Last active
June 4, 2018 21:01
-
-
Save a7medkamel/769411e5cc4734c12cc436e98cb3b1ac to your computer and use it in GitHub Desktop.
git-crypt dockerfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM buildpack-deps:jessie | |
# Install git-crypt | |
RUN cd /tmp && \ | |
git clone https://github.com/AGWA/git-crypt.git && \ | |
cd git-crypt && \ | |
make && \ | |
make install PREFIX=/usr/local | |
# Install gnupg and gnupg-agent, gnupg-agent is used to keep and | |
# release the passphrase to git-crypt when the time comes | |
RUN apt-get update && \ | |
apt-get install -y gnupg && \ | |
apt-get install -y gnupg-agent | |
# Load code into the /src folder | |
COPY ./ /src | |
# Contains the GPG key's id `user@domain.com` | |
ARG GPG_UID=EMPTY | |
ENV GPG_UID ${GPG_UID} | |
# Contains the GPG key | |
ARG GPG_KEY=EMPTY | |
ENV GPG_KEY ${GPG_KEY} | |
# Contains the GPG key's passphrase | |
ARG GPG_PASSPHRASE=EMPTY | |
ENV GPG_PASSPHRASE ${GPG_PASSPHRASE} | |
WORKDIR /src | |
# 1. import the key into the gpg keyring | |
RUN echo "${GPG_KEY}" | gpg --passphrase "${GPG_PASSPHRASE}" --import && \ | |
# 2. configure gpg to use the gpg-agent | |
sed -i 's/# use-agent/use-agent/' ~/.gnupg/gpg.conf && \ | |
# 3. configure gpg to operate in non-tty mode | |
echo "no-tty" >> ~/.gnupg/gpg.conf && \ | |
# 4. start gpg-agent as a daemon and allow preset-passphrase | |
# |- GPG_AGENT_INFO=/tmp/gpg-wWKjdv/S.gpg-agent:8:1; export GPG_AGENT_INFO; | |
# |- eval output from gpg-agent start | |
eval `gpg-agent --daemon --allow-preset-passphrase` && \ | |
# 5. convert gpg passphrase to hex | |
GPG_PASSPHRASE_HEX=`echo -n "$GPG_PASSPHRASE" \ | |
| od -A n -t x1 \ | |
| sed 's/ *//g'` && \ | |
# 6. extract gpg key's sub key fingerprint | |
GPG_FINGERPRINT=`gpg --fingerprint --fingerprint $GPG_UID \ | |
| grep -Po "Key fingerprint = (.*)" \ | |
| tail -1 \ | |
| sed 's/Key fingerprint = //' | sed 's/ *//g'` && \ | |
# 7. store gpg key's passphrase in agent | |
gpg-connect-agent \ | |
"PRESET_PASSPHRASE $GPG_FINGERPRINT -1 $GPG_PASSPHRASE_HEX" \ | |
/bye && \ | |
# 8. ensure there is a git repo (incase this is a bare repository) | |
git init && \ | |
git-crypt unlock |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment