Configure gpg and gpg-agent to allow unattended signing

Dockerfile

@@ -3,9 +3,11 @@ MAINTAINER Benjamin Bohard
 
 RUN apt update && apt install -y ca-certificates gnupg aptly aptly-publisher && apt clean
 
-VOLUME ["/aptly", "/packages"]
+VOLUME ["/signing-key", "/packages"]
 EXPOSE 8080
 COPY aptly.conf /etc/aptly.conf
+COPY gpg.conf /root/.gnupg/gpg.conf
+COPY gpg-agent.conf /root/.gnupg/gpg-agent.conf
 COPY aptly.sh /srv/aptly.sh
 
 CMD ["/srv/aptly.sh"]

aptly.conf

@@ -7,8 +7,9 @@
   "dependencyFollowRecommends": false,
   "dependencyFollowAllVariants": false,
   "dependencyFollowSource": false,
-  "gpgDisableSign": true,
+  "gpgDisableSign": false,
-  "gpgDisableVerify": true,
+  "gpgDisableVerify": false,
+  "gpgProvider": "internal",
   "downloadSourcePackages": false,
   "ppaDistributorID": "ubuntu",
   "ppaCodename": "",

aptly.sh

@@ -1,6 +1,25 @@
 #!/bin/bash
 
+cat >keyparms <<EOF
+     %echo Generating a basic OpenPGP key
+     Key-Type: DSA
+     Key-Length: 1024
+     Subkey-Type: ELG-E
+     Subkey-Length: 1024
+     Name-Real: Benjamin Bohard
+     Name-Comment: dev deb repo
+     Name-Email: bbohard@cadoles.com
+     Expire-Date: 0
+     Passphrase: abc
+     %commit
+     %echo done
+EOF
+export PINENTRY_USER_DATA="USE_CURSES=1"
+gpg --gen-key --batch keyparms
+gpg --export --armor > /signing-key/dev.pubkey
+gpg --export --armor > /aptly/public/dev.gpg
+
 aptly repo create --component="main" --distribution="ubuntu" dev
 aptly repo add dev /packages
-aptly publish repo dev
+aptly publish repo --batch --passphrase="abc" dev
 aptly serve

gpg-agent.conf

@@ -0,0 +1 @@
+allow-loopback-pinentry

gpg.conf

@@ -0,0 +1,2 @@
+use-agent
+pinentry-mode loopback