georgew5656 opened a new pull request, #15264: URL: https://github.com/apache/druid/pull/15264
Fixes docker image build issues with apache/druid. ### Description Currently, trying to build the docker image fails with the following error when trying to grab the static bash utils. #16 0.263 wget: note: TLS certificate validation not implemented #16 0.297 wget: TLS error from peer (alert code 80): 80 #16 0.297 wget: error getting response: Connection reset by peer This seems to be caused by a SSL validation issue in busybox (it seems to happen for github.com but not google.com). I thought this might be fixed by moving to busybox 1.35.0, but I got the same error. To get this working, I moved the wget commands to another setup layer and copied the file into the distroless build. It seems like it would be better to switch to busybox 1.35.0 anyways (there is a critical CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-48174), although we technically just use the image for the setup tools, not sure if the CVE actually affects us. The issue with switching to busybox 1.35.0 is that we get the errors that were described in this pr: https://github.com/apache/druid/pull/14518 This can be remediated by also upgrading the distroless image to debian12, but there is no java11-debian12 distroless image, only a java17-debian12 image. As far as I know druid supports java17 as a target now so maybe this would be okay? I can make that change if people think it makes sense. I tested the new image and it ran fine. #### Release note Fix druid docker image ##### Key changed/added classes in this PR * `distribution/docker/Dockerfile` This PR has: - [X] been self-reviewed. - [ ] using the [concurrency checklist](https://github.com/apache/druid/blob/master/dev/code-review/concurrency.md) (Remove this item if the PR doesn't have any relation to concurrency.) - [ ] added documentation for new or modified features or behaviors. - [ ] a release note entry in the PR description. - [ ] added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links. - [ ] added or updated version, license, or notice information in [licenses.yaml](https://github.com/apache/druid/blob/master/dev/license.md) - [ ] added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader. - [ ] added unit tests or modified existing tests to cover new code paths, ensuring the threshold for [code coverage](https://github.com/apache/druid/blob/master/dev/code-review/code-coverage.md) is met. - [ ] added integration tests. - [X] been tested in a test Druid cluster. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
