From e80adf3c559220d96f172fd4c8ca036ac09f3db8 Mon Sep 17 00:00:00 2001 From: Benjamin Bohard Date: Wed, 21 Mar 2018 10:09:04 +0100 Subject: [PATCH] Configure gpg and gpg-agent to allow unattended signing --- Dockerfile | 4 +++- aptly.conf | 5 +++-- aptly.sh | 21 ++++++++++++++++++++- gpg-agent.conf | 1 + gpg.conf | 2 ++ 5 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 gpg-agent.conf create mode 100644 gpg.conf diff --git a/Dockerfile b/Dockerfile index 52b3cd9..7adcba3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,9 +3,11 @@ MAINTAINER Benjamin Bohard RUN apt update && apt install -y ca-certificates gnupg aptly aptly-publisher && apt clean -VOLUME ["/aptly", "/packages"] +VOLUME ["/signing-key", "/packages"] EXPOSE 8080 COPY aptly.conf /etc/aptly.conf +COPY gpg.conf /root/.gnupg/gpg.conf +COPY gpg-agent.conf /root/.gnupg/gpg-agent.conf COPY aptly.sh /srv/aptly.sh CMD ["/srv/aptly.sh"] diff --git a/aptly.conf b/aptly.conf index e0ccbc5..742875e 100644 --- a/aptly.conf +++ b/aptly.conf @@ -7,8 +7,9 @@ "dependencyFollowRecommends": false, "dependencyFollowAllVariants": false, "dependencyFollowSource": false, - "gpgDisableSign": true, - "gpgDisableVerify": true, + "gpgDisableSign": false, + "gpgDisableVerify": false, + "gpgProvider": "internal", "downloadSourcePackages": false, "ppaDistributorID": "ubuntu", "ppaCodename": "", diff --git a/aptly.sh b/aptly.sh index e338a56..e89207b 100755 --- a/aptly.sh +++ b/aptly.sh @@ -1,6 +1,25 @@ #!/bin/bash +cat >keyparms < /signing-key/dev.pubkey +gpg --export --armor > /aptly/public/dev.gpg + aptly repo create --component="main" --distribution="ubuntu" dev aptly repo add dev /packages -aptly publish repo dev +aptly publish repo --batch --passphrase="abc" dev aptly serve diff --git a/gpg-agent.conf b/gpg-agent.conf new file mode 100644 index 0000000..d1b6ae3 --- /dev/null +++ b/gpg-agent.conf @@ -0,0 +1 @@ +allow-loopback-pinentry diff --git a/gpg.conf b/gpg.conf new file mode 100644 index 0000000..740fb39 --- /dev/null +++ b/gpg.conf @@ -0,0 +1,2 @@ +use-agent +pinentry-mode loopback