From e80adf3c559220d96f172fd4c8ca036ac09f3db8 Mon Sep 17 00:00:00 2001
From: Benjamin Bohard <bbohard@cadoles.com>
Date: Wed, 21 Mar 2018 10:09:04 +0100
Subject: [PATCH] Configure gpg and gpg-agent to allow unattended signing

---
 Dockerfile     |  4 +++-
 aptly.conf     |  5 +++--
 aptly.sh       | 21 ++++++++++++++++++++-
 gpg-agent.conf |  1 +
 gpg.conf       |  2 ++
 5 files changed, 29 insertions(+), 4 deletions(-)
 create mode 100644 gpg-agent.conf
 create mode 100644 gpg.conf

diff --git a/Dockerfile b/Dockerfile
index 52b3cd9..7adcba3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,9 +3,11 @@ MAINTAINER Benjamin Bohard
 
 RUN apt update && apt install -y ca-certificates gnupg aptly aptly-publisher && apt clean
 
-VOLUME ["/aptly", "/packages"]
+VOLUME ["/signing-key", "/packages"]
 EXPOSE 8080
 COPY aptly.conf /etc/aptly.conf
+COPY gpg.conf /root/.gnupg/gpg.conf
+COPY gpg-agent.conf /root/.gnupg/gpg-agent.conf
 COPY aptly.sh /srv/aptly.sh
 
 CMD ["/srv/aptly.sh"]
diff --git a/aptly.conf b/aptly.conf
index e0ccbc5..742875e 100644
--- a/aptly.conf
+++ b/aptly.conf
@@ -7,8 +7,9 @@
   "dependencyFollowRecommends": false,
   "dependencyFollowAllVariants": false,
   "dependencyFollowSource": false,
-  "gpgDisableSign": true,
-  "gpgDisableVerify": true,
+  "gpgDisableSign": false,
+  "gpgDisableVerify": false,
+  "gpgProvider": "internal",
   "downloadSourcePackages": false,
   "ppaDistributorID": "ubuntu",
   "ppaCodename": "",
diff --git a/aptly.sh b/aptly.sh
index e338a56..e89207b 100755
--- a/aptly.sh
+++ b/aptly.sh
@@ -1,6 +1,25 @@
 #!/bin/bash
 
+cat >keyparms <<EOF
+     %echo Generating a basic OpenPGP key
+     Key-Type: DSA
+     Key-Length: 1024
+     Subkey-Type: ELG-E
+     Subkey-Length: 1024
+     Name-Real: Benjamin Bohard
+     Name-Comment: dev deb repo
+     Name-Email: bbohard@cadoles.com
+     Expire-Date: 0
+     Passphrase: abc
+     %commit
+     %echo done
+EOF
+export PINENTRY_USER_DATA="USE_CURSES=1"
+gpg --gen-key --batch keyparms
+gpg --export --armor > /signing-key/dev.pubkey
+gpg --export --armor > /aptly/public/dev.gpg
+
 aptly repo create --component="main" --distribution="ubuntu" dev
 aptly repo add dev /packages
-aptly publish repo dev
+aptly publish repo --batch --passphrase="abc" dev
 aptly serve
diff --git a/gpg-agent.conf b/gpg-agent.conf
new file mode 100644
index 0000000..d1b6ae3
--- /dev/null
+++ b/gpg-agent.conf
@@ -0,0 +1 @@
+allow-loopback-pinentry
diff --git a/gpg.conf b/gpg.conf
new file mode 100644
index 0000000..740fb39
--- /dev/null
+++ b/gpg.conf
@@ -0,0 +1,2 @@
+use-agent
+pinentry-mode loopback