You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by ho...@apache.org on 2022/05/13 22:49:12 UTC

[solr] branch branch_9x updated: SOLR-16196: Use Solr KEYS in official Dockerfile (#861)

This is an automated email from the ASF dual-hosted git repository.

houston pushed a commit to branch branch_9x
in repository https://gitbox.apache.org/repos/asf/solr.git


The following commit(s) were added to refs/heads/branch_9x by this push:
     new 30ab87b6052 SOLR-16196: Use Solr KEYS in official Dockerfile (#861)
30ab87b6052 is described below

commit 30ab87b605253cc5d1a0cf5c65a30664ee11064d
Author: Houston Putman <ho...@apache.org>
AuthorDate: Fri May 13 18:45:00 2022 -0400

    SOLR-16196: Use Solr KEYS in official Dockerfile (#861)
    
    Also address other issues required by official images team.
    
    (cherry picked from commit f8d0d19f981feaf432c4de94187c1677ff48aba5)
---
 solr/docker/templates/Dockerfile.body.template     | 33 +++++++++++++---------
 .../templates/Dockerfile.official.header.template  | 27 ++++++++----------
 2 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/solr/docker/templates/Dockerfile.body.template b/solr/docker/templates/Dockerfile.body.template
index 0bcdd1faee9..58b93ae86fa 100644
--- a/solr/docker/templates/Dockerfile.body.template
+++ b/solr/docker/templates/Dockerfile.body.template
@@ -26,20 +26,14 @@
 #-#
 #-#
 
-# add symlink to /opt/solr, remove what we don't want.
-# Remove the Dockerfile because it might not represent the dockerfile that was used to generate the image.
-RUN set -ex; \
-  (cd /opt; ln -s solr-*/ solr); \
-  rm -Rf /opt/solr/docs /opt/solr/docker/Dockerfile;
-
-LABEL maintainer="The Apache Solr Project"
-LABEL url="https://solr.apache.org"
-LABEL repository="https://github.com/apache/solr"
-
-RUN set -ex; \
-    apt-get update; \
-    apt-get -y install acl dirmngr lsof procps wget netcat gosu tini jattach; \
-    rm -rf /var/lib/apt/lists/*;
+LABEL org.opencontainers.image.title="Apache Solr"
+LABEL org.opencontainers.image.description="Apache Solr is the popular, blazing-fast, open source search platform built on Apache Lucene."
+LABEL org.opencontainers.image.authors="The Apache Solr Project"
+LABEL org.opencontainers.image.url="https://solr.apache.org"
+LABEL org.opencontainers.image.source="https://github.com/apache/solr"
+LABEL org.opencontainers.image.documentation="https://solr.apache.org/guide/"
+LABEL org.opencontainers.image.version="${SOLR_VERSION}"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
 
 ENV SOLR_USER="solr" \
     SOLR_UID="8983" \
@@ -57,6 +51,12 @@ RUN set -ex; \
   groupadd -r --gid "$SOLR_GID" "$SOLR_GROUP"; \
   useradd -r --uid "$SOLR_UID" --gid "$SOLR_GID" "$SOLR_USER"
 
+# add symlink to /opt/solr, remove what we don't want.
+# Remove the Dockerfile because it might not represent the dockerfile that was used to generate the image.
+RUN set -ex; \
+  (cd /opt; ln -s solr-*/ solr); \
+  rm -Rf /opt/solr/docs /opt/solr/docker/Dockerfile;
+
 RUN set -ex; \
   mkdir -p /opt/solr/server/solr/lib /docker-entrypoint-initdb.d; \
   cp /opt/solr/bin/solr.in.sh /etc/default/solr.in.sh; \
@@ -68,6 +68,11 @@ RUN set -ex; \
   ln -s /opt/solr/modules /opt/solr/contrib; \
   ln -s /opt/solr/prometheus-exporter /opt/solr/modules/prometheus-exporter;
 
+RUN set -ex; \
+    apt-get update; \
+    apt-get -y install acl dirmngr lsof procps wget netcat gosu tini jattach; \
+    rm -rf /var/lib/apt/lists/*;
+
 VOLUME /var/solr
 EXPOSE 8983
 WORKDIR /opt/solr
diff --git a/solr/docker/templates/Dockerfile.official.header.template b/solr/docker/templates/Dockerfile.official.header.template
index 4715907baad..413f5112f2f 100644
--- a/solr/docker/templates/Dockerfile.official.header.template
+++ b/solr/docker/templates/Dockerfile.official.header.template
@@ -22,7 +22,6 @@
 FROM _REPLACE_BASE_IMAGE_
 
 # TODO: remove things that exist solely for downstream specialization since Dockerfile.local now exists for that
-# TODO: replace 3rd party keyservers with official Apache Solr KEYS url
 
 ARG SOLR_VERSION="_REPLACE_SOLR_VERSION_"
 ARG SOLR_SHA512="_REPLACE_SOLR_TGZ_SHA_"
@@ -44,26 +43,22 @@ ARG SOLR_ARCHIVE_URL="https://archive.apache.org/dist/solr/solr/$SOLR_VERSION/so
 
 RUN set -ex; \
   apt-get update; \
-  apt-get -y install wget gpg; \
+  apt-get -y install wget gpg dirmngr; \
   rm -rf /var/lib/apt/lists/*; \
   export GNUPGHOME="/tmp/gnupg_home"; \
   mkdir -p "$GNUPGHOME"; \
   chmod 700 "$GNUPGHOME"; \
   echo "disable-ipv6" >> "$GNUPGHOME/dirmngr.conf"; \
-  for key in $SOLR_KEYS; do \
-    found=''; \
-    for server in \
-      pgp.mit.edu \
-      keyserver.ubuntu.com \
-      hkp://keyserver.ubuntu.com:80 \
-    ; do \
-      echo "  trying $server for $key"; \
-      gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \
-      gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \
-    done; \
-    test -z "$found" && echo >&2 "error: failed to fetch $key from several disparate servers -- network issues?" && exit 1; \
-  done; \
-  MAX_REDIRECTS=2; \
+  if [ -n "$SOLR_KEYS" ]; then \
+    # Install all Solr GPG Keys to start
+    wget -nv "https://downloads.apache.org/solr/KEYS" -O- | \
+      gpg --batch --import --key-origin 'url,https://downloads.apache.org/solr/KEYS'; \
+    # Save just the release key
+    release_keys="$(gpg --batch --export -a ${SOLR_KEYS})"; \
+    rm -rf "$GNUPGHOME"/*; \
+    echo "${release_keys}" | gpg --batch --import; \
+  fi; \
+  MAX_REDIRECTS=3; \
   if [ -n "$SOLR_DOWNLOAD_URL" ]; then \
     # If a custom URL is defined, we download from non-ASF mirror URL and allow more redirects and skip GPG step
     # This takes effect only if the SOLR_DOWNLOAD_URL build-arg is specified, typically in downstream Dockerfiles