KrishVora2912 commented on code in PR #16664: URL: https://github.com/apache/kafka/pull/16664#discussion_r1694229575
########## docker/jvm/Dockerfile: ########## @@ -18,58 +18,63 @@ FROM eclipse-temurin:21-jre-alpine AS build-jsa -USER root - # Get kafka from https://archive.apache.org/dist/kafka and pass the url through build arguments ARG kafka_url +ARG GPG_KEY COPY jsa_launch /etc/kafka/docker/jsa_launch RUN set -eux ; \ - apk update ; \ - apk upgrade ; \ apk add --no-cache wget gcompat gpg gpg-agent procps bash; \ - mkdir opt/kafka; \ wget -nv -O kafka.tgz "$kafka_url"; \ wget -nv -O kafka.tgz.asc "$kafka_url.asc"; \ - tar xfz kafka.tgz -C /opt/kafka --strip-components 1; \ - wget -nv -O KEYS https://downloads.apache.org/kafka/KEYS; \ - gpg --import KEYS; \ + for server in ha.pool.sks-keyservers.net $(shuf -e \ + hkp://p80.pool.sks-keyservers.net:80 \ Review Comment: Hi @rzo1 ! Thanks for these suggestions! A few small queries here: > The guys from docker hub official won't like external download dependencies By this you mean that they wont approve of something along the lines of ``` wget -nv -O KEYS https://downloads.apache.org/kafka/KEYS; \ gpg --import KEYS; ``` correct? We did receive a comment from the Dockerhub folks regarding this (see Point 5 [here](https://github.com/docker-library/official-images/pull/16970#pullrequestreview-2151987928)). So we went along and changed the above approach. Now we pass the GPG_KEY as an argument/environment variable, and then use something along the lines of [this](https://github.com/apache/kafka/pull/16664/files#diff-f2767afd27bb49c8cd265401dc953f9bd14eb7062418bb35fe089e928cf5b13dR37-L39). I went through the approach followed by Storm, and that seems like a great way to approach this too. However, for Kafka, there are a lot of existing keys that are returned (see attached image), which might just inflate the length of the Dockerfile (hence we decided with the arg/env approach). In your experience, do you think the modified approach ([here](https://github.com/apache/kafka/pull/16664/files#diff-a7db7423c4ada0c09e7b71f05aeeba480b2b305b481004702cc63299259c0317R55), [here](https://github.com/apache/kafka/pull/16664/files#diff-a7db7423c4ada0c09e7b71f05aeeba480b2b305b481004702cc63299259c0317R31-L38) and [here](https://github.com/apache/kafka/pull/16664/files#diff-27e55a184b4d105f3922dbbed2250b084746361c81dc562429bade5b7459b544)) would be liked by the Dockerhub folks, or with the discussion you had for Storm, do you anticipate any issue in this approach too? Thanks a lot again! Krish. <img width="322" alt="image" src="https://github.com/user-attachments/assets/513d4196-d98d-4c92-bcc0-52fba51b1164";> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
