Better integration with tamarin local instance

This commit is contained in:
Benjamin Bohard 2019-12-31 11:03:24 +01:00
parent bef4b3136b
commit ed1e4458ac
6 changed files with 51 additions and 12 deletions

View File

@ -1,7 +1,7 @@
FROM debian:stretch FROM debian:stretch
MAINTAINER Benjamin Bohard MAINTAINER Benjamin Bohard
RUN apt update && apt install -y ca-certificates gnupg1 && apt clean RUN apt update && apt install -y ca-certificates gnupg1 incron && apt clean
COPY etc/aptly.sources.list /etc/apt/sources.list.d/aptly.list COPY etc/aptly.sources.list /etc/apt/sources.list.d/aptly.list
RUN apt-key adv --keyserver pool.sks-keyservers.net --recv-keys ED75B5A4483DA07C RUN apt-key adv --keyserver pool.sks-keyservers.net --recv-keys ED75B5A4483DA07C
RUN apt update && apt install -y aptly && apt clean RUN apt update && apt install -y aptly && apt clean
@ -11,6 +11,9 @@ EXPOSE 8080
COPY etc/aptly.conf /etc/aptly.conf COPY etc/aptly.conf /etc/aptly.conf
COPY etc/gpg.conf /root/.gnupg/gpg.conf COPY etc/gpg.conf /root/.gnupg/gpg.conf
COPY etc/gpg-agent.conf /root/.gnupg/gpg-agent.conf COPY etc/gpg-agent.conf /root/.gnupg/gpg-agent.conf
COPY srv/aptly.sh /srv/aptly.sh COPY srv/aptly_init.sh /srv/aptly_init.sh
COPY srv/aptly_add.sh /srv/aptly_add.sh
CMD ["/srv/aptly.sh"] COPY etc/incron.d/aptly.conf /etc/incron.d/aptly.conf
CMD ["/srv/aptly_init.sh"]

View File

@ -1,11 +1,11 @@
#!/bin/bash #!/bin/bash
function usage { function usage {
echo "usage:" echo "usage:"
echo "aptly.boot <port> <packages_folder> <gpg_folder>" echo "aptly.boot <port> <packages_folder> <dataset_folder>"
echo echo
echo "port: tcp port to publish repository" echo "port: tcp port to publish repository"
echo "packages_folder: folder to mount containing packages" echo "packages_folder: folder to mount containing packages"
echo "gpg_folder: folder where to write repository public key" echo "dataset_folder: folder where to write repository public key and source list"
echo echo
exit 0 exit 0
} }
@ -17,7 +17,7 @@ fi
PORT=$1 PORT=$1
PACKAGES_FOLDER="$(realpath $2)" PACKAGES_FOLDER="$(realpath $2)"
GPG_FOLDER="$(realpath ./gpg)" DATASET_FOLDER="$(realpath $3)"
if [ ! -e "${PACKAGES_FOLDER}" ] if [ ! -e "${PACKAGES_FOLDER}" ]
then then
@ -25,12 +25,12 @@ then
echo "${PACKAGES_FOLDER} est vide" echo "${PACKAGES_FOLDER} est vide"
fi fi
if [ ! -e "${GPG_FOLDER}" ] if [ ! -e "${DATASET_FOLDER}" ]
then then
mkdir "${GPG_FOLDER}" mkdir "${DATASET_FOLDER}"
fi fi
container_id=$(docker run -d -v ${PACKAGES_FOLDER}:/packages -v ${GPG_FOLDER}:/signing-key -p $PORT:8080 -e USER_EMAIL="$(git config user.email)" -e USER_NAME="$(git config user.name)" -e PASSPHRASE="$(pwgen -1 -n 20)" cadoles/aptly:dev) container_id=$(docker run -d -v ${PACKAGES_FOLDER}:/packages:z -v ${DATASET_FOLDER}:/signing-key:z -p $PORT:8080 -e USER_EMAIL="$(git config user.email)" -e USER_NAME="$(git config user.name)" -e PASSPHRASE="$(pwgen -1 -n 20)" cadoles/aptly:dev)
docker ps -q --no-trunc | grep -q ${container_id} docker ps -q --no-trunc | grep -q ${container_id}
res=$? res=$?
@ -39,11 +39,12 @@ if [ "${res}" -eq 0 ]
then then
echo "container with id $container_id started" echo "container with id $container_id started"
echo "Send ${GPG_FOLDER}/dev.pubkey to remote host, load it in gpg ring with apt-key" echo "Send ${DATASET_FOLDER}/aptly.key to remote host, load it in gpg ring with apt-key"
echo "and add repo to apt source list" echo "and add repo to apt source list"
echo "echo \"deb [arch=amd64] http://$(ip -f inet address show dev enp5s0 | grep -Po 'inet \K[\d.]+'):${PORT}/ ubuntu main\" > /etc/apt/sources.list.d/add.list" echo "echo \"deb [arch=amd64] http://$(ip -f inet address show dev enp5s0 | grep -Po 'inet \K[\d.]+'):${PORT}/ ubuntu main\" > /etc/apt/sources.list.d/aptly.list"
echo "deb [arch=amd64] http://$(ip -f inet address show dev enp5s0 | grep -Po 'inet \K[\d.]+'):${PORT}/ ubuntu main" > ${DATASET_FOLDER}/aptly.list
else else
echo "container not started" echo "container not started"
fi fi

13
etc/containerpilot.json5 Normal file
View File

@ -0,0 +1,13 @@
{
jobs: [
{
name: "aptly_init",
exec: "/srv/aptly.sh",
},
{
name: "incron",
restart: "always",
exec: "/usr/bin/incrond -n"
}
]
}

1
etc/incron.d/aptly.conf Normal file
View File

@ -0,0 +1 @@
/packages IN_ALL_EVENTS /srv/aptly_add.sh $@ $# $%

19
srv/aptly_add.sh Normal file
View File

@ -0,0 +1,19 @@
#!/bin/bash
target=$1/$2
extension"${2##*.}"
events=$3
echo $extension
echo $events
echo $target
if [[ "${extension}" = "deb" ]] && ([[ "$events" =~ "IN_CREATE" ]] || [[ "$events" =~ "IN_MOVED_TO" ]])
then
echo adding $target
aptly repo add dev $target
aptly publish update dev --batch --passphrase="$PASSPHRASE"
else
echo not adding $target
fi
exit 0

View File

@ -1,5 +1,7 @@
#!/bin/bash #!/bin/bash
/usr/sbin/incrond
cat >keyparms <<EOF cat >keyparms <<EOF
%echo Generating a basic OpenPGP key %echo Generating a basic OpenPGP key
Key-Type: DSA Key-Type: DSA
@ -16,7 +18,7 @@ cat >keyparms <<EOF
EOF EOF
export PINENTRY_USER_DATA="USE_CURSES=1" export PINENTRY_USER_DATA="USE_CURSES=1"
gpg1 --gen-key --batch keyparms gpg1 --gen-key --batch keyparms
gpg1 --export --armor > /signing-key/dev.pubkey gpg1 --export --armor > /signing-key/aptly.key
aptly repo create --component="main" --distribution="ubuntu" dev aptly repo create --component="main" --distribution="ubuntu" dev
aptly repo add dev /packages aptly repo add dev /packages