This is an automated email from the ASF dual-hosted git repository.
rzo1 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/storm-docker.git
The following commit(s) were added to refs/heads/master by this push:
new c2b71af Fixes Storm 2.6.0 key retrieval
c2b71af is described below
commit c2b71af26ddf6248900759faa2f32cf5eeea2209
Author: Richard Zowalla <[email protected]>
AuthorDate: Wed Jan 17 09:04:20 2024 +0100
Fixes Storm 2.6.0 key retrieval
---
2.6.0/Dockerfile | 31 ++++++++++++++++++++++++++-----
automation/create-key-section.sh | 12 ++++++++++++
2 files changed, 38 insertions(+), 5 deletions(-)
diff --git a/2.6.0/Dockerfile b/2.6.0/Dockerfile
index a91620c..637f03a 100644
--- a/2.6.0/Dockerfile
+++ b/2.6.0/Dockerfile
@@ -30,6 +30,7 @@ RUN set -eux; \
ARG DISTRO_NAME=apache-storm-2.6.0
+
# Download Apache Storm, verify its PGP signature, untar and clean up
RUN set -eux; \
ddist() { \
@@ -50,16 +51,36 @@ RUN set -eux; \
done; \
[ -n "$success" ]; \
}; \
+ # Generated via automation/create-key-section.sh
+ importKeys() { \
+ for key in \
+ # Meng Li (Ethan Li CODE SIGNING KEY) <[email protected]>
+ 5167DE337E7370373499FC1DA4A672F11B5050C8 \
+ # Kishorkumar Vasantrao Patil (CODE SIGNING KEY)
<[email protected]>
+ 32C8C0BEE3D01AF46B6E24B0AC30BFA8FEF0711F \
+ # Govind Rajagopal Menon (Release Signing Key) <[email protected]>
+ 79B03D059E628478FC9F1D8B152CAD0C46E87B61 \
+ # Bipin Prasad (For Signing Apache Storm release)
<[email protected]>
+ 51379DA8A7AE5B02674EF15C134716AF768D9B6E \
+ # Aaron Gresch <[email protected]>
+ DA903F2CF9BBD42EAECFA9E45EA6FAEF09A4474D \
+ # Kishor Patil (The keys for signing Storm releases)
<[email protected]>
+ 6156BAC0C21A1991CF1B690AB2973D6F4A67943A \
+ # Richard Zowalla (Code Signing Key) <[email protected]>
+ B83D15E72253ED1104EB4FBBDAB472F0E5B8A431 \
+ ; do \
+ gpg --batch --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys
"$key" || \
+ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
+ gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
+ done; \
+ }; \
ddist "$DISTRO_NAME.tar.gz" "storm/$DISTRO_NAME/$DISTRO_NAME.tar.gz"; \
ddist "$DISTRO_NAME.tar.gz.asc"
"storm/$DISTRO_NAME/$DISTRO_NAME.tar.gz.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
- # Download the KEYS file from the authoritative source, which is the ASF
distribution webserver.
- # Don't rely on a single key only. Every release manager could have signed
that release.
- curl -s -O https://dist.apache.org/repos/dist/release/storm/KEYS; \
- gpg --import KEYS; \
+ importKeys; \
gpg --batch --verify "$DISTRO_NAME.tar.gz.asc" "$DISTRO_NAME.tar.gz"; \
tar -xzf "$DISTRO_NAME.tar.gz"; \
- rm -rf "$GNUPGHOME" "$DISTRO_NAME.tar.gz" "$DISTRO_NAME.tar.gz.asc"
"KEYS"; \
+ rm -rf "$GNUPGHOME" "$DISTRO_NAME.tar.gz" "$DISTRO_NAME.tar.gz.asc"; \
chown -R storm:storm "$DISTRO_NAME"
WORKDIR $DISTRO_NAME
diff --git a/automation/create-key-section.sh b/automation/create-key-section.sh
new file mode 100755
index 0000000..836c6e2
--- /dev/null
+++ b/automation/create-key-section.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+echo "importKeys() { \\"
+echo " for key in \\"
+docker run --rm buildpack-deps:bullseye-curl bash -c 'curl -fsSL
https://dist.apache.org/repos/dist/release/storm/KEYS | gpg --batch --import &>
/dev/null && gpg --batch --list-keys --with-fingerprint --with-colons' |\
+ awk -F: '$1 == "pub" && $2 == "-" { pub = 1 } pub && $1 == "fpr" { fpr = $10
} $1 == "sub" { pub = 0 } pub && fpr && $1 == "uid" && $2 == "-" { print " #",
$10; print " " fpr " \\"; pub = 0 }'
+echo " ; do \\"
+echo " gpg --batch --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys
\"\$key\" || \\"
+echo " gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys
\"\$key\" || \\"
+echo " gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys \"\$key\" ;
\\"
+echo " done; \\"
+echo "}; \\"
