starlingx/tools
Code Issues Proposed changes
2048253ec7
tools/stx/dockerfiles/stx-aptly.Dockerfile
Scott Little bfa65efc74 Update the root certificates of the Debian build containers 
mirror.starlingx.cengn.ca will only authenticate against the
latest certificates.

Signed-off-by: Scott Little <scott.little@windriver.com>
Change-Id: I9ea940edb529cb8bf44ab1b1433f9c3d62d7b225
2023-07-24 15:33:36 -04:00

86 lines
3.2 KiB
Docker
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Copyright (C) 2021-2022 Wind River Systems,Inc.
#
FROM golang:1.17.5-bullseye AS builder
LABEL stage=builder
# Build Aptly with mirror API support
RUN mkdir -p $GOPATH/src/github.com/aptly-dev/aptly && \
git clone https://github.com/masselstine/aptly $GOPATH/src/github.com/aptly-dev/aptly && \
cd $GOPATH/src/github.com/aptly-dev/aptly && \
go mod init && go mod download && go mod vendor && go mod verify && \
export TRAVIS_TAG="StarlingX_Master_v1.0.0" && \
make install && \
cd $GOPATH && \
curl -O https://nginx.org/keys/nginx_signing.key && apt-key add ./nginx_signing.key
# Build our actual container
FROM debian:bullseye
MAINTAINER mark.asselstine@windriver.com
COPY --from=builder /go/nginx_signing.key nginx_signing.key
# Update certificates
RUN apt-get -q -y update && apt-get -y install --no-install-recommends ca-certificates && update-ca-certificates
# Add Nginx repository and install required packages
RUN apt-get -q update && apt-get -y install gnupg2 && \
echo "deb http://nginx.org/packages/debian/ bullseye nginx" > /etc/apt/sources.list.d/nginx.list && \
apt-key add ./nginx_signing.key && \
apt-get -q update && apt-get -y install \
aptly \
supervisor \
gettext-base \
nginx && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /usr/share/man && \
rm -rf /usr/share/doc && \
rm -rf /usr/share/grub2 && \
rm -rf /usr/share/texmf/fonts && \
rm -rf /usr/share/texmf/doc
# Copy our Aptly build and configure Aptly
COPY --from=builder /go/bin/aptly /usr/bin/aptly
COPY stx/toCOPY/aptly/aptly.conf /etc/aptly.conf
COPY stx/toCOPY/aptly/supervisord.aptly.conf /etc/supervisor/conf.d/aptly.conf
# Configure Nginx
COPY stx/toCOPY/aptly/nginx.conf.template /etc/nginx/nginx.conf.template
COPY stx/toCOPY/aptly/supervisord.nginx.conf /etc/supervisor/conf.d/nginx.conf
COPY stx/toCOPY/aptly/nginx.conf /etc/nginx/nginx.conf
COPY stx/toCOPY/aptly/nginx.logrotate /etc/logrotate.d/nginx
# Bind mount locations
VOLUME [ "/var/aptly" ]
# Ports
EXPOSE 80 8080
# Import private key for repo signatures
COPY stx/toCOPY/aptly/privkey.rsa /root
RUN gpg --import --pinentry-mode loopback --batch --passphrase starlingx /root/privkey.rsa && \
rm -f /root/privkey.rsa
# Add vimrc
RUN mkdir -p /etc/vim
COPY stx/toCOPY/common/vimrc.local /etc/vim/vimrc.local
RUN chmod 0644 /etc/vim/vimrc.local
# Configure startup
COPY stx/toCOPY/aptly/entrypoint.sh /bin/entrypoint.sh
ENTRYPOINT [ "/bin/entrypoint.sh" ]
View Git Blame Copy Permalink