| #!/bin/bash |
| |
| function try { |
| echo "$@" |
| "$@" || exit 1 |
| } |
| |
| try mkdir -p /srv/aptly-publish-fs |
| try chown aptly-api:aptly-api /var/lib/aptly-api /srv/aptly-publish-fs |
| |
| # Note: if you change the listen address, make sure you change it in the |
| # Dockerfile as well! |
| export LISTEN_ADDRESS='0.0.0.0:8080' |
| export GIN_MODE='release' |
| export HOME='/var/lib/aptly-api' |
| |
| try install -d -o aptly-api -g aptly-api -m 700 "${HOME}/.gnupg" |
| try install -o aptly-api -g aptly-api -m 644 /etc/gpg-agent.conf "${HOME}/.gnupg/gpg-agent.conf" |
| |
| # Preload the GPG keyring and its passphrase so that releases can be done remotely from Jenkins |
| try gpg-agent --allow-preset-passphrase --homedir /var/lib/aptly-api/.gnupg --batch --daemon |
| try /usr/lib/gnupg2/gpg-preset-passphrase --preset $(cat "${HOME}/.keys/keygrip.txt") < "${HOME}/.keys/passphrase.txt" |
| |
| try exec sudo -u aptly-api -g aptly-api --preserve-env=GIN_MODE \ |
| /usr/bin/aptly api serve \ |
| -config=/etc/aptly-api.conf \ |
| -listen="${LISTEN_ADDRESS}" |
