Merge remote-tracking branch 'jonazpiazu/master' into fix_gpg

# Conflicts: # Dockerfile
2018-09-14 00:48:37 +03:00 · 2018-09-14 00:48:37 +03:00 · def38a2ddc
commit def38a2ddc
parent b9da8469b7 480ac06686
5 changed files with 38 additions and 41 deletions
--- a/53
+++ b/53
@ -1,64 +1,47 @@
 # Copyright 2018 Artem B. Smirnov
 # Copyright 2016 Bryan J. Hong
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

-FROM ubuntu:trusty
+FROM ubuntu:xenial

 LABEL maintainer="urpylka@gmail.com"

 ENV DEBIAN_FRONTEND noninteractive

-# Add Aptly repository
-RUN echo "deb http://repo.aptly.info/ squeeze main" > /etc/apt/sources.list.d/aptly.list
-RUN apt-key adv --keyserver pool.sks-keyservers.net --recv-keys ED75B5A4483DA07C
-
-# Add Nginx repository
-RUN echo "deb http://nginx.org/packages/ubuntu/ trusty nginx" > /etc/apt/sources.list.d/nginx.list
-RUN echo "deb-src http://nginx.org/packages/ubuntu/ trusty nginx" >> /etc/apt/sources.list.d/nginx.list
-RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
-
 # Update APT repository and install packages
-RUN apt-get -q update                  \
- && apt-get -y install aptly           \
-                       bash-completion \
-                       bzip2           \
-                       gnupg           \
-                       gpgv            \
-                       graphviz        \
-                       supervisor      \
-                       nginx           \
-                       wget            \
-                       xz-utils
+RUN apt-get -q update \
+  && apt-get -y -q install aptly \
+    bzip2 \
+    gnupg \
+    gpgv \
+    graphviz \
+    supervisor \
+    nginx \
+    wget \
+    xz-utils \
+    apt-utils \
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/*

 # Install Aptly Configuration
 COPY assets/aptly.conf /etc/aptly.conf

-# Enable Aptly Bash completions
-RUN wget https://github.com/aptly-dev/aptly/raw/master/completion.d/aptly \
-  -O /etc/bash_completion.d/aptly \
-  && echo "if ! shopt -oq posix; then\n\
-  if [ -f /usr/share/bash-completion/bash_completion ]; then\n\
-    . /usr/share/bash-completion/bash_completion\n\
-  elif [ -f /etc/bash_completion ]; then\n\
-    . /etc/bash_completion\n\
-  fi\n\
-fi" >> /etc/bash.bashrc
-
 # Install scripts
 COPY assets/*.sh /opt/

 # Install Nginx Config
+RUN rm /etc/nginx/sites-enabled/*
 COPY assets/supervisord.nginx.conf /etc/supervisor/conf.d/nginx.conf
 RUN echo "daemon off;" >> /etc/nginx/nginx.conf

--- a/assets/gpg.conf.sh
+++ b/assets/gpg.conf.sh
@ -0,0 +1,8 @@
+#!/bin/bash
+mkdir -p  ~/.gnupg/
+touch ~/.gnupg/gpg.conf
+cat >> ~/.gnupg/gpg.conf <<EOF
+personal-digest-preferences SHA256
+cert-digest-algo SHA256
+default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
+EOF
--- a/assets/gpg_batch.sh
+++ b/assets/gpg_batch.sh
@ -6,7 +6,7 @@
 cat << EOF > /opt/gpg_batch
 %echo Generating a GPG key, might take a while
 Key-Type: RSA
-Key-Length: 2048
+Key-Length: 4096
 Subkey-Type: ELG-E
 Subkey-Length: 1024
 Name-Real: ${FULL_NAME}
@ -14,8 +14,6 @@ Name-Comment: Aptly Repo Signing
 Name-Email: ${EMAIL_ADDRESS}
 Expire-Date: 0
 Passphrase: ${GPG_PASSWORD}
-%pubring /opt/aptly/aptly.pub
-%secring /opt/aptly/aptly.sec 
 %commit
 %echo done
 EOF
--- a/assets/nginx.conf.sh
+++ b/assets/nginx.conf.sh
@ -7,7 +7,7 @@ cat << EOF > /etc/nginx/conf.d/default.conf
 server_names_hash_bucket_size 64;
 server {
  root /opt/aptly/public;
-  server_name ${HOSTNAME};
+  server_name _;

  location / {
    autoindex on;
--- a/assets/startup.sh
+++ b/assets/startup.sh
@ -4,12 +4,20 @@
 # Copyright 2016 Bryan J. Hong
 # Licensed under the Apache License, Version 2.0

+if [[ ! -f /root/.gnupg/gpg.conf ]]; then
+  /opt/gpg.conf.sh
+fi
+
 # If the repository GPG keypair doesn't exist, create it.
 if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
+  echo "Generating new gpg keys"
+  cp -a /dev/urandom /dev/random
  /opt/gpg_batch.sh
  # If your system doesn't have a lot of entropy this may, take a long time
  # Google how-to create "artificial" entropy if this gets stuck
  gpg --batch --gen-key /opt/gpg_batch
+else
+  echo "No need to generate new gpg keys"
 fi

 # Export the GPG Public key
@ -41,8 +49,8 @@ if [[ -f /usr/share/keyrings/debian-archive-keyring.gpg ]]; then
 fi

 # Aptly looks in /root/.gnupg for default keyrings
-ln -sf /opt/aptly/aptly.sec /root/.gnupg/secring.gpg
-ln -sf /opt/aptly/aptly.pub /root/.gnupg/pubring.gpg
+ln -sf /root/.gnupg/secring.gpg /opt/aptly/aptly.sec
+ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub 

 # Generate Nginx Config
 /opt/nginx.conf.sh