rayburgemeestre
/
build-config
Beobachten 1
Favorisieren 0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 0 Wiki Aktivität
Quellcode durchsuchen

Move to secure apt

master
Ray Burgemeestre vor 5 Jahren
Ursprung
2615d62652
Commit
acebc12358
3 geänderte Dateien mit 20 neuen und 35 gelöschten Zeilen
Geteilte Ansicht Diff-Statistik anzeigen
  1. +1
    -1
      apt-publisher/Dockerfile
  2. +19
    -23
      apt-publisher/Makefile
  3. +0
    -11
      apt-publisher/update.sh

+ 1
- 1
apt-publisher/Dockerfile Datei anzeigen

@@ -1,4 +1,4 @@
FROM ubuntu:14.04
FROM ubuntu:18.04

# based on https://www.digitalocean.com/community/tutorials/how-to-use-reprepro-for-a-secure-package-repository-on-ubuntu-14-04


+ 19
- 23
apt-publisher/Makefile Datei anzeigen

@@ -7,7 +7,7 @@ apt:
make update-packages

prepare-packages:
mkdir -p repo/amd64
mkdir -p packages
cp -prv ffmpeg/pkg/*.deb \
v8pp/pkg/*.deb \
crtmpserver/pkg/*.deb \
@@ -16,35 +16,31 @@ prepare-packages:
boost/pkg/*.deb \
benchmarklib/pkg/*.deb \
fastpfor/pkg/*.deb \
repo/amd64/
packages/

docker:
docker build . -t rayburgemeestre/apt-ubuntu:14.04 -f Dockerfile

run-initialize-once-DEPRECATED:
mkdir -p repo gnupg keys
ssh-keygen -f keys/ssh < <(echo "\n\n")
docker pull rayburgemeestre/apt-ubuntu:14.04
docker run -t -v $$PWD:$$PWD -v $$PWD/gnupg:/root/.gnupg -v $$PWD/repo:/repo --workdir $$PWD rayburgemeestre/apt-ubuntu:16.04 /bin/sh -c "bash initialize.sh"
sudo tar -czf secret.tar.gz keys gnupg
echo Hide secret.tar.gz somewhere with a very hard to guess URL

update-packages-DEPRECATED:
docker pull rayburgemeestre/apt-ubuntu:16.04
docker run -t -v $$PWD:$$PWD -v $$PWD/gnupg:/root/.gnupg -v $$PWD/repo:/repo --workdir $$PWD rayburgemeestre/apt-ubuntu:16.04 /bin/sh -c "bash update.sh"
docker build . -t rayburgemeestre/apt-ubuntu:18.04 -f Dockerfile

run-initialize-once:
echo Please refer to README. Initial steps were done once manually and tar of artifacts was zipped.
# mkdir -p repo gnupg keys
# ssh-keygen -f keys/ssh < <(echo "\n\n")
# tar -czf secret.tar.gz keys gnupg
# -> Hide secret.tar.gz somewhere with a very hard to guess URL

update-packages:
docker pull rayburgemeestre/apt-ubuntu:18.04
docker run -t -v $$PWD:$$PWD -v $$PWD/gnupg:/root/.gnupg -v $$PWD/repo:/repo --workdir $$PWD rayburgemeestre/apt-ubuntu:18.04 /bin/sh -c "reprepro -b /repo includedeb bionic packages/*.deb"
docker run -t -v $$PWD:$$PWD -v $$PWD/gnupg:/root/.gnupg -v $$PWD/repo:/repo --workdir $$PWD rayburgemeestre/apt-ubuntu:18.04 /bin/sh -c "reprepro -b /repo list bionic"
# echo produce artifact for debugging
tar -czf repo.tar.gz repo
#echo "$$SYNC_CMD_SSH"
#echo rsync -raPv -e "$$SYNC_CMD_SSH" repo $$SYNC_CMD_DEST
# rsync to host
rsync -raPv -e "$$SYNC_CMD_SSH" repo $$SYNC_CMD_DEST
rsync -raPv -e "$$SYNC_CMD_SSH" keys/KEY.asc $$SYNC_CMD_DEST

publish-key-once-DEPRECATED:
docker pull rayburgemeestre/apt-ubuntu:16.04
docker run -t -v $$PWD:$$PWD -v $$PWD/gnupg:/root/.gnupg -v $$PWD/repo:/repo --workdir $$PWD rayburgemeestre/apt-ubuntu:16.04 /bin/sh -c "bash publish_key.sh"

shell:
docker pull rayburgemeestre/apt-ubuntu:14.04
docker run -t -v $$PWD:$$PWD -v $$PWD/gnupg:/root/.gnupg -v $$PWD/repo:/repo --workdir $$PWD rayburgemeestre/apt-ubuntu:14.04 /bin/bash
docker pull rayburgemeestre/apt-ubuntu:18.04
docker run -i -t -v $$PWD:$$PWD -v $$PWD/gnupg:/root/.gnupg -v $$PWD/repo:/repo --workdir $$PWD rayburgemeestre/apt-ubuntu:18.04 /bin/bash

clean-all:
rm -rf repo gnupg keys

+ 0
- 11
apt-publisher/update.sh Datei anzeigen

@@ -1,13 +1,2 @@
#!/bin/bash

export KEYNAME=dpkg

gpg --import keys/${KEYNAME}.key

pushd /repo
apt-ftparchive --arch amd64 packages amd64 > Packages
gzip -k -f Packages
apt-ftparchive release . > Release
rm -fr Release.gpg; gpg --default-key ${KEYNAME} -abs -o Release.gpg Release
rm -fr InRelease; gpg --default-key ${KEYNAME} --clearsign -o InRelease Release
popd

Verfassen Vorschau
Laden…
Abbrechen
Speichern