Browse Source

Merge remote-tracking branch 'jonazpiazu/master' into fix_gpg

# Conflicts:
#	Dockerfile
tags/v1.0
Artem Smirnov 10 months ago
parent
commit
def38a2ddc
5 changed files with 38 additions and 41 deletions
  1. 18
    35
      Dockerfile
  2. 8
    0
      assets/gpg.conf.sh
  3. 1
    3
      assets/gpg_batch.sh
  4. 1
    1
      assets/nginx.conf.sh
  5. 10
    2
      assets/startup.sh

+ 18
- 35
Dockerfile View File

@@ -1,64 +1,47 @@
1 1
 # Copyright 2018 Artem B. Smirnov
2 2
 # Copyright 2016 Bryan J. Hong
3
-# 
3
+#
4 4
 # Licensed under the Apache License, Version 2.0 (the "License");
5 5
 # you may not use this file except in compliance with the License.
6 6
 # You may obtain a copy of the License at
7
-# 
7
+#
8 8
 #     http://www.apache.org/licenses/LICENSE-2.0
9
-# 
9
+#
10 10
 # Unless required by applicable law or agreed to in writing, software
11 11
 # distributed under the License is distributed on an "AS IS" BASIS,
12 12
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 13
 # See the License for the specific language governing permissions and
14 14
 # limitations under the License.
15 15
 
16
-FROM ubuntu:trusty
16
+FROM ubuntu:xenial
17 17
 
18 18
 LABEL maintainer="urpylka@gmail.com"
19 19
 
20 20
 ENV DEBIAN_FRONTEND noninteractive
21 21
 
22
-# Add Aptly repository
23
-RUN echo "deb http://repo.aptly.info/ squeeze main" > /etc/apt/sources.list.d/aptly.list
24
-RUN apt-key adv --keyserver pool.sks-keyservers.net --recv-keys ED75B5A4483DA07C
25
-
26
-# Add Nginx repository
27
-RUN echo "deb http://nginx.org/packages/ubuntu/ trusty nginx" > /etc/apt/sources.list.d/nginx.list
28
-RUN echo "deb-src http://nginx.org/packages/ubuntu/ trusty nginx" >> /etc/apt/sources.list.d/nginx.list
29
-RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
30
-
31 22
 # Update APT repository and install packages
32
-RUN apt-get -q update                  \
33
- && apt-get -y install aptly           \
34
-                       bash-completion \
35
-                       bzip2           \
36
-                       gnupg           \
37
-                       gpgv            \
38
-                       graphviz        \
39
-                       supervisor      \
40
-                       nginx           \
41
-                       wget            \
42
-                       xz-utils
23
+RUN apt-get -q update \
24
+  && apt-get -y -q install aptly \
25
+    bzip2 \
26
+    gnupg \
27
+    gpgv \
28
+    graphviz \
29
+    supervisor \
30
+    nginx \
31
+    wget \
32
+    xz-utils \
33
+    apt-utils \
34
+ && apt-get clean \
35
+ && rm -rf /var/lib/apt/lists/*
43 36
 
44 37
 # Install Aptly Configuration
45 38
 COPY assets/aptly.conf /etc/aptly.conf
46 39
 
47
-# Enable Aptly Bash completions
48
-RUN wget https://github.com/aptly-dev/aptly/raw/master/completion.d/aptly \
49
-  -O /etc/bash_completion.d/aptly \
50
-  && echo "if ! shopt -oq posix; then\n\
51
-  if [ -f /usr/share/bash-completion/bash_completion ]; then\n\
52
-    . /usr/share/bash-completion/bash_completion\n\
53
-  elif [ -f /etc/bash_completion ]; then\n\
54
-    . /etc/bash_completion\n\
55
-  fi\n\
56
-fi" >> /etc/bash.bashrc
57
-
58 40
 # Install scripts
59 41
 COPY assets/*.sh /opt/
60 42
 
61 43
 # Install Nginx Config
44
+RUN rm /etc/nginx/sites-enabled/*
62 45
 COPY assets/supervisord.nginx.conf /etc/supervisor/conf.d/nginx.conf
63 46
 RUN echo "daemon off;" >> /etc/nginx/nginx.conf
64 47
 

+ 8
- 0
assets/gpg.conf.sh View File

@@ -0,0 +1,8 @@
1
+#!/bin/bash
2
+mkdir -p  ~/.gnupg/
3
+touch ~/.gnupg/gpg.conf
4
+cat >> ~/.gnupg/gpg.conf <<EOF
5
+personal-digest-preferences SHA256
6
+cert-digest-algo SHA256
7
+default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
8
+EOF

+ 1
- 3
assets/gpg_batch.sh View File

@@ -6,7 +6,7 @@
6 6
 cat << EOF > /opt/gpg_batch
7 7
 %echo Generating a GPG key, might take a while
8 8
 Key-Type: RSA
9
-Key-Length: 2048
9
+Key-Length: 4096
10 10
 Subkey-Type: ELG-E
11 11
 Subkey-Length: 1024
12 12
 Name-Real: ${FULL_NAME}
@@ -14,8 +14,6 @@ Name-Comment: Aptly Repo Signing
14 14
 Name-Email: ${EMAIL_ADDRESS}
15 15
 Expire-Date: 0
16 16
 Passphrase: ${GPG_PASSWORD}
17
-%pubring /opt/aptly/aptly.pub
18
-%secring /opt/aptly/aptly.sec 
19 17
 %commit
20 18
 %echo done
21 19
 EOF

+ 1
- 1
assets/nginx.conf.sh View File

@@ -7,7 +7,7 @@ cat << EOF > /etc/nginx/conf.d/default.conf
7 7
 server_names_hash_bucket_size 64;
8 8
 server {
9 9
   root /opt/aptly/public;
10
-  server_name ${HOSTNAME};
10
+  server_name _;
11 11
 
12 12
   location / {
13 13
     autoindex on;

+ 10
- 2
assets/startup.sh View File

@@ -4,12 +4,20 @@
4 4
 # Copyright 2016 Bryan J. Hong
5 5
 # Licensed under the Apache License, Version 2.0
6 6
 
7
+if [[ ! -f /root/.gnupg/gpg.conf ]]; then
8
+  /opt/gpg.conf.sh
9
+fi
10
+
7 11
 # If the repository GPG keypair doesn't exist, create it.
8 12
 if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
13
+  echo "Generating new gpg keys"
14
+  cp -a /dev/urandom /dev/random
9 15
   /opt/gpg_batch.sh
10 16
   # If your system doesn't have a lot of entropy this may, take a long time
11 17
   # Google how-to create "artificial" entropy if this gets stuck
12 18
   gpg --batch --gen-key /opt/gpg_batch
19
+else
20
+  echo "No need to generate new gpg keys"
13 21
 fi
14 22
 
15 23
 # Export the GPG Public key
@@ -41,8 +49,8 @@ if [[ -f /usr/share/keyrings/debian-archive-keyring.gpg ]]; then
41 49
 fi
42 50
 
43 51
 # Aptly looks in /root/.gnupg for default keyrings
44
-ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg
45
-ln -sf /opt/aptly/aptly.pub /root/.gnupg/pubring.gpg
52
+ln -sf /root/.gnupg/secring.gpg /opt/aptly/aptly.sec
53
+ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub 
46 54
 
47 55
 # Generate Nginx Config
48 56
 /opt/nginx.conf.sh

Loading…
Cancel
Save