You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spark.apache.org by do...@apache.org on 2020/06/15 18:29:33 UTC

[spark] branch branch-3.0 updated: [SPARK-31994][K8S] Docker image should use `https` urls for only deb.debian.org mirrors

This is an automated email from the ASF dual-hosted git repository.

dongjoon pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/spark.git


The following commit(s) were added to refs/heads/branch-3.0 by this push:
     new 50be21f  [SPARK-31994][K8S] Docker image should use `https` urls for only deb.debian.org mirrors
50be21f is described below

commit 50be21f8a432feeb48313abd638de0d5e3d4b7e2
Author: Prashant Sharma <pr...@in.ibm.com>
AuthorDate: Mon Jun 15 11:26:03 2020 -0700

    [SPARK-31994][K8S] Docker image should use `https` urls for only deb.debian.org mirrors
    
    ### What changes were proposed in this pull request?
    At the moment, we switch to `https` urls for all the debian mirrors, but turns out some of the mirrors do not support. In this patch, we turn on https mode only for `deb.debian.org` mirror (as it supports SSL).
    
    ### Why are the changes needed?
    It appears, that security.debian.org does not support https.
    ```
    curl https://security.debian.org
    curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to security.debian.org:443
    ```
    
    While building the image, it fails in the following way.
    ```
    MacBook-Pro:spark prashantsharma$ bin/docker-image-tool.sh -r scrapcodes -t v3.1.0-1 build
    Sending build context to Docker daemon  222.1MB
    Step 1/18 : ARG java_image_tag=8-jre-slim
    Step 2/18 : FROM openjdk:${java_image_tag}
     ---> 381b20190cf7
    Step 3/18 : ARG spark_uid=185
     ---> Using cache
     ---> 65c06f86753c
    Step 4/18 : RUN set -ex &&     sed -i 's/http:/https:/g' /etc/apt/sources.list &&     apt-get update &&     ln -s /lib /lib64 &&     apt install -y bash tini libc6 libpam-modules krb5-user libnss3 procps &&     mkdir -p /opt/spark &&     mkdir -p /opt/spark/examples &&     mkdir -p /opt/spark/work-dir &&     touch /opt/spark/RELEASE &&     rm /bin/sh &&     ln -sv /bin/bash /bin/sh &&     echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su &&     chgrp root /etc/passwd && chmod [...]
     ---> Running in a3461dadd6eb
    + sed -i s/http:/https:/g /etc/apt/sources.list
    + apt-get update
    Ign:1 https://security.debian.org/debian-security buster/updates InRelease
    Err:2 https://security.debian.org/debian-security buster/updates Release
      Could not handshake: The TLS connection was non-properly terminated. [IP: 151.101.0.204 443]
    Get:3 https://deb.debian.org/debian buster InRelease [121 kB]
    Get:4 https://deb.debian.org/debian buster-updates InRelease [51.9 kB]
    Get:5 https://deb.debian.org/debian buster/main amd64 Packages [7905 kB]
    Get:6 https://deb.debian.org/debian buster-updates/main amd64 Packages [7868 B]
    Reading package lists...
    E: The repository 'https://security.debian.org/debian-security buster/updates Release' does not have a Release file.
    The command '/bin/sh -c set -ex &&     sed -i 's/http:/https:/g' /etc/apt/sources.list &&     apt-get update &&     ln -s /lib /lib64 &&     apt install -y bash tini libc6 libpam-modules krb5-user libnss3 procps &&     mkdir -p /opt/spark &&     mkdir -p /opt/spark/examples &&     mkdir -p /opt/spark/work-dir &&     touch /opt/spark/RELEASE &&     rm /bin/sh &&     ln -sv /bin/bash /bin/sh &&     echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su &&     chgrp root /etc/passwd  [...]
    Failed to build Spark JVM Docker image, please refer to Docker build output for details.
    ```
    
    So, if we limit the `https` support to only deb.debian.org, does the trick.
    
    ### Does this PR introduce _any_ user-facing change?
    No
    
    ### How was this patch tested?
    Manually, by building an image and testing it by running spark shell against it locally using kubernetes.
    
    Closes #28834 from ScrapCodes/spark-31994/debian_mirror_fix.
    
    Authored-by: Prashant Sharma <pr...@in.ibm.com>
    Signed-off-by: Dongjoon Hyun <do...@apache.org>
    (cherry picked from commit a7d0d353cd745391cf285039a4630b37754a56a0)
    Signed-off-by: Dongjoon Hyun <do...@apache.org>
---
 .../kubernetes/docker/src/main/dockerfiles/spark/Dockerfile             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/Dockerfile b/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/Dockerfile
index c1df215..cde9358 100644
--- a/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/Dockerfile
+++ b/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/Dockerfile
@@ -28,7 +28,7 @@ ARG spark_uid=185
 # docker build -t spark:latest -f kubernetes/dockerfiles/spark/Dockerfile .
 
 RUN set -ex && \
-    sed -i 's/http:/https:/g' /etc/apt/sources.list && \
+    sed -i 's/http:\/\/deb.\(.*\)/https:\/\/deb.\1/g' /etc/apt/sources.list && \
     apt-get update && \
     ln -s /lib /lib64 && \
     apt install -y bash tini libc6 libpam-modules krb5-user libnss3 && \


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org