Broke something, private key no longer loads in container

2015-07-27 19:53:26 -04:00 · 2015-07-27 19:53:26 -04:00 · d2e8da13c8
commit d2e8da13c8
parent e41c14d0da
11 changed files with 51 additions and 23 deletions
--- a/docker/.start_gpg-agent.bsh
+++ b/docker/.start_gpg-agent.bsh
@ -6,7 +6,7 @@ chmod 700 /tmp/gpg-agent

 for key in $(ls /tmp/*.key); do
  if [ -s $key ]; then
-    gpg --homedir /tmp/gpg-agent/ --import $key
+    gpg --homedir /tmp/gpg-agent/ --import $key || :
  fi
 done

--- a/docker/build_dockers.bsh
+++ b/docker/build_dockers.bsh
@ -27,9 +27,16 @@ fi

 #This will take a long time the first time
 for IMAGE_NAME in "${IMAGE_NAMES[@]}"; do
-  echo Docker building ${IMAGE_NAME}
+  NAME=$(basename ${IMAGE_NAME%.*})
+#  #If you do decide to use the same key for all, this makes it easier
+#  if [ ! -e ${CUR_DIR}/${NAME}.key ]; then
+#    cp ${CUR_DIR}/signing.key ${CUR_DIR}/${NAME}.key || :
+#  fi
+#  Not ready for this yet
+
+  echo Docker building ${NAME}
  ${CUR_DIR}/docker+.bsh ${IMAGE_NAME} > ${CUR_DIR}/tmp.dockerfile
-  $SUDO docker build -t git-lfs/$(basename ${IMAGE_NAME%.*}) -f ${CUR_DIR}/tmp.dockerfile ${CUR_DIR}
+  $SUDO docker build -t git-lfs/${NAME} -f ${CUR_DIR}/tmp.dockerfile ${CUR_DIR}
  rm ${CUR_DIR}/tmp.dockerfile
 done

--- a/docker/centos_script.bsh
+++ b/docker/centos_script.bsh
@ -22,8 +22,8 @@ rpmbuild --define "_topdir ${GIT_LFS_BUILD_DIR}/rpm" -ba ${GIT_LFS_BUILD_DIR}/rp

 rsync -ra ${GIT_LFS_BUILD_DIR}/rpm/{SRPMS,RPMS} ${REPO_DIR}

-if [ -s /tmp/signing.key ]; then
-  gpg --allow-secret-key-import --import /tmp/signing.key || :
+if [ -s /tmp/*.key ]; then
+  gpg --allow-secret-key-import --import /tmp/*.key || :
  find ${REPO_DIR} -name \*.rpm | xargs /tmp/rpm_sign.exp
 fi

--- a/docker/common.bsh
+++ b/docker/common.bsh
@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+: ${SUDO=`if ( [ ! -w /var/run/docker.sock ] && id -nG | grep -qwv docker && [ "${DOCKER_HOST:+dh}" != "dh" ] ) && which sudo > /dev/null 2>&1; then echo sudo; fi`}
+
--- a/docker/debian_script.bsh
+++ b/docker/debian_script.bsh
@ -21,8 +21,8 @@ git clean -xdf .

 mkdir -p "${REPO_DIR}/conf/"
 sed 's|^Codename:.*|Codename: '${REPO_CODENAME}'|' /tmp/distributions > "${REPO_DIR}/conf/distributions"
-if [ -s /tmp/signing.key ]; then
-  gpg --import /tmp/signing.key || :
+if [ -s /tmp/*.key ]; then
+  gpg --import /tmp/*.key || :
  echo "SignWith: yes" >> "${REPO_DIR}/conf/distributions"
  echo ask-passphrase > "${REPO_DIR}/conf/options"
  
--- a/docker/git-lfs_centos_7.dockerfile
+++ b/docker/git-lfs_centos_7.dockerfile
@ -6,6 +6,6 @@ SOURCE bootstrap_centos_7.dockerfile
 RUN rm -rf /tmp/docker_setup

 #Add the simple build repo script
-COPY rpm_sign.exp signing.key centos_script.bsh /tmp/
+COPY rpm_sign.exp git-lfs_centos_7.key centos_script.bsh /tmp/

 CMD /tmp/centos_script.bsh
--- a/docker/gpg-agent_debian_8.dockerfile
+++ b/docker/gpg-agent_debian_8.dockerfile
@ -10,6 +10,6 @@ apt-get install -y gnupg-agent gnupg2

 VOLUME /tmp/gpg-agent

-COPY .start_gpg-agent.bsh *.key /tmp/
+COPY .start_gpg-agent.bsh signing.key /tmp/

-ENTRYPOINT /tmp/.start_gpg-agent.bsh
+CMD /tmp/.start_gpg-agent.bsh
--- a/docker/gpg-agent_preload.bsh
+++ b/docker/gpg-agent_preload.bsh
@ -5,11 +5,17 @@ set -eu
 CUR_DIR=$(dirname ${BASH_SOURCE[0]})
 IMAGE_NAME=gpg-agent_debian_8

+source ${CUR_DIR}/common.bsh
+
+if [[ $# > 0 ]] && [ "$1" == "-r" ]; then
+  ${CUR_DIR}/gpg-agent_stop.bsh
+fi
+
 ${CUR_DIR}/gpg-agent_start.bsh

 #wait at most 10 seconds
 for x in $(seq 10); do
-  if docker exec -it git-lfs-gpg gpg-connect-agent --homedir=/tmp/gpg-agent /bye; then
+  if $SUDO docker exec -it git-lfs-gpg gpg-connect-agent --homedir=/tmp/gpg-agent /bye; then
    break
  else
    sleep 1
@ -17,4 +23,4 @@ for x in $(seq 10); do
 done

 #I only need script cause of https://github.com/docker/docker/issues/8755 HORRAY BUGS!
-docker exec -it git-lfs-gpg script /dev/null -q -c 'gpg2 --homedir=/tmp/gpg-agent -o /dev/null -s /dev/null'
+$SUDO docker exec -it git-lfs-gpg script /dev/null -q -c 'gpg2 --homedir=/tmp/gpg-agent -o /dev/null -s /dev/null'
--- a/docker/gpg-agent_start.bsh
+++ b/docker/gpg-agent_start.bsh
@ -5,6 +5,8 @@ set -eu
 CUR_DIR=$(dirname ${BASH_SOURCE[0]})
 IMAGE_NAME=gpg-agent_debian_8

+source ${CUR_DIR}/common.bsh
+
 if [ "$(docker inspect -f {{.State.Running}} git-lfs-gpg)" != "true" ]; then
  #Don't rebuild WHILE RUNNING
  if [[ ${DOCKER_AUTOBUILD-1} != 0 ]]; then
@ -14,5 +16,5 @@ if [ "$(docker inspect -f {{.State.Running}} git-lfs-gpg)" != "true" ]; then
  OTHER_OPTIONS=("-e" "GPG_DEFAULT_CACHE=${GPG_DEFAULT_CACHE:-31536000}")
  OTHER_OPTIONS+=("-e" "GPG_MAX_CACHE=${GPG_MAX_CACHE:-31536000}")
  
-  docker run -d -t "${OTHER_OPTIONS[@]}" --name git-lfs-gpg git-lfs/${IMAGE_NAME} "${@}"
+  ${SUDO} docker run -d -t "${OTHER_OPTIONS[@]}" --name git-lfs-gpg git-lfs/${IMAGE_NAME} "${@}"
 fi
--- a/docker/gpg-agent_stop.bsh
+++ b/docker/gpg-agent_stop.bsh
@ -2,10 +2,14 @@

 set -eu

+CUR_DIR=$(dirname ${BASH_SOURCE[0]})
+
+source ${CUR_DIR}/common.bsh
+
 function docker_wait(){
  # Image seconds
  for x in $(seq $2); do
-    if [ "$(docker inspect -f {{.State.Running}} $1)" != "true" ]; then
+    if [ "$($SUDO docker inspect -f {{.State.Running}} $1)" != "true" ]; then
      return 0
    else
      sleep 1
@ -15,9 +19,9 @@ function docker_wait(){
 }

 if ! docker_wait git-lfs-gpg 0; then
-  docker exec -it git-lfs-gpg pkill gpg-agent || :
+  $SUDO docker exec -it git-lfs-gpg pkill gpg-agent || :
 fi

 docker_wait git-lfs-gpg 5 || :

-docker rm -f git-lfs-gpg
+$SUDO docker rm -f git-lfs-gpg
--- a/docker/run_dockers.bsh
+++ b/docker/run_dockers.bsh
@ -67,7 +67,7 @@ for DOCKER_FILE in "${IMAGES[@]}"; do
      echo "deb http://${REPO_HOSTNAME:-git-lfs.github.com}/debian/8 jessie main" > ${CUR_DIR}/git-lfs-main_8.list
    fi
  fi
-  #END TODO
+  #END TODO REMOVE

  #Auto build docker unless DOCKER_AUTOBUILD=0
  if [[ ${DOCKER_AUTOBUILD-1} != 0 ]]; then
@ -80,13 +80,18 @@ for DOCKER_FILE in "${IMAGES[@]}"; do
  if [ "${AUTO_REMOVE-1}" == "1" ]; then
    OTHER_OPTIONS+=("--rm")
  fi
+  
+  #If you do decide to use the same key for all, this makes it easier
+  if [ -x ${CUR_DIR}/signing.key ] && [ ! -x ${CUR_DIR}/${IMAGE_NAME}.key ]; then
+    cp ${CUR_DIR}/signing.key ${CUR_DIR}/${IMAGE_NAME}.key || :
+  fi

-  if [ -s ${CUR_DIR}/signing.key ]; then
-    set +e
-    source ${CUR_DIR}/preload_key.bsh
-    set -e
-    OTHER_OPTIONS+=("-e" "GPG_AGENT_INFO=${GPG_AGENT_INFO}")
-    OTHER_OPTIONS+=("-v" "$(dirname ${GPG_AGENT_INFO}):$(dirname ${GPG_AGENT_INFO})")
+  if [ -s ${CUR_DIR}/${IMAGE_NAME}.key ]; then
+    ${CUR_DIR}/gpg-agent_preload.bsh
+    OTHER_OPTIONS+=("--volumes-from" "git-lfs-gpg")
+    OTHER_OPTIONS+=("-e" "$(docker exec git-lfs-gpg cat /tmp/gpg-agent/gpg_agent_info)")
+    #Do I need this? Or can I get away with hardcoding???
+    #GPG_AGENT_INFO=/tmp/gpg-agent/S.gpg-agent:1:1
  fi

  echo Compiling LFS in docker image ${IMAGE_NAME}