From 699d31d647c2e48707d0cfeb291f1784b5821fa0 Mon Sep 17 00:00:00 2001 From: George Adams Date: Tue, 22 Oct 2024 13:57:22 +0100 Subject: [PATCH] add gpg verification to downloads (#673) --- 11/jdk/alpine/Dockerfile | 8 ++++++++ 11/jdk/ubi/ubi9-minimal/Dockerfile | 6 ++++++ 11/jdk/ubuntu/focal/Dockerfile | 8 ++++++++ 11/jdk/ubuntu/jammy/Dockerfile | 8 ++++++++ 11/jdk/ubuntu/noble/Dockerfile | 8 ++++++++ 11/jre/alpine/Dockerfile | 8 ++++++++ 11/jre/ubi/ubi9-minimal/Dockerfile | 6 ++++++ 11/jre/ubuntu/focal/Dockerfile | 8 ++++++++ 11/jre/ubuntu/jammy/Dockerfile | 8 ++++++++ 11/jre/ubuntu/noble/Dockerfile | 8 ++++++++ 17/jdk/alpine/Dockerfile | 8 ++++++++ 17/jdk/ubi/ubi9-minimal/Dockerfile | 6 ++++++ 17/jdk/ubuntu/focal/Dockerfile | 8 ++++++++ 17/jdk/ubuntu/jammy/Dockerfile | 8 ++++++++ 17/jdk/ubuntu/noble/Dockerfile | 8 ++++++++ 17/jre/alpine/Dockerfile | 8 ++++++++ 17/jre/ubi/ubi9-minimal/Dockerfile | 6 ++++++ 17/jre/ubuntu/focal/Dockerfile | 8 ++++++++ 17/jre/ubuntu/jammy/Dockerfile | 8 ++++++++ 17/jre/ubuntu/noble/Dockerfile | 8 ++++++++ 21/jdk/alpine/Dockerfile | 8 ++++++++ 21/jdk/ubi/ubi9-minimal/Dockerfile | 6 ++++++ 21/jdk/ubuntu/jammy/Dockerfile | 8 ++++++++ 21/jdk/ubuntu/noble/Dockerfile | 8 ++++++++ 21/jre/alpine/Dockerfile | 8 ++++++++ 21/jre/ubi/ubi9-minimal/Dockerfile | 6 ++++++ 21/jre/ubuntu/jammy/Dockerfile | 8 ++++++++ 21/jre/ubuntu/noble/Dockerfile | 8 ++++++++ 23/jdk/alpine/Dockerfile | 8 ++++++++ 23/jdk/ubi/ubi9-minimal/Dockerfile | 6 ++++++ 23/jdk/ubuntu/noble/Dockerfile | 8 ++++++++ 23/jre/alpine/Dockerfile | 8 ++++++++ 23/jre/ubi/ubi9-minimal/Dockerfile | 6 ++++++ 23/jre/ubuntu/noble/Dockerfile | 8 ++++++++ 8/jdk/alpine/Dockerfile | 8 ++++++++ 8/jdk/ubi/ubi9-minimal/Dockerfile | 6 ++++++ 8/jdk/ubuntu/focal/Dockerfile | 8 ++++++++ 8/jdk/ubuntu/jammy/Dockerfile | 8 ++++++++ 8/jdk/ubuntu/noble/Dockerfile | 8 ++++++++ 8/jre/alpine/Dockerfile | 8 ++++++++ 8/jre/ubi/ubi9-minimal/Dockerfile | 6 ++++++ 8/jre/ubuntu/focal/Dockerfile | 8 ++++++++ 8/jre/ubuntu/jammy/Dockerfile | 8 ++++++++ 8/jre/ubuntu/noble/Dockerfile | 8 ++++++++ docker_templates/alpine-linux.Dockerfile.j2 | 2 ++ docker_templates/partials/multi-arch-install.j2 | 6 ++++++ docker_templates/ubuntu.Dockerfile.j2 | 2 ++ 47 files changed, 342 insertions(+) diff --git a/11/jdk/alpine/Dockerfile b/11/jdk/alpine/Dockerfile index 27e8199c7..ec3e0acf9 100644 --- a/11/jdk/alpine/Dockerfile +++ b/11/jdk/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -60,6 +62,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jdk/ubi/ubi9-minimal/Dockerfile b/11/jdk/ubi/ubi9-minimal/Dockerfile index 79caca7a2..4e1586b9f 100644 --- a/11/jdk/ubi/ubi9-minimal/Dockerfile +++ b/11/jdk/ubi/ubi9-minimal/Dockerfile @@ -67,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jdk/ubuntu/focal/Dockerfile b/11/jdk/ubuntu/focal/Dockerfile index 9a0065801..a4c01c168 100644 --- a/11/jdk/ubuntu/focal/Dockerfile +++ b/11/jdk/ubuntu/focal/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -69,6 +71,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jdk/ubuntu/jammy/Dockerfile b/11/jdk/ubuntu/jammy/Dockerfile index 5f716a0d3..3fe2ea791 100644 --- a/11/jdk/ubuntu/jammy/Dockerfile +++ b/11/jdk/ubuntu/jammy/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -69,6 +71,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jdk/ubuntu/noble/Dockerfile b/11/jdk/ubuntu/noble/Dockerfile index afd588b4b..ddb1e5372 100644 --- a/11/jdk/ubuntu/noble/Dockerfile +++ b/11/jdk/ubuntu/noble/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -69,6 +71,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jre/alpine/Dockerfile b/11/jre/alpine/Dockerfile index 3b8aa07cb..8dfeccc6a 100644 --- a/11/jre/alpine/Dockerfile +++ b/11/jre/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -60,6 +62,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jre/ubi/ubi9-minimal/Dockerfile b/11/jre/ubi/ubi9-minimal/Dockerfile index c31954624..11f00f88f 100644 --- a/11/jre/ubi/ubi9-minimal/Dockerfile +++ b/11/jre/ubi/ubi9-minimal/Dockerfile @@ -67,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jre/ubuntu/focal/Dockerfile b/11/jre/ubuntu/focal/Dockerfile index cf18700a4..5eabef4ea 100644 --- a/11/jre/ubuntu/focal/Dockerfile +++ b/11/jre/ubuntu/focal/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -69,6 +71,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jre/ubuntu/jammy/Dockerfile b/11/jre/ubuntu/jammy/Dockerfile index 765092893..7a6e8f04f 100644 --- a/11/jre/ubuntu/jammy/Dockerfile +++ b/11/jre/ubuntu/jammy/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -69,6 +71,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jre/ubuntu/noble/Dockerfile b/11/jre/ubuntu/noble/Dockerfile index 3351bc0e8..1f9d8f1be 100644 --- a/11/jre/ubuntu/noble/Dockerfile +++ b/11/jre/ubuntu/noble/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -69,6 +71,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jdk/alpine/Dockerfile b/17/jdk/alpine/Dockerfile index 0d2b304a0..65d63d812 100644 --- a/17/jdk/alpine/Dockerfile +++ b/17/jdk/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -63,6 +65,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jdk/ubi/ubi9-minimal/Dockerfile b/17/jdk/ubi/ubi9-minimal/Dockerfile index 4611eeccd..097f96db1 100644 --- a/17/jdk/ubi/ubi9-minimal/Dockerfile +++ b/17/jdk/ubi/ubi9-minimal/Dockerfile @@ -67,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jdk/ubuntu/focal/Dockerfile b/17/jdk/ubuntu/focal/Dockerfile index dbad35913..53ba2eb5f 100644 --- a/17/jdk/ubuntu/focal/Dockerfile +++ b/17/jdk/ubuntu/focal/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -76,6 +78,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jdk/ubuntu/jammy/Dockerfile b/17/jdk/ubuntu/jammy/Dockerfile index e1cab21c7..e33a1707b 100644 --- a/17/jdk/ubuntu/jammy/Dockerfile +++ b/17/jdk/ubuntu/jammy/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -76,6 +78,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jdk/ubuntu/noble/Dockerfile b/17/jdk/ubuntu/noble/Dockerfile index c3380b168..26a2592de 100644 --- a/17/jdk/ubuntu/noble/Dockerfile +++ b/17/jdk/ubuntu/noble/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -80,6 +82,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jre/alpine/Dockerfile b/17/jre/alpine/Dockerfile index 7c3c7db76..465b093d9 100644 --- a/17/jre/alpine/Dockerfile +++ b/17/jre/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -60,6 +62,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jre/ubi/ubi9-minimal/Dockerfile b/17/jre/ubi/ubi9-minimal/Dockerfile index 33c8934d4..50f18db55 100644 --- a/17/jre/ubi/ubi9-minimal/Dockerfile +++ b/17/jre/ubi/ubi9-minimal/Dockerfile @@ -67,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jre/ubuntu/focal/Dockerfile b/17/jre/ubuntu/focal/Dockerfile index b68ef3277..909849666 100644 --- a/17/jre/ubuntu/focal/Dockerfile +++ b/17/jre/ubuntu/focal/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -73,6 +75,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jre/ubuntu/jammy/Dockerfile b/17/jre/ubuntu/jammy/Dockerfile index ee2bb740c..2aa0b1db2 100644 --- a/17/jre/ubuntu/jammy/Dockerfile +++ b/17/jre/ubuntu/jammy/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -73,6 +75,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jre/ubuntu/noble/Dockerfile b/17/jre/ubuntu/noble/Dockerfile index 16e226241..668548bcb 100644 --- a/17/jre/ubuntu/noble/Dockerfile +++ b/17/jre/ubuntu/noble/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -77,6 +79,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/21/jdk/alpine/Dockerfile b/21/jdk/alpine/Dockerfile index 02a66b42a..e27b487ee 100644 --- a/21/jdk/alpine/Dockerfile +++ b/21/jdk/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -67,6 +69,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/21/jdk/ubi/ubi9-minimal/Dockerfile b/21/jdk/ubi/ubi9-minimal/Dockerfile index 756b3af49..d70d23da4 100644 --- a/21/jdk/ubi/ubi9-minimal/Dockerfile +++ b/21/jdk/ubi/ubi9-minimal/Dockerfile @@ -67,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/21/jdk/ubuntu/jammy/Dockerfile b/21/jdk/ubuntu/jammy/Dockerfile index 308611578..a7fe56b5c 100644 --- a/21/jdk/ubuntu/jammy/Dockerfile +++ b/21/jdk/ubuntu/jammy/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -72,6 +74,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/21/jdk/ubuntu/noble/Dockerfile b/21/jdk/ubuntu/noble/Dockerfile index 11886ab14..7e8d77f30 100644 --- a/21/jdk/ubuntu/noble/Dockerfile +++ b/21/jdk/ubuntu/noble/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -76,6 +78,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/21/jre/alpine/Dockerfile b/21/jre/alpine/Dockerfile index f41eebff7..9763d29b9 100644 --- a/21/jre/alpine/Dockerfile +++ b/21/jre/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -64,6 +66,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/21/jre/ubi/ubi9-minimal/Dockerfile b/21/jre/ubi/ubi9-minimal/Dockerfile index 3021ac816..344f377e7 100644 --- a/21/jre/ubi/ubi9-minimal/Dockerfile +++ b/21/jre/ubi/ubi9-minimal/Dockerfile @@ -67,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/21/jre/ubuntu/jammy/Dockerfile b/21/jre/ubuntu/jammy/Dockerfile index 9515704a6..13014da14 100644 --- a/21/jre/ubuntu/jammy/Dockerfile +++ b/21/jre/ubuntu/jammy/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -69,6 +71,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/21/jre/ubuntu/noble/Dockerfile b/21/jre/ubuntu/noble/Dockerfile index 5dcfa65a9..2ea405115 100644 --- a/21/jre/ubuntu/noble/Dockerfile +++ b/21/jre/ubuntu/noble/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -73,6 +75,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/23/jdk/alpine/Dockerfile b/23/jdk/alpine/Dockerfile index d8761b929..bc4d6ef11 100644 --- a/23/jdk/alpine/Dockerfile +++ b/23/jdk/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -63,6 +65,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/23/jdk/ubi/ubi9-minimal/Dockerfile b/23/jdk/ubi/ubi9-minimal/Dockerfile index 56ecd00a3..c5cfb4c97 100644 --- a/23/jdk/ubi/ubi9-minimal/Dockerfile +++ b/23/jdk/ubi/ubi9-minimal/Dockerfile @@ -63,6 +63,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/23/jdk/ubuntu/noble/Dockerfile b/23/jdk/ubuntu/noble/Dockerfile index 33ffb13b4..a7b8efbd9 100644 --- a/23/jdk/ubuntu/noble/Dockerfile +++ b/23/jdk/ubuntu/noble/Dockerfile @@ -29,6 +29,8 @@ RUN set -eux; \ apt-get update; \ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -70,6 +72,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/23/jre/alpine/Dockerfile b/23/jre/alpine/Dockerfile index bf1925ca6..028bbdc68 100644 --- a/23/jre/alpine/Dockerfile +++ b/23/jre/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -60,6 +62,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/23/jre/ubi/ubi9-minimal/Dockerfile b/23/jre/ubi/ubi9-minimal/Dockerfile index ff7c88643..776405f81 100644 --- a/23/jre/ubi/ubi9-minimal/Dockerfile +++ b/23/jre/ubi/ubi9-minimal/Dockerfile @@ -63,6 +63,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/23/jre/ubuntu/noble/Dockerfile b/23/jre/ubuntu/noble/Dockerfile index 574c83cbb..904a4b504 100644 --- a/23/jre/ubuntu/noble/Dockerfile +++ b/23/jre/ubuntu/noble/Dockerfile @@ -29,6 +29,8 @@ RUN set -eux; \ apt-get update; \ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -67,6 +69,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jdk/alpine/Dockerfile b/8/jdk/alpine/Dockerfile index 649eba723..530ad6464 100644 --- a/8/jdk/alpine/Dockerfile +++ b/8/jdk/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -60,6 +62,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jdk/ubi/ubi9-minimal/Dockerfile b/8/jdk/ubi/ubi9-minimal/Dockerfile index 11c5851f1..e8ab94ae9 100644 --- a/8/jdk/ubi/ubi9-minimal/Dockerfile +++ b/8/jdk/ubi/ubi9-minimal/Dockerfile @@ -63,6 +63,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jdk/ubuntu/focal/Dockerfile b/8/jdk/ubuntu/focal/Dockerfile index 9eb86bcbb..b58311500 100644 --- a/8/jdk/ubuntu/focal/Dockerfile +++ b/8/jdk/ubuntu/focal/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -65,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jdk/ubuntu/jammy/Dockerfile b/8/jdk/ubuntu/jammy/Dockerfile index 6e11c5da1..5dd13d92e 100644 --- a/8/jdk/ubuntu/jammy/Dockerfile +++ b/8/jdk/ubuntu/jammy/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -65,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jdk/ubuntu/noble/Dockerfile b/8/jdk/ubuntu/noble/Dockerfile index 7b19b3d83..63c81e055 100644 --- a/8/jdk/ubuntu/noble/Dockerfile +++ b/8/jdk/ubuntu/noble/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -65,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jre/alpine/Dockerfile b/8/jre/alpine/Dockerfile index e0daf20ee..66b66a0b5 100644 --- a/8/jre/alpine/Dockerfile +++ b/8/jre/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -60,6 +62,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jre/ubi/ubi9-minimal/Dockerfile b/8/jre/ubi/ubi9-minimal/Dockerfile index 9115bed14..77d16cec0 100644 --- a/8/jre/ubi/ubi9-minimal/Dockerfile +++ b/8/jre/ubi/ubi9-minimal/Dockerfile @@ -63,6 +63,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jre/ubuntu/focal/Dockerfile b/8/jre/ubuntu/focal/Dockerfile index 1554be56f..453f45bbf 100644 --- a/8/jre/ubuntu/focal/Dockerfile +++ b/8/jre/ubuntu/focal/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -65,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jre/ubuntu/jammy/Dockerfile b/8/jre/ubuntu/jammy/Dockerfile index 24bf272e6..1d3387864 100644 --- a/8/jre/ubuntu/jammy/Dockerfile +++ b/8/jre/ubuntu/jammy/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -65,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jre/ubuntu/noble/Dockerfile b/8/jre/ubuntu/noble/Dockerfile index ac6935ce7..eced1b41f 100644 --- a/8/jre/ubuntu/noble/Dockerfile +++ b/8/jre/ubuntu/noble/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -65,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/docker_templates/alpine-linux.Dockerfile.j2 b/docker_templates/alpine-linux.Dockerfile.j2 index 9344dd20f..a8f251dec 100644 --- a/docker_templates/alpine-linux.Dockerfile.j2 +++ b/docker_templates/alpine-linux.Dockerfile.j2 @@ -10,6 +10,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ diff --git a/docker_templates/partials/multi-arch-install.j2 b/docker_templates/partials/multi-arch-install.j2 index 4f8a9e6a0..f9c36796b 100644 --- a/docker_templates/partials/multi-arch-install.j2 +++ b/docker_templates/partials/multi-arch-install.j2 @@ -19,6 +19,12 @@ RUN set -eux; \ ;; \ esac; \ wget {% if os != "alpine-linux" %}--progress=dot:giga {% endif %}-O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget {% if os != "alpine-linux" %}--progress=dot:giga {% endif %}-O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "${GNUPGHOME}" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/docker_templates/ubuntu.Dockerfile.j2 b/docker_templates/ubuntu.Dockerfile.j2 index f5c13653a..9f912f9a2 100644 --- a/docker_templates/ubuntu.Dockerfile.j2 +++ b/docker_templates/ubuntu.Dockerfile.j2 @@ -12,6 +12,8 @@ RUN set -eux; \ curl \ {% endif -%} wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077