Home Explore Help
Register Sign In
fphammerle
/
docker-gpgit
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

functional draft (nc -N localhost 6156)

Fabian Peter Hammerle 4 years ago
commit
e3da267717
3 changed files with 124 additions and 0 deletions
Split View Show Diff Stats
  1. 76 0
      Dockerfile
  2. 37 0
      docker-compose.yml
  3. 11 0
      serve-gpgit.sh

+ 76 - 0
Dockerfile
View File 

@@ -0,0 +1,76 @@
 
+FROM alpine:3.11 as download
 
+RUN apk add --no-cache git
 
+# https://github.com/mikecardwell/gpgit/compare/master...EtiennePerot:master
 
+ARG GPGIT_CLONE_URL=https://github.com/EtiennePerot/gpgit.git
 
+ARG GPGIT_REVISION=e9432412f2eb6aca77fb4e7bb6fad41fcbfd8632
 
+RUN git clone "$GPGIT_CLONE_URL" /tmp/gpgit \
 
+    && cd /tmp/gpgit \
 
+    && git checkout "$GPGIT_REVISION" \
 
+    && ls -la
 
+
 
+FROM alpine:3.11 as service
 
+ARG CPANM_PACKAGE_VERSION=1.7044-r1
 
+ARG GNUPG_PACKAGE_VERSION=2.2.19-r0
 
+# ARG PERL_MIME_VERSION=3.031-r1
 
+ARG SOCAT_PACKAGE_VERSION=1.7.3.3-r1
 
+ARG TINI_PACKAGE_VERSION=0.18.0-r0
 
+ENV GNUPGHOME=/gnupg_home
 
+RUN apk add --no-cache \
 
+        gnupg=$GNUPG_PACKAGE_VERSION \
 
+        perl-app-cpanminus=$CPANM_PACKAGE_VERSION \
 
+        socat=$SOCAT_PACKAGE_VERSION \
 
+        tini=$TINI_PACKAGE_VERSION \
 
+    && adduser -S gpgit \
 
+    && mkdir -p "$GNUPGHOME" \
 
+    && chown gpgit "$GNUPGHOME" \
 
+    && chmod 700 "$GNUPGHOME"
 
+VOLUME $GNUPGHOME
 
+ARG PERL_MAIL_GNUPG_VERSION=0.23
 
+ARG PERL_MAIL_GNUPG_BUILD_PKGS="\
 
+    gcc \
 
+    libc-dev \
 
+    make \
 
+    perl-dev \
 
+    perl-module-build \
 
+    perl-test-deep \
 
+    perl-test-leaktrace \
 
+    wget"
 
+RUN apk add --no-cache \
 
+        $PERL_MAIL_GNUPG_BUILD_PKGS \
 
+        perl-capture-tiny \
 
+        perl-class-tiny \
 
+        perl-mailtools \
 
+        perl-moo \
 
+        perl-moox-types-mooselike \
 
+        perl-role-tiny \
 
+        perl-strictures \
 
+        perl-sub-quote \
 
+        perl-test-requires \
 
+        perl-try-tiny \
 
+        perl-type-tiny \
 
+    && echo TODO merge
 
+RUN apk add --no-cache perl-mime-tools
 
+RUN apk add --no-cache perl-list-moreutils
 
+RUN apk add --no-cache \
 
+        perl-scalar-list-utils \
 
+        perl-sub-uplevel \
 
+        perl-test-exception \
 
+        perl-test-fatal \
 
+        perl-test-output
 
+RUN apk add --no-cache perl-scalar-list-utils
 
+RUN echo TODO merge \
 
+    && (cpanm --notest Mail::GnuPG@$PERL_MAIL_GNUPG_VERSION \
 
+        || (cat /root/.cpanm/work/*/build.log; exit 1)) \
 
+    && apk del $PERL_MAIL_GNUPG_BUILD_PKGS
 
+ARG GPGIT_PATH=/usr/local/bin/gpgit
 
+COPY --from=download /tmp/gpgit/gpgit $GPGIT_PATH
 
+ENV GNUPG_IMPORT=""
 
+ENTRYPOINT ["tini", "--"]
 
+COPY serve-gpgit.sh /
 
+RUN chmod a+rx /serve-gpgit.sh
 
+USER gpgit
 
+# [string.ascii_lowercase.index(c) for c in 'gpgit']
 
+EXPOSE 6156/tcp
 
+# log level: notice
 
+ENV RECIPIENTS="gpgit@dev.null"
 
+CMD ["/serve-gpgit.sh"]

+ 37 - 0
docker-compose.yml
View File 

@@ -0,0 +1,37 @@
 
+version: '2.2'
 
+
 
+services:
 
+  gpgit:
 
+    build: .
 
+    image: fphammerle/gpgit
 
+    container_name: gpgit
 
+    environment:
 
+      GNUPG_IMPORT: |
 
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
 
+
 
+        mI0EXmHsUgEEALugZWonXUdFnWeWFuX55Lm7XhZIN79oEAat5ynZ0EGZM7pPRKUZ
 
+        LccQ2rHgYnAp1yGoSABhGyiRHTTZeYLPY7XCUbonMT4w2bYfP7L3ceRk5YG74xWB
 
+        X8txKYhYKchc/2nWyACYU2al2doEpnGQFWURcpxCpgFp26tGFvlJrCt7ABEBAAG0
 
+        I2dwZ2l0IHNlcnZpY2UgdGVzdCA8Z3BnaXRAZGV2Lm51bGw+iM4EEwEKADgWIQRg
 
+        OD7nR9/z4ow331JEBsqoQjs7NwUCXmHsUgIbAwULCQgHAgYVCgkICwIEFgIDAQIe
 
+        AQIXgAAKCRBEBsqoQjs7N3lVBACG8PN2oNdoGZ7S0JYfnMOlAD0HpSW1krS/3r6f
 
+        5n16X18SpupoUuEwtKVfGhhNYhNr/2FmOpZIiP2gM5+sctS7xbkD+qkP/Ko8jI0p
 
+        0HvdARh/jAd2uLdGemCcD2csr0rkGNJwqt42KGytmTYfZUKksyGrLtFxo3Lm0pCN
 
+        JqZmI7iNBF5h7FIBBAC6r/bJAo4PfL01ABZGyPFNFfjNjlPcJkx212w7/PJHdli0
 
+        E6u9m9+quOqK77IAFoRLeg/F700I0/tkoJz1tqgoyAugSFnfm+xyPjhI2eRpx+zj
 
+        676rGnd+rUKHh3doZW6fhol5yDC96cYtJMYTxqMmh/JtqzgNx3y7SQ87r+2hSQAR
 
+        AQABiLYEGAEKACAWIQRgOD7nR9/z4ow331JEBsqoQjs7NwUCXmHsUgIbDAAKCRBE
 
+        BsqoQjs7N+lAA/9AzHl4GjMIkNDYza6bXcYNDmFWpnm+3hNS7jkrV7y0XiOnnazV
 
+        s9xySySuyxIGNWRRY0jK73HgJzOjAX/5WZW3myUOCEnkNo651KXNnqoLbHrSB9uN
 
+        JpwmUTH6Ri42BHn4fVuBRGo2htJMMn4bAY5y1TCJJfwQc6W0+/XxFhbbZA==
 
+        =WiCD
 
+        -----END PGP PUBLIC KEY BLOCK-----
 
+    tmpfs:
 
+    - /gnupg_home,user=gpgit
 
+    ports:
 
+    - '127.0.0.1:6156:6156'
 
+    security_opt: [no-new-privileges]
 
+    # docker-compose >=2.2,<3
 
+    cpus: 0.4
 
+
 
+# https://docs.docker.com/compose/compose-file/compose-file-v2/

+ 11 - 0
serve-gpgit.sh
View File 

@@ -0,0 +1,11 @@
 
+#!/bin/sh
 
+
 
+set -x
 
+
 
+printenv GNUPG_IMPORT | gpg --import --import-options import-show
 
+
 
+for fingerprint in $(gpg --list-keys --with-colons | grep '^fpr:' | cut -d ':' -f 10); do
 
+    echo -e '5\ny\n' | gpg --command-fd 0 --batch --edit-key $fingerprint trust
 
+done
 
+
 
+exec socat -d -d -T4 tcp-l:6156,fork "exec:gpgit $RECIPIENTS"