diff --git a/CHANGELOG.md b/CHANGELOG.md index 5d8adb1e3..34c5d6111 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ All notable changes to this project will be documented in this file. - hive: Only build and ship Hive metastore. This reduces the image size from `2.63GB` to `1.9GB` and should also reduce the number of dependencies ([#619], [#622]). - ubi8-rust-builder: Bump `protoc` from `21.5` to `26.1` ([#624]). - pass platform argument to preflight check ([#626]). +- nifi: provision stackable-bcrypt from Maven ([#663]) ### Fixed @@ -52,6 +53,7 @@ All notable changes to this project will be documented in this file. [#626]: https://github.com/stackabletech/docker-images/pull/626 [#628]: https://github.com/stackabletech/docker-images/pull/628 [#635]: https://github.com/stackabletech/docker-images/pull/635 +[#663]: https://github.com/stackabletech/docker-images/pull/663 ## [24.3.0] - 2024-03-20 diff --git a/nifi/Dockerfile b/nifi/Dockerfile index c9c03c224..507c28008 100644 --- a/nifi/Dockerfile +++ b/nifi/Dockerfile @@ -35,15 +35,23 @@ RUN microdnf update && \ RUN pip install --no-cache-dir nipyapi==0.19.1 +# The bcrypt tool is needed by NiFi to locally encrypt the admin password that is mounted as a secret in cleartext +# The source code is available at https://github.com/stackabletech/stackable-utils/tree/main/stackable-bcrypt +# The binaries are published to Nexus with: mvn clean deploy +# This jar used to be COPYed into the image from a local binary but it's not possible to do so anymore +# because /bin is owned by root and curl cannot write there unless it runs as root. +# This should be fixed by moving the jar to location under /stackable and updating the Nifi operator accordingly. +RUN curl --fail -L 'https://repo.stackable.tech/repository/m2/tech/stackable/nifi/stackable-bcrypt/1.0-SNAPSHOT/stackable-bcrypt-1.0-20240508.153334-1-jar-with-dependencies.jar' -o /bin/stackable-bcrypt.jar \ + && chown stackable:stackable /bin/stackable-bcrypt.jar + USER stackable WORKDIR /stackable -# The bcrypt tool is needed by NiFi to locally encrypt the admin password that is mounted as a secret in cleartext -COPY --chown=stackable:stackable nifi/bin/stackable-bcrypt-1.0-SNAPSHOT-jar-with-dependencies.jar /bin/stackable-bcrypt.jar COPY --chown=stackable:stackable nifi/stackable /stackable COPY --chown=stackable:stackable nifi/licenses /licenses COPY --chown=stackable:stackable nifi/python /stackable/python + # zip is different than tar and cannot be just piped, therefore the intermediate save and remove step to unzip RUN curl --fail -L https://repo.stackable.tech/repository/packages/nifi/nifi-${PRODUCT}-bin.zip -o /stackable/nifi-${PRODUCT}-bin.zip && \ unzip /stackable/nifi-${PRODUCT}-bin.zip && \ diff --git a/nifi/bin/stackable-bcrypt-1.0-SNAPSHOT-jar-with-dependencies.jar b/nifi/bin/stackable-bcrypt-1.0-SNAPSHOT-jar-with-dependencies.jar deleted file mode 100644 index 3ff4fe2ab..000000000 Binary files a/nifi/bin/stackable-bcrypt-1.0-SNAPSHOT-jar-with-dependencies.jar and /dev/null differ