[GitHub] [drill] luocooong opened a new pull request #2493: DRILL-8164: Upgrade metadata-extractor because of CVE-2022-24613
luocooong opened a new pull request #2493: URL: https://github.com/apache/drill/pull/2493 # [DRILL-8164](https://issues.apache.org/jira/browse/DRILL-8164): Upgrade metadata-extractor because of CVE-2022-24613 ## Description Also included the DRILL-8165 (Upgrade liquibase because of CVE-2022-0839). Please note that we should replace the `DatabaseFactory.getInstance()` with `Scope.getCurrentScope().getSingleton(DatabaseFactory.class)` once the following issue is resolved. https://github.com/liquibase/liquibase/issues/2349 ## Documentation N/A ## Testing Use the CI. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@drill.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [drill] jnturton commented on a change in pull request #2491: DRILL-8156: Declare and chown a /data VOLUME in the Drill Dockerfile
jnturton commented on a change in pull request #2491:
URL: https://github.com/apache/drill/pull/2491#discussion_r825277731
##
File path: Dockerfile
##
@@ -49,25 +49,33 @@ RUN mvn -Dmaven.artifact.threads=5 -T1C clean install
-DskipTests
# Get project version and copy built binaries into /opt/drill directory
RUN VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}'
--non-recursive exec:exec) \
&& mkdir /opt/drill \
- && mv distribution/target/apache-drill-${VERSION}/apache-drill-${VERSION}/*
/opt/drill
+ && mv distribution/target/apache-drill-${VERSION}/apache-drill-${VERSION}/*
/opt/drill \
+ && chmod -R +r /opt/drill
# Target image
# Set the BASE_IMAGE build arg when you invoke docker build.
FROM $BASE_IMAGE
-ENV DRILL_HOME=/opt/drill DRILL_USER=drilluser
+# Starts Drill in embedded mode and connects to Sqlline
+ENTRYPOINT $DRILL_HOME/bin/drill-embedded
-RUN mkdir $DRILL_HOME
+ENV DRILL_HOME=/opt/drill
+ENV DRILL_USER=drilluser
+ENV DRILL_USER_HOME=/var/lib/drill
+ENV DRILL_LOG_DIR=$DRILL_USER_HOME/log
+ENV DATA_VOL=/data
-RUN groupadd -g 999 $DRILL_USER \
- && useradd -r -u 999 -g $DRILL_USER $DRILL_USER -m -d /var/lib/drill \
- && chown -R $DRILL_USER: $DRILL_HOME
+RUN mkdir $DRILL_HOME $DATA_VOL
-USER $DRILL_USER
+RUN groupadd -g 999 $DRILL_USER \
+ && useradd -r -u 999 -g $DRILL_USER $DRILL_USER -m -d $DRILL_USER_HOME \
+ && chown $DRILL_USER: $DATA_VOL
-COPY --from=build --chown=$DRILL_USER /opt/drill $DRILL_HOME
+# A Docker volume where users may store persistent data, e.g. persistent Drill
+# config by specifying a Drill BOOT option of sys.store.provider.local.path:
"/data".
+VOLUME $DATA_VOL
-# Starts Drill in embedded mode and connects to Sqlline
-ENTRYPOINT $DRILL_HOME/bin/drill-embedded
Review comment:
@vvysotskyi no it was just one of the things that it was possible to
move above the COPY :) I don't think that this particular move helped with
image size at all so if we prefer ENTRYPOINT at the end then I can move it
back. Containers launched from this image do still correctly start up
drill-embedded even with the ENTRYPOINT higher up.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@drill.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [drill] jnturton commented on a change in pull request #2491: DRILL-8156: Declare and chown a /data VOLUME in the Drill Dockerfile
jnturton commented on a change in pull request #2491:
URL: https://github.com/apache/drill/pull/2491#discussion_r825278013
##
File path: Dockerfile
##
@@ -49,25 +49,33 @@ RUN mvn -Dmaven.artifact.threads=5 -T1C clean install
-DskipTests
# Get project version and copy built binaries into /opt/drill directory
RUN VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}'
--non-recursive exec:exec) \
&& mkdir /opt/drill \
- && mv distribution/target/apache-drill-${VERSION}/apache-drill-${VERSION}/*
/opt/drill
+ && mv distribution/target/apache-drill-${VERSION}/apache-drill-${VERSION}/*
/opt/drill \
+ && chmod -R +r /opt/drill
# Target image
# Set the BASE_IMAGE build arg when you invoke docker build.
FROM $BASE_IMAGE
-ENV DRILL_HOME=/opt/drill DRILL_USER=drilluser
+# Starts Drill in embedded mode and connects to Sqlline
+ENTRYPOINT $DRILL_HOME/bin/drill-embedded
-RUN mkdir $DRILL_HOME
+ENV DRILL_HOME=/opt/drill
+ENV DRILL_USER=drilluser
+ENV DRILL_USER_HOME=/var/lib/drill
+ENV DRILL_LOG_DIR=$DRILL_USER_HOME/log
+ENV DATA_VOL=/data
-RUN groupadd -g 999 $DRILL_USER \
- && useradd -r -u 999 -g $DRILL_USER $DRILL_USER -m -d /var/lib/drill \
- && chown -R $DRILL_USER: $DRILL_HOME
+RUN mkdir $DRILL_HOME $DATA_VOL
-USER $DRILL_USER
+RUN groupadd -g 999 $DRILL_USER \
Review comment:
Yes, thanks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@drill.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [drill] jnturton commented on a change in pull request #2491: DRILL-8156: Declare and chown a /data VOLUME in the Drill Dockerfile
jnturton commented on a change in pull request #2491:
URL: https://github.com/apache/drill/pull/2491#discussion_r825277731
##
File path: Dockerfile
##
@@ -49,25 +49,33 @@ RUN mvn -Dmaven.artifact.threads=5 -T1C clean install
-DskipTests
# Get project version and copy built binaries into /opt/drill directory
RUN VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}'
--non-recursive exec:exec) \
&& mkdir /opt/drill \
- && mv distribution/target/apache-drill-${VERSION}/apache-drill-${VERSION}/*
/opt/drill
+ && mv distribution/target/apache-drill-${VERSION}/apache-drill-${VERSION}/*
/opt/drill \
+ && chmod -R +r /opt/drill
# Target image
# Set the BASE_IMAGE build arg when you invoke docker build.
FROM $BASE_IMAGE
-ENV DRILL_HOME=/opt/drill DRILL_USER=drilluser
+# Starts Drill in embedded mode and connects to Sqlline
+ENTRYPOINT $DRILL_HOME/bin/drill-embedded
-RUN mkdir $DRILL_HOME
+ENV DRILL_HOME=/opt/drill
+ENV DRILL_USER=drilluser
+ENV DRILL_USER_HOME=/var/lib/drill
+ENV DRILL_LOG_DIR=$DRILL_USER_HOME/log
+ENV DATA_VOL=/data
-RUN groupadd -g 999 $DRILL_USER \
- && useradd -r -u 999 -g $DRILL_USER $DRILL_USER -m -d /var/lib/drill \
- && chown -R $DRILL_USER: $DRILL_HOME
+RUN mkdir $DRILL_HOME $DATA_VOL
-USER $DRILL_USER
+RUN groupadd -g 999 $DRILL_USER \
+ && useradd -r -u 999 -g $DRILL_USER $DRILL_USER -m -d $DRILL_USER_HOME \
+ && chown $DRILL_USER: $DATA_VOL
-COPY --from=build --chown=$DRILL_USER /opt/drill $DRILL_HOME
+# A Docker volume where users may store persistent data, e.g. persistent Drill
+# config by specifying a Drill BOOT option of sys.store.provider.local.path:
"/data".
+VOLUME $DATA_VOL
-# Starts Drill in embedded mode and connects to Sqlline
-ENTRYPOINT $DRILL_HOME/bin/drill-embedded
Review comment:
@vvysotskyi no it was just one of the things that it was possible to
move above the COPY :) I don't this particular move helped with image size at
all so if we prefer ENTRYPOINT at the end then I can move it back. Containers
launched from this image do still correctly start up drill-embedded even with
the ENTRYPOINT higher up.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@drill.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
