-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrun.sh
More file actions
270 lines (225 loc) · 6.46 KB
/
run.sh
File metadata and controls
270 lines (225 loc) · 6.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
#!/bin/bash
set -a
declare -A debian
declare -A ubuntu
declare -A rpm
debian=(
["bullseye-dev"]="11"
["bullseye-prod"]="11"
["bookworm-dev"]="12"
["bookworm-prod"]="12"
["trixie-dev"]="13"
["trixie-prod"]="13"
)
ubuntu=(
["focal-dev"]="20.04"
["focal-prod"]="20.04"
["jammy-dev"]="22.04"
["jammy-prod"]="22.04"
["noble-dev"]="24.04"
["noble-prod"]="24.04"
)
rpm=(
["rhel7-dev"]="x86_64"
["rhel7-prod"]="x86_64"
["rhel8-dev"]="x86_64"
["rhel8-prod"]="x86_64"
["rhel9-dev"]="x86_64"
["rhel9-prod"]="x86_64"
["rhel10-dev"]="x86_64"
["rhel10-prod"]="x86_64"
)
# customisation hook
[[ -f /config/environment ]] && {
echo "loading environment file /config/environment"
. /config/environment
}
export DATA_BASE_DIR=${DATA_BASE_DIR:-"/data"}
export APT_REPO_BASE_DIR=${APT_REPO_BASE_DIR:-"${DATA_BASE_DIR}/apt"}
export APT_REPO_CONF_DIR=${APT_REPO_CONF_DIR:-"${APT_REPO_BASE_DIR}/conf"}
export RPM_REPO_BASE_DIR=${RPM_REPO_BASE_DIR:-"${DATA_BASE_DIR}/rpm"}
# gpg
export GNUPGHOME="${DATA_BASE_DIR}/.gnupg"
export GNUPGPUBKEY=${GNUPGPUBKEY:-/config/repoadm.pub.gpg}
export GNUPGPRIVKEY=${GNUPGPRIVKEY:-/config/repoadm.priv.gpg}
export GNUPGKEYID=""
# ssh
export SSHD_OPTS=${SSHD_OPTS:-"-f /sshd_config -D -e"}
export REPOADM_SSH_PORT=${REPOADM_SSH_PORT:-22}
grep -q "^Port ${REPOADM_SSH_PORT}" /sshd_config || {
sed -i "s/^Port .*$/Port ${REPOADM_SSH_PORT}/" /sshd_config
}
# users
export REPOADM_UID=${REPOADM_UID:-999}
export REPOADM_GID=${REPOADM_GID:-999}
export APT_UID=${APT_UID:-998}
export APT_GID=${APT_GID:-998}
function install_bashrc()
{
cat << EOF > ${DATA_BASE_DIR}/.bashrc
export GNUPGHOME=${GNUPGHOME}
export GNUPGKEYID=${GNUPGKEYID}
alias l='ls -CF'
alias la='ls -A'
alias ll='ls -alF'
alias ls='ls --color=auto'
EOF
}
function exiterr()
{
msg="$@"
exec >&2
echo $msg
exit 1
}
function gen_help()
{
cat << EOF >> /etc/repodata.motd
--------------------------------------------
# debian
# reprepro -b ${APT_REPO_BASE_DIR}/debian includedeb bookworm /tmp/opensvc-server_3.0.0_amd64.deb
# reprepro -b ${APT_REPO_BASE_DIR}/debian export
# reprepro -b ${APT_REPO_BASE_DIR}/debian list bookworm opensvc-server
# ubuntu
# reprepro -b ${APT_REPO_BASE_DIR}/ubuntu includedeb focal /tmp/opensvc-server_3.0.0_amd64.deb
# reprepro -b ${APT_REPO_BASE_DIR}/ubuntu export
# reprepro -b ${APT_REPO_BASE_DIR}/ubuntu list focal opensvc-server
# rpm
# createrepo_c --update ${RPM_REPO_BASE_DIR}/dev-opensvc-v3-rhel7/x86_64
EOF
}
function gen_options()
{
local f="$1"
local d="$2"
cat << EOF > ${f}
verbose
basedir ${APT_REPO_BASE_DIR}/${d}
gnupghome ${GNUPGHOME}
#ask-passphrase
EOF
}
function gen_incoming()
{
local f="$1"
local root="$2"
local dist="$3"
local allow="unstable>$dist"
[[ $dist == *"prod"* ]] && allow="stable>$dist"
cat << EOF >> ${f}
Name: in_${dist}
IncomingDir: ${root}/incoming/in_${dist}
TempDir: ${root}/tmp/in_${dist}
Allow: ${allow}
Cleanup: on_deny on_error
EOF
}
function gen_distro()
{
local f="$1"
local root="$2"
local dist="$3"
cat << EOF >> ${f}
Origin: repo
Label: repo-${dist}
Codename: ${dist}
Architectures: amd64 source
Components: main
Description: ${dist} repository
Tracking: minimal
DebOverride: ${dist}.override
DscOverride: ${dist}.override
Log: ${dist}.log
SignWith: ${GNUPGKEYID}
Limit: 10
EOF
}
function configure_debian_repo()
{
local base="${APT_REPO_BASE_DIR}/debian"
local conf="${base}/conf"
local options="${conf}/options"
[[ ! -d ${conf} ]] && mkdir -p ${conf} ${base}/tmp ${base}/incoming ${base}/logs
for f in distributions incoming
do
[[ -f ${conf}/${f} ]] && rm -f ${conf}/${f}
done
for key in "${!debian[@]}"; do
gen_distro ${conf}/distributions ${base} ${key}
mkdir -p ${base}/incoming/in_${key} ${base}/tmp/in_${key}
gen_incoming ${conf}/incoming ${base} ${key}
touch ${conf}/${key}.override
done
[[ ! -f ${options} ]] && gen_options ${options} debian
reprepro -b ${base} check
}
function configure_ubuntu_repo()
{
local base="${APT_REPO_BASE_DIR}/ubuntu"
local conf="${base}/conf"
local options="${conf}/options"
[[ ! -d ${conf} ]] && mkdir -p ${conf} ${base}/tmp ${base}/incoming ${base}/log
for f in distributions incoming
do
[[ -f ${conf}/${f} ]] && rm -f ${conf}/${f}
done
for key in "${!ubuntu[@]}"; do
gen_distro ${conf}/distributions ${base} ${key}
mkdir -p ${base}/incoming/in_${key} ${base}/tmp/in_${key}
gen_incoming ${conf}/incoming ${base} ${key}
touch ${conf}/${key}.override
done
[[ ! -f ${options} ]] && gen_options ${options} ubuntu
reprepro -b ${base} check
}
function configure_rpm_repo()
{
local base="${RPM_REPO_BASE_DIR}"
for key in "${!rpm[@]}"; do
[[ ! -d ${base}/${key} ]] && {
mkdir -p ${base}/${key}/${rpm["${key}"]}
createrepo_c ${base}/${key}/${rpm["${key}"]}
}
done
}
# gnupg setup
[[ ! -d ${GNUPGHOME} ]] && {
mkdir -p ${GNUPGHOME} && chmod 700 ${GNUPGHOME}
[[ -f ${GNUPGPUBKEY} ]] && {
gpg --import ${GNUPGPUBKEY} || exiterr "fail to import ${GNUPGPUBKEY}"
}
[[ -f ${GNUPGPRIVKEY} ]] && {
gpg --import ${GNUPGPRIVKEY} || exiterr "fail to import ${GNUPGPRIVKEY}"
}
}
# we expect a signing only subkey
GNUPGKEYID=$(gpg --list-keys --with-colons | awk -F: '/^sub/ { if ($12 ~ /s/ && $12 !~ /e/) print $5 }' | tail -1)
# repos debian
if [[ ${#debian[@]} -ne 0 ]]; then
configure_debian_repo
fi
# repos ubuntu
if [[ ${#ubuntu[@]} -ne 0 ]]; then
configure_ubuntu_repo
fi
# repos rpm
if [[ ${#rpm[@]} -ne 0 ]]; then
configure_rpm_repo
fi
# Configure a repoadm user (admin)
addgroup --gid $REPOADM_GID repoadm
adduser --system --shell /bin/bash --uid $REPOADM_UID --gid $REPOADM_GID --disabled-password repoadm && usermod -p '*' repoadm
# Configure an apt user (read only)
addgroup --gid $APT_GID apt
adduser --system --shell /bin/bash --uid $APT_UID --gid $APT_GID --disabled-password apt && usermod -p '*' apt
for user in repoadm apt
do
[[ -f /ssh/${user}-authorized_keys ]] && chown ${user}: /ssh/${user}-authorized_keys && chmod 600 /ssh/${user}-authorized_keys
usermod --home ${DATA_BASE_DIR} $user
done
install_bashrc
gen_help
cp $GNUPGPUBKEY ${DATA_BASE_DIR}/gpg.public.key.asc && chmod 644 ${DATA_BASE_DIR}/gpg.public.key.asc
chown -R repoadm:repoadm ${DATA_BASE_DIR} ${GNUPGHOME}
echo "=> Starting SSH server..."
exec /usr/sbin/sshd ${SSHD_OPTS}