我正在尝试创建一个Apache Spark docker容器,主要用于自学目的。 所以,我知道(没有足够的细节)但是 log4j1.2.17 jar 存在漏洞问题。 话虽如此,我有以下 Dockerfile(一些内容已被剥离)
FROM ubuntu:20.04 #for having atleast python3.8
# avoid stuck build due to user prompt
ARG DEBIAN_FRONTEND=noninteractive
# Some apt-get commands here
# Install Spark
ENV SPARK_HOME /opt/spark
ENV PATH="${SPARK_HOME}/bin:${PATH}"
ENV PATH="${SPARK_HOME}/python:${PATH}"
ENV PYSPARK_PYTHON python3
ENV JAVA_HOME="/usr/lib/jvm/java-8-openjdk-amd64/jre"
# Download apache spark
RUN cd /
RUN wget https://dlcdn.apache.org/spark/spark-3.5.0/spark-3.5.0-bin-hadoop3.tgz
RUN tar zxvf spark-3.5.0-bin-hadoop3.tgz
RUN mv /spark-3.5.0-bin-hadoop3 $SPARK_HOME
RUN rm $SPARK_HOME/jars/log4j-1.2.17.jar <---- FAILS on this line
RUN wget -O $SPARK_HOME/jars/log4j-core-2.17.0.jar https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.17.0/log4j-core-2.17.0.jar
RUN wget -O $SPARK_HOME/jars/log4j-api-2.17.0.jar https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.17.0/log4j-api-2.17.0.jar
RUN wget -O $SPARK_HOME/jars/log4j-1.2-api-2.17.0.jar https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-1.2-api/2.17.0/log4j-1.2-api-2.17.0.jar
# Some more commands after this...
我通过 Jenkins 构建运行上述脚本。构建失败并显示
13:47:45 #14 0.296 rm: cannot remove '/opt/spark/jars/log4j-1.2.17.jar': No such file or directory
13:47:45 #14 ERROR: process "/bin/sh -c rm $SPARK_HOME/jars/log4j-1.2.17.jar" did not complete successfully: exit code: 1
13:47:45 ------
13:47:45 > [ 9/28] RUN rm /opt/spark/jars/log4j-1.2.17.jar:
13:47:45 0.296 rm: cannot remove '/opt/spark/jars/log4j-1.2.17.jar': No such file or directory
那么,
RUN rmlsrm对我可能遗漏的内容有什么想法或指示吗?
从 Spark 3.3 开始,不再使用 Log4j 1.x(参见升级说明)。因此,您可以删除处理日志记录的 4 行。