Broke something, private key no longer loads in container
This commit is contained in:
parent
e41c14d0da
commit
d2e8da13c8
@ -6,7 +6,7 @@ chmod 700 /tmp/gpg-agent
|
||||
|
||||
for key in $(ls /tmp/*.key); do
|
||||
if [ -s $key ]; then
|
||||
gpg --homedir /tmp/gpg-agent/ --import $key
|
||||
gpg --homedir /tmp/gpg-agent/ --import $key || :
|
||||
fi
|
||||
done
|
||||
|
||||
|
@ -27,9 +27,16 @@ fi
|
||||
|
||||
#This will take a long time the first time
|
||||
for IMAGE_NAME in "${IMAGE_NAMES[@]}"; do
|
||||
echo Docker building ${IMAGE_NAME}
|
||||
NAME=$(basename ${IMAGE_NAME%.*})
|
||||
# #If you do decide to use the same key for all, this makes it easier
|
||||
# if [ ! -e ${CUR_DIR}/${NAME}.key ]; then
|
||||
# cp ${CUR_DIR}/signing.key ${CUR_DIR}/${NAME}.key || :
|
||||
# fi
|
||||
# Not ready for this yet
|
||||
|
||||
echo Docker building ${NAME}
|
||||
${CUR_DIR}/docker+.bsh ${IMAGE_NAME} > ${CUR_DIR}/tmp.dockerfile
|
||||
$SUDO docker build -t git-lfs/$(basename ${IMAGE_NAME%.*}) -f ${CUR_DIR}/tmp.dockerfile ${CUR_DIR}
|
||||
$SUDO docker build -t git-lfs/${NAME} -f ${CUR_DIR}/tmp.dockerfile ${CUR_DIR}
|
||||
rm ${CUR_DIR}/tmp.dockerfile
|
||||
done
|
||||
|
||||
|
@ -22,8 +22,8 @@ rpmbuild --define "_topdir ${GIT_LFS_BUILD_DIR}/rpm" -ba ${GIT_LFS_BUILD_DIR}/rp
|
||||
|
||||
rsync -ra ${GIT_LFS_BUILD_DIR}/rpm/{SRPMS,RPMS} ${REPO_DIR}
|
||||
|
||||
if [ -s /tmp/signing.key ]; then
|
||||
gpg --allow-secret-key-import --import /tmp/signing.key || :
|
||||
if [ -s /tmp/*.key ]; then
|
||||
gpg --allow-secret-key-import --import /tmp/*.key || :
|
||||
find ${REPO_DIR} -name \*.rpm | xargs /tmp/rpm_sign.exp
|
||||
fi
|
||||
|
||||
|
4
docker/common.bsh
Normal file
4
docker/common.bsh
Normal file
@ -0,0 +1,4 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
: ${SUDO=`if ( [ ! -w /var/run/docker.sock ] && id -nG | grep -qwv docker && [ "${DOCKER_HOST:+dh}" != "dh" ] ) && which sudo > /dev/null 2>&1; then echo sudo; fi`}
|
||||
|
@ -21,8 +21,8 @@ git clean -xdf .
|
||||
|
||||
mkdir -p "${REPO_DIR}/conf/"
|
||||
sed 's|^Codename:.*|Codename: '${REPO_CODENAME}'|' /tmp/distributions > "${REPO_DIR}/conf/distributions"
|
||||
if [ -s /tmp/signing.key ]; then
|
||||
gpg --import /tmp/signing.key || :
|
||||
if [ -s /tmp/*.key ]; then
|
||||
gpg --import /tmp/*.key || :
|
||||
echo "SignWith: yes" >> "${REPO_DIR}/conf/distributions"
|
||||
echo ask-passphrase > "${REPO_DIR}/conf/options"
|
||||
|
||||
|
@ -6,6 +6,6 @@ SOURCE bootstrap_centos_7.dockerfile
|
||||
RUN rm -rf /tmp/docker_setup
|
||||
|
||||
#Add the simple build repo script
|
||||
COPY rpm_sign.exp signing.key centos_script.bsh /tmp/
|
||||
COPY rpm_sign.exp git-lfs_centos_7.key centos_script.bsh /tmp/
|
||||
|
||||
CMD /tmp/centos_script.bsh
|
||||
|
@ -10,6 +10,6 @@ apt-get install -y gnupg-agent gnupg2
|
||||
|
||||
VOLUME /tmp/gpg-agent
|
||||
|
||||
COPY .start_gpg-agent.bsh *.key /tmp/
|
||||
COPY .start_gpg-agent.bsh signing.key /tmp/
|
||||
|
||||
ENTRYPOINT /tmp/.start_gpg-agent.bsh
|
||||
CMD /tmp/.start_gpg-agent.bsh
|
@ -5,11 +5,17 @@ set -eu
|
||||
CUR_DIR=$(dirname ${BASH_SOURCE[0]})
|
||||
IMAGE_NAME=gpg-agent_debian_8
|
||||
|
||||
source ${CUR_DIR}/common.bsh
|
||||
|
||||
if [[ $# > 0 ]] && [ "$1" == "-r" ]; then
|
||||
${CUR_DIR}/gpg-agent_stop.bsh
|
||||
fi
|
||||
|
||||
${CUR_DIR}/gpg-agent_start.bsh
|
||||
|
||||
#wait at most 10 seconds
|
||||
for x in $(seq 10); do
|
||||
if docker exec -it git-lfs-gpg gpg-connect-agent --homedir=/tmp/gpg-agent /bye; then
|
||||
if $SUDO docker exec -it git-lfs-gpg gpg-connect-agent --homedir=/tmp/gpg-agent /bye; then
|
||||
break
|
||||
else
|
||||
sleep 1
|
||||
@ -17,4 +23,4 @@ for x in $(seq 10); do
|
||||
done
|
||||
|
||||
#I only need script cause of https://github.com/docker/docker/issues/8755 HORRAY BUGS!
|
||||
docker exec -it git-lfs-gpg script /dev/null -q -c 'gpg2 --homedir=/tmp/gpg-agent -o /dev/null -s /dev/null'
|
||||
$SUDO docker exec -it git-lfs-gpg script /dev/null -q -c 'gpg2 --homedir=/tmp/gpg-agent -o /dev/null -s /dev/null'
|
@ -5,6 +5,8 @@ set -eu
|
||||
CUR_DIR=$(dirname ${BASH_SOURCE[0]})
|
||||
IMAGE_NAME=gpg-agent_debian_8
|
||||
|
||||
source ${CUR_DIR}/common.bsh
|
||||
|
||||
if [ "$(docker inspect -f {{.State.Running}} git-lfs-gpg)" != "true" ]; then
|
||||
#Don't rebuild WHILE RUNNING
|
||||
if [[ ${DOCKER_AUTOBUILD-1} != 0 ]]; then
|
||||
@ -14,5 +16,5 @@ if [ "$(docker inspect -f {{.State.Running}} git-lfs-gpg)" != "true" ]; then
|
||||
OTHER_OPTIONS=("-e" "GPG_DEFAULT_CACHE=${GPG_DEFAULT_CACHE:-31536000}")
|
||||
OTHER_OPTIONS+=("-e" "GPG_MAX_CACHE=${GPG_MAX_CACHE:-31536000}")
|
||||
|
||||
docker run -d -t "${OTHER_OPTIONS[@]}" --name git-lfs-gpg git-lfs/${IMAGE_NAME} "${@}"
|
||||
${SUDO} docker run -d -t "${OTHER_OPTIONS[@]}" --name git-lfs-gpg git-lfs/${IMAGE_NAME} "${@}"
|
||||
fi
|
@ -2,10 +2,14 @@
|
||||
|
||||
set -eu
|
||||
|
||||
CUR_DIR=$(dirname ${BASH_SOURCE[0]})
|
||||
|
||||
source ${CUR_DIR}/common.bsh
|
||||
|
||||
function docker_wait(){
|
||||
# Image seconds
|
||||
for x in $(seq $2); do
|
||||
if [ "$(docker inspect -f {{.State.Running}} $1)" != "true" ]; then
|
||||
if [ "$($SUDO docker inspect -f {{.State.Running}} $1)" != "true" ]; then
|
||||
return 0
|
||||
else
|
||||
sleep 1
|
||||
@ -15,9 +19,9 @@ function docker_wait(){
|
||||
}
|
||||
|
||||
if ! docker_wait git-lfs-gpg 0; then
|
||||
docker exec -it git-lfs-gpg pkill gpg-agent || :
|
||||
$SUDO docker exec -it git-lfs-gpg pkill gpg-agent || :
|
||||
fi
|
||||
|
||||
docker_wait git-lfs-gpg 5 || :
|
||||
|
||||
docker rm -f git-lfs-gpg
|
||||
$SUDO docker rm -f git-lfs-gpg
|
@ -67,7 +67,7 @@ for DOCKER_FILE in "${IMAGES[@]}"; do
|
||||
echo "deb http://${REPO_HOSTNAME:-git-lfs.github.com}/debian/8 jessie main" > ${CUR_DIR}/git-lfs-main_8.list
|
||||
fi
|
||||
fi
|
||||
#END TODO
|
||||
#END TODO REMOVE
|
||||
|
||||
#Auto build docker unless DOCKER_AUTOBUILD=0
|
||||
if [[ ${DOCKER_AUTOBUILD-1} != 0 ]]; then
|
||||
@ -80,13 +80,18 @@ for DOCKER_FILE in "${IMAGES[@]}"; do
|
||||
if [ "${AUTO_REMOVE-1}" == "1" ]; then
|
||||
OTHER_OPTIONS+=("--rm")
|
||||
fi
|
||||
|
||||
#If you do decide to use the same key for all, this makes it easier
|
||||
if [ -x ${CUR_DIR}/signing.key ] && [ ! -x ${CUR_DIR}/${IMAGE_NAME}.key ]; then
|
||||
cp ${CUR_DIR}/signing.key ${CUR_DIR}/${IMAGE_NAME}.key || :
|
||||
fi
|
||||
|
||||
if [ -s ${CUR_DIR}/signing.key ]; then
|
||||
set +e
|
||||
source ${CUR_DIR}/preload_key.bsh
|
||||
set -e
|
||||
OTHER_OPTIONS+=("-e" "GPG_AGENT_INFO=${GPG_AGENT_INFO}")
|
||||
OTHER_OPTIONS+=("-v" "$(dirname ${GPG_AGENT_INFO}):$(dirname ${GPG_AGENT_INFO})")
|
||||
if [ -s ${CUR_DIR}/${IMAGE_NAME}.key ]; then
|
||||
${CUR_DIR}/gpg-agent_preload.bsh
|
||||
OTHER_OPTIONS+=("--volumes-from" "git-lfs-gpg")
|
||||
OTHER_OPTIONS+=("-e" "$(docker exec git-lfs-gpg cat /tmp/gpg-agent/gpg_agent_info)")
|
||||
#Do I need this? Or can I get away with hardcoding???
|
||||
#GPG_AGENT_INFO=/tmp/gpg-agent/S.gpg-agent:1:1
|
||||
fi
|
||||
|
||||
echo Compiling LFS in docker image ${IMAGE_NAME}
|
||||
|
Loading…
Reference in New Issue
Block a user