Merge commit '94d32c7b75a248f9ebd9d40a23f14faf3c324fd7'

alpine-cloud-images/CONFIGURATION.md

@@ -307,3 +307,8 @@ region, `true` or `false`/`null`.
 
 Determines whether the image will be encrypted when imported and published.
 Currently, only the **aws** cloud module supports this.
+
+### `repo_keys` array
+
+List of addtional repository keys to trust during the package installation phase.
+This allows pulling in custom apk packages by simple specifying the repository name in packages block.

alpine-cloud-images/alpine.pkr.hcl

@@ -174,6 +174,7 @@ build {
         "PACKAGES_NOSCRIPTS=${B.value.packages.noscripts}",
         "RELEASE=${B.value.release}",
         "REPOS=${B.value.repos}",
+        "REPO_KEYS=${B.value.repo_keys}",
         "SERVICES_ENABLE=${B.value.services.enable}",
         "SERVICES_DISABLE=${B.value.services.disable}",
         "VERSION=${B.value.version}",

alpine-cloud-images/image_config.py

@@ -151,6 +151,7 @@ class ImageConfig():
         # stringify arrays
         self.name = '-'.join(self.name)
         self.description = ' '.join(self.description)
+        self.repo_keys = ' '.join(self.repo_keys)
         self._resolve_motd()
         self._resolve_urls()
         self._stringify_repos()

alpine-cloud-images/scripts/setup

@@ -71,6 +71,12 @@ install_base() {
     mkdir -p "$TARGET/etc/apk"
     echo "$REPOS" > "$TARGET/etc/apk/repositories"
     cp -a /etc/apk/keys "$TARGET/etc/apk"
+
+    # shellcheck disable=SC2086
+    for key in $REPO_KEYS; do
+        wget -q $key -P "$TARGET/etc/apk/keys"
+    done
+
     # shellcheck disable=SC2086
     apk --root "$TARGET" --initdb --no-cache add $PACKAGES_ADD
     # shellcheck disable=SC2086