Configure gpg and gpg-agent to allow unattended signing

This commit is contained in:
Benjamin Bohard 2018-03-21 10:09:04 +01:00
parent c774e97c96
commit e80adf3c55
5 changed files with 29 additions and 4 deletions

View File

@ -3,9 +3,11 @@ MAINTAINER Benjamin Bohard
RUN apt update && apt install -y ca-certificates gnupg aptly aptly-publisher && apt clean
VOLUME ["/aptly", "/packages"]
VOLUME ["/signing-key", "/packages"]
EXPOSE 8080
COPY aptly.conf /etc/aptly.conf
COPY gpg.conf /root/.gnupg/gpg.conf
COPY gpg-agent.conf /root/.gnupg/gpg-agent.conf
COPY aptly.sh /srv/aptly.sh
CMD ["/srv/aptly.sh"]

View File

@ -7,8 +7,9 @@
"dependencyFollowRecommends": false,
"dependencyFollowAllVariants": false,
"dependencyFollowSource": false,
"gpgDisableSign": true,
"gpgDisableVerify": true,
"gpgDisableSign": false,
"gpgDisableVerify": false,
"gpgProvider": "internal",
"downloadSourcePackages": false,
"ppaDistributorID": "ubuntu",
"ppaCodename": "",

View File

@ -1,6 +1,25 @@
#!/bin/bash
cat >keyparms <<EOF
%echo Generating a basic OpenPGP key
Key-Type: DSA
Key-Length: 1024
Subkey-Type: ELG-E
Subkey-Length: 1024
Name-Real: Benjamin Bohard
Name-Comment: dev deb repo
Name-Email: bbohard@cadoles.com
Expire-Date: 0
Passphrase: abc
%commit
%echo done
EOF
export PINENTRY_USER_DATA="USE_CURSES=1"
gpg --gen-key --batch keyparms
gpg --export --armor > /signing-key/dev.pubkey
gpg --export --armor > /aptly/public/dev.gpg
aptly repo create --component="main" --distribution="ubuntu" dev
aptly repo add dev /packages
aptly publish repo dev
aptly publish repo --batch --passphrase="abc" dev
aptly serve

1
gpg-agent.conf Normal file
View File

@ -0,0 +1 @@
allow-loopback-pinentry

2
gpg.conf Normal file
View File

@ -0,0 +1,2 @@
use-agent
pinentry-mode loopback