VedarthConfluent commented on code in PR #16664: URL: https://github.com/apache/kafka/pull/16664#discussion_r1697877661
########## docker/jvm/Dockerfile: ########## @@ -18,58 +18,63 @@ FROM eclipse-temurin:21-jre-alpine AS build-jsa -USER root - # Get kafka from https://archive.apache.org/dist/kafka and pass the url through build arguments ARG kafka_url +ARG GPG_KEY COPY jsa_launch /etc/kafka/docker/jsa_launch RUN set -eux ; \ - apk update ; \ - apk upgrade ; \ apk add --no-cache wget gcompat gpg gpg-agent procps bash; \ - mkdir opt/kafka; \ wget -nv -O kafka.tgz "$kafka_url"; \ wget -nv -O kafka.tgz.asc "$kafka_url.asc"; \ - tar xfz kafka.tgz -C /opt/kafka --strip-components 1; \ - wget -nv -O KEYS https://downloads.apache.org/kafka/KEYS; \ - gpg --import KEYS; \ + for server in ha.pool.sks-keyservers.net $(shuf -e \ + hkp://p80.pool.sks-keyservers.net:80 \ + keyserver.ubuntu.com \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu \ + hkp://keys.openpgp.org) ; do \ + gpg --batch --keyserver "$server" --recv-keys "$GPG_KEY" && break || : ; \ + done && \ gpg --batch --verify kafka.tgz.asc kafka.tgz -# Generate jsa files using dynamic CDS for kafka server start command and kafka storage format command -RUN /etc/kafka/docker/jsa_launch +RUN mkdir opt/kafka; \ + tar xfz kafka.tgz -C /opt/kafka --strip-components 1; \ + # Generate jsa files using dynamic CDS for kafka server start command and kafka storage format command + /etc/kafka/docker/jsa_launch FROM eclipse-temurin:21-jre-alpine # exposed ports EXPOSE 9092 -USER root - # Get kafka from https://archive.apache.org/dist/kafka and pass the url through build arguments ARG kafka_url ARG build_date +ARG GPG_KEY - -LABEL org.label-schema.name="kafka" \ - org.label-schema.description="Apache Kafka" \ - org.label-schema.build-date="${build_date}" \ - org.label-schema.vcs-url="https://github.com/apache/kafka"; \ +LABEL org.opencontainers.image.title="kafka" \ + org.opencontainers.image.description="Apache Kafka" \ + org.opencontainers.image.created="${build_date}" \ + org.opencontainers.image.source="https://github.com/apache/kafka"; \ maintainer="Apache Kafka" RUN set -eux ; \ - apk update ; \ - apk upgrade ; \ apk add --no-cache wget gcompat gpg gpg-agent procps bash; \ - mkdir opt/kafka; \ wget -nv -O kafka.tgz "$kafka_url"; \ wget -nv -O kafka.tgz.asc "$kafka_url.asc"; \ - tar xfz kafka.tgz -C /opt/kafka --strip-components 1; \ - wget -nv -O KEYS https://downloads.apache.org/kafka/KEYS; \ - gpg --import KEYS; \ + for server in ha.pool.sks-keyservers.net $(shuf -e \ + hkp://p80.pool.sks-keyservers.net:80 \ Review Comment: Can we confirm that the list of key servers is going to cover all the GPG keys created in future? If not can we have a mechanism for the RM to add their GPG key server, if it's not present in the list. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
