Configure gpg and gpg-agent to allow unattended signing

2018-03-21 10:09:04 +01:00 · 2018-03-21 10:09:04 +01:00 · e80adf3c55
parent c774e97c96
commit e80adf3c55
5 changed files with 29 additions and 4 deletions
--- a/4
+++ b/4
@ -3,9 +3,11 @@ MAINTAINER Benjamin Bohard

 RUN apt update && apt install -y ca-certificates gnupg aptly aptly-publisher && apt clean

-VOLUME ["/aptly", "/packages"]
+VOLUME ["/signing-key", "/packages"]
 EXPOSE 8080
 COPY aptly.conf /etc/aptly.conf
+COPY gpg.conf /root/.gnupg/gpg.conf
+COPY gpg-agent.conf /root/.gnupg/gpg-agent.conf
 COPY aptly.sh /srv/aptly.sh

 CMD ["/srv/aptly.sh"]
--- a/aptly.conf
+++ b/aptly.conf
@ -7,8 +7,9 @@
  "dependencyFollowRecommends": false,
  "dependencyFollowAllVariants": false,
  "dependencyFollowSource": false,
-  "gpgDisableSign": true,
-  "gpgDisableVerify": true,
+  "gpgDisableSign": false,
+  "gpgDisableVerify": false,
+  "gpgProvider": "internal",
  "downloadSourcePackages": false,
  "ppaDistributorID": "ubuntu",
  "ppaCodename": "",
--- a/aptly.sh
+++ b/aptly.sh
@ -1,6 +1,25 @@
 #!/bin/bash

+cat >keyparms <<EOF
+     %echo Generating a basic OpenPGP key
+     Key-Type: DSA
+     Key-Length: 1024
+     Subkey-Type: ELG-E
+     Subkey-Length: 1024
+     Name-Real: Benjamin Bohard
+     Name-Comment: dev deb repo
+     Name-Email: bbohard@cadoles.com
+     Expire-Date: 0
+     Passphrase: abc
+     %commit
+     %echo done
+EOF
+export PINENTRY_USER_DATA="USE_CURSES=1"
+gpg --gen-key --batch keyparms
+gpg --export --armor > /signing-key/dev.pubkey
+gpg --export --armor > /aptly/public/dev.gpg
+
 aptly repo create --component="main" --distribution="ubuntu" dev
 aptly repo add dev /packages
-aptly publish repo dev
+aptly publish repo --batch --passphrase="abc" dev
 aptly serve
--- a/gpg-agent.conf
+++ b/gpg-agent.conf
@ -0,0 +1 @@
+allow-loopback-pinentry
--- a/gpg.conf
+++ b/gpg.conf
@ -0,0 +1,2 @@
+use-agent
+pinentry-mode loopback