[
https://issues.apache.org/jira/browse/SOLR-15129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17281464#comment-17281464
]
Chris M. Hostetter commented on SOLR-15129:
-------------------------------------------
{quote}... my thought was that the RM building the official image would use a
local .tar.gz that was just built, not one on some server.
{quote}
that only addresses the question of how the RM can have confidence that the
bits going into the docker iamge are the bits they just built – it doesn't
address the question of how a docker user (or the docker-library group for that
matter) can trust that the person who ran "docker push apache/solr:FOO" did so
using an image build fro mthe same bits that are uploaded to dist.apache.org –
something that can be verified with the current docker-solr process.
that's the crux of my concern: how far do we have to go in terms of
transparency / reproducibility of the {{apache/solr}} images for the
docker-library folks to be willing to let the {{_/solr}} images just be one
line {{FROM apache/solr:FOO}} wrappers?
My impression was that we would need/want to make the images as transparent as
possible, thus having a multistage build that could compile from source (see
SOLR-15127) seemed important – but that's all speculation based on what i've
seen in other Dockerfiles...
[~dsmiley] - a lot of these questions ultimately fall back on the
points/questions mak raised in the mailing list thread that spawned SOLR-15102
... have you (or jan) had a chance to follow up with the docker-library team
per mak's suggestion to sanity check what they expect/require/allow...
{quote}... I suggest Jan/David coordinate with @Tianon to see what is required
in terms of verification, base images choice, rebuilding requirements and
trigger mechanisms, and PR process changes. I would expect it to be fairly
straightforward.
{quote}
[http://mail-archives.apache.org/mod_mbox/lucene-dev/202101.mbox/%3C3CED9683-1DD2-4F08-97F9-4FC549EDE47D%40greenhills.co.uk%3E]
> Use the Solr TGZ artifact as Docker context
> -------------------------------------------
>
> Key: SOLR-15129
> URL: https://issues.apache.org/jira/browse/SOLR-15129
> Project: Solr
> Issue Type: Sub-task
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: master (9.0)
> Reporter: Houston Putman
> Priority: Major
>
> As discussed in SOLR-15127, there is a need for a unified Dockerfile that
> allows for release and local builds.
> This ticket is an attempt to achieve this by using the Solr distribution TGZ
> as the docker context to build from.
> Therefore release images would be completely reproducible by running:
> {{docker build -f solr-9.0.0/Dockerfile
> https://www.apache.org/dyn/closer.lua/lucene/solr/9.0.0/solr-9.0.0.tgz}}
> The changes to the Solr distribution would include adding a Dockerfile at
> {{solr-<version>/Dockerfile}}, adding the docker scripts under
> {{solr-<version>/docker}}, and adding a version file at
> {{solr-<version>/VERSION.txt}}.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
