mirror of https://github.com/apache/lucene.git
75 lines
3.3 KiB
Docker
75 lines
3.3 KiB
Docker
ARG BASE_IMAGE=openjdk:11-jre
|
|
|
|
FROM $BASE_IMAGE as downloader
|
|
|
|
ARG SOLR_VERSION
|
|
ARG SOLR_SHA512
|
|
ARG SOLR_KEYS
|
|
# If specified, this will override SOLR_DOWNLOAD_SERVER and all ASF mirrors. Typically used downstream for custom builds
|
|
ARG SOLR_DOWNLOAD_URL
|
|
|
|
# Override the solr download location with e.g.:
|
|
# docker build -t mine --build-arg SOLR_DOWNLOAD_SERVER=http://www-eu.apache.org/dist/lucene/solr .
|
|
ARG SOLR_DOWNLOAD_SERVER
|
|
# This is only applicable when SOLR_DOWNLOAD_URL is not provided. Skips the GPG check for Solr downloads.
|
|
ARG SKIP_GPG_CHECK="true"
|
|
|
|
ENV SOLR_CLOSER_URL="http://www.apache.org/dyn/closer.lua?filename=lucene/solr/$SOLR_VERSION/solr-$SOLR_VERSION.tgz&action=download" \
|
|
SOLR_DIST_URL="https://www.apache.org/dist/lucene/solr/$SOLR_VERSION/solr-$SOLR_VERSION.tgz" \
|
|
SOLR_ARCHIVE_URL="https://archive.apache.org/dist/lucene/solr/$SOLR_VERSION/solr-$SOLR_VERSION.tgz"
|
|
|
|
RUN set -ex; \
|
|
apt-get update; \
|
|
apt-get -y install dirmngr gpg wget; \
|
|
rm -rf /var/lib/apt/lists/*;
|
|
|
|
RUN set -ex; \
|
|
export GNUPGHOME="/tmp/gnupg_home"; \
|
|
mkdir -p "$GNUPGHOME"; \
|
|
chmod 700 "$GNUPGHOME"; \
|
|
echo "disable-ipv6" >> "$GNUPGHOME/dirmngr.conf"; \
|
|
for key in $SOLR_KEYS; do \
|
|
found=''; \
|
|
for server in \
|
|
ha.pool.sks-keyservers.net \
|
|
hkp://keyserver.ubuntu.com:80 \
|
|
hkp://p80.pool.sks-keyservers.net:80 \
|
|
pgp.mit.edu \
|
|
; do \
|
|
echo " trying $server for $key"; \
|
|
gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \
|
|
gpg --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$key" && found=yes && break; \
|
|
done; \
|
|
test -z "$found" && echo >&2 "error: failed to fetch $key from several disparate servers -- network issues?" && exit 1; \
|
|
done; \
|
|
exit 0
|
|
|
|
RUN set -ex; \
|
|
export GNUPGHOME="/tmp/gnupg_home"; \
|
|
MAX_REDIRECTS=1; \
|
|
if [ -n "$SOLR_DOWNLOAD_URL" ]; then \
|
|
# If a custom URL is defined, we download from non-ASF mirror URL and allow more redirects and skip GPG step
|
|
# This takes effect only if the SOLR_DOWNLOAD_URL build-arg is specified, typically in downstream Dockerfiles
|
|
MAX_REDIRECTS=4; \
|
|
SKIP_GPG_CHECK="true"; \
|
|
elif [ -n "$SOLR_DOWNLOAD_SERVER" ]; then \
|
|
SOLR_DOWNLOAD_URL="$SOLR_DOWNLOAD_SERVER/$SOLR_VERSION/solr-$SOLR_VERSION.tgz"; \
|
|
fi; \
|
|
for url in $SOLR_DOWNLOAD_URL $SOLR_CLOSER_URL $SOLR_DIST_URL $SOLR_ARCHIVE_URL; do \
|
|
if [ -f "/opt/solr-$SOLR_VERSION.tgz" ]; then break; fi; \
|
|
echo "downloading $url"; \
|
|
if wget -t 10 --max-redirect $MAX_REDIRECTS --retry-connrefused -nv "$url" -O "/opt/solr-$SOLR_VERSION.tgz"; then break; else rm -f "/opt/solr-$SOLR_VERSION.tgz"; fi; \
|
|
done; \
|
|
if [ ! -f "/opt/solr-$SOLR_VERSION.tgz" ]; then echo "failed all download attempts for solr-$SOLR_VERSION.tgz"; exit 1; fi; \
|
|
if [ "$SKIP_GPG_CHECK" != "true" ]; then \
|
|
echo "downloading $SOLR_ARCHIVE_URL.asc"; \
|
|
wget -nv "$SOLR_ARCHIVE_URL.asc" -O "/opt/solr-$SOLR_VERSION.tgz.asc"; \
|
|
echo "$SOLR_SHA512 */opt/solr-$SOLR_VERSION.tgz" | sha512sum -c -; \
|
|
(>&2 ls -l "/opt/solr-$SOLR_VERSION.tgz" "/opt/solr-$SOLR_VERSION.tgz.asc"); \
|
|
gpg --batch --verify "/opt/solr-$SOLR_VERSION.tgz.asc" "/opt/solr-$SOLR_VERSION.tgz"; \
|
|
else \
|
|
echo "Skipping GPG validation due to non-Apache build"; \
|
|
fi; \
|
|
{ command -v gpgconf; gpgconf --kill all || :; }; \
|
|
rm -r "$GNUPGHOME";
|