fix(spark-base): Add missing gpg keys in the spark project release keys

idirze · idirze · commit 980b0011181f · 2024-03-29T16:18:56.000+01:00
diff --git a/spark-base/Dockerfile b/spark-base/Dockerfile
@@ -32,6 +32,9 @@ ENV SPARK_VERSION    ${SPARK_VERSION}
 ENV HADOOP_VERSION   ${HADOOP_VERSION}
 ENV SCALA_VERSION    ${SCALA_VERSION}
 
+## Add missing gpg keys from https://downloads.apache.org/spark/KEYS
+COPY MISSING-GPG-KEYS.yml .
+
 RUN groupadd --system --gid=${spark_uid} spark && \
     useradd --system --uid=${spark_uid} --gid=spark spark
 
@@ -58,16 +61,19 @@ RUN set -ex;\
     curl --retry 3 --retry-all-errors -k ${SPARK_DIST_DOWNLOAD_URL}/${DIST}.tgz -o ${WORK_DIR}/spark.tgz; \
     curl --retry 3 --retry-all-errors -k ${SPARK_DIST_DOWNLOAD_URL}/${DIST}.tgz.asc -o ${WORK_DIR}/spark.tgz.asc; \
     curl --retry 3 --retry-all-errors -k https://downloads.apache.org/spark/KEYS -o ${WORK_DIR}/KEYS; \
+    MISSING_KEYS=($(cat MISSING-GPG-KEYS.yml | grep "keys:" -A300 | awk -F: '{ print $2 }' | tr -d '\n' | tr -d \"\" )); \
     export GNUPGHOME="$(mktemp -d)"; \
     gpg --batch --import ${WORK_DIR}/KEYS; \
+    gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys ${MISSING_KEYS} || true; \
+    gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys ${MISSING_KEYS} || true; \
     gpg --batch --verify ${WORK_DIR}/spark.tgz.asc ${WORK_DIR}/spark.tgz; \
     tar --strip-components=1 -zxvf ${WORK_DIR}/spark.tgz -C ${SPARK_HOME}/; \
     chown -R spark:spark ${SPARK_HOME}/; \
     mv ${SPARK_HOME}/kubernetes/dockerfiles/spark/decom.sh /opt/; \
     mv ${SPARK_HOME}/kubernetes/tests ${SPARK_HOME}/; \
     chmod a+x /opt/decom.sh; \
     gpgconf --kill all; \
-    rm -rf ${GNUPGHOME} ${WORK_DIR}; \
+    rm -rf ${GNUPGHOME} ${WORK_DIR} MISSING-GPG-KEYS.yml; \
     rm -fr ${SPARK_HOME}/conf rm -fr ${SPARK_HOME}/yarn rm -fr ${SPARK_HOME}/kubernetes
 
 COPY entrypoint.sh /opt/entrypoint.sh
diff --git a/spark-base/MISSING-GPG-KEYS.yml b/spark-base/MISSING-GPG-KEYS.yml
@@ -0,0 +1,23 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Some gpg keys are missing in the spark project release key https://downloads.apache.org/spark/KEYS
+## We add them manually thanks to apache/spark-docker official images repo:
+#### https://github.com/apache/spark-docker/blob/master/tools/template.py
+keys:
+  # issuer "yumwang@apache.org"
+  - "3.3.1": "86727D43E73A415F67A0B1A14E68B3E6CD473653"
