You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Houston Putman (Jira)" <ji...@apache.org> on 2021/02/11 21:44:00 UTC
[jira] [Comment Edited] (SOLR-15129) Use the Solr TGZ artifact as
Docker context
[ https://issues.apache.org/jira/browse/SOLR-15129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17283393#comment-17283393 ]
Houston Putman edited comment on SOLR-15129 at 2/11/21, 9:43 PM:
-----------------------------------------------------------------
[~dsmiley], that's what the _/elasticsearch image looks like. It's a hardcoded sha reference of the image built within elastic.
{{FROM docker.elastic.co/elasticsearch/elasticsearch:7.10.1@sha256:5d8f1962907ef60746a8cf61c8a7f2b8755510ee36bdee0f65417f90a38a0139}}
We could certainly make that a part of the ReleaseWizard. It would stop us from doing incremental updates however for base images. I don't think that's a sticking point though.
As per Hoss' comments above about the git repository being hosted on apache hardware, and the binary release being hosted on mirrors, couldn't we use https://downloads.apache.org/lucene/solr/8.8.0/solr-8.8.0.tgz? That's hosted on apache hardware. I don't see a large difference in the security provided by the git repo vs the security provided by the tgz on apache hardware.
I can summarize our master plan and include the options we are looking at (github and binary release).
was (Author: houston):
[~dsmiley], that's what the _/elasticsearch image looks like. It's a hardcoded sha reference of the image built within elastic.
{{FROM docker.elastic.co/elasticsearch/elasticsearch:7.10.1@sha256:5d8f1962907ef60746a8cf61c8a7f2b8755510ee36bdee0f65417f90a38a0139}}
We could certainly make that a part of the ReleaseWizard. It would stop us from doing incremental updates however for base images. I don't think that's a sticking point though.
As per Hoss' comments above about the git repository being hosted on apache hardware, and the binary release being hosted on mirrors, couldn't we use https://downloads.apache.org/lucene/solr/8.8.0/solr-8.8.0.tgz? That's hosted on apache hardware. I don't see a large difference in the security provided by the git repo vs the security provided by the tgz on apache hardware.
I can summarize our master plan and have it be independent of which input we use (github or binary release), since I doubt that will make a difference in whether they accept it or not.
> Use the Solr TGZ artifact as Docker context
> -------------------------------------------
>
> Key: SOLR-15129
> URL: https://issues.apache.org/jira/browse/SOLR-15129
> Project: Solr
> Issue Type: Sub-task
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: master (9.0)
> Reporter: Houston Putman
> Priority: Major
>
> As discussed in SOLR-15127, there is a need for a unified Dockerfile that allows for release and local builds.
> This ticket is an attempt to achieve this by using the Solr distribution TGZ as the docker context to build from.
> Therefore release images would be completely reproducible by running:
> {{docker build -f solr-9.0.0/Dockerfile https://www.apache.org/dyn/closer.lua/lucene/solr/9.0.0/solr-9.0.0.tgz}}
> The changes to the Solr distribution would include adding a Dockerfile at {{solr-<version>/Dockerfile}}, adding the docker scripts under {{solr-<version>/docker}}, and adding a version file at {{solr-<version>/VERSION.txt}}.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org