madrob commented on code in PR #4: URL: https://github.com/apache/solr-docker/pull/4#discussion_r872656853
########## 9.0/Dockerfile: ########## @@ -131,6 +134,11 @@ RUN set -ex; \ ln -s /opt/solr/modules /opt/solr/contrib; \ ln -s /opt/solr/prometheus-exporter /opt/solr/modules/prometheus-exporter; +RUN set -ex; \ + apt-get update; \ + apt-get -y install acl dirmngr lsof procps wget netcat gosu tini jattach; \ Review Comment: We already installed `dirmngr` above, I think? ########## 9.0/Dockerfile: ########## @@ -87,22 +92,14 @@ RUN set -ex; \ tar -C /opt --extract --preserve-permissions --file "/opt/solr-$SOLR_VERSION.tgz"; \ rm "/opt/solr-$SOLR_VERSION.tgz"*; - - -# add symlink to /opt/solr, remove what we don't want. -# Remove the Dockerfile because it might not represent the dockerfile that was used to generate the image. -RUN set -ex; \ - (cd /opt; ln -s solr-*/ solr); \ - rm -Rf /opt/solr/docs /opt/solr/docker/Dockerfile; - -LABEL maintainer="The Apache Solr Project" -LABEL url="https://solr.apache.org"; -LABEL repository="https://github.com/apache/solr"; - -RUN set -ex; \ - apt-get update; \ - apt-get -y install acl dirmngr lsof procps wget netcat gosu tini jattach; \ - rm -rf /var/lib/apt/lists/*; +LABEL org.opencontainers.image.title="Apache Solr" +LABEL org.opencontainers.image.description="Apache Solr is the popular, blazing-fast, open source search platform built on Apache Lucene." +LABEL org.opencontainers.image.authors="The Apache Solr Project" +LABEL org.opencontainers.image.url="https://solr.apache.org"; +LABEL org.opencontainers.image.source="https://github.com/apache/solr"; +LABEL org.opencontainers.image.documentation="https://solr.apache.org/guide/"; +LABEL org.opencontainers.image.version="9.0.0" Review Comment: We have to update this manually each time? ########## 9.0/Dockerfile: ########## @@ -39,24 +38,30 @@ ARG SOLR_ARCHIVE_URL="https://archive.apache.org/dist/solr/solr/$SOLR_VERSION/so RUN set -ex; \ apt-get update; \ - apt-get -y install wget gpg; \ + apt-get -y install wget gpg dirmngr; \ rm -rf /var/lib/apt/lists/*; \ export GNUPGHOME="/tmp/gnupg_home"; \ mkdir -p "$GNUPGHOME"; \ chmod 700 "$GNUPGHOME"; \ echo "disable-ipv6" >> "$GNUPGHOME/dirmngr.conf"; \ - for key in $SOLR_KEYS; do \ - found=''; \ - for server in \ - pgp.mit.edu \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - ; do \ - echo " trying $server for $key"; \ - gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \ - gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch $key from several disparate servers -- network issues?" && exit 1; \ + if [ -n "$SOLR_KEYS" ]; then \ + # Install all Solr GPG Keys + wget -nv "https://downloads.apache.org/solr/KEYS"; -O "SOLR_KEYS"; \ + gpg \ + --key-origin 'url,https://downloads.apache.org/solr/KEYS' \ + --import SOLR_KEYS; \ + rm SOLR_KEYS; \ Review Comment: You can use an in-place fd, or even pipe `wget | gpg` and it should read from stdin instead of needing to keep an extra file ```suggestion gpg \ --key-origin 'url,https://downloads.apache.org/solr/KEYS' \ --import <(wget -nv "https://downloads.apache.org/solr/KEYS"; -O-); \ ``` ########## 9.0/Dockerfile: ########## @@ -39,24 +38,30 @@ ARG SOLR_ARCHIVE_URL="https://archive.apache.org/dist/solr/solr/$SOLR_VERSION/so RUN set -ex; \ apt-get update; \ - apt-get -y install wget gpg; \ + apt-get -y install wget gpg dirmngr; \ rm -rf /var/lib/apt/lists/*; \ export GNUPGHOME="/tmp/gnupg_home"; \ mkdir -p "$GNUPGHOME"; \ chmod 700 "$GNUPGHOME"; \ echo "disable-ipv6" >> "$GNUPGHOME/dirmngr.conf"; \ - for key in $SOLR_KEYS; do \ - found=''; \ - for server in \ - pgp.mit.edu \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - ; do \ - echo " trying $server for $key"; \ - gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \ - gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch $key from several disparate servers -- network issues?" && exit 1; \ + if [ -n "$SOLR_KEYS" ]; then \ + # Install all Solr GPG Keys + wget -nv "https://downloads.apache.org/solr/KEYS"; -O "SOLR_KEYS"; \ + gpg \ + --key-origin 'url,https://downloads.apache.org/solr/KEYS' \ + --import SOLR_KEYS; \ + rm SOLR_KEYS; \ + # Export the keys explicitly mentioned in the Dockerfile + gpg --export ${SOLR_KEYS} > SAVED_KEYS; \ + # Start from scratch + gpg --list-keys --with-colons \ + | awk -F: '$1 == "pub" && ($2 == "e" || $2 == "r") { print $5 }' \ + | xargs gpg --batch --yes --delete-keys; \ + # Re-import the keys that we saved \ + gpg --import SAVED_KEYS; \ + rm SAVED_KEYS; \ Review Comment: This is so awkward... I'm looking into whether there's an easier way. There should be. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
