From 95bb8e1af11b899369aaa8868c9458fd153bdb98 Mon Sep 17 00:00:00 2001 From: George Adams Date: Mon, 30 Oct 2023 10:35:29 +0000 Subject: [PATCH 1/7] remove zlib and libretls from alpine images --- docker_templates/alpine-linux.Dockerfile.j2 | 3 --- 1 file changed, 3 deletions(-) diff --git a/docker_templates/alpine-linux.Dockerfile.j2 b/docker_templates/alpine-linux.Dockerfile.j2 index fbe694aa5..8f690327e 100644 --- a/docker_templates/alpine-linux.Dockerfile.j2 +++ b/docker_templates/alpine-linux.Dockerfile.j2 @@ -13,9 +13,6 @@ RUN set -eux; \ fontconfig ttf-dejavu \ # java-cacerts added to support adding CA certificates to the Java keystore java-cacerts \ - # fixes issues with apk del apk-tools - # see https://github.com/adoptium/containers/issues/136 - libretls zlib \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ {% include 'partials/binutils.j2' -%} From ed757c1051d83f9f66d18e1a40600e71a747a39b Mon Sep 17 00:00:00 2001 From: George Adams Date: Mon, 30 Oct 2023 13:42:35 +0000 Subject: [PATCH 2/7] entrypoint.sh refactor --- 11/jdk/alpine/Dockerfile | 6 ------ 11/jdk/alpine/entrypoint.sh | 13 ++++++------- 11/jre/alpine/Dockerfile | 6 ------ 11/jre/alpine/entrypoint.sh | 13 ++++++------- 17/jdk/alpine/Dockerfile | 6 ------ 17/jdk/alpine/entrypoint.sh | 13 ++++++------- 17/jre/alpine/Dockerfile | 6 ------ 17/jre/alpine/entrypoint.sh | 13 ++++++------- 21/jdk/alpine/Dockerfile | 6 ------ 21/jdk/alpine/entrypoint.sh | 13 ++++++------- 21/jre/alpine/Dockerfile | 6 ------ 21/jre/alpine/entrypoint.sh | 13 ++++++------- 8/jdk/alpine/Dockerfile | 6 ------ 8/jdk/alpine/entrypoint.sh | 13 ++++++------- 8/jre/alpine/Dockerfile | 6 ------ 8/jre/alpine/entrypoint.sh | 13 ++++++------- docker_templates/alpine-linux.Dockerfile.j2 | 3 --- docker_templates/scripts/entrypoint.alpine-linux.sh | 13 ++++++------- 18 files changed, 54 insertions(+), 114 deletions(-) diff --git a/11/jdk/alpine/Dockerfile b/11/jdk/alpine/Dockerfile index 5ba0a2df4..ae7db4f31 100644 --- a/11/jdk/alpine/Dockerfile +++ b/11/jdk/alpine/Dockerfile @@ -27,16 +27,10 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' RUN set -eux; \ apk add --no-cache \ - # bash is required for the entrypoint script - # see https://github.com/adoptium/containers/issues/415 - bash \ # fontconfig and ttf-dejavu added to support serverside image generation by Java programs fontconfig ttf-dejavu \ # java-cacerts added to support adding CA certificates to the Java keystore java-cacerts \ - # fixes issues with apk del apk-tools - # see https://github.com/adoptium/containers/issues/136 - libretls zlib \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ tzdata \ diff --git a/11/jdk/alpine/entrypoint.sh b/11/jdk/alpine/entrypoint.sh index dfcf546f9..0b9e36a0c 100755 --- a/11/jdk/alpine/entrypoint.sh +++ b/11/jdk/alpine/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env bash -# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details +#!/bin/sh +# Converted to shell to avoid the need for bash in the image set -e @@ -9,19 +9,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then + if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT=$JAVA_HOME/lib/security/cacerts + CACERT="$JAVA_HOME/lib/security/cacerts" # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT=$JAVA_HOME/jre/lib/security/cacerts + CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we - # might as well just generate the truststore and skip the hooks. + # Update CA certificates and extract the trust store update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" diff --git a/11/jre/alpine/Dockerfile b/11/jre/alpine/Dockerfile index 5c68ea3da..6d4adeeb0 100644 --- a/11/jre/alpine/Dockerfile +++ b/11/jre/alpine/Dockerfile @@ -27,16 +27,10 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' RUN set -eux; \ apk add --no-cache \ - # bash is required for the entrypoint script - # see https://github.com/adoptium/containers/issues/415 - bash \ # fontconfig and ttf-dejavu added to support serverside image generation by Java programs fontconfig ttf-dejavu \ # java-cacerts added to support adding CA certificates to the Java keystore java-cacerts \ - # fixes issues with apk del apk-tools - # see https://github.com/adoptium/containers/issues/136 - libretls zlib \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ tzdata \ diff --git a/11/jre/alpine/entrypoint.sh b/11/jre/alpine/entrypoint.sh index dfcf546f9..0b9e36a0c 100755 --- a/11/jre/alpine/entrypoint.sh +++ b/11/jre/alpine/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env bash -# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details +#!/bin/sh +# Converted to shell to avoid the need for bash in the image set -e @@ -9,19 +9,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then + if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT=$JAVA_HOME/lib/security/cacerts + CACERT="$JAVA_HOME/lib/security/cacerts" # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT=$JAVA_HOME/jre/lib/security/cacerts + CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we - # might as well just generate the truststore and skip the hooks. + # Update CA certificates and extract the trust store update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" diff --git a/17/jdk/alpine/Dockerfile b/17/jdk/alpine/Dockerfile index 558a8bd69..7799f2c94 100644 --- a/17/jdk/alpine/Dockerfile +++ b/17/jdk/alpine/Dockerfile @@ -27,16 +27,10 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' RUN set -eux; \ apk add --no-cache \ - # bash is required for the entrypoint script - # see https://github.com/adoptium/containers/issues/415 - bash \ # fontconfig and ttf-dejavu added to support serverside image generation by Java programs fontconfig ttf-dejavu \ # java-cacerts added to support adding CA certificates to the Java keystore java-cacerts \ - # fixes issues with apk del apk-tools - # see https://github.com/adoptium/containers/issues/136 - libretls zlib \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 diff --git a/17/jdk/alpine/entrypoint.sh b/17/jdk/alpine/entrypoint.sh index dfcf546f9..0b9e36a0c 100755 --- a/17/jdk/alpine/entrypoint.sh +++ b/17/jdk/alpine/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env bash -# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details +#!/bin/sh +# Converted to shell to avoid the need for bash in the image set -e @@ -9,19 +9,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then + if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT=$JAVA_HOME/lib/security/cacerts + CACERT="$JAVA_HOME/lib/security/cacerts" # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT=$JAVA_HOME/jre/lib/security/cacerts + CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we - # might as well just generate the truststore and skip the hooks. + # Update CA certificates and extract the trust store update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" diff --git a/17/jre/alpine/Dockerfile b/17/jre/alpine/Dockerfile index ded028d10..3566c7fe1 100644 --- a/17/jre/alpine/Dockerfile +++ b/17/jre/alpine/Dockerfile @@ -27,16 +27,10 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' RUN set -eux; \ apk add --no-cache \ - # bash is required for the entrypoint script - # see https://github.com/adoptium/containers/issues/415 - bash \ # fontconfig and ttf-dejavu added to support serverside image generation by Java programs fontconfig ttf-dejavu \ # java-cacerts added to support adding CA certificates to the Java keystore java-cacerts \ - # fixes issues with apk del apk-tools - # see https://github.com/adoptium/containers/issues/136 - libretls zlib \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 diff --git a/17/jre/alpine/entrypoint.sh b/17/jre/alpine/entrypoint.sh index dfcf546f9..0b9e36a0c 100755 --- a/17/jre/alpine/entrypoint.sh +++ b/17/jre/alpine/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env bash -# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details +#!/bin/sh +# Converted to shell to avoid the need for bash in the image set -e @@ -9,19 +9,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then + if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT=$JAVA_HOME/lib/security/cacerts + CACERT="$JAVA_HOME/lib/security/cacerts" # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT=$JAVA_HOME/jre/lib/security/cacerts + CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we - # might as well just generate the truststore and skip the hooks. + # Update CA certificates and extract the trust store update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" diff --git a/21/jdk/alpine/Dockerfile b/21/jdk/alpine/Dockerfile index dacf2cc6f..b746c954a 100644 --- a/21/jdk/alpine/Dockerfile +++ b/21/jdk/alpine/Dockerfile @@ -27,16 +27,10 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' RUN set -eux; \ apk add --no-cache \ - # bash is required for the entrypoint script - # see https://github.com/adoptium/containers/issues/415 - bash \ # fontconfig and ttf-dejavu added to support serverside image generation by Java programs fontconfig ttf-dejavu \ # java-cacerts added to support adding CA certificates to the Java keystore java-cacerts \ - # fixes issues with apk del apk-tools - # see https://github.com/adoptium/containers/issues/136 - libretls zlib \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 diff --git a/21/jdk/alpine/entrypoint.sh b/21/jdk/alpine/entrypoint.sh index dfcf546f9..0b9e36a0c 100755 --- a/21/jdk/alpine/entrypoint.sh +++ b/21/jdk/alpine/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env bash -# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details +#!/bin/sh +# Converted to shell to avoid the need for bash in the image set -e @@ -9,19 +9,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then + if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT=$JAVA_HOME/lib/security/cacerts + CACERT="$JAVA_HOME/lib/security/cacerts" # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT=$JAVA_HOME/jre/lib/security/cacerts + CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we - # might as well just generate the truststore and skip the hooks. + # Update CA certificates and extract the trust store update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" diff --git a/21/jre/alpine/Dockerfile b/21/jre/alpine/Dockerfile index afb1d21ed..62b56f251 100644 --- a/21/jre/alpine/Dockerfile +++ b/21/jre/alpine/Dockerfile @@ -27,16 +27,10 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' RUN set -eux; \ apk add --no-cache \ - # bash is required for the entrypoint script - # see https://github.com/adoptium/containers/issues/415 - bash \ # fontconfig and ttf-dejavu added to support serverside image generation by Java programs fontconfig ttf-dejavu \ # java-cacerts added to support adding CA certificates to the Java keystore java-cacerts \ - # fixes issues with apk del apk-tools - # see https://github.com/adoptium/containers/issues/136 - libretls zlib \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 diff --git a/21/jre/alpine/entrypoint.sh b/21/jre/alpine/entrypoint.sh index dfcf546f9..0b9e36a0c 100755 --- a/21/jre/alpine/entrypoint.sh +++ b/21/jre/alpine/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env bash -# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details +#!/bin/sh +# Converted to shell to avoid the need for bash in the image set -e @@ -9,19 +9,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then + if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT=$JAVA_HOME/lib/security/cacerts + CACERT="$JAVA_HOME/lib/security/cacerts" # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT=$JAVA_HOME/jre/lib/security/cacerts + CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we - # might as well just generate the truststore and skip the hooks. + # Update CA certificates and extract the trust store update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" diff --git a/8/jdk/alpine/Dockerfile b/8/jdk/alpine/Dockerfile index 16796b746..b553032ff 100644 --- a/8/jdk/alpine/Dockerfile +++ b/8/jdk/alpine/Dockerfile @@ -27,16 +27,10 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' RUN set -eux; \ apk add --no-cache \ - # bash is required for the entrypoint script - # see https://github.com/adoptium/containers/issues/415 - bash \ # fontconfig and ttf-dejavu added to support serverside image generation by Java programs fontconfig ttf-dejavu \ # java-cacerts added to support adding CA certificates to the Java keystore java-cacerts \ - # fixes issues with apk del apk-tools - # see https://github.com/adoptium/containers/issues/136 - libretls zlib \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ tzdata \ diff --git a/8/jdk/alpine/entrypoint.sh b/8/jdk/alpine/entrypoint.sh index dfcf546f9..0b9e36a0c 100755 --- a/8/jdk/alpine/entrypoint.sh +++ b/8/jdk/alpine/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env bash -# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details +#!/bin/sh +# Converted to shell to avoid the need for bash in the image set -e @@ -9,19 +9,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then + if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT=$JAVA_HOME/lib/security/cacerts + CACERT="$JAVA_HOME/lib/security/cacerts" # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT=$JAVA_HOME/jre/lib/security/cacerts + CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we - # might as well just generate the truststore and skip the hooks. + # Update CA certificates and extract the trust store update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" diff --git a/8/jre/alpine/Dockerfile b/8/jre/alpine/Dockerfile index 402806e47..435bc3f25 100644 --- a/8/jre/alpine/Dockerfile +++ b/8/jre/alpine/Dockerfile @@ -27,16 +27,10 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' RUN set -eux; \ apk add --no-cache \ - # bash is required for the entrypoint script - # see https://github.com/adoptium/containers/issues/415 - bash \ # fontconfig and ttf-dejavu added to support serverside image generation by Java programs fontconfig ttf-dejavu \ # java-cacerts added to support adding CA certificates to the Java keystore java-cacerts \ - # fixes issues with apk del apk-tools - # see https://github.com/adoptium/containers/issues/136 - libretls zlib \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ tzdata \ diff --git a/8/jre/alpine/entrypoint.sh b/8/jre/alpine/entrypoint.sh index dfcf546f9..0b9e36a0c 100755 --- a/8/jre/alpine/entrypoint.sh +++ b/8/jre/alpine/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env bash -# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details +#!/bin/sh +# Converted to shell to avoid the need for bash in the image set -e @@ -9,19 +9,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then + if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT=$JAVA_HOME/lib/security/cacerts + CACERT="$JAVA_HOME/lib/security/cacerts" # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT=$JAVA_HOME/jre/lib/security/cacerts + CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we - # might as well just generate the truststore and skip the hooks. + # Update CA certificates and extract the trust store update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" diff --git a/docker_templates/alpine-linux.Dockerfile.j2 b/docker_templates/alpine-linux.Dockerfile.j2 index 8f690327e..b2c12bcc7 100644 --- a/docker_templates/alpine-linux.Dockerfile.j2 +++ b/docker_templates/alpine-linux.Dockerfile.j2 @@ -6,9 +6,6 @@ FROM {{ base_image }} RUN set -eux; \ apk add --no-cache \ - # bash is required for the entrypoint script - # see https://github.com/adoptium/containers/issues/415 - bash \ # fontconfig and ttf-dejavu added to support serverside image generation by Java programs fontconfig ttf-dejavu \ # java-cacerts added to support adding CA certificates to the Java keystore diff --git a/docker_templates/scripts/entrypoint.alpine-linux.sh b/docker_templates/scripts/entrypoint.alpine-linux.sh index dfcf546f9..0b9e36a0c 100755 --- a/docker_templates/scripts/entrypoint.alpine-linux.sh +++ b/docker_templates/scripts/entrypoint.alpine-linux.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env bash -# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details +#!/bin/sh +# Converted to shell to avoid the need for bash in the image set -e @@ -9,19 +9,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then + if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT=$JAVA_HOME/lib/security/cacerts + CACERT="$JAVA_HOME/lib/security/cacerts" # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT=$JAVA_HOME/jre/lib/security/cacerts + CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we - # might as well just generate the truststore and skip the hooks. + # Update CA certificates and extract the trust store update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" From 6e813ee0103c663588972a2f7f5c0e47d11e94e7 Mon Sep 17 00:00:00 2001 From: George Adams Date: Mon, 30 Oct 2023 14:03:47 +0000 Subject: [PATCH 3/7] further edits --- 11/jdk/alpine/Dockerfile | 9 ++++++--- 11/jdk/centos/Dockerfile | 3 +++ 11/jdk/ubi/ubi9-minimal/Dockerfile | 3 +++ 11/jdk/ubuntu/focal/Dockerfile | 3 +++ 11/jdk/ubuntu/jammy/Dockerfile | 3 +++ 11/jre/alpine/Dockerfile | 9 ++++++--- 11/jre/centos/Dockerfile | 3 +++ 11/jre/ubi/ubi9-minimal/Dockerfile | 3 +++ 11/jre/ubuntu/focal/Dockerfile | 3 +++ 11/jre/ubuntu/jammy/Dockerfile | 3 +++ 17/jdk/alpine/Dockerfile | 9 ++++++--- 17/jdk/centos/Dockerfile | 9 ++++++--- 17/jdk/ubi/ubi9-minimal/Dockerfile | 3 +++ 17/jdk/ubuntu/focal/Dockerfile | 3 +++ 17/jdk/ubuntu/jammy/Dockerfile | 3 +++ 17/jre/alpine/Dockerfile | 9 ++++++--- 17/jre/centos/Dockerfile | 9 ++++++--- 17/jre/ubi/ubi9-minimal/Dockerfile | 3 +++ 17/jre/ubuntu/focal/Dockerfile | 3 +++ 17/jre/ubuntu/jammy/Dockerfile | 3 +++ 21/jdk/alpine/Dockerfile | 9 ++++++--- 21/jdk/ubi/ubi9-minimal/Dockerfile | 3 +++ 21/jdk/ubuntu/jammy/Dockerfile | 3 +++ 21/jre/alpine/Dockerfile | 9 ++++++--- 21/jre/ubi/ubi9-minimal/Dockerfile | 3 +++ 21/jre/ubuntu/jammy/Dockerfile | 3 +++ 8/jdk/alpine/Dockerfile | 9 ++++++--- 8/jdk/centos/Dockerfile | 3 +++ 8/jdk/ubi/ubi9-minimal/Dockerfile | 3 +++ 8/jdk/ubuntu/focal/Dockerfile | 3 +++ 8/jdk/ubuntu/jammy/Dockerfile | 3 +++ 8/jre/alpine/Dockerfile | 9 ++++++--- 8/jre/centos/Dockerfile | 3 +++ 8/jre/ubi/ubi9-minimal/Dockerfile | 3 +++ 8/jre/ubuntu/focal/Dockerfile | 3 +++ 8/jre/ubuntu/jammy/Dockerfile | 3 +++ docker_templates/alpine-linux.Dockerfile.j2 | 9 ++++++--- docker_templates/centos.Dockerfile.j2 | 5 ++++- docker_templates/ubi9-minimal.Dockerfile.j2 | 3 +++ docker_templates/ubuntu.Dockerfile.j2 | 3 +++ 40 files changed, 154 insertions(+), 34 deletions(-) diff --git a/11/jdk/alpine/Dockerfile b/11/jdk/alpine/Dockerfile index ae7db4f31..539746161 100644 --- a/11/jdk/alpine/Dockerfile +++ b/11/jdk/alpine/Dockerfile @@ -27,10 +27,13 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' RUN set -eux; \ apk add --no-cache \ - # fontconfig and ttf-dejavu added to support serverside image generation by Java programs + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ - # java-cacerts added to support adding CA certificates to the Java keystore - java-cacerts \ + # utilities for keeping Alpine and OpenJDK CA certificates in sync + # https://github.com/adoptium/containers/issues/293 + ca-certificates p11-kit-trust \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ tzdata \ diff --git a/11/jdk/centos/Dockerfile b/11/jdk/centos/Dockerfile index 2a7da4f90..0077aae26 100644 --- a/11/jdk/centos/Dockerfile +++ b/11/jdk/centos/Dockerfile @@ -37,6 +37,9 @@ RUN set -eux; \ # utilities for keeping Centos and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ ; \ rm -rf /var/cache/yum diff --git a/11/jdk/ubi/ubi9-minimal/Dockerfile b/11/jdk/ubi/ubi9-minimal/Dockerfile index 5b7783862..0144ceb10 100644 --- a/11/jdk/ubi/ubi9-minimal/Dockerfile +++ b/11/jdk/ubi/ubi9-minimal/Dockerfile @@ -37,6 +37,9 @@ RUN set -eux; \ # utilities for keeping UBI and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ glibc-langpack-en \ ; \ diff --git a/11/jdk/ubuntu/focal/Dockerfile b/11/jdk/ubuntu/focal/Dockerfile index 5e19dddba..69e88fe29 100644 --- a/11/jdk/ubuntu/focal/Dockerfile +++ b/11/jdk/ubuntu/focal/Dockerfile @@ -31,6 +31,9 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ # utilities for keeping Ubuntu and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 diff --git a/11/jdk/ubuntu/jammy/Dockerfile b/11/jdk/ubuntu/jammy/Dockerfile index 768b8cb0b..ac385a3e2 100644 --- a/11/jdk/ubuntu/jammy/Dockerfile +++ b/11/jdk/ubuntu/jammy/Dockerfile @@ -31,6 +31,9 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ # utilities for keeping Ubuntu and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 diff --git a/11/jre/alpine/Dockerfile b/11/jre/alpine/Dockerfile index 6d4adeeb0..edba1c287 100644 --- a/11/jre/alpine/Dockerfile +++ b/11/jre/alpine/Dockerfile @@ -27,10 +27,13 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' RUN set -eux; \ apk add --no-cache \ - # fontconfig and ttf-dejavu added to support serverside image generation by Java programs + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ - # java-cacerts added to support adding CA certificates to the Java keystore - java-cacerts \ + # utilities for keeping Alpine and OpenJDK CA certificates in sync + # https://github.com/adoptium/containers/issues/293 + ca-certificates p11-kit-trust \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ tzdata \ diff --git a/11/jre/centos/Dockerfile b/11/jre/centos/Dockerfile index 587b7b4e4..14012d7f8 100644 --- a/11/jre/centos/Dockerfile +++ b/11/jre/centos/Dockerfile @@ -37,6 +37,9 @@ RUN set -eux; \ # utilities for keeping Centos and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ ; \ rm -rf /var/cache/yum diff --git a/11/jre/ubi/ubi9-minimal/Dockerfile b/11/jre/ubi/ubi9-minimal/Dockerfile index c4e035009..d7361e574 100644 --- a/11/jre/ubi/ubi9-minimal/Dockerfile +++ b/11/jre/ubi/ubi9-minimal/Dockerfile @@ -37,6 +37,9 @@ RUN set -eux; \ # utilities for keeping UBI and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ glibc-langpack-en \ ; \ diff --git a/11/jre/ubuntu/focal/Dockerfile b/11/jre/ubuntu/focal/Dockerfile index ea4368ec9..c4db3c18c 100644 --- a/11/jre/ubuntu/focal/Dockerfile +++ b/11/jre/ubuntu/focal/Dockerfile @@ -31,6 +31,9 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ # utilities for keeping Ubuntu and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 diff --git a/11/jre/ubuntu/jammy/Dockerfile b/11/jre/ubuntu/jammy/Dockerfile index edb289fdb..9041a9cfd 100644 --- a/11/jre/ubuntu/jammy/Dockerfile +++ b/11/jre/ubuntu/jammy/Dockerfile @@ -31,6 +31,9 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ # utilities for keeping Ubuntu and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 diff --git a/17/jdk/alpine/Dockerfile b/17/jdk/alpine/Dockerfile index 7799f2c94..db094836e 100644 --- a/17/jdk/alpine/Dockerfile +++ b/17/jdk/alpine/Dockerfile @@ -27,10 +27,13 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' RUN set -eux; \ apk add --no-cache \ - # fontconfig and ttf-dejavu added to support serverside image generation by Java programs + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ - # java-cacerts added to support adding CA certificates to the Java keystore - java-cacerts \ + # utilities for keeping Alpine and OpenJDK CA certificates in sync + # https://github.com/adoptium/containers/issues/293 + ca-certificates p11-kit-trust \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 diff --git a/17/jdk/centos/Dockerfile b/17/jdk/centos/Dockerfile index e2ee1630b..5dfd4da8c 100644 --- a/17/jdk/centos/Dockerfile +++ b/17/jdk/centos/Dockerfile @@ -29,6 +29,9 @@ RUN set -eux; \ yum install -y \ gzip \ tar \ + # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 + # Error: java.io.IOException: Cannot run program "objcopy": error=2, No such file or directory + binutils \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ @@ -37,9 +40,9 @@ RUN set -eux; \ # utilities for keeping Centos and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates \ - # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 - # Error: java.io.IOException: Cannot run program "objcopy": error=2, No such file or directory - binutils \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ ; \ rm -rf /var/cache/yum diff --git a/17/jdk/ubi/ubi9-minimal/Dockerfile b/17/jdk/ubi/ubi9-minimal/Dockerfile index d89da570b..01c78abb9 100644 --- a/17/jdk/ubi/ubi9-minimal/Dockerfile +++ b/17/jdk/ubi/ubi9-minimal/Dockerfile @@ -37,6 +37,9 @@ RUN set -eux; \ # utilities for keeping UBI and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ glibc-langpack-en \ ; \ diff --git a/17/jdk/ubuntu/focal/Dockerfile b/17/jdk/ubuntu/focal/Dockerfile index 0803e02ce..52658c84f 100644 --- a/17/jdk/ubuntu/focal/Dockerfile +++ b/17/jdk/ubuntu/focal/Dockerfile @@ -31,6 +31,9 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ # utilities for keeping Ubuntu and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 diff --git a/17/jdk/ubuntu/jammy/Dockerfile b/17/jdk/ubuntu/jammy/Dockerfile index 381969c72..af581c82c 100644 --- a/17/jdk/ubuntu/jammy/Dockerfile +++ b/17/jdk/ubuntu/jammy/Dockerfile @@ -31,6 +31,9 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ # utilities for keeping Ubuntu and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 diff --git a/17/jre/alpine/Dockerfile b/17/jre/alpine/Dockerfile index 3566c7fe1..95b31f5cd 100644 --- a/17/jre/alpine/Dockerfile +++ b/17/jre/alpine/Dockerfile @@ -27,10 +27,13 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' RUN set -eux; \ apk add --no-cache \ - # fontconfig and ttf-dejavu added to support serverside image generation by Java programs + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ - # java-cacerts added to support adding CA certificates to the Java keystore - java-cacerts \ + # utilities for keeping Alpine and OpenJDK CA certificates in sync + # https://github.com/adoptium/containers/issues/293 + ca-certificates p11-kit-trust \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 diff --git a/17/jre/centos/Dockerfile b/17/jre/centos/Dockerfile index 4a351d6c2..f4fb84647 100644 --- a/17/jre/centos/Dockerfile +++ b/17/jre/centos/Dockerfile @@ -29,6 +29,9 @@ RUN set -eux; \ yum install -y \ gzip \ tar \ + # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 + # Error: java.io.IOException: Cannot run program "objcopy": error=2, No such file or directory + binutils \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ @@ -37,9 +40,9 @@ RUN set -eux; \ # utilities for keeping Centos and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates \ - # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 - # Error: java.io.IOException: Cannot run program "objcopy": error=2, No such file or directory - binutils \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ ; \ rm -rf /var/cache/yum diff --git a/17/jre/ubi/ubi9-minimal/Dockerfile b/17/jre/ubi/ubi9-minimal/Dockerfile index a8659f4b0..f105412fe 100644 --- a/17/jre/ubi/ubi9-minimal/Dockerfile +++ b/17/jre/ubi/ubi9-minimal/Dockerfile @@ -37,6 +37,9 @@ RUN set -eux; \ # utilities for keeping UBI and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ glibc-langpack-en \ ; \ diff --git a/17/jre/ubuntu/focal/Dockerfile b/17/jre/ubuntu/focal/Dockerfile index a3be3da88..af8b34bcc 100644 --- a/17/jre/ubuntu/focal/Dockerfile +++ b/17/jre/ubuntu/focal/Dockerfile @@ -31,6 +31,9 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ # utilities for keeping Ubuntu and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 diff --git a/17/jre/ubuntu/jammy/Dockerfile b/17/jre/ubuntu/jammy/Dockerfile index ea4a8126c..60f614143 100644 --- a/17/jre/ubuntu/jammy/Dockerfile +++ b/17/jre/ubuntu/jammy/Dockerfile @@ -31,6 +31,9 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ # utilities for keeping Ubuntu and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 diff --git a/21/jdk/alpine/Dockerfile b/21/jdk/alpine/Dockerfile index b746c954a..527ebf3b0 100644 --- a/21/jdk/alpine/Dockerfile +++ b/21/jdk/alpine/Dockerfile @@ -27,10 +27,13 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' RUN set -eux; \ apk add --no-cache \ - # fontconfig and ttf-dejavu added to support serverside image generation by Java programs + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ - # java-cacerts added to support adding CA certificates to the Java keystore - java-cacerts \ + # utilities for keeping Alpine and OpenJDK CA certificates in sync + # https://github.com/adoptium/containers/issues/293 + ca-certificates p11-kit-trust \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 diff --git a/21/jdk/ubi/ubi9-minimal/Dockerfile b/21/jdk/ubi/ubi9-minimal/Dockerfile index e4be4c5b4..eea89e010 100644 --- a/21/jdk/ubi/ubi9-minimal/Dockerfile +++ b/21/jdk/ubi/ubi9-minimal/Dockerfile @@ -37,6 +37,9 @@ RUN set -eux; \ # utilities for keeping UBI and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ glibc-langpack-en \ ; \ diff --git a/21/jdk/ubuntu/jammy/Dockerfile b/21/jdk/ubuntu/jammy/Dockerfile index bfbd016fa..f56c99dca 100644 --- a/21/jdk/ubuntu/jammy/Dockerfile +++ b/21/jdk/ubuntu/jammy/Dockerfile @@ -31,6 +31,9 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ # utilities for keeping Ubuntu and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 diff --git a/21/jre/alpine/Dockerfile b/21/jre/alpine/Dockerfile index 62b56f251..d34d1e345 100644 --- a/21/jre/alpine/Dockerfile +++ b/21/jre/alpine/Dockerfile @@ -27,10 +27,13 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' RUN set -eux; \ apk add --no-cache \ - # fontconfig and ttf-dejavu added to support serverside image generation by Java programs + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ - # java-cacerts added to support adding CA certificates to the Java keystore - java-cacerts \ + # utilities for keeping Alpine and OpenJDK CA certificates in sync + # https://github.com/adoptium/containers/issues/293 + ca-certificates p11-kit-trust \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 diff --git a/21/jre/ubi/ubi9-minimal/Dockerfile b/21/jre/ubi/ubi9-minimal/Dockerfile index 79dbb3c7a..aedbbd696 100644 --- a/21/jre/ubi/ubi9-minimal/Dockerfile +++ b/21/jre/ubi/ubi9-minimal/Dockerfile @@ -37,6 +37,9 @@ RUN set -eux; \ # utilities for keeping UBI and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ glibc-langpack-en \ ; \ diff --git a/21/jre/ubuntu/jammy/Dockerfile b/21/jre/ubuntu/jammy/Dockerfile index 4248fed81..669087b10 100644 --- a/21/jre/ubuntu/jammy/Dockerfile +++ b/21/jre/ubuntu/jammy/Dockerfile @@ -31,6 +31,9 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ # utilities for keeping Ubuntu and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 diff --git a/8/jdk/alpine/Dockerfile b/8/jdk/alpine/Dockerfile index b553032ff..fcc1106e0 100644 --- a/8/jdk/alpine/Dockerfile +++ b/8/jdk/alpine/Dockerfile @@ -27,10 +27,13 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' RUN set -eux; \ apk add --no-cache \ - # fontconfig and ttf-dejavu added to support serverside image generation by Java programs + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ - # java-cacerts added to support adding CA certificates to the Java keystore - java-cacerts \ + # utilities for keeping Alpine and OpenJDK CA certificates in sync + # https://github.com/adoptium/containers/issues/293 + ca-certificates p11-kit-trust \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ tzdata \ diff --git a/8/jdk/centos/Dockerfile b/8/jdk/centos/Dockerfile index ae2755594..9ae7c62cf 100644 --- a/8/jdk/centos/Dockerfile +++ b/8/jdk/centos/Dockerfile @@ -37,6 +37,9 @@ RUN set -eux; \ # utilities for keeping Centos and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ ; \ rm -rf /var/cache/yum diff --git a/8/jdk/ubi/ubi9-minimal/Dockerfile b/8/jdk/ubi/ubi9-minimal/Dockerfile index db0895796..a3a096222 100644 --- a/8/jdk/ubi/ubi9-minimal/Dockerfile +++ b/8/jdk/ubi/ubi9-minimal/Dockerfile @@ -37,6 +37,9 @@ RUN set -eux; \ # utilities for keeping UBI and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ glibc-langpack-en \ ; \ diff --git a/8/jdk/ubuntu/focal/Dockerfile b/8/jdk/ubuntu/focal/Dockerfile index 25522532e..0292a52fe 100644 --- a/8/jdk/ubuntu/focal/Dockerfile +++ b/8/jdk/ubuntu/focal/Dockerfile @@ -31,6 +31,9 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ # utilities for keeping Ubuntu and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 diff --git a/8/jdk/ubuntu/jammy/Dockerfile b/8/jdk/ubuntu/jammy/Dockerfile index b3ace79dc..8ac5c6043 100644 --- a/8/jdk/ubuntu/jammy/Dockerfile +++ b/8/jdk/ubuntu/jammy/Dockerfile @@ -31,6 +31,9 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ # utilities for keeping Ubuntu and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 diff --git a/8/jre/alpine/Dockerfile b/8/jre/alpine/Dockerfile index 435bc3f25..801ae49ab 100644 --- a/8/jre/alpine/Dockerfile +++ b/8/jre/alpine/Dockerfile @@ -27,10 +27,13 @@ ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' RUN set -eux; \ apk add --no-cache \ - # fontconfig and ttf-dejavu added to support serverside image generation by Java programs + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ - # java-cacerts added to support adding CA certificates to the Java keystore - java-cacerts \ + # utilities for keeping Alpine and OpenJDK CA certificates in sync + # https://github.com/adoptium/containers/issues/293 + ca-certificates p11-kit-trust \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ tzdata \ diff --git a/8/jre/centos/Dockerfile b/8/jre/centos/Dockerfile index 50a34051d..85d21a297 100644 --- a/8/jre/centos/Dockerfile +++ b/8/jre/centos/Dockerfile @@ -37,6 +37,9 @@ RUN set -eux; \ # utilities for keeping Centos and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ ; \ rm -rf /var/cache/yum diff --git a/8/jre/ubi/ubi9-minimal/Dockerfile b/8/jre/ubi/ubi9-minimal/Dockerfile index af30e18e6..88a7ccfa9 100644 --- a/8/jre/ubi/ubi9-minimal/Dockerfile +++ b/8/jre/ubi/ubi9-minimal/Dockerfile @@ -37,6 +37,9 @@ RUN set -eux; \ # utilities for keeping UBI and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ glibc-langpack-en \ ; \ diff --git a/8/jre/ubuntu/focal/Dockerfile b/8/jre/ubuntu/focal/Dockerfile index 6427b3dc5..baf64fc29 100644 --- a/8/jre/ubuntu/focal/Dockerfile +++ b/8/jre/ubuntu/focal/Dockerfile @@ -31,6 +31,9 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ # utilities for keeping Ubuntu and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 diff --git a/8/jre/ubuntu/jammy/Dockerfile b/8/jre/ubuntu/jammy/Dockerfile index d6e34f8de..a4b3ee6d1 100644 --- a/8/jre/ubuntu/jammy/Dockerfile +++ b/8/jre/ubuntu/jammy/Dockerfile @@ -31,6 +31,9 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ # utilities for keeping Ubuntu and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 diff --git a/docker_templates/alpine-linux.Dockerfile.j2 b/docker_templates/alpine-linux.Dockerfile.j2 index b2c12bcc7..4dc73069b 100644 --- a/docker_templates/alpine-linux.Dockerfile.j2 +++ b/docker_templates/alpine-linux.Dockerfile.j2 @@ -6,10 +6,13 @@ FROM {{ base_image }} RUN set -eux; \ apk add --no-cache \ - # fontconfig and ttf-dejavu added to support serverside image generation by Java programs + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ - # java-cacerts added to support adding CA certificates to the Java keystore - java-cacerts \ + # utilities for keeping Alpine and OpenJDK CA certificates in sync + # https://github.com/adoptium/containers/issues/293 + ca-certificates p11-kit-trust \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ {% include 'partials/binutils.j2' -%} diff --git a/docker_templates/centos.Dockerfile.j2 b/docker_templates/centos.Dockerfile.j2 index c4d65146e..00c8325fc 100644 --- a/docker_templates/centos.Dockerfile.j2 +++ b/docker_templates/centos.Dockerfile.j2 @@ -8,6 +8,7 @@ RUN set -eux; \ yum install -y \ gzip \ tar \ +{% include 'partials/binutils.j2' -%} {% if version|int < 22 -%} # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ @@ -18,7 +19,9 @@ RUN set -eux; \ # utilities for keeping Centos and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates \ -{% include 'partials/binutils.j2' -%} + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ ; \ rm -rf /var/cache/yum diff --git a/docker_templates/ubi9-minimal.Dockerfile.j2 b/docker_templates/ubi9-minimal.Dockerfile.j2 index 4a5b7ffdc..d65346599 100644 --- a/docker_templates/ubi9-minimal.Dockerfile.j2 +++ b/docker_templates/ubi9-minimal.Dockerfile.j2 @@ -16,6 +16,9 @@ RUN set -eux; \ # utilities for keeping UBI and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ glibc-langpack-en \ ; \ diff --git a/docker_templates/ubuntu.Dockerfile.j2 b/docker_templates/ubuntu.Dockerfile.j2 index 8d8531b24..05dac147a 100644 --- a/docker_templates/ubuntu.Dockerfile.j2 +++ b/docker_templates/ubuntu.Dockerfile.j2 @@ -12,6 +12,9 @@ RUN set -eux; \ curl \ {% endif -%} wget \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig \ # utilities for keeping Ubuntu and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 From 7473dbd3ec4b9ac6c6d775687a4ca4568a98cdf2 Mon Sep 17 00:00:00 2001 From: George Adams Date: Mon, 30 Oct 2023 14:06:18 +0000 Subject: [PATCH 4/7] entrypoint comment --- .test/config.sh | 1 + .../dotted-environment-variables/expected-std-out.txt | 1 + .test/tests/dotted-environment-variables/run.sh | 8 ++++++++ 11/jdk/alpine/entrypoint.sh | 5 +++-- 11/jre/alpine/entrypoint.sh | 5 +++-- 17/jdk/alpine/entrypoint.sh | 5 +++-- 17/jre/alpine/entrypoint.sh | 5 +++-- 21/jdk/alpine/entrypoint.sh | 5 +++-- 21/jre/alpine/entrypoint.sh | 5 +++-- 8/jdk/alpine/entrypoint.sh | 5 +++-- 8/jre/alpine/entrypoint.sh | 5 +++-- docker_templates/scripts/entrypoint.alpine-linux.sh | 5 +++-- 12 files changed, 37 insertions(+), 18 deletions(-) create mode 100644 .test/tests/dotted-environment-variables/expected-std-out.txt create mode 100755 .test/tests/dotted-environment-variables/run.sh diff --git a/.test/config.sh b/.test/config.sh index 274c626ef..741795c8a 100644 --- a/.test/config.sh +++ b/.test/config.sh @@ -1,6 +1,7 @@ #!/usr/bin/env bash imageTests[openjdk]+=' + dotted-environment-variables java-ca-certificates-update ' diff --git a/.test/tests/dotted-environment-variables/expected-std-out.txt b/.test/tests/dotted-environment-variables/expected-std-out.txt new file mode 100644 index 000000000..8dc3bdb62 --- /dev/null +++ b/.test/tests/dotted-environment-variables/expected-std-out.txt @@ -0,0 +1 @@ +variable.with.a.dot=value.foo diff --git a/.test/tests/dotted-environment-variables/run.sh b/.test/tests/dotted-environment-variables/run.sh new file mode 100755 index 000000000..d7478c36d --- /dev/null +++ b/.test/tests/dotted-environment-variables/run.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -o pipefail + +CMD1=(env | grep variable.with.a.dot ) + +# Test run 1: Expect dotted environment variables to be set correctly +docker run --rm -e "variable.with.a.dot=value.foo" "$1" $CMD1 diff --git a/11/jdk/alpine/entrypoint.sh b/11/jdk/alpine/entrypoint.sh index 0b9e36a0c..3fa15c17a 100755 --- a/11/jdk/alpine/entrypoint.sh +++ b/11/jdk/alpine/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # Converted to shell to avoid the need for bash in the image set -e @@ -20,7 +20,8 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # Update CA certificates and extract the trust store + # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we + # might as well just generate the truststore and skip the hooks. update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" diff --git a/11/jre/alpine/entrypoint.sh b/11/jre/alpine/entrypoint.sh index 0b9e36a0c..3fa15c17a 100755 --- a/11/jre/alpine/entrypoint.sh +++ b/11/jre/alpine/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # Converted to shell to avoid the need for bash in the image set -e @@ -20,7 +20,8 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # Update CA certificates and extract the trust store + # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we + # might as well just generate the truststore and skip the hooks. update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" diff --git a/17/jdk/alpine/entrypoint.sh b/17/jdk/alpine/entrypoint.sh index 0b9e36a0c..3fa15c17a 100755 --- a/17/jdk/alpine/entrypoint.sh +++ b/17/jdk/alpine/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # Converted to shell to avoid the need for bash in the image set -e @@ -20,7 +20,8 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # Update CA certificates and extract the trust store + # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we + # might as well just generate the truststore and skip the hooks. update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" diff --git a/17/jre/alpine/entrypoint.sh b/17/jre/alpine/entrypoint.sh index 0b9e36a0c..3fa15c17a 100755 --- a/17/jre/alpine/entrypoint.sh +++ b/17/jre/alpine/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # Converted to shell to avoid the need for bash in the image set -e @@ -20,7 +20,8 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # Update CA certificates and extract the trust store + # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we + # might as well just generate the truststore and skip the hooks. update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" diff --git a/21/jdk/alpine/entrypoint.sh b/21/jdk/alpine/entrypoint.sh index 0b9e36a0c..3fa15c17a 100755 --- a/21/jdk/alpine/entrypoint.sh +++ b/21/jdk/alpine/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # Converted to shell to avoid the need for bash in the image set -e @@ -20,7 +20,8 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # Update CA certificates and extract the trust store + # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we + # might as well just generate the truststore and skip the hooks. update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" diff --git a/21/jre/alpine/entrypoint.sh b/21/jre/alpine/entrypoint.sh index 0b9e36a0c..3fa15c17a 100755 --- a/21/jre/alpine/entrypoint.sh +++ b/21/jre/alpine/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # Converted to shell to avoid the need for bash in the image set -e @@ -20,7 +20,8 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # Update CA certificates and extract the trust store + # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we + # might as well just generate the truststore and skip the hooks. update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" diff --git a/8/jdk/alpine/entrypoint.sh b/8/jdk/alpine/entrypoint.sh index 0b9e36a0c..3fa15c17a 100755 --- a/8/jdk/alpine/entrypoint.sh +++ b/8/jdk/alpine/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # Converted to shell to avoid the need for bash in the image set -e @@ -20,7 +20,8 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # Update CA certificates and extract the trust store + # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we + # might as well just generate the truststore and skip the hooks. update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" diff --git a/8/jre/alpine/entrypoint.sh b/8/jre/alpine/entrypoint.sh index 0b9e36a0c..3fa15c17a 100755 --- a/8/jre/alpine/entrypoint.sh +++ b/8/jre/alpine/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # Converted to shell to avoid the need for bash in the image set -e @@ -20,7 +20,8 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # Update CA certificates and extract the trust store + # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we + # might as well just generate the truststore and skip the hooks. update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" diff --git a/docker_templates/scripts/entrypoint.alpine-linux.sh b/docker_templates/scripts/entrypoint.alpine-linux.sh index 0b9e36a0c..3fa15c17a 100755 --- a/docker_templates/scripts/entrypoint.alpine-linux.sh +++ b/docker_templates/scripts/entrypoint.alpine-linux.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # Converted to shell to avoid the need for bash in the image set -e @@ -20,7 +20,8 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then CACERT="$JAVA_HOME/jre/lib/security/cacerts" fi - # Update CA certificates and extract the trust store + # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we + # might as well just generate the truststore and skip the hooks. update-ca-certificates trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" From 5d2360fd04a2e280cb5384c2d39e91fe0b539de6 Mon Sep 17 00:00:00 2001 From: George Adams Date: Wed, 1 Nov 2023 15:45:55 +0000 Subject: [PATCH 5/7] fixup --- .../container.java | 11 ++++ .../expected-std-out.txt | 2 +- .../image-name.sh | 10 ++++ .../tests/dotted-environment-variables/run.sh | 51 +++++++++++++++++-- 4 files changed, 68 insertions(+), 6 deletions(-) create mode 100644 .test/tests/dotted-environment-variables/container.java create mode 100644 .test/tests/dotted-environment-variables/image-name.sh diff --git a/.test/tests/dotted-environment-variables/container.java b/.test/tests/dotted-environment-variables/container.java new file mode 100644 index 000000000..2a131b731 --- /dev/null +++ b/.test/tests/dotted-environment-variables/container.java @@ -0,0 +1,11 @@ +public class container { + /** + * Check if dotted env vars are supported. + */ + public static void main(String[] args) { + // get value of variable.with.a.dot and print it out + String value = System.getenv("variable.with.a.dot"); + System.out.println(value); + System.exit(0); + } +} \ No newline at end of file diff --git a/.test/tests/dotted-environment-variables/expected-std-out.txt b/.test/tests/dotted-environment-variables/expected-std-out.txt index 8dc3bdb62..f0a7151bb 100644 --- a/.test/tests/dotted-environment-variables/expected-std-out.txt +++ b/.test/tests/dotted-environment-variables/expected-std-out.txt @@ -1 +1 @@ -variable.with.a.dot=value.foo +a.dotted.value diff --git a/.test/tests/dotted-environment-variables/image-name.sh b/.test/tests/dotted-environment-variables/image-name.sh new file mode 100644 index 000000000..184297030 --- /dev/null +++ b/.test/tests/dotted-environment-variables/image-name.sh @@ -0,0 +1,10 @@ +#!/bin/bash +set -e + +# usage: ./image-name.sh librarytest/something some/image:some-tag +# output: librarytest/something:some-image-some-tag + +base="$1"; shift +tag="$1"; shift + +echo "$base:$(echo "$tag" | sed 's![:/]!-!g')" diff --git a/.test/tests/dotted-environment-variables/run.sh b/.test/tests/dotted-environment-variables/run.sh index d7478c36d..268a44e4f 100755 --- a/.test/tests/dotted-environment-variables/run.sh +++ b/.test/tests/dotted-environment-variables/run.sh @@ -1,8 +1,49 @@ -#!/bin/bash +#!/usr/bin/env bash -set -o pipefail +## Copied from https://github.com/docker-library/official-images/blob/master/test/tests/run-java-in-container.sh -CMD1=(env | grep variable.with.a.dot ) +set -Eeuo pipefail -# Test run 1: Expect dotted environment variables to be set correctly -docker run --rm -e "variable.with.a.dot=value.foo" "$1" $CMD1 +testDir="$(readlink -f "$(dirname "$BASH_SOURCE")")" +runDir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +# do a little extra work to try and find a suitable JDK image (when "xyzjava:1.2.3-jre" first builds, "xyzjava:1.2.3-jdk" isn't published yet :D) +tryJdks=( + # ideally, we'd just swap the current JRE image to JDK, but that might not exist yet (see above) + "${image/jre/jdk}" +) +jdk= +for potentialJdk in "${tryJdks[@]}"; do + if docker run --rm --pull=missing "$potentialJdk" javac -help &> /dev/null; then + jdk="$potentialJdk" + break + fi +done +if [ -z "$jdk" ]; then + echo >&2 "error: failed to find a suitable JDK image for '$image'!" + exit 1 +fi +if [ "$jdk" != "${tryJdks[0]}" ]; then + echo >&2 "warning: using '$jdk' instead of '${tryJdks[0]}' (results may vary!)" +fi + +# if possible, use "--release" in case $jdk and $image have mismatching Java versions +javac='javac' +if docker run --rm "$jdk" javac --help 2>&1 | grep -q -- '--release'; then + javac='javac --release 8' +fi + +newImage="$("$runDir/image-name.sh" librarytest/java-hello-world "$image")" +"$runDir/docker-build.sh" "$testDir" "$newImage" < Date: Thu, 2 Nov 2023 08:33:58 +0000 Subject: [PATCH 6/7] fixup test --- .test/config.sh | 1 - .../container.java | 11 ----- .../expected-std-out.txt | 1 - .../image-name.sh | 10 ---- .../tests/dotted-environment-variables/run.sh | 49 ------------------- 11/jdk/centos/Dockerfile | 1 - 11/jdk/ubi/ubi9-minimal/Dockerfile | 1 - 11/jre/centos/Dockerfile | 1 - 11/jre/ubi/ubi9-minimal/Dockerfile | 1 - 17/jdk/centos/Dockerfile | 1 - 17/jdk/ubi/ubi9-minimal/Dockerfile | 1 - 17/jre/centos/Dockerfile | 1 - 17/jre/ubi/ubi9-minimal/Dockerfile | 1 - 21/jdk/ubi/ubi9-minimal/Dockerfile | 1 - 21/jre/ubi/ubi9-minimal/Dockerfile | 1 - 8/jdk/centos/Dockerfile | 1 - 8/jdk/ubi/ubi9-minimal/Dockerfile | 1 - 8/jre/centos/Dockerfile | 1 - 8/jre/ubi/ubi9-minimal/Dockerfile | 1 - docker_templates/centos.Dockerfile.j2 | 1 - docker_templates/ubi9-minimal.Dockerfile.j2 | 1 - 21 files changed, 88 deletions(-) delete mode 100644 .test/tests/dotted-environment-variables/container.java delete mode 100644 .test/tests/dotted-environment-variables/expected-std-out.txt delete mode 100644 .test/tests/dotted-environment-variables/image-name.sh delete mode 100755 .test/tests/dotted-environment-variables/run.sh diff --git a/.test/config.sh b/.test/config.sh index 741795c8a..274c626ef 100644 --- a/.test/config.sh +++ b/.test/config.sh @@ -1,7 +1,6 @@ #!/usr/bin/env bash imageTests[openjdk]+=' - dotted-environment-variables java-ca-certificates-update ' diff --git a/.test/tests/dotted-environment-variables/container.java b/.test/tests/dotted-environment-variables/container.java deleted file mode 100644 index 2a131b731..000000000 --- a/.test/tests/dotted-environment-variables/container.java +++ /dev/null @@ -1,11 +0,0 @@ -public class container { - /** - * Check if dotted env vars are supported. - */ - public static void main(String[] args) { - // get value of variable.with.a.dot and print it out - String value = System.getenv("variable.with.a.dot"); - System.out.println(value); - System.exit(0); - } -} \ No newline at end of file diff --git a/.test/tests/dotted-environment-variables/expected-std-out.txt b/.test/tests/dotted-environment-variables/expected-std-out.txt deleted file mode 100644 index f0a7151bb..000000000 --- a/.test/tests/dotted-environment-variables/expected-std-out.txt +++ /dev/null @@ -1 +0,0 @@ -a.dotted.value diff --git a/.test/tests/dotted-environment-variables/image-name.sh b/.test/tests/dotted-environment-variables/image-name.sh deleted file mode 100644 index 184297030..000000000 --- a/.test/tests/dotted-environment-variables/image-name.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -set -e - -# usage: ./image-name.sh librarytest/something some/image:some-tag -# output: librarytest/something:some-image-some-tag - -base="$1"; shift -tag="$1"; shift - -echo "$base:$(echo "$tag" | sed 's![:/]!-!g')" diff --git a/.test/tests/dotted-environment-variables/run.sh b/.test/tests/dotted-environment-variables/run.sh deleted file mode 100755 index 268a44e4f..000000000 --- a/.test/tests/dotted-environment-variables/run.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env bash - -## Copied from https://github.com/docker-library/official-images/blob/master/test/tests/run-java-in-container.sh - -set -Eeuo pipefail - -testDir="$(readlink -f "$(dirname "$BASH_SOURCE")")" -runDir="$(dirname "$(readlink -f "$BASH_SOURCE")")" - -image="$1" - -# do a little extra work to try and find a suitable JDK image (when "xyzjava:1.2.3-jre" first builds, "xyzjava:1.2.3-jdk" isn't published yet :D) -tryJdks=( - # ideally, we'd just swap the current JRE image to JDK, but that might not exist yet (see above) - "${image/jre/jdk}" -) -jdk= -for potentialJdk in "${tryJdks[@]}"; do - if docker run --rm --pull=missing "$potentialJdk" javac -help &> /dev/null; then - jdk="$potentialJdk" - break - fi -done -if [ -z "$jdk" ]; then - echo >&2 "error: failed to find a suitable JDK image for '$image'!" - exit 1 -fi -if [ "$jdk" != "${tryJdks[0]}" ]; then - echo >&2 "warning: using '$jdk' instead of '${tryJdks[0]}' (results may vary!)" -fi - -# if possible, use "--release" in case $jdk and $image have mismatching Java versions -javac='javac' -if docker run --rm "$jdk" javac --help 2>&1 | grep -q -- '--release'; then - javac='javac --release 8' -fi - -newImage="$("$runDir/image-name.sh" librarytest/java-hello-world "$image")" -"$runDir/docker-build.sh" "$testDir" "$newImage" < Date: Thu, 9 Nov 2023 14:32:23 +0000 Subject: [PATCH 7/7] sxa fixes --- 11/jdk/alpine/entrypoint.sh | 2 +- 11/jre/alpine/entrypoint.sh | 2 +- 17/jdk/alpine/entrypoint.sh | 2 +- 17/jre/alpine/entrypoint.sh | 2 +- 21/jdk/alpine/entrypoint.sh | 2 +- 21/jre/alpine/entrypoint.sh | 2 +- 8/jdk/alpine/entrypoint.sh | 2 +- 8/jre/alpine/entrypoint.sh | 2 +- docker_templates/scripts/entrypoint.alpine-linux.sh | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/11/jdk/alpine/entrypoint.sh b/11/jdk/alpine/entrypoint.sh index 3fa15c17a..029cade7e 100755 --- a/11/jdk/alpine/entrypoint.sh +++ b/11/jdk/alpine/entrypoint.sh @@ -1,5 +1,5 @@ #!/usr/bin/env sh -# Converted to shell to avoid the need for bash in the image +# Converted to POSIX shell to avoid the need for bash in the image set -e diff --git a/11/jre/alpine/entrypoint.sh b/11/jre/alpine/entrypoint.sh index 3fa15c17a..029cade7e 100755 --- a/11/jre/alpine/entrypoint.sh +++ b/11/jre/alpine/entrypoint.sh @@ -1,5 +1,5 @@ #!/usr/bin/env sh -# Converted to shell to avoid the need for bash in the image +# Converted to POSIX shell to avoid the need for bash in the image set -e diff --git a/17/jdk/alpine/entrypoint.sh b/17/jdk/alpine/entrypoint.sh index 3fa15c17a..029cade7e 100755 --- a/17/jdk/alpine/entrypoint.sh +++ b/17/jdk/alpine/entrypoint.sh @@ -1,5 +1,5 @@ #!/usr/bin/env sh -# Converted to shell to avoid the need for bash in the image +# Converted to POSIX shell to avoid the need for bash in the image set -e diff --git a/17/jre/alpine/entrypoint.sh b/17/jre/alpine/entrypoint.sh index 3fa15c17a..029cade7e 100755 --- a/17/jre/alpine/entrypoint.sh +++ b/17/jre/alpine/entrypoint.sh @@ -1,5 +1,5 @@ #!/usr/bin/env sh -# Converted to shell to avoid the need for bash in the image +# Converted to POSIX shell to avoid the need for bash in the image set -e diff --git a/21/jdk/alpine/entrypoint.sh b/21/jdk/alpine/entrypoint.sh index 3fa15c17a..029cade7e 100755 --- a/21/jdk/alpine/entrypoint.sh +++ b/21/jdk/alpine/entrypoint.sh @@ -1,5 +1,5 @@ #!/usr/bin/env sh -# Converted to shell to avoid the need for bash in the image +# Converted to POSIX shell to avoid the need for bash in the image set -e diff --git a/21/jre/alpine/entrypoint.sh b/21/jre/alpine/entrypoint.sh index 3fa15c17a..029cade7e 100755 --- a/21/jre/alpine/entrypoint.sh +++ b/21/jre/alpine/entrypoint.sh @@ -1,5 +1,5 @@ #!/usr/bin/env sh -# Converted to shell to avoid the need for bash in the image +# Converted to POSIX shell to avoid the need for bash in the image set -e diff --git a/8/jdk/alpine/entrypoint.sh b/8/jdk/alpine/entrypoint.sh index 3fa15c17a..029cade7e 100755 --- a/8/jdk/alpine/entrypoint.sh +++ b/8/jdk/alpine/entrypoint.sh @@ -1,5 +1,5 @@ #!/usr/bin/env sh -# Converted to shell to avoid the need for bash in the image +# Converted to POSIX shell to avoid the need for bash in the image set -e diff --git a/8/jre/alpine/entrypoint.sh b/8/jre/alpine/entrypoint.sh index 3fa15c17a..029cade7e 100755 --- a/8/jre/alpine/entrypoint.sh +++ b/8/jre/alpine/entrypoint.sh @@ -1,5 +1,5 @@ #!/usr/bin/env sh -# Converted to shell to avoid the need for bash in the image +# Converted to POSIX shell to avoid the need for bash in the image set -e diff --git a/docker_templates/scripts/entrypoint.alpine-linux.sh b/docker_templates/scripts/entrypoint.alpine-linux.sh index 3fa15c17a..029cade7e 100755 --- a/docker_templates/scripts/entrypoint.alpine-linux.sh +++ b/docker_templates/scripts/entrypoint.alpine-linux.sh @@ -1,5 +1,5 @@ #!/usr/bin/env sh -# Converted to shell to avoid the need for bash in the image +# Converted to POSIX shell to avoid the need for bash in the image set -e