HoustonPutman commented on code in PR #4: URL: https://github.com/apache/solr-docker/pull/4#discussion_r872703859
########## 9.0/Dockerfile: ########## @@ -131,6 +134,11 @@ RUN set -ex; \ ln -s /opt/solr/modules /opt/solr/contrib; \ ln -s /opt/solr/prometheus-exporter /opt/solr/modules/prometheus-exporter; +RUN set -ex; \ + apt-get update; \ + apt-get -y install acl dirmngr lsof procps wget netcat gosu tini jattach; \ Review Comment: This will eventually be auto-generated by `gradle createDockerfileOfficial`. We need this to work with the local dockerfile as well, which will not be installing `dirmngr` above. ########## 9.0/Dockerfile: ########## @@ -39,24 +38,30 @@ ARG SOLR_ARCHIVE_URL="https://archive.apache.org/dist/solr/solr/$SOLR_VERSION/so RUN set -ex; \ apt-get update; \ - apt-get -y install wget gpg; \ + apt-get -y install wget gpg dirmngr; \ rm -rf /var/lib/apt/lists/*; \ export GNUPGHOME="/tmp/gnupg_home"; \ mkdir -p "$GNUPGHOME"; \ chmod 700 "$GNUPGHOME"; \ echo "disable-ipv6" >> "$GNUPGHOME/dirmngr.conf"; \ - for key in $SOLR_KEYS; do \ - found=''; \ - for server in \ - pgp.mit.edu \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - ; do \ - echo " trying $server for $key"; \ - gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \ - gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch $key from several disparate servers -- network issues?" && exit 1; \ + if [ -n "$SOLR_KEYS" ]; then \ + # Install all Solr GPG Keys + wget -nv "https://downloads.apache.org/solr/KEYS"; -O "SOLR_KEYS"; \ + gpg \ + --key-origin 'url,https://downloads.apache.org/solr/KEYS' \ + --import SOLR_KEYS; \ + rm SOLR_KEYS; \ Review Comment: Going to do the pipe, it was throwing errors at me for this. ########## 9.0/Dockerfile: ########## @@ -39,24 +38,30 @@ ARG SOLR_ARCHIVE_URL="https://archive.apache.org/dist/solr/solr/$SOLR_VERSION/so RUN set -ex; \ apt-get update; \ - apt-get -y install wget gpg; \ + apt-get -y install wget gpg dirmngr; \ rm -rf /var/lib/apt/lists/*; \ export GNUPGHOME="/tmp/gnupg_home"; \ mkdir -p "$GNUPGHOME"; \ chmod 700 "$GNUPGHOME"; \ echo "disable-ipv6" >> "$GNUPGHOME/dirmngr.conf"; \ - for key in $SOLR_KEYS; do \ - found=''; \ - for server in \ - pgp.mit.edu \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - ; do \ - echo " trying $server for $key"; \ - gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \ - gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch $key from several disparate servers -- network issues?" && exit 1; \ + if [ -n "$SOLR_KEYS" ]; then \ + # Install all Solr GPG Keys + wget -nv "https://downloads.apache.org/solr/KEYS"; -O "SOLR_KEYS"; \ + gpg \ + --key-origin 'url,https://downloads.apache.org/solr/KEYS' \ + --import SOLR_KEYS; \ + rm SOLR_KEYS; \ + # Export the keys explicitly mentioned in the Dockerfile + gpg --export ${SOLR_KEYS} > SAVED_KEYS; \ + # Start from scratch + gpg --list-keys --with-colons \ + | awk -F: '$1 == "pub" && ($2 == "e" || $2 == "r") { print $5 }' \ + | xargs gpg --batch --yes --delete-keys; \ + # Re-import the keys that we saved \ + gpg --import SAVED_KEYS; \ + rm SAVED_KEYS; \ Review Comment: Was thinking of skipping this and figuring out a way to just accept the given key when validation below, but can't find a way to do that either. ########## 9.0/Dockerfile: ########## @@ -39,24 +38,30 @@ ARG SOLR_ARCHIVE_URL="https://archive.apache.org/dist/solr/solr/$SOLR_VERSION/so RUN set -ex; \ apt-get update; \ - apt-get -y install wget gpg; \ + apt-get -y install wget gpg dirmngr; \ rm -rf /var/lib/apt/lists/*; \ export GNUPGHOME="/tmp/gnupg_home"; \ mkdir -p "$GNUPGHOME"; \ chmod 700 "$GNUPGHOME"; \ echo "disable-ipv6" >> "$GNUPGHOME/dirmngr.conf"; \ - for key in $SOLR_KEYS; do \ - found=''; \ - for server in \ - pgp.mit.edu \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - ; do \ - echo " trying $server for $key"; \ - gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \ - gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch $key from several disparate servers -- network issues?" && exit 1; \ + if [ -n "$SOLR_KEYS" ]; then \ + # Install all Solr GPG Keys + wget -nv "https://downloads.apache.org/solr/KEYS"; -O "SOLR_KEYS"; \ + gpg \ + --key-origin 'url,https://downloads.apache.org/solr/KEYS' \ + --import SOLR_KEYS; \ + rm SOLR_KEYS; \ + # Export the keys explicitly mentioned in the Dockerfile + gpg --export ${SOLR_KEYS} > SAVED_KEYS; \ + # Start from scratch + gpg --list-keys --with-colons \ + | awk -F: '$1 == "pub" && ($2 == "e" || $2 == "r") { print $5 }' \ + | xargs gpg --batch --yes --delete-keys; \ + # Re-import the keys that we saved \ + gpg --import SAVED_KEYS; \ + rm SAVED_KEYS; \ Review Comment: Agree. I hate it, but I don't think there is a way to filter GPG keys on import. You can only filter user information and sub-keys. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
