Re: [PR] KIP-1028: AK 3.8.0 Docker Official Image Assets [kafka]

Tue, 13 Aug 2024 07:36:01 -0700 


KrishVora2912 commented on code in PR #16768:
URL: https://github.com/apache/kafka/pull/16768#discussion_r1715412057


##########
docker/docker_official_images/3.8.0/jvm/Dockerfile:
##########
@@ -18,58 +18,63 @@
 
 FROM eclipse-temurin:21-jre-alpine AS build-jsa
 
-USER root
-
-# Get Kafka from https://archive.apache.org/dist/kafka, url passed as env var, 
for version 3.7.0
-ENV kafka_url https://archive.apache.org/dist/kafka/3.7.0/kafka_2.13-3.7.0.tgz
+# Get Kafka from https://archive.apache.org/dist/kafka, url passed as env var, 
for version 3.8.0
+ENV kafka_url https://archive.apache.org/dist/kafka/3.8.0/kafka_2.13-3.8.0.tgz
+ENV GPG_KEY CF9500821E9557AEB04E026C05EEA67F87749E61
 
 COPY jsa_launch /etc/kafka/docker/jsa_launch
 
 RUN set -eux ; \
-    apk update ; \
-    apk upgrade ; \
     apk add --no-cache wget gcompat gpg gpg-agent procps bash; \
-    mkdir opt/kafka; \
     wget -nv -O kafka.tgz "$kafka_url"; \
     wget -nv -O kafka.tgz.asc "$kafka_url.asc"; \
-    tar xfz kafka.tgz -C /opt/kafka --strip-components 1; \
-    wget -nv -O KEYS https://downloads.apache.org/kafka/KEYS; \
-    gpg --import KEYS; \
+    for server in ha.pool.sks-keyservers.net $(shuf -e \
+                          hkp://p80.pool.sks-keyservers.net:80 \
+                          keyserver.ubuntu.com \
+                          hkp://keyserver.ubuntu.com:80 \
+                          pgp.mit.edu \
+                          hkp://keys.openpgp.org) ; do \
+      gpg --batch --keyserver "$server" --recv-keys "$GPG_KEY" && break || : ; 
\
+    done && \

Review Comment:
   Thanks for the review @whalelines !
   
   I went through the example, and made relevant changes to the Dockerfile:
   1. used GNUPGHOME
   2. Used only 2 keyservers - hkp://keys.openpgp.org and keyserver.ubuntu.com 
and removed the rest outdated keyservers
   3. Hardcoded the GPG_KEY inside the command itself
   4. Like 
[flink-docker](https://github.com/apache/flink-docker/blob/master/1.20/scala_2.12-java17-ubuntu/Dockerfile#L41),
 used the practice of adding `gpgconf --kill all` as part of verification 
commands.
   5. wget uses kafka_url env variable, which downloads from a https source
   
   Please let us know if these changes are okay, and if any more are needed. 
   Thank you again!



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to