Configure gpg and gpg-agent to allow unattended signing
This commit is contained in:
parent
c774e97c96
commit
e80adf3c55
|
@ -3,9 +3,11 @@ MAINTAINER Benjamin Bohard
|
|||
|
||||
RUN apt update && apt install -y ca-certificates gnupg aptly aptly-publisher && apt clean
|
||||
|
||||
VOLUME ["/aptly", "/packages"]
|
||||
VOLUME ["/signing-key", "/packages"]
|
||||
EXPOSE 8080
|
||||
COPY aptly.conf /etc/aptly.conf
|
||||
COPY gpg.conf /root/.gnupg/gpg.conf
|
||||
COPY gpg-agent.conf /root/.gnupg/gpg-agent.conf
|
||||
COPY aptly.sh /srv/aptly.sh
|
||||
|
||||
CMD ["/srv/aptly.sh"]
|
||||
|
|
|
@ -7,8 +7,9 @@
|
|||
"dependencyFollowRecommends": false,
|
||||
"dependencyFollowAllVariants": false,
|
||||
"dependencyFollowSource": false,
|
||||
"gpgDisableSign": true,
|
||||
"gpgDisableVerify": true,
|
||||
"gpgDisableSign": false,
|
||||
"gpgDisableVerify": false,
|
||||
"gpgProvider": "internal",
|
||||
"downloadSourcePackages": false,
|
||||
"ppaDistributorID": "ubuntu",
|
||||
"ppaCodename": "",
|
||||
|
|
21
aptly.sh
21
aptly.sh
|
@ -1,6 +1,25 @@
|
|||
#!/bin/bash
|
||||
|
||||
cat >keyparms <<EOF
|
||||
%echo Generating a basic OpenPGP key
|
||||
Key-Type: DSA
|
||||
Key-Length: 1024
|
||||
Subkey-Type: ELG-E
|
||||
Subkey-Length: 1024
|
||||
Name-Real: Benjamin Bohard
|
||||
Name-Comment: dev deb repo
|
||||
Name-Email: bbohard@cadoles.com
|
||||
Expire-Date: 0
|
||||
Passphrase: abc
|
||||
%commit
|
||||
%echo done
|
||||
EOF
|
||||
export PINENTRY_USER_DATA="USE_CURSES=1"
|
||||
gpg --gen-key --batch keyparms
|
||||
gpg --export --armor > /signing-key/dev.pubkey
|
||||
gpg --export --armor > /aptly/public/dev.gpg
|
||||
|
||||
aptly repo create --component="main" --distribution="ubuntu" dev
|
||||
aptly repo add dev /packages
|
||||
aptly publish repo dev
|
||||
aptly publish repo --batch --passphrase="abc" dev
|
||||
aptly serve
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
allow-loopback-pinentry
|
Loading…
Reference in New Issue