
plymouth-theme-ubuntu-text
policykit-1
pollinate
popularity-contest
powermgmt-base
procps
psmisc
python
python2.7
python2.7-minimal
python3
python3.5
python3.5-minimal
python3-apport
python3-apt
python3-blinker
python3-cffi-backend
python3-chardet
python3-commandnotfound
python3-configobj
python3-cryptography
python3-dbus
python3-debian
python3-distupgrade
python3-gdbm
python3-gi
python3-idna
python3-jinja2
python3-jsonpatch
python3-json-pointer
python3-jwt
python3-markupsafe
python3-minimal
python3-newt
python3-oauthlib
python3-pkg-resources
python3-prettytable
python3-problem-report
python3-pyasn1
python3-pycurl
python3-requests
python3-serial
python3-six
python3-software-properties
python3-systemd
python3-update-manager
python3-urllib3
python3-yaml
python-apt
python-apt-common
python-bs4
python-cephfs
python-chardet
python-html5lib
python-lxml
python-minimal
python-pkg-resources
python-rados
python-rbd
python-requests
python-six
python-urllib3
readline-common
rename
resolvconf
rsync
rsyslog
run-one
sbsigntool
screen
sed
sensible-utils
sgml-base
shared-mime-info
s-nail
snapd
socat
software-properties-common
sosreport
squashfs-tools
ssh-import-id
ssmtp
strace
sudo
sysstat
systemd
systemd-sysv
sysvinit-utils
sysv-rc
tar
tasksel
tasksel-data
tcpd
tcpdump
telnet
thermald
time
tmux
traceroute
tzdata
ubuntu-cloudimage-keyring
ubuntu-core-launcher
ubuntu-keyring
ubuntu-minimal
ubuntu-release-upgrader-core
ubuntu-standard
ucf
udev
ufw
uidmap
unattended-upgrades
unzip
update-manager-core
update-notifier-common
ureadahead
usbutils
util-linux
uuid-runtime
vim
vim-common
vim-runtime
vim-tiny
vlan
wget
whiptail
wireless-regdb
xauth
xdg-user-dirs
xfsprogs
xkb-data
xml-core
xz-utils
zerofree
zlib1g

7
assets/run_nginx.sh

@ -1,7 +0,0 @@
#!/usr/bin/env bash
set -o pipefail
set -o errexit
# set -o xtrace
/usr/sbin/nginx

7
assets/run_supervisord.sh

@ -1,7 +0,0 @@
#!/usr/bin/env bash
set -o pipefail
set -o errexit
# set -o xtrace
/usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf

56
assets/startup.sh

@ -1,56 +0,0 @@
#! /usr/bin/env bash
# Copyright 2018 Artem B. Smirnov
# Copyright 2018 Jon Azpiazu
# Copyright 2016 Bryan J. Hong
# Licensed under the Apache License, Version 2.0
set -o xtrace
if [[ ! -f /root/.gnupg/gpg.conf ]]; then
/opt/gpg.conf.sh
fi
# If the repository GPG keypair doesn't exist, create it.
if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
echo "Generating new gpg keys"
cp -a /dev/urandom /dev/random
/opt/gpg_batch.sh
# If your system doesn't have a lot of entropy this may, take a long time
# Google how-to create "artificial" entropy if this gets stuck
gpg -v --batch --gen-key /opt/gpg_batch
else
echo "No need to generate new gpg keys"
fi
# Import Ubuntu keyrings if they exist
if [[ -f /usr/share/keyrings/ubuntu-archive-keyring.gpg ]]; then
gpg --list-keys
gpg --no-default-keyring \
--keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg \
--export | \
gpg --no-default-keyring \
--keyring trustedkeys.gpg \
--import
fi
# Import Debian keyrings if they exist
if [[ -f /usr/share/keyrings/debian-archive-keyring.gpg ]]; then
gpg --list-keys
gpg --no-default-keyring \
--keyring /usr/share/keyrings/debian-archive-keyring.gpg \
--export | \
gpg --no-default-keyring \
--keyring trustedkeys.gpg \
--import
fi
# Aptly looks in /root/.gnupg for default keyrings
ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg
ln -sf /opt/aptly/aptly.pub /root/.gnupg/pubring.gpg
# Generate Nginx Config
/opt/nginx.conf.sh
/opt/update_mirror_ubuntu.sh

5
assets/supervisord.nginx.conf

@ -1,5 +0,0 @@
[program:nginx]
command=/usr/sbin/nginx
redirect_stderr=true
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0

85
assets/update_mirror_ubuntu.sh

@ -1,85 +0,0 @@
#! /usr/bin/env bash
set -e
set -x
# Automate the initial creation and update of an Ubuntu package mirror in aptly
# The variables (as set below) will create a mirror of the Ubuntu repo
# with the main & universe components, you can add other components like restricted
# multiverse etc by adding to the array (separated by spaces).
# For more detail about each of the variables below refer to:
# https://help.ubuntu.com/community/Repositories/CommandLine
if [ "$MODE" = "packages" ]; then
if [ ! -f "/opt/packages/$PACKAGE_FILE" ]; then
echo "File with a package list is not found"
exit 1
fi
FILTER_VAL=$(paste -sd \| "/opt/packages/$PACKAGE_FILE")
FILTER_OPTS=("-filter=$FILTER_VAL" "-filter-with-deps")
else
FILTER_OPTS=()
fi
REPO_DATE=$(date +%Y%m%d%H)
# Create repository mirrors if they don't exist
for component in ${COMPONENTS}; do
for repo in ${REPOS}; do
if ! aptly mirror list -raw | grep "^${repo}-${component}$"
then
echo "Creating mirror of ${repo}-${component} repository."
aptly mirror create \
-architectures=amd64 "${FILTER_OPTS[@]}" "${repo}-${component}" "${UPSTREAM_URL}" "${repo}" "${component}"
fi
done
done
# Update all repository mirrors
for component in ${COMPONENTS}; do
for repo in ${REPOS}; do
echo "Updating ${repo}-${component} repository mirror.."
aptly mirror update "${repo}-${component}"
done
done
SNAPSHOTARRAY=()
# Create snapshots of updated repositories
for component in ${COMPONENTS}; do
for repo in ${REPOS}; do
echo "Creating snapshot of ${repo}-${component} repository mirror.."
SNAPSHOTARRAY+=("${repo}-${component}-$REPO_DATE")
aptly snapshot create "${repo}-${component}-$REPO_DATE" from mirror "${repo}-${component}"
done
done
echo "${SNAPSHOTARRAY[@]}"
# Merge snapshots into a single snapshot with updates applied
echo "Merging snapshots into one.."
aptly snapshot merge -latest \
"${UBUNTU_RELEASE}-merged-$REPO_DATE" \
"${SNAPSHOTARRAY[@]}"
# Publish the latest merged snapshot
if aptly publish list -raw | awk '{print $2}' | grep "^${UBUNTU_RELEASE}$"
then
aptly publish switch \
-batch=true \
-passphrase="${GPG_PASSWORD}" \
"${UBUNTU_RELEASE}" "${UBUNTU_RELEASE}-merged-$REPO_DATE"
else
aptly publish snapshot \
-batch=true \
-passphrase="${GPG_PASSWORD}" \
-distribution="${UBUNTU_RELEASE}" "${UBUNTU_RELEASE}-merged-$REPO_DATE"
fi
# Export the GPG Public key
if [[ ! -f /opt/aptly/public/aptly_repo_signing.key ]]; then
gpg --export --armor > /opt/aptly/public/aptly_repo_signing.key
fi
# Generate Aptly Graph
aptly graph -output /opt/aptly/public/aptly_graph.png

13
tools/install_packages.sh

@ -1,13 +0,0 @@
#!/usr/bin/env bash
set -o pipefail
set -o errexit
set -o xtrace
apt update
apt install -y curl
curl -s localhost:8080/aptly_repo_signing.key | apt-key add -
echo 'deb http://localhost:8080 xenial main' > /etc/apt/sources.list
apt-get update
apt-cache policy accountsservice
apt-get install -y accountsservice
Loading…
Cancel
Save