install aptly 1.6.0 on debian bookworm

- based on debian:bookworm-slim
- install from new repos
- cleanup and reduce image size

Author: neolynx

Dockerfile

@@ -14,33 +14,31 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM debian:buster
+FROM debian:bookworm-slim
 
 LABEL maintainer="[email protected]"
 
 ARG DEBIAN_FRONTEND=noninteractive
 
 # Update APT repository & install packages (except aptly)
 RUN apt-get -q update \
-  && apt-get -y install \
-    bzip2 \
-    gnupg2 \
-    gpgv \
+  && apt-get -y --no-install-recommends install \
     graphviz \
     supervisor \
     nginx \
     curl \
-    xz-utils \
     apt-utils \
     gettext-base \
-    bash-completion
+    bash-completion \
+    gpg-agent \
+    ca-certificates
 
-RUN curl -sL https://www.aptly.info/pubkey.txt | gpg --dearmor | tee /etc/apt/trusted.gpg.d/aptly.gpg >/dev/null \
-  && echo "deb http://repo.aptly.info/ squeeze main" >> /etc/apt/sources.list
+RUN curl -sL -o /etc/apt/keyrings/aptly.asc http://www.aptly.info/pubkey.txt
+RUN echo "deb [signed-by=/etc/apt/keyrings/aptly.asc] http://repo.aptly.info/release bookworm main" > /etc/apt/sources.list.d/aptly.list
 
 # Install aptly package
 RUN apt-get -q update \
-  && apt-get -y install aptly=1.6.0 \
+  && apt-get -y --no-install-recommends install aptly=1.6.0 \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/*
 
@@ -59,8 +57,6 @@ COPY assets/supervisord.web.conf /etc/supervisor/conf.d/web.conf
 # Install scripts
 COPY assets/*.sh /opt/
 
-ADD https://raw.githubusercontent.com/aptly-dev/aptly/v1.6.0/completion.d/aptly /usr/share/bash-completion/completions/aptly
-
 RUN echo "if ! shopt -oq posix; then\n\
   if [ -f /usr/share/bash-completion/bash_completion ]; then\n\
     . /usr/share/bash-completion/bash_completion\n\

assets/keys_gen.sh

@@ -24,7 +24,7 @@ if [[ ! -d /opt/aptly/gpg/private-keys-v1.d/ ]] || [[ ! -f /opt/aptly/gpg/pubrin
 
   # If your system doesn't have a lot of entropy this may, take a long time
   # Google how-to create "artificial" entropy, if this gets stuck
-  gpg2 --batch --passphrase "${GPG_PASSPHRASE}" --quick-gen-key "${FULL_NAME} <${EMAIL_ADDRESS}>" default default 0
+  gpg --batch --passphrase "${GPG_PASSPHRASE}" --quick-gen-key "${FULL_NAME} <${EMAIL_ADDRESS}>" default default 0
 else
   echo "No need to generate the new GPG keypair"
 fi
@@ -37,8 +37,8 @@ if [[ ! -d /opt/aptly/public ]] ||
   mkdir -p /opt/aptly/public
   # Export only all public keys,
   # for export private keys use --export-secret-keys
-  gpg2 --export --armor > /opt/aptly/public/repo_signing.key
-  gpg2 --export > /opt/aptly/public/repo_signing.gpg
+  gpg --export --armor > /opt/aptly/public/repo_signing.key
+  gpg --export > /opt/aptly/public/repo_signing.gpg
 else
   echo "No need to export the GPG keys"
 fi