airship/utils
Code Issues Proposed changes
RETIRED, Collection of common tools for the Airship projects
69 Commits 1 Branch 1 Tag 230 KiB
37dc12df2b
Go to file
Andrey Volkov 37dc12df2b Add ability to build from a repo signed with custom GPG key 
The UPSTREAM_KEY_URL was added.
A url for public GPG key if it is not on default location.

Change-Id: I45a283131ca4307c51bd48a8b226064ea8e40144
2018-11-27 11:53:46 -08:00
charts/mini-mirror miniMirror Helm chart 2018-11-27 11:53:45 -08:00
mini-mirror Add ability to build from a repo signed with custom GPG key 2018-11-27 11:53:46 -08:00
tools miniMirror Helm chart 2018-11-27 11:53:45 -08:00
.zuul.yaml Add lint and check gates for airship-utils 2018-11-27 10:51:05 -08:00
LICENSE Initial commit 2016-02-02 02:26:59 -08:00
Makefile Add ability to build from a repo signed with custom GPG key 2018-11-27 11:53:46 -08:00
NOTICE Little fix after merge 2018-09-14 00:56:38 +03:00
README.md Update readme 2018-10-23 14:54:39 -07:00
Vagrantfile Alternative cmd for nginx only 2018-10-24 08:35:02 -07:00

README.md

docker-aptly

Features

  • Packages are downloaded during the docker image build
  • GPG keys for signature may be generated during the docker image build or existing ones are used
  • Nginx blacklist support at runtime

Quickstart

The main difference with the upstream repo is packages saved inside a docker image. During the image building /opt/update_mirror_ubuntu.sh is called to create mirrors, update them, merge all in one snapshot and publish it. By default, a new GPG key is generated for making a signature for repo.

There are two modes: filtered build that fetches only packages specified in assets/packages and unfiltered build that fetches all packages. The filtered build is used by default.

To fetch all packages the following command can be used:

git clone https://github.com/urpylka/docker-aptly.git
docker build docker-aptly --build-arg MODE=all

By default GPG key for making package signature are generated during the build. You may configure GPG key params via build arguments: FULL_NAME, EMAIL_ADDRESS, and GPG_PASSWORD, like:

docker build docker-aptly \
  --build-arg FULL_NAME="First Last" \
  --build-arg EMAIL_ADDRESS="youremail@example.com" \
  --build-arg GPG_PASSWORD="PickAPassword"

If you have a GPG key already you can put private and public key in assets/gpg dir. Keys must have special names: aptly.sec and aptly.pub For example:

cp <my private key> docker-aptly/assets/gpg/aptly.sec
cp <my public key> docker-aptly/assets/gpg/aptly.pub

docker build docker-aptly \
  --build-arg GPG_PASSWORD="GPG passphrase for my private key"

To use the Nginx blacklist feature a volume with Nginx config has to be mounted at runtime. By default, the following keywords are blocked: telnet, ftp. If no volume is mounted then no blacklist will be used.

docker run \
  --name aptly \
  --detach \
  --publish 8080:80 \
  --volume $(pwd)/assets/nginx:/opt/nginx \
  aptly:test

For additional docs see https://github.com/amadev/docker-aptly

  • Copyright 2018 Artem B. Smirnov
  • Copyright 2016 Bryan J. Hong
  • Licensed under the Apache License, Version 2.0