emerkle826
commented
3 years ago I have 2 PRs to address this. One to simply add the key that was used to create the 4.0 release (PR #235). Another to import all the ASF keys for Cassandra (PR #237). Either PR should resolve the recent 4.0 Docker image build problem here. But as @pmcfadin said, adding all of the ASF keys will prevent the build from failing in the future should a new GPG key be used to create the tag/release.
The current dockerbuild template for Cassandra has hardcoded 4 members of the Cassandra PMC. Today's 4.0 release was built by a 5th person and as a result, broke on the key signing check.
https://github.com/docker-library/cassandra/blob/08bea513f803c366493d823aa81a81d73e21c93f/Dockerfile.template#L65-L74
A PR has been issued to add the 5th person, but this feels like a ticking time bomb dependency.
Ideally, the correct place to pull keys would be from the official ASF keys file for the project that authorizes the builds: https://dist.apache.org/repos/dist/release/cassandra/KEYS