entrypoint.sh refactor

adoptium · Oct 30, 2023 · 4899ec7 · 4899ec7
1 parent cb465e1
commit 4899ec7
Show file tree

Hide file tree

Showing 18 changed files with 54 additions and 114 deletions.
diff --git a/11/jdk/alpine/Dockerfile b/11/jdk/alpine/Dockerfile
@@ -27,16 +27,10 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
 
 RUN set -eux; \
     apk add --no-cache \
-        # bash is required for the entrypoint script
-        # see https://github.com/adoptium/containers/issues/415
-        bash \
         # fontconfig and ttf-dejavu added to support serverside image generation by Java programs
         fontconfig ttf-dejavu \
         # java-cacerts added to support adding CA certificates to the Java keystore
         java-cacerts \
-        # fixes issues with apk del apk-tools
-        # see https://github.com/adoptium/containers/issues/136
-        libretls zlib \
         # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8
         musl-locales musl-locales-lang \
         tzdata \

diff --git a/11/jdk/alpine/entrypoint.sh b/11/jdk/alpine/entrypoint.sh
@@ -1,5 +1,5 @@
-#!/usr/bin/env bash
-# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details
+#!/bin/sh
+# Converted to shell to avoid the need for bash in the image
 
 set -e
 
@@ -9,19 +9,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
     # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty.
     # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the
     # system location, for whatever reason.
-    if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then
+    if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then
         cp -a /certificates/* /usr/local/share/ca-certificates/
     fi
 
-    CACERT=$JAVA_HOME/lib/security/cacerts
+    CACERT="$JAVA_HOME/lib/security/cacerts"
 
     # JDK8 puts its JRE in a subdirectory
     if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then
-        CACERT=$JAVA_HOME/jre/lib/security/cacerts
+        CACERT="$JAVA_HOME/jre/lib/security/cacerts"
     fi
 
-    # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we
-    # might as well just generate the truststore and skip the hooks.
+    # Update CA certificates and extract the trust store
     update-ca-certificates
 
     trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT"

diff --git a/11/jre/alpine/Dockerfile b/11/jre/alpine/Dockerfile
@@ -27,16 +27,10 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
 
 RUN set -eux; \
     apk add --no-cache \
-        # bash is required for the entrypoint script
-        # see https://github.com/adoptium/containers/issues/415
-        bash \
         # fontconfig and ttf-dejavu added to support serverside image generation by Java programs
         fontconfig ttf-dejavu \
         # java-cacerts added to support adding CA certificates to the Java keystore
         java-cacerts \
-        # fixes issues with apk del apk-tools
-        # see https://github.com/adoptium/containers/issues/136
-        libretls zlib \
         # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8
         musl-locales musl-locales-lang \
         tzdata \

diff --git a/11/jre/alpine/entrypoint.sh b/11/jre/alpine/entrypoint.sh
@@ -1,5 +1,5 @@
-#!/usr/bin/env bash
-# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details
+#!/bin/sh
+# Converted to shell to avoid the need for bash in the image
 
 set -e
 
@@ -9,19 +9,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
     # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty.
     # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the
     # system location, for whatever reason.
-    if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then
+    if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then
         cp -a /certificates/* /usr/local/share/ca-certificates/
     fi
 
-    CACERT=$JAVA_HOME/lib/security/cacerts
+    CACERT="$JAVA_HOME/lib/security/cacerts"
 
     # JDK8 puts its JRE in a subdirectory
     if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then
-        CACERT=$JAVA_HOME/jre/lib/security/cacerts
+        CACERT="$JAVA_HOME/jre/lib/security/cacerts"
     fi
 
-    # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we
-    # might as well just generate the truststore and skip the hooks.
+    # Update CA certificates and extract the trust store
     update-ca-certificates
 
     trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT"

diff --git a/17/jdk/alpine/Dockerfile b/17/jdk/alpine/Dockerfile
@@ -27,16 +27,10 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
 
 RUN set -eux; \
     apk add --no-cache \
-        # bash is required for the entrypoint script
-        # see https://github.com/adoptium/containers/issues/415
-        bash \
         # fontconfig and ttf-dejavu added to support serverside image generation by Java programs
         fontconfig ttf-dejavu \
         # java-cacerts added to support adding CA certificates to the Java keystore
         java-cacerts \
-        # fixes issues with apk del apk-tools
-        # see https://github.com/adoptium/containers/issues/136
-        libretls zlib \
         # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8
         musl-locales musl-locales-lang \
         # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351

diff --git a/17/jdk/alpine/entrypoint.sh b/17/jdk/alpine/entrypoint.sh
@@ -1,5 +1,5 @@
-#!/usr/bin/env bash
-# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details
+#!/bin/sh
+# Converted to shell to avoid the need for bash in the image
 
 set -e
 
@@ -9,19 +9,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
     # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty.
     # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the
     # system location, for whatever reason.
-    if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then
+    if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then
         cp -a /certificates/* /usr/local/share/ca-certificates/
     fi
 
-    CACERT=$JAVA_HOME/lib/security/cacerts
+    CACERT="$JAVA_HOME/lib/security/cacerts"
 
     # JDK8 puts its JRE in a subdirectory
     if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then
-        CACERT=$JAVA_HOME/jre/lib/security/cacerts
+        CACERT="$JAVA_HOME/jre/lib/security/cacerts"
     fi
 
-    # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we
-    # might as well just generate the truststore and skip the hooks.
+    # Update CA certificates and extract the trust store
     update-ca-certificates
 
     trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT"

diff --git a/17/jre/alpine/Dockerfile b/17/jre/alpine/Dockerfile
@@ -27,16 +27,10 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
 
 RUN set -eux; \
     apk add --no-cache \
-        # bash is required for the entrypoint script
-        # see https://github.com/adoptium/containers/issues/415
-        bash \
         # fontconfig and ttf-dejavu added to support serverside image generation by Java programs
         fontconfig ttf-dejavu \
         # java-cacerts added to support adding CA certificates to the Java keystore
         java-cacerts \
-        # fixes issues with apk del apk-tools
-        # see https://github.com/adoptium/containers/issues/136
-        libretls zlib \
         # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8
         musl-locales musl-locales-lang \
         # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351

diff --git a/17/jre/alpine/entrypoint.sh b/17/jre/alpine/entrypoint.sh
@@ -1,5 +1,5 @@
-#!/usr/bin/env bash
-# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details
+#!/bin/sh
+# Converted to shell to avoid the need for bash in the image
 
 set -e
 
@@ -9,19 +9,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
     # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty.
     # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the
     # system location, for whatever reason.
-    if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then
+    if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then
         cp -a /certificates/* /usr/local/share/ca-certificates/
     fi
 
-    CACERT=$JAVA_HOME/lib/security/cacerts
+    CACERT="$JAVA_HOME/lib/security/cacerts"
 
     # JDK8 puts its JRE in a subdirectory
     if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then
-        CACERT=$JAVA_HOME/jre/lib/security/cacerts
+        CACERT="$JAVA_HOME/jre/lib/security/cacerts"
     fi
 
-    # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we
-    # might as well just generate the truststore and skip the hooks.
+    # Update CA certificates and extract the trust store
     update-ca-certificates
 
     trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT"

diff --git a/21/jdk/alpine/Dockerfile b/21/jdk/alpine/Dockerfile
@@ -27,16 +27,10 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
 
 RUN set -eux; \
     apk add --no-cache \
-        # bash is required for the entrypoint script
-        # see https://github.com/adoptium/containers/issues/415
-        bash \
         # fontconfig and ttf-dejavu added to support serverside image generation by Java programs
         fontconfig ttf-dejavu \
         # java-cacerts added to support adding CA certificates to the Java keystore
         java-cacerts \
-        # fixes issues with apk del apk-tools
-        # see https://github.com/adoptium/containers/issues/136
-        libretls zlib \
         # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8
         musl-locales musl-locales-lang \
         # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351

diff --git a/21/jdk/alpine/entrypoint.sh b/21/jdk/alpine/entrypoint.sh
@@ -1,5 +1,5 @@
-#!/usr/bin/env bash
-# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details
+#!/bin/sh
+# Converted to shell to avoid the need for bash in the image
 
 set -e
 
@@ -9,19 +9,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
     # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty.
     # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the
     # system location, for whatever reason.
-    if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then
+    if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then
         cp -a /certificates/* /usr/local/share/ca-certificates/
     fi
 
-    CACERT=$JAVA_HOME/lib/security/cacerts
+    CACERT="$JAVA_HOME/lib/security/cacerts"
 
     # JDK8 puts its JRE in a subdirectory
     if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then
-        CACERT=$JAVA_HOME/jre/lib/security/cacerts
+        CACERT="$JAVA_HOME/jre/lib/security/cacerts"
     fi
 
-    # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we
-    # might as well just generate the truststore and skip the hooks.
+    # Update CA certificates and extract the trust store
     update-ca-certificates
 
     trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT"

diff --git a/21/jre/alpine/Dockerfile b/21/jre/alpine/Dockerfile
@@ -27,16 +27,10 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
 
 RUN set -eux; \
     apk add --no-cache \
-        # bash is required for the entrypoint script
-        # see https://github.com/adoptium/containers/issues/415
-        bash \
         # fontconfig and ttf-dejavu added to support serverside image generation by Java programs
         fontconfig ttf-dejavu \
         # java-cacerts added to support adding CA certificates to the Java keystore
         java-cacerts \
-        # fixes issues with apk del apk-tools
-        # see https://github.com/adoptium/containers/issues/136
-        libretls zlib \
         # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8
         musl-locales musl-locales-lang \
         # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351

diff --git a/21/jre/alpine/entrypoint.sh b/21/jre/alpine/entrypoint.sh
@@ -1,5 +1,5 @@
-#!/usr/bin/env bash
-# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details
+#!/bin/sh
+# Converted to shell to avoid the need for bash in the image
 
 set -e
 
@@ -9,19 +9,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
     # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty.
     # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the
     # system location, for whatever reason.
-    if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then
+    if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then
         cp -a /certificates/* /usr/local/share/ca-certificates/
     fi
 
-    CACERT=$JAVA_HOME/lib/security/cacerts
+    CACERT="$JAVA_HOME/lib/security/cacerts"
 
     # JDK8 puts its JRE in a subdirectory
     if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then
-        CACERT=$JAVA_HOME/jre/lib/security/cacerts
+        CACERT="$JAVA_HOME/jre/lib/security/cacerts"
     fi
 
-    # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we
-    # might as well just generate the truststore and skip the hooks.
+    # Update CA certificates and extract the trust store
     update-ca-certificates
 
     trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT"

diff --git a/8/jdk/alpine/Dockerfile b/8/jdk/alpine/Dockerfile
@@ -27,16 +27,10 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
 
 RUN set -eux; \
     apk add --no-cache \
-        # bash is required for the entrypoint script
-        # see https://github.com/adoptium/containers/issues/415
-        bash \
         # fontconfig and ttf-dejavu added to support serverside image generation by Java programs
         fontconfig ttf-dejavu \
         # java-cacerts added to support adding CA certificates to the Java keystore
         java-cacerts \
-        # fixes issues with apk del apk-tools
-        # see https://github.com/adoptium/containers/issues/136
-        libretls zlib \
         # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8
         musl-locales musl-locales-lang \
         tzdata \

diff --git a/8/jdk/alpine/entrypoint.sh b/8/jdk/alpine/entrypoint.sh
@@ -1,5 +1,5 @@
-#!/usr/bin/env bash
-# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details
+#!/bin/sh
+# Converted to shell to avoid the need for bash in the image
 
 set -e
 
@@ -9,19 +9,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
     # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty.
     # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the
     # system location, for whatever reason.
-    if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then
+    if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then
         cp -a /certificates/* /usr/local/share/ca-certificates/
     fi
 
-    CACERT=$JAVA_HOME/lib/security/cacerts
+    CACERT="$JAVA_HOME/lib/security/cacerts"
 
     # JDK8 puts its JRE in a subdirectory
     if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then
-        CACERT=$JAVA_HOME/jre/lib/security/cacerts
+        CACERT="$JAVA_HOME/jre/lib/security/cacerts"
     fi
 
-    # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we
-    # might as well just generate the truststore and skip the hooks.
+    # Update CA certificates and extract the trust store
     update-ca-certificates
 
     trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT"

diff --git a/8/jre/alpine/Dockerfile b/8/jre/alpine/Dockerfile
@@ -27,16 +27,10 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
 
 RUN set -eux; \
     apk add --no-cache \
-        # bash is required for the entrypoint script
-        # see https://github.com/adoptium/containers/issues/415
-        bash \
         # fontconfig and ttf-dejavu added to support serverside image generation by Java programs
         fontconfig ttf-dejavu \
         # java-cacerts added to support adding CA certificates to the Java keystore
         java-cacerts \
-        # fixes issues with apk del apk-tools
-        # see https://github.com/adoptium/containers/issues/136
-        libretls zlib \
         # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8
         musl-locales musl-locales-lang \
         tzdata \

diff --git a/8/jre/alpine/entrypoint.sh b/8/jre/alpine/entrypoint.sh
@@ -1,5 +1,5 @@
-#!/usr/bin/env bash
-# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details
+#!/bin/sh
+# Converted to shell to avoid the need for bash in the image
 
 set -e
 
@@ -9,19 +9,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
     # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty.
     # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the
     # system location, for whatever reason.
-    if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then
+    if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then
         cp -a /certificates/* /usr/local/share/ca-certificates/
     fi
 
-    CACERT=$JAVA_HOME/lib/security/cacerts
+    CACERT="$JAVA_HOME/lib/security/cacerts"
 
     # JDK8 puts its JRE in a subdirectory
     if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then
-        CACERT=$JAVA_HOME/jre/lib/security/cacerts
+        CACERT="$JAVA_HOME/jre/lib/security/cacerts"
     fi
 
-    # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we
-    # might as well just generate the truststore and skip the hooks.
+    # Update CA certificates and extract the trust store
     update-ca-certificates
 
     trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT"