Browse Source

Fixes for gpg key generation and nginx configuration

Jon Azpiazu 10 months ago
parent
commit
89f0e23792
4 changed files with 17 additions and 34 deletions
  1. 12
    29
      Dockerfile
  2. 0
    2
      assets/gpg_batch.sh
  3. 1
    1
      assets/nginx.conf.sh
  4. 4
    2
      assets/startup.sh

+ 12
- 29
Dockerfile View File

@@ -1,38 +1,28 @@
1 1
 # Copyright 2016 Bryan J. Hong
2
-# 
2
+#
3 3
 # Licensed under the Apache License, Version 2.0 (the "License");
4 4
 # you may not use this file except in compliance with the License.
5 5
 # You may obtain a copy of the License at
6
-# 
6
+#
7 7
 #     http://www.apache.org/licenses/LICENSE-2.0
8
-# 
8
+#
9 9
 # Unless required by applicable law or agreed to in writing, software
10 10
 # distributed under the License is distributed on an "AS IS" BASIS,
11 11
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 12
 # See the License for the specific language governing permissions and
13 13
 # limitations under the License.
14 14
 
15
-FROM ubuntu:trusty
15
+FROM ubuntu:xenial
16 16
 
17 17
 MAINTAINER bryan@turbojets.net
18 18
 
19 19
 ENV DEBIAN_FRONTEND noninteractive
20 20
 ENV DIST=ubuntu
21
-ENV RELEASE=trusty
22
-
23
-# Add Aptly repository
24
-RUN echo "deb http://repo.aptly.info/ squeeze main" > /etc/apt/sources.list.d/aptly.list
25
-RUN apt-key adv --keyserver keys.gnupg.net --recv-keys 9E3E53F19C7DE460
26
-
27
-# Add Nginx repository
28
-RUN echo "deb http://nginx.org/packages/$DIST/ $RELEASE nginx" > /etc/apt/sources.list.d/nginx.list
29
-RUN echo "deb-src http://nginx.org/packages/$DIST/ $RELEASE nginx" >> /etc/apt/sources.list.d/nginx.list
30
-RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
21
+ENV RELEASE=xenial
31 22
 
32 23
 # Update APT repository and install packages
33
-RUN apt-get -q update                  \
34
- && apt-get -y install aptly           \
35
-                       bash-completion \
24
+RUN apt-get -qq update                  \
25
+ && apt-get -y -qq install aptly           \
36 26
                        bzip2           \
37 27
                        gnupg           \
38 28
                        gpgv            \
@@ -40,24 +30,17 @@ RUN apt-get -q update                  \
40 30
                        supervisor      \
41 31
                        nginx           \
42 32
                        wget            \
43
-                       xz-utils
33
+                       xz-utils        \
34
+                       apt-utils      \
35
+ && apt-get clean \
36
+ && rm -rf /var/lib/apt/lists/*
44 37
 
45 38
 # Install Aptly Configuration
46 39
 COPY assets/aptly.conf /etc/aptly.conf
47 40
 
48
-# Enable Aptly Bash completions
49
-RUN wget https://github.com/smira/aptly/raw/master/bash_completion.d/aptly \
50
-  -O /etc/bash_completion.d/aptly \
51
-  && echo "if ! shopt -oq posix; then\n\
52
-  if [ -f /usr/share/bash-completion/bash_completion ]; then\n\
53
-    . /usr/share/bash-completion/bash_completion\n\
54
-  elif [ -f /etc/bash_completion ]; then\n\
55
-    . /etc/bash_completion\n\
56
-  fi\n\
57
-fi" >> /etc/bash.bashrc
58
-
59 41
 # Install Nginx Config
60 42
 COPY assets/nginx.conf.sh /opt/nginx.conf.sh
43
+RUN rm /etc/nginx/sites-enabled/*
61 44
 COPY assets/supervisord.nginx.conf /etc/supervisor/conf.d/nginx.conf
62 45
 RUN echo "daemon off;" >> /etc/nginx/nginx.conf
63 46
 

+ 0
- 2
assets/gpg_batch.sh View File

@@ -10,8 +10,6 @@ Name-Comment: Aptly Repo Signing
10 10
 Name-Email: ${EMAIL_ADDRESS}
11 11
 Expire-Date: 0
12 12
 Passphrase: ${GPG_PASSWORD}
13
-%pubring /opt/aptly/aptly.pub
14
-%secring /opt/aptly/aptly.sec 
15 13
 %commit
16 14
 %echo done
17 15
 EOF

+ 1
- 1
assets/nginx.conf.sh View File

@@ -4,7 +4,7 @@ cat << EOF > /etc/nginx/conf.d/default.conf
4 4
 server_names_hash_bucket_size 64;
5 5
 server {
6 6
   root /opt/aptly/public;
7
-  server_name ${HOSTNAME};
7
+  server_name _;
8 8
 
9 9
   location / {
10 10
     autoindex on;

+ 4
- 2
assets/startup.sh View File

@@ -2,6 +2,8 @@
2 2
 
3 3
 # If the repository GPG keypair doesn't exist, create it.
4 4
 if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
5
+  echo "Generating new gpg keys"
6
+  cp -a /dev/urandom /dev/random
5 7
   /opt/gpg_batch.sh
6 8
   # If your system doesn't have a lot of entropy this may, take a long time
7 9
   # Google how-to create "artificial" entropy if this gets stuck
@@ -37,8 +39,8 @@ if [[ -f /usr/share/keyrings/debian-archive-keyring.gpg ]]; then
37 39
 fi
38 40
 
39 41
 # Aptly looks in /root/.gnupg for default keyrings
40
-ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg
41
-ln -sf /opt/aptly/aptly.pub /root/.gnupg/pubring.gpg
42
+ln -sf /root/.gnupg/secring.gpg /opt/aptly/aptly.sec
43
+ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub
42 44
 
43 45
 # Generate Nginx Config
44 46
 /opt/nginx.conf.sh

Loading…
Cancel
Save