madrob commented on code in PR #4: URL: https://github.com/apache/solr-docker/pull/4#discussion_r872742343
########## 9.0/Dockerfile: ########## @@ -39,24 +38,30 @@ ARG SOLR_ARCHIVE_URL="https://archive.apache.org/dist/solr/solr/$SOLR_VERSION/so RUN set -ex; \ apt-get update; \ - apt-get -y install wget gpg; \ + apt-get -y install wget gpg dirmngr; \ rm -rf /var/lib/apt/lists/*; \ export GNUPGHOME="/tmp/gnupg_home"; \ mkdir -p "$GNUPGHOME"; \ chmod 700 "$GNUPGHOME"; \ echo "disable-ipv6" >> "$GNUPGHOME/dirmngr.conf"; \ - for key in $SOLR_KEYS; do \ - found=''; \ - for server in \ - pgp.mit.edu \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - ; do \ - echo " trying $server for $key"; \ - gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \ - gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch $key from several disparate servers -- network issues?" && exit 1; \ + if [ -n "$SOLR_KEYS" ]; then \ + # Install all Solr GPG Keys + wget -nv "https://downloads.apache.org/solr/KEYS"; -O "SOLR_KEYS"; \ + gpg \ + --key-origin 'url,https://downloads.apache.org/solr/KEYS' \ + --import SOLR_KEYS; \ + rm SOLR_KEYS; \ + # Export the keys explicitly mentioned in the Dockerfile + gpg --export ${SOLR_KEYS} > SAVED_KEYS; \ + # Start from scratch + gpg --list-keys --with-colons \ + | awk -F: '$1 == "pub" && ($2 == "e" || $2 == "r") { print $5 }' \ + | xargs gpg --batch --yes --delete-keys; \ + # Re-import the keys that we saved \ + gpg --import SAVED_KEYS; \ + rm SAVED_KEYS; \ Review Comment: ``` * Supported filter names are: * * - keep-uid :: If the expression evaluates to true for a certain * user ID packet, that packet and all it dependencies * will be exported. The expression may use these * variables: * * - uid :: The entire user ID. * - mbox :: The mail box part of the user ID. * - primary :: Evaluate to true for the primary user ID. * * - drop-subkey :: If the expression evaluates to true for a subkey * packet that subkey and all it dependencies will be * remove from the keyblock. The expression may use these * variables: * * - secret :: 1 for a secret subkey, else 0. * - key_algo :: Public key algorithm id ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
