[jira] [Commented] (SOLR-15967) Add rpm repo for red hat based distros

[Jira]

    [ 
https://issues.apache.org/jira/browse/SOLR-15967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17524319#comment-17524319
 ] 

Martin Häcker commented on SOLR-15967:
--------------------------------------

[~janhoy] Am I reading this right that most of the people on the mailing list 
either didn't care or are planning to 'take a closer look' at updating? (I may 
be a bit pessimistic).

What do you make from that discussion? Do you lean towards documenting an 
aroach like this?

For what it's worth, I see regular security updates being installed in my daily 
patch builds. E.g.:

{code}
Apr 19 11:06:11 uni-bern.zms.hosting podman[31307]: STEP 1: FROM solr:8
Apr 19 11:06:13 uni-bern.zms.hosting podman[31307]: Getting image source 
signatures
Apr 19 11:06:14 uni-bern.zms.hosting podman[31307]: Copying blob 
sha256:9baf437a1badb6aad2dae5f2cd4a7b53a6c7ab6c14cba1ed1ecb42b4822b0e87
Apr 19 11:06:14 uni-bern.zms.hosting podman[31307]: Copying blob 
sha256:40d3c098d9d0b1f9d4e2bdc60de1f8b04b9838328574f3719e5f0d5306bd646d
Apr 19 11:06:14 uni-bern.zms.hosting podman[31307]: Copying blob 
sha256:6ade5c59e324bd7cf369c72ad781c23d37e8fb48c9bbb4abbecafafd9be4cc35
Apr 19 11:06:14 uni-bern.zms.hosting podman[31307]: Copying blob 
sha256:3d0950e7f796fc5b266ec0635e028f10b0a5b3855be74e97664ebdb6646bc203
Apr 19 11:06:14 uni-bern.zms.hosting podman[31307]: Copying blob 
sha256:dcd14d6b8adc38ba7cf7f795bb29d9df27ed0b0d945b0c072d056394dafdb9a0
Apr 19 11:06:15 uni-bern.zms.hosting podman[31307]: Copying blob 
sha256:dbba69284b2786013fe94fefe0c2e66a7d3cecbb20f6d691d71dac891ee37be5
Apr 19 11:06:16 uni-bern.zms.hosting podman[31307]: Copying blob 
sha256:36f077b94b8f4467d57d5213a40fa1eaf3207bd3efe4dfd17d77a1d95e2e989f
Apr 19 11:06:16 uni-bern.zms.hosting podman[31307]: Copying blob 
sha256:bb3070525cae02b3f831ab126610e40479c629c9399174a45cfe66e0b11aeca8
Apr 19 11:06:16 uni-bern.zms.hosting podman[31307]: Copying blob 
sha256:84a4ffdb796950d66abc08b573ac9a17957a8e37ffcec355c6ae75d8cc78b834
Apr 19 11:06:16 uni-bern.zms.hosting podman[31307]: Copying blob 
sha256:45acc6e4a0315e84b593edd2ede1a10aae8e7a73140e19aafcc78b5186e93b80
Apr 19 11:06:18 uni-bern.zms.hosting podman[31307]: Copying blob 
sha256:8f05c68c0c519d5e14fcb72db7d17c095b69aa0d69263d71864bf71db21b06d3
Apr 19 11:06:25 uni-bern.zms.hosting podman[31307]: Copying config 
sha256:ce1fcccc6f5e4caa6926df9fc1578ef134e9e4d3210c80795d9187300fb80112
Apr 19 11:06:25 uni-bern.zms.hosting podman[31307]: Writing manifest to image 
destination
Apr 19 11:06:25 uni-bern.zms.hosting podman[31307]: Storing signatures
Apr 19 11:06:39 uni-bern.zms.hosting podman[31307]: STEP 2: USER root
Apr 19 11:06:39 uni-bern.zms.hosting podman[31307]: 
9db990bf6793c3101ee0cd9e054c6b30f4ad191a58665a918524709cdcf8fd3a
Apr 19 11:06:39 uni-bern.zms.hosting podman[31307]: STEP 3: RUN apt-get update 
&& apt-get -y upgrade && apt-get clean
Apr 19 11:06:40 uni-bern.zms.hosting podman[31307]: Get:1 
http://deb.debian.org/debian bullseye InRelease [116 kB]
Apr 19 11:06:40 uni-bern.zms.hosting podman[31307]: Get:2 
http://security.debian.org/debian-security bullseye-security InRelease [44.1 kB]
Apr 19 11:06:40 uni-bern.zms.hosting podman[31307]: Get:3 
http://deb.debian.org/debian bullseye-updates InRelease [39.4 kB]
Apr 19 11:06:40 uni-bern.zms.hosting podman[31307]: Get:4 
http://security.debian.org/debian-security bullseye-security/main amd64 
Packages [126 kB]
Apr 19 11:06:41 uni-bern.zms.hosting podman[31307]: Get:5 
http://deb.debian.org/debian bullseye/main amd64 Packages [8182 kB]
Apr 19 11:06:41 uni-bern.zms.hosting podman[31307]: Get:6 
http://deb.debian.org/debian bullseye-updates/main amd64 Packages [2596 B]
Apr 19 11:06:42 uni-bern.zms.hosting podman[31307]: Fetched 8510 kB in 2s (3460 
kB/s)
Apr 19 11:06:43 uni-bern.zms.hosting podman[31307]: Reading package lists...
Apr 19 11:06:44 uni-bern.zms.hosting podman[31307]: Reading package lists...
Apr 19 11:06:44 uni-bern.zms.hosting podman[31307]: Building dependency tree...
Apr 19 11:06:44 uni-bern.zms.hosting podman[31307]: Reading state information...
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: Calculating upgrade...
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: The following packages will 
be upgraded:
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: gzip liblzma5 xz-utils 
zlib1g
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: 4 upgraded, 0 newly 
installed, 0 to remove and 0 not upgraded.
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: Need to get 612 kB of 
archives.
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: After this operation, 0 B 
of additional disk space will be used.
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: Get:1 
http://security.debian.org/debian-security bullseye-security/main amd64 gzip 
amd64 1.10-4+deb11u1 [132
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: Get:2 
http://security.debian.org/debian-security bullseye-security/main amd64 
liblzma5 amd64 5.2.5-2.1~deb11
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: Get:3 
http://security.debian.org/debian-security bullseye-security/main amd64 zlib1g 
amd64 1:1.2.11.dfsg-2+d
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: Get:4 
http://security.debian.org/debian-security bullseye-security/main amd64 
xz-utils amd64 5.2.5-2.1~deb11
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: debconf: delaying package 
configuration, since apt-utils is not installed
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: Fetched 612 kB in 0s (8865 
kB/s)
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: [613B blob data]
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: Preparing to unpack 
.../gzip_1.10-4+deb11u1_amd64.deb ...
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: Unpacking gzip 
(1.10-4+deb11u1) over (1.10-4) ...
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: Setting up gzip 
(1.10-4+deb11u1) ...
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: [613B blob data]
Apr 19 11:06:45 uni-bern.zms.hosting podman[31307]: Preparing to unpack 
.../liblzma5_5.2.5-2.1~deb11u1_amd64.deb ...
Apr 19 11:06:46 uni-bern.zms.hosting podman[31307]: Unpacking liblzma5:amd64 
(5.2.5-2.1~deb11u1) over (5.2.5-2) ...
Apr 19 11:06:46 uni-bern.zms.hosting podman[31307]: Setting up liblzma5:amd64 
(5.2.5-2.1~deb11u1) ...
Apr 19 11:06:46 uni-bern.zms.hosting podman[31307]: [613B blob data]
Apr 19 11:06:46 uni-bern.zms.hosting podman[31307]: Preparing to unpack 
.../zlib1g_1%3a1.2.11.dfsg-2+deb11u1_amd64.deb ...
Apr 19 11:06:46 uni-bern.zms.hosting podman[31307]: Unpacking zlib1g:amd64 
(1:1.2.11.dfsg-2+deb11u1) over (1:1.2.11.dfsg-2) ...
Apr 19 11:06:46 uni-bern.zms.hosting podman[31307]: Setting up zlib1g:amd64 
(1:1.2.11.dfsg-2+deb11u1) ...
Apr 19 11:06:46 uni-bern.zms.hosting podman[31307]: [613B blob data]
Apr 19 11:06:46 uni-bern.zms.hosting podman[31307]: Preparing to unpack 
.../xz-utils_5.2.5-2.1~deb11u1_amd64.deb ...
Apr 19 11:06:46 uni-bern.zms.hosting podman[31307]: Unpacking xz-utils 
(5.2.5-2.1~deb11u1) over (5.2.5-2) ...
Apr 19 11:06:46 uni-bern.zms.hosting podman[31307]: Setting up xz-utils 
(5.2.5-2.1~deb11u1) ...
Apr 19 11:06:46 uni-bern.zms.hosting podman[31307]: Processing triggers for 
libc-bin (2.31-13+deb11u3) ...
Apr 19 11:06:52 uni-bern.zms.hosting podman[31307]: 
b60e6ce0525bc386c7df19e57e8b086a4c5b57b5ba9ce1986bfa7178fdce9092
Apr 19 11:06:52 uni-bern.zms.hosting podman[31307]: STEP 4: USER solr
Apr 19 11:06:52 uni-bern.zms.hosting podman[31307]: STEP 5: COMMIT 
solr:8-security-updated
Apr 19 11:06:52 uni-bern.zms.hosting podman[31307]: 
c1b1f5b45f2e395daabcbb633bf80f7f0daddbedb2a1efd54320ca3957dd576c
Apr 19 11:06:52 uni-bern.zms.hosting podman[31307]: 
c1b1f5b45f2e395daabcbb633bf80f7f0daddbedb2a1efd54320ca3957dd576c
Apr 19 11:06:52 uni-bern.zms.hosting systemd[1]: Started Apache SOLR search 
engine.
{code}

I haven't checked in this concrete instance, but everything related to zlib is 
pretty much something I want to keep quite up to date after [this zlib 
vulnernerability|https://orca.security/resources/blog/zlib-memory-corruption-vulnerability-cve-2018-25032/],
 so I feel quite reaffirmed in my approach. 


> Add rpm repo for red hat based distros
> --------------------------------------
>
>                 Key: SOLR-15967
>                 URL: https://issues.apache.org/jira/browse/SOLR-15967
>             Project: Solr
>          Issue Type: New Feature
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: packages
>    Affects Versions: 8.11.1
>         Environment: # uname -a
> Linux my.host 3.10.0-1160.53.1.el7.x86_64 #1 SMP Fri Jan 14 13:59:45 UTC 2022 
> x86_64 x86_64 x86_64 GNU/Linux
>            Reporter: Martin Häcker
>            Priority: Major
>              Labels: centos, centos7, debian, fedora, ubuntu
>         Attachments: Skjermbilde 2022-02-01 kl. 15.17.02.png
>
>
> Hi there,
> it's surprisingly hard to install Solr in a way where I can guarantee to 
> automatically get updates, especially security updates in a reliable manner, 
> as well as get a documented way to start / run Solr on my distro of choice.
> What I am really looking for is an official rpm repository (and probably a 
> deb repo too) that I can add to my package manager and then install a package 
> that will give me all the updates I want, as well as starts the database with 
> a systemd file that is known good.
> I in particular am looking for a centos 7 repository.
> I think, that this would make installation of Solr so much easier.
> What do you say?



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org