diff --git a/Dockerfile b/Dockerfile index 6b07083..868cf34 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ # # hadolint ignore=DL3026 -FROM registry.access.redhat.com/ubi9/ubi-minimal:9.6 AS builder +FROM registry.access.redhat.com/ubi10/ubi-minimal:10.2 AS builder ARG TEMP="/tmp/work" # Build parameters ARG IQ_SERVER_VERSION=1.203.0-01 @@ -52,7 +52,7 @@ RUN sha256sum -c nexus-iq-server.tar.gz.sha256 \ && mv nexus-iq-server-${IQ_SERVER_VERSION}-linux-* nexus-iq-server # hadolint ignore=DL3026 -FROM registry.access.redhat.com/ubi9/ubi-minimal:9.6 +FROM registry.access.redhat.com/ubi10/ubi-minimal:10.2 ARG IQ_SERVER_VERSION=1.203.0-01 ARG IQ_HOME="/opt/sonatype/nexus-iq-server" @@ -124,7 +124,9 @@ RUN echo "trap 'kill -TERM \`cut -f1 -d@ ${SONATYPE_WORK}/lock\`; timeout ${TIME WORKDIR ${IQ_HOME} -# enabling back support for SHA1 signed certificates +# Re-enable SHA1 certificate support (removed from RHEL 10 default modules). +# Required for Azure PostgreSQL connections using SHA1-signed certificates. +COPY SHA1.pmod /usr/share/crypto-policies/policies/modules/ RUN update-crypto-policies --set DEFAULT:SHA1 # This is where we will store persistent data diff --git a/Dockerfile.rh b/Dockerfile.rh index 5ef0d76..6a10421 100644 --- a/Dockerfile.rh +++ b/Dockerfile.rh @@ -15,7 +15,7 @@ # # hadolint ignore=DL3026 -FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7 AS builder +FROM registry.access.redhat.com/ubi10/ubi-minimal:10.2 AS builder ARG TEMP="/tmp/work" # Build parameters ARG IQ_SERVER_VERSION=1.185.0-01 @@ -44,7 +44,7 @@ RUN sha256sum -c nexus-iq-server.tar.gz.sha256 \ && mv nexus-iq-server-${IQ_SERVER_VERSION}-linux-* nexus-iq-server # hadolint ignore=DL3026 -FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7 +FROM registry.access.redhat.com/ubi10/ubi-minimal:10.2 ARG IQ_SERVER_VERSION=1.185.0-01 ARG IQ_RELEASE @@ -127,7 +127,9 @@ RUN echo "trap 'kill -TERM \`cut -f1 -d@ ${SONATYPE_WORK}/lock\`; timeout ${TIME WORKDIR ${IQ_HOME} -# enabling back support for SHA1 signed certificates +# Re-enable SHA1 certificate support (removed from RHEL 10 default modules). +# Required for Azure PostgreSQL connections using SHA1-signed certificates. +COPY SHA1.pmod /usr/share/crypto-policies/policies/modules/ RUN update-crypto-policies --set DEFAULT:SHA1 # This is where we will store persistent data diff --git a/Dockerfile.slim b/Dockerfile.slim index 6b07083..868cf34 100644 --- a/Dockerfile.slim +++ b/Dockerfile.slim @@ -15,7 +15,7 @@ # # hadolint ignore=DL3026 -FROM registry.access.redhat.com/ubi9/ubi-minimal:9.6 AS builder +FROM registry.access.redhat.com/ubi10/ubi-minimal:10.2 AS builder ARG TEMP="/tmp/work" # Build parameters ARG IQ_SERVER_VERSION=1.203.0-01 @@ -52,7 +52,7 @@ RUN sha256sum -c nexus-iq-server.tar.gz.sha256 \ && mv nexus-iq-server-${IQ_SERVER_VERSION}-linux-* nexus-iq-server # hadolint ignore=DL3026 -FROM registry.access.redhat.com/ubi9/ubi-minimal:9.6 +FROM registry.access.redhat.com/ubi10/ubi-minimal:10.2 ARG IQ_SERVER_VERSION=1.203.0-01 ARG IQ_HOME="/opt/sonatype/nexus-iq-server" @@ -124,7 +124,9 @@ RUN echo "trap 'kill -TERM \`cut -f1 -d@ ${SONATYPE_WORK}/lock\`; timeout ${TIME WORKDIR ${IQ_HOME} -# enabling back support for SHA1 signed certificates +# Re-enable SHA1 certificate support (removed from RHEL 10 default modules). +# Required for Azure PostgreSQL connections using SHA1-signed certificates. +COPY SHA1.pmod /usr/share/crypto-policies/policies/modules/ RUN update-crypto-policies --set DEFAULT:SHA1 # This is where we will store persistent data diff --git a/SHA1.pmod b/SHA1.pmod new file mode 100644 index 0000000..72f8c13 --- /dev/null +++ b/SHA1.pmod @@ -0,0 +1,7 @@ +# SHA1.pmod - Re-enable SHA1 certificate support +# Based on the UBI 9 DEFAULT:SHA1 subpolicy which was removed in RHEL 10. +# Required for Azure PostgreSQL connections using SHA1-signed certificates. + +hash = SHA1+ + +sign = ECDSA-SHA1+ RSA-PSS-SHA1+ RSA-SHA1+