ARG BASE_IMAGE=openjdk:11-jre FROM $BASE_IMAGE as downloader ARG SOLR_VERSION ARG SOLR_SHA512 ARG SOLR_KEYS # If specified, this will override SOLR_DOWNLOAD_SERVER and all ASF mirrors. Typically used downstream for custom builds ARG SOLR_DOWNLOAD_URL # Override the solr download location with e.g.: # docker build -t mine --build-arg SOLR_DOWNLOAD_SERVER=http://www-eu.apache.org/dist/lucene/solr . ARG SOLR_DOWNLOAD_SERVER # This is only applicable when SOLR_DOWNLOAD_URL is not provided. Skips the GPG check for Solr downloads. ARG SKIP_GPG_CHECK="true" ENV SOLR_CLOSER_URL="http://www.apache.org/dyn/closer.lua?filename=lucene/solr/$SOLR_VERSION/solr-$SOLR_VERSION.tgz&action=download" \ SOLR_DIST_URL="https://www.apache.org/dist/lucene/solr/$SOLR_VERSION/solr-$SOLR_VERSION.tgz" \ SOLR_ARCHIVE_URL="https://archive.apache.org/dist/lucene/solr/$SOLR_VERSION/solr-$SOLR_VERSION.tgz" RUN set -ex; \ apt-get update; \ apt-get -y install dirmngr gpg wget; \ rm -rf /var/lib/apt/lists/*; RUN set -ex; \ export GNUPGHOME="/tmp/gnupg_home"; \ mkdir -p "$GNUPGHOME"; \ chmod 700 "$GNUPGHOME"; \ echo "disable-ipv6" >> "$GNUPGHOME/dirmngr.conf"; \ for key in $SOLR_KEYS; do \ found=''; \ for server in \ ha.pool.sks-keyservers.net \ hkp://keyserver.ubuntu.com:80 \ hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo " trying $server for $key"; \ gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \ gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch $key from several disparate servers -- network issues?" && exit 1; \ done; \ exit 0 RUN set -ex; \ export GNUPGHOME="/tmp/gnupg_home"; \ MAX_REDIRECTS=1; \ if [ -n "$SOLR_DOWNLOAD_URL" ]; then \ # If a custom URL is defined, we download from non-ASF mirror URL and allow more redirects and skip GPG step # This takes effect only if the SOLR_DOWNLOAD_URL build-arg is specified, typically in downstream Dockerfiles MAX_REDIRECTS=4; \ SKIP_GPG_CHECK="true"; \ elif [ -n "$SOLR_DOWNLOAD_SERVER" ]; then \ SOLR_DOWNLOAD_URL="$SOLR_DOWNLOAD_SERVER/$SOLR_VERSION/solr-$SOLR_VERSION.tgz"; \ fi; \ for url in $SOLR_DOWNLOAD_URL $SOLR_CLOSER_URL $SOLR_DIST_URL $SOLR_ARCHIVE_URL; do \ if [ -f "/opt/solr-$SOLR_VERSION.tgz" ]; then break; fi; \ echo "downloading $url"; \ if wget -t 10 --max-redirect $MAX_REDIRECTS --retry-connrefused -nv "$url" -O "/opt/solr-$SOLR_VERSION.tgz"; then break; else rm -f "/opt/solr-$SOLR_VERSION.tgz"; fi; \ done; \ if [ ! -f "/opt/solr-$SOLR_VERSION.tgz" ]; then echo "failed all download attempts for solr-$SOLR_VERSION.tgz"; exit 1; fi; \ if [ "$SKIP_GPG_CHECK" != "true" ]; then \ echo "downloading $SOLR_ARCHIVE_URL.asc"; \ wget -nv "$SOLR_ARCHIVE_URL.asc" -O "/opt/solr-$SOLR_VERSION.tgz.asc"; \ echo "$SOLR_SHA512 */opt/solr-$SOLR_VERSION.tgz" | sha512sum -c -; \ (>&2 ls -l "/opt/solr-$SOLR_VERSION.tgz" "/opt/solr-$SOLR_VERSION.tgz.asc"); \ gpg --batch --verify "/opt/solr-$SOLR_VERSION.tgz.asc" "/opt/solr-$SOLR_VERSION.tgz"; \ else \ echo "Skipping GPG validation due to non-Apache build"; \ fi; \ { command -v gpgconf; gpgconf --kill all || :; }; \ rm -r "$GNUPGHOME";