Re: [PR] SOLR-17353 Bump gosu binary to v1.19 in docker images [solr]

via GitHub Thu, 09 Apr 2026 02:22:47 -0700


Copilot commented on code in PR #4273:
URL: https://github.com/apache/solr/pull/4273#discussion_r3056768141



##########
solr/docker/templates/Dockerfile.body.template:
##########
@@ -48,6 +48,25 @@ ENV SOLR_USER="solr" \
     SOLR_HOST_BIND="0.0.0.0" \
     SOLR_ZOOKEEPER_EMBEDDED_HOST="0.0.0.0"
 
+ARG GOSU_VERSION=1.19
+RUN set -eux; \
+    apt-get update; \
+    apt-get -y --no-install-recommends install curl acl lsof procps wget 
netcat-openbsd tini jattach gpg gnupg dirmngr; \
+    rm -rf /var/lib/apt/lists/*; \
+    dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+    wget -O /usr/local/bin/gosu 
"https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch}";;
 \
+    wget -O /tmp/gosu.asc 
"https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch}.asc";;
 \
+    export GNUPGHOME="$(mktemp -d)"; \

Review Comment:
   `GNUPGHOME` is created with default permissions. In this repo’s other Docker 
GPG verification logic, the GnuPG home is explicitly `chmod 700` before use; 
without that, gpg can emit “unsafe permissions” warnings and may fail in 
stricter configurations. Consider setting secure permissions on the temp 
GNUPGHOME directory before importing/verifying.
   ```suggestion
       export GNUPGHOME="$(mktemp -d)"; \
       chmod 700 "$GNUPGHOME"; \
   ```



##########
changelog/unreleased/SOLR-17353-docker-gosu-upgrade.yml:
##########
@@ -0,0 +1,32 @@
+# (DELETE ALL COMMENTS UP HERE AFTER FILLING THIS IN
+
+# See https://github.com/apache/solr/blob/main/dev-docs/changelog.adoc
+
+# If the change is minor, don't bother adding a changelog entry.
+# For `other` type entries, the threshold to bother with a changelog entry 
should be even higher.
+
+# title:
+#  * The audience is end-users and administrators, not committers.
+#  * Be short and focused on the user impact.  Multiple sentences is fine!
+#  * For technical/geeky details, prefer the commit message instead of 
changelog.
+#  * Reference JIRA issues like `SOLR-12345`, or if no JIRA but have a GitHub 
PR then `PR#12345`.
+
+# type:
+#  `added` for new features/improvements, opt-in by the user typically 
documented in the ref guide
+#  `changed` for improvements; not opt-in
+#  `fixed` for improvements that are deemed to have fixed buggy behavior
+#  `deprecated` for marking things deprecated
+#  `removed` for code removed
+#  `dependency_update` for updates to dependencies
+#  `other` for anything else, like large/significant refactorings, build 
changes,
+#    test infrastructure, or documentation.
+#    Most such changes are too small/minor to bother with a changelog entry.
+
+title: Docker gosu upgrade
+type:

Review Comment:
   This changelog entry still contains the scaffold/TODO comments (“DELETE ALL 
COMMENTS…” etc.). Changelog entries in this folder are expected to be concise, 
without the template guidance block.
   ```suggestion
   title: Docker gosu upgrade
   type: dependency_update
   ```



##########
changelog/unreleased/SOLR-17353-docker-gosu-upgrade.yml:
##########
@@ -0,0 +1,32 @@
+# (DELETE ALL COMMENTS UP HERE AFTER FILLING THIS IN
+
+# See https://github.com/apache/solr/blob/main/dev-docs/changelog.adoc
+
+# If the change is minor, don't bother adding a changelog entry.
+# For `other` type entries, the threshold to bother with a changelog entry 
should be even higher.
+
+# title:
+#  * The audience is end-users and administrators, not committers.
+#  * Be short and focused on the user impact.  Multiple sentences is fine!
+#  * For technical/geeky details, prefer the commit message instead of 
changelog.
+#  * Reference JIRA issues like `SOLR-12345`, or if no JIRA but have a GitHub 
PR then `PR#12345`.
+
+# type:
+#  `added` for new features/improvements, opt-in by the user typically 
documented in the ref guide
+#  `changed` for improvements; not opt-in
+#  `fixed` for improvements that are deemed to have fixed buggy behavior
+#  `deprecated` for marking things deprecated
+#  `removed` for code removed
+#  `dependency_update` for updates to dependencies
+#  `other` for anything else, like large/significant refactorings, build 
changes,
+#    test infrastructure, or documentation.
+#    Most such changes are too small/minor to bother with a changelog entry.
+
+title: Docker gosu upgrade
+type:

Review Comment:
   `type:` is currently empty. Please set it to an allowed value (e.g., 
`dependency_update` or `changed`) so the changelog tooling can categorize the 
entry correctly.
   ```suggestion
   type: dependency_update
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [PR] SOLR-17353 Bump gosu binary to v1.19 in docker images [solr]

Reply via email to