From 05f3047078b80bd2d37079f2e9faff17dec4a8b1 Mon Sep 17 00:00:00 2001 From: George Adams Date: Wed, 3 Jul 2024 15:13:14 +0100 Subject: [PATCH] Remove all tags of CentOS (now fully EOL) (#583) --- .gitignore | 3 + 11/jdk/alpine/entrypoint.sh | 4 +- 11/jdk/centos/Dockerfile | 88 --------------------- 11/jdk/centos/entrypoint.sh | 89 --------------------- 11/jdk/ubi/ubi9-minimal/entrypoint.sh | 4 +- 11/jdk/ubuntu/focal/entrypoint.sh | 4 +- 11/jdk/ubuntu/jammy/entrypoint.sh | 4 +- 11/jre/alpine/entrypoint.sh | 4 +- 11/jre/centos/Dockerfile | 84 -------------------- 11/jre/centos/entrypoint.sh | 89 --------------------- 11/jre/ubi/ubi9-minimal/entrypoint.sh | 4 +- 11/jre/ubuntu/focal/entrypoint.sh | 4 +- 11/jre/ubuntu/jammy/entrypoint.sh | 4 +- 16/jdk/centos/Dockerfile.releases.full | 64 --------------- 17/jdk/alpine/entrypoint.sh | 4 +- 17/jdk/centos/Dockerfile | 91 ---------------------- 17/jdk/centos/entrypoint.sh | 89 --------------------- 17/jdk/ubi/ubi9-minimal/entrypoint.sh | 4 +- 17/jdk/ubuntu/focal/entrypoint.sh | 4 +- 17/jdk/ubuntu/jammy/entrypoint.sh | 4 +- 17/jre/alpine/entrypoint.sh | 4 +- 17/jre/centos/Dockerfile | 84 -------------------- 17/jre/centos/entrypoint.sh | 89 --------------------- 17/jre/ubi/ubi9-minimal/entrypoint.sh | 4 +- 17/jre/ubuntu/focal/entrypoint.sh | 4 +- 17/jre/ubuntu/jammy/entrypoint.sh | 4 +- 18/jdk/centos/Dockerfile.releases.full | 70 ----------------- 18/jre/centos/Dockerfile.releases.full | 67 ---------------- 19/jdk/centos/Dockerfile.releases.full | 70 ----------------- 19/jre/centos/Dockerfile.releases.full | 67 ---------------- 21/jdk/alpine/entrypoint.sh | 4 +- 21/jdk/ubi/ubi9-minimal/entrypoint.sh | 4 +- 21/jdk/ubuntu/jammy/entrypoint.sh | 4 +- 21/jre/alpine/entrypoint.sh | 4 +- 21/jre/ubi/ubi9-minimal/entrypoint.sh | 4 +- 21/jre/ubuntu/jammy/entrypoint.sh | 4 +- 22/jdk/alpine/entrypoint.sh | 4 +- 22/jdk/ubi/ubi9-minimal/entrypoint.sh | 4 +- 22/jdk/ubuntu/jammy/entrypoint.sh | 4 +- 22/jre/alpine/entrypoint.sh | 4 +- 22/jre/ubi/ubi9-minimal/entrypoint.sh | 4 +- 22/jre/ubuntu/jammy/entrypoint.sh | 4 +- 8/jdk/alpine/entrypoint.sh | 4 +- 8/jdk/centos/Dockerfile | 85 -------------------- 8/jdk/centos/entrypoint.sh | 89 --------------------- 8/jdk/ubi/ubi9-minimal/entrypoint.sh | 4 +- 8/jdk/ubuntu/focal/entrypoint.sh | 4 +- 8/jdk/ubuntu/jammy/entrypoint.sh | 4 +- 8/jre/alpine/entrypoint.sh | 4 +- 8/jre/centos/Dockerfile | 84 -------------------- 8/jre/centos/entrypoint.sh | 89 --------------------- 8/jre/ubi/ubi9-minimal/entrypoint.sh | 4 +- 8/jre/ubuntu/focal/entrypoint.sh | 4 +- 8/jre/ubuntu/jammy/entrypoint.sh | 4 +- README.md | 2 +- config/hotspot.yml | 8 +- docker_templates/centos.Dockerfile.j2 | 35 --------- docker_templates/entrypoint.sh | 4 +- docker_templates/partials/arch-variable.j2 | 2 +- dockerhub_doc_config_update.sh | 3 +- 60 files changed, 81 insertions(+), 1508 deletions(-) delete mode 100644 11/jdk/centos/Dockerfile delete mode 100755 11/jdk/centos/entrypoint.sh delete mode 100644 11/jre/centos/Dockerfile delete mode 100755 11/jre/centos/entrypoint.sh delete mode 100644 16/jdk/centos/Dockerfile.releases.full delete mode 100644 17/jdk/centos/Dockerfile delete mode 100755 17/jdk/centos/entrypoint.sh delete mode 100644 17/jre/centos/Dockerfile delete mode 100755 17/jre/centos/entrypoint.sh delete mode 100644 18/jdk/centos/Dockerfile.releases.full delete mode 100644 18/jre/centos/Dockerfile.releases.full delete mode 100644 19/jdk/centos/Dockerfile.releases.full delete mode 100644 19/jre/centos/Dockerfile.releases.full delete mode 100644 8/jdk/centos/Dockerfile delete mode 100755 8/jdk/centos/entrypoint.sh delete mode 100644 8/jre/centos/Dockerfile delete mode 100755 8/jre/centos/entrypoint.sh delete mode 100644 docker_templates/centos.Dockerfile.j2 diff --git a/.gitignore b/.gitignore index 081ed0847..906d3ec0e 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,6 @@ library/ .vscode/ __pycache__/ /adoptium_cache.sqlite +lib/ +bin/ +pyvenv.cfg diff --git a/11/jdk/alpine/entrypoint.sh b/11/jdk/alpine/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/11/jdk/alpine/entrypoint.sh +++ b/11/jdk/alpine/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/11/jdk/centos/Dockerfile b/11/jdk/centos/Dockerfile deleted file mode 100644 index 4820f2038..000000000 --- a/11/jdk/centos/Dockerfile +++ /dev/null @@ -1,88 +0,0 @@ -# ------------------------------------------------------------------------------ -# NOTE: THIS DOCKERFILE IS GENERATED VIA "generate_dockerfiles.py" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# ------------------------------------------------------------------------------ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -FROM centos:7 - -ENV JAVA_HOME /opt/java/openjdk -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' - -RUN set -eux; \ - yum install -y \ - gzip \ - tar \ - # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 - curl \ - wget \ - tzdata \ - # utilities for keeping Centos and OpenJDK CA certificates in sync - # https://github.com/adoptium/containers/issues/293 - ca-certificates \ - # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory - # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager - # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - fontconfig \ - ; \ - rm -rf /var/cache/yum - -ENV JAVA_VERSION jdk-11.0.23+9 - -RUN set -eux; \ - ARCH="$(rpm --query --queryformat='%{ARCH}' rpm)"; \ - case "${ARCH}" in \ - aarch64) \ - ESUM='e00476a7be3c4adfa9b3d55d30768967fd246a8352e518894e183fa444d4d3ce'; \ - BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.23%2B9/OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.23_9.tar.gz'; \ - ;; \ - ppc64le) \ - ESUM='f56068bb64c6bf858894f75c2bc261f54db32932422eb07527f36ae40046e9a0'; \ - BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.23%2B9/OpenJDK11U-jdk_ppc64le_linux_hotspot_11.0.23_9.tar.gz'; \ - ;; \ - x86_64) \ - ESUM='23e47ea7a3015be3240f21185fd902adebdcf76530757c9b482c7eb5bd3417c2'; \ - BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.23%2B9/OpenJDK11U-jdk_x64_linux_hotspot_11.0.23_9.tar.gz'; \ - ;; \ - *) \ - echo "Unsupported arch: ${ARCH}"; \ - exit 1; \ - ;; \ - esac; \ - wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ - echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file /tmp/openjdk.tar.gz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm -f /tmp/openjdk.tar.gz ${JAVA_HOME}/lib/src.zip; - -RUN set -eux; \ - echo "Verifying install ..."; \ - fileEncoding="$(echo 'System.out.println(System.getProperty("file.encoding"))' | jshell -s -)"; [ "$fileEncoding" = 'UTF-8' ]; rm -rf ~/.java; \ - echo "javac --version"; javac --version; \ - echo "java --version"; java --version; \ - echo "Complete." -COPY entrypoint.sh /__cacert_entrypoint.sh -ENTRYPOINT ["/__cacert_entrypoint.sh"] - -CMD ["jshell"] diff --git a/11/jdk/centos/entrypoint.sh b/11/jdk/centos/entrypoint.sh deleted file mode 100755 index dfa0f703f..000000000 --- a/11/jdk/centos/entrypoint.sh +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image - -set -e - -# JDK truststore location -CACERT=$JAVA_HOME/lib/security/cacerts - -# JDK8 puts its JRE in a subdirectory -if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT=$JAVA_HOME/jre/lib/security/cacerts -fi - -# Opt-in is only activated if the environment variable is set -if [ -n "$USE_SYSTEM_CA_CERTS" ]; then - - if [ ! -w /tmp ]; then - echo "Using additional CA certificates requires write permissions to /tmp. Cannot create truststore." - exit 1 - fi - - # Figure out whether we can write to the JVM truststore. If we can, we'll add the certificates there. If not, - # we'll use a temporary truststore. - if [ ! -w "$CACERT" ]; then - # We cannot write to the JVM truststore, so we create a temporary one - CACERT_NEW=$(mktemp) - echo "Using a temporary truststore at $CACERT_NEW" - cp $CACERT $CACERT_NEW - CACERT=$CACERT_NEW - # If we use a custom truststore, we need to make sure that the JVM uses it - export JAVA_TOOL_OPTIONS="${JAVA_TOOL_OPTIONS} -Djavax.net.ssl.trustStore=${CACERT} -Djavax.net.ssl.trustStorePassword=changeit" - fi - - tmp_store=$(mktemp) - - # Copy full system CA store to a temporary location - trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$tmp_store" - - # Add the system CA certificates to the JVM truststore. - keytool -importkeystore -destkeystore "$CACERT" -srckeystore "$tmp_store" -srcstorepass changeit -deststorepass changeit -noprompt # >/dev/null - - # Import the additional certificate into JVM truststore - for i in /certificates/*crt; do - if [ ! -f "$i" ]; then - continue - fi - keytool -import -noprompt -alias "$(basename "$i" .crt)" -file "$i" -keystore "$CACERT" -storepass changeit # >/dev/null - done - - # Add additional certificates to the system CA store. This requires write permissions to several system - # locations, which is not possible in a container with read-only filesystem and/or non-root container. - if [ "$(id -u)" -eq 0 ]; then - - # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. - # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the - # system location, for whatever reason. - if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - - # UBI/CentOS - if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then - cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ - fi - - # Ubuntu/Alpine - if [ -d /usr/local/share/ca-certificates/ ]; then - cp -La /certificates/* /usr/local/share/ca-certificates/ - fi - fi - - # UBI/CentOS - if which update-ca-trust >/dev/null; then - update-ca-trust - fi - - # Ubuntu/Alpine - if which update-ca-certificates >/dev/null; then - update-ca-certificates - fi - else - # If we are not root, we cannot update the system truststore. That's bad news for tools like `curl` and `wget`, - # but since the JVM is the primary focus here, we can live with that. - true - fi -fi - -# Let's provide a variable with the correct path for tools that want or need to use it -export CACERT - -exec "$@" diff --git a/11/jdk/ubi/ubi9-minimal/entrypoint.sh b/11/jdk/ubi/ubi9-minimal/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/11/jdk/ubi/ubi9-minimal/entrypoint.sh +++ b/11/jdk/ubi/ubi9-minimal/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/11/jdk/ubuntu/focal/entrypoint.sh b/11/jdk/ubuntu/focal/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/11/jdk/ubuntu/focal/entrypoint.sh +++ b/11/jdk/ubuntu/focal/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/11/jdk/ubuntu/jammy/entrypoint.sh b/11/jdk/ubuntu/jammy/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/11/jdk/ubuntu/jammy/entrypoint.sh +++ b/11/jdk/ubuntu/jammy/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/11/jre/alpine/entrypoint.sh b/11/jre/alpine/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/11/jre/alpine/entrypoint.sh +++ b/11/jre/alpine/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/11/jre/centos/Dockerfile b/11/jre/centos/Dockerfile deleted file mode 100644 index acd111a40..000000000 --- a/11/jre/centos/Dockerfile +++ /dev/null @@ -1,84 +0,0 @@ -# ------------------------------------------------------------------------------ -# NOTE: THIS DOCKERFILE IS GENERATED VIA "generate_dockerfiles.py" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# ------------------------------------------------------------------------------ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -FROM centos:7 - -ENV JAVA_HOME /opt/java/openjdk -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' - -RUN set -eux; \ - yum install -y \ - gzip \ - tar \ - # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 - curl \ - wget \ - tzdata \ - # utilities for keeping Centos and OpenJDK CA certificates in sync - # https://github.com/adoptium/containers/issues/293 - ca-certificates \ - # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory - # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager - # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - fontconfig \ - ; \ - rm -rf /var/cache/yum - -ENV JAVA_VERSION jdk-11.0.23+9 - -RUN set -eux; \ - ARCH="$(rpm --query --queryformat='%{ARCH}' rpm)"; \ - case "${ARCH}" in \ - aarch64) \ - ESUM='7290ace47a030d89ea023c28e7aa555c9da72b4194f73b39ec9d058011bf06dd'; \ - BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.23%2B9/OpenJDK11U-jre_aarch64_linux_hotspot_11.0.23_9.tar.gz'; \ - ;; \ - ppc64le) \ - ESUM='3b3fbd324620fd914bd8462e292124493fcf846fd69195c4b9a231131dc68d5f'; \ - BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.23%2B9/OpenJDK11U-jre_ppc64le_linux_hotspot_11.0.23_9.tar.gz'; \ - ;; \ - x86_64) \ - ESUM='786a72296189ba8e43999532aa73730d87ec1fce558eb3c4e98b611b423375e3'; \ - BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.23%2B9/OpenJDK11U-jre_x64_linux_hotspot_11.0.23_9.tar.gz'; \ - ;; \ - *) \ - echo "Unsupported arch: ${ARCH}"; \ - exit 1; \ - ;; \ - esac; \ - wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ - echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file /tmp/openjdk.tar.gz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm -f /tmp/openjdk.tar.gz ${JAVA_HOME}/lib/src.zip; - -RUN set -eux; \ - echo "Verifying install ..."; \ - echo "java --version"; java --version; \ - echo "Complete." -COPY entrypoint.sh /__cacert_entrypoint.sh -ENTRYPOINT ["/__cacert_entrypoint.sh"] diff --git a/11/jre/centos/entrypoint.sh b/11/jre/centos/entrypoint.sh deleted file mode 100755 index dfa0f703f..000000000 --- a/11/jre/centos/entrypoint.sh +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image - -set -e - -# JDK truststore location -CACERT=$JAVA_HOME/lib/security/cacerts - -# JDK8 puts its JRE in a subdirectory -if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT=$JAVA_HOME/jre/lib/security/cacerts -fi - -# Opt-in is only activated if the environment variable is set -if [ -n "$USE_SYSTEM_CA_CERTS" ]; then - - if [ ! -w /tmp ]; then - echo "Using additional CA certificates requires write permissions to /tmp. Cannot create truststore." - exit 1 - fi - - # Figure out whether we can write to the JVM truststore. If we can, we'll add the certificates there. If not, - # we'll use a temporary truststore. - if [ ! -w "$CACERT" ]; then - # We cannot write to the JVM truststore, so we create a temporary one - CACERT_NEW=$(mktemp) - echo "Using a temporary truststore at $CACERT_NEW" - cp $CACERT $CACERT_NEW - CACERT=$CACERT_NEW - # If we use a custom truststore, we need to make sure that the JVM uses it - export JAVA_TOOL_OPTIONS="${JAVA_TOOL_OPTIONS} -Djavax.net.ssl.trustStore=${CACERT} -Djavax.net.ssl.trustStorePassword=changeit" - fi - - tmp_store=$(mktemp) - - # Copy full system CA store to a temporary location - trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$tmp_store" - - # Add the system CA certificates to the JVM truststore. - keytool -importkeystore -destkeystore "$CACERT" -srckeystore "$tmp_store" -srcstorepass changeit -deststorepass changeit -noprompt # >/dev/null - - # Import the additional certificate into JVM truststore - for i in /certificates/*crt; do - if [ ! -f "$i" ]; then - continue - fi - keytool -import -noprompt -alias "$(basename "$i" .crt)" -file "$i" -keystore "$CACERT" -storepass changeit # >/dev/null - done - - # Add additional certificates to the system CA store. This requires write permissions to several system - # locations, which is not possible in a container with read-only filesystem and/or non-root container. - if [ "$(id -u)" -eq 0 ]; then - - # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. - # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the - # system location, for whatever reason. - if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - - # UBI/CentOS - if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then - cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ - fi - - # Ubuntu/Alpine - if [ -d /usr/local/share/ca-certificates/ ]; then - cp -La /certificates/* /usr/local/share/ca-certificates/ - fi - fi - - # UBI/CentOS - if which update-ca-trust >/dev/null; then - update-ca-trust - fi - - # Ubuntu/Alpine - if which update-ca-certificates >/dev/null; then - update-ca-certificates - fi - else - # If we are not root, we cannot update the system truststore. That's bad news for tools like `curl` and `wget`, - # but since the JVM is the primary focus here, we can live with that. - true - fi -fi - -# Let's provide a variable with the correct path for tools that want or need to use it -export CACERT - -exec "$@" diff --git a/11/jre/ubi/ubi9-minimal/entrypoint.sh b/11/jre/ubi/ubi9-minimal/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/11/jre/ubi/ubi9-minimal/entrypoint.sh +++ b/11/jre/ubi/ubi9-minimal/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/11/jre/ubuntu/focal/entrypoint.sh b/11/jre/ubuntu/focal/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/11/jre/ubuntu/focal/entrypoint.sh +++ b/11/jre/ubuntu/focal/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/11/jre/ubuntu/jammy/entrypoint.sh b/11/jre/ubuntu/jammy/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/11/jre/ubuntu/jammy/entrypoint.sh +++ b/11/jre/ubuntu/jammy/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/16/jdk/centos/Dockerfile.releases.full b/16/jdk/centos/Dockerfile.releases.full deleted file mode 100644 index 360841af3..000000000 --- a/16/jdk/centos/Dockerfile.releases.full +++ /dev/null @@ -1,64 +0,0 @@ -# ------------------------------------------------------------------------------ -# NOTE: THIS DOCKERFILE IS GENERATED VIA "update_multiarch.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# ------------------------------------------------------------------------------ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -FROM centos:7 - -ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' - -RUN yum install -y tzdata openssl curl ca-certificates fontconfig gzip tar binutils \ - && yum clean all - -ENV JAVA_VERSION jdk-16.0.2+7 - -RUN set -eux; \ - ARCH="$(objdump="$(command -v objdump)" && objdump --file-headers "$objdump" | awk -F '[:,]+[[:space:]]+' '$1 == "architecture" { print $2 }')"; \ - case "${ARCH}" in \ - aarch64|arm64) \ - ESUM='cb77d9d126f97898dfdc8b5fb694d1e0e5d93d13a0a6cb2aeda76f8635384340'; \ - BINARY_URL='https://github.com/adoptium/temurin16-binaries/releases/download/jdk-16.0.2%2B7/OpenJDK16U-jdk_aarch64_linux_hotspot_16.0.2_7.tar.gz'; \ - ;; \ - ppc64el|powerpc:common64) \ - ESUM='36ebe6c72f2fc19b8b17371f731390e15fa3aab08c28b55b9a8b71d0a578adc9'; \ - BINARY_URL='https://github.com/adoptium/temurin16-binaries/releases/download/jdk-16.0.2%2B7/OpenJDK16U-jdk_ppc64le_linux_hotspot_16.0.2_7.tar.gz'; \ - ;; \ - amd64|i386:x86-64) \ - ESUM='323d6d7474a359a28eff7ddd0df8e65bd61554a8ed12ef42fd9365349e573c2c'; \ - BINARY_URL='https://github.com/adoptium/temurin16-binaries/releases/download/jdk-16.0.2%2B7/OpenJDK16U-jdk_x64_linux_hotspot_16.0.2_7.tar.gz'; \ - ;; \ - *) \ - echo "Unsupported arch: ${ARCH}"; \ - exit 1; \ - ;; \ - esac; \ - curl -LfsSo /tmp/openjdk.tar.gz ${BINARY_URL}; \ - echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ - mkdir -p /opt/java/openjdk; \ - cd /opt/java/openjdk; \ - tar -xf /tmp/openjdk.tar.gz --strip-components=1; \ - rm -rf /tmp/openjdk.tar.gz; - -ENV JAVA_HOME=/opt/java/openjdk \ - PATH="/opt/java/openjdk/bin:$PATH" - -RUN echo Verifying install ... \ - && echo javac --version && javac --version \ - && echo java --version && java --version \ - && echo Complete. - -CMD ["jshell"] diff --git a/17/jdk/alpine/entrypoint.sh b/17/jdk/alpine/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/17/jdk/alpine/entrypoint.sh +++ b/17/jdk/alpine/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/17/jdk/centos/Dockerfile b/17/jdk/centos/Dockerfile deleted file mode 100644 index 6ce880c85..000000000 --- a/17/jdk/centos/Dockerfile +++ /dev/null @@ -1,91 +0,0 @@ -# ------------------------------------------------------------------------------ -# NOTE: THIS DOCKERFILE IS GENERATED VIA "generate_dockerfiles.py" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# ------------------------------------------------------------------------------ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -FROM centos:7 - -ENV JAVA_HOME /opt/java/openjdk -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' - -RUN set -eux; \ - yum install -y \ - gzip \ - tar \ - # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 - # Error: java.io.IOException: Cannot run program "objcopy": error=2, No such file or directory - binutils \ - # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 - curl \ - wget \ - tzdata \ - # utilities for keeping Centos and OpenJDK CA certificates in sync - # https://github.com/adoptium/containers/issues/293 - ca-certificates \ - # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory - # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager - # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - fontconfig \ - ; \ - rm -rf /var/cache/yum - -ENV JAVA_VERSION jdk-17.0.11+9 - -RUN set -eux; \ - ARCH="$(rpm --query --queryformat='%{ARCH}' rpm)"; \ - case "${ARCH}" in \ - aarch64) \ - ESUM='a900acf3ae56b000afc35468a083b6d6fd695abec87a8abdb02743d5c72f6d6d'; \ - BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.11%2B9/OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.11_9.tar.gz'; \ - ;; \ - ppc64le) \ - ESUM='44bdd662c3b832cfe0b808362866b8d7a700dd60e6e39716dee97211d35c230f'; \ - BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.11%2B9/OpenJDK17U-jdk_ppc64le_linux_hotspot_17.0.11_9.tar.gz'; \ - ;; \ - x86_64) \ - ESUM='aa7fb6bb342319d227a838af5c363bfa1b4a670c209372f9e6585bd79da6220c'; \ - BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.11%2B9/OpenJDK17U-jdk_x64_linux_hotspot_17.0.11_9.tar.gz'; \ - ;; \ - *) \ - echo "Unsupported arch: ${ARCH}"; \ - exit 1; \ - ;; \ - esac; \ - wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ - echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file /tmp/openjdk.tar.gz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm -f /tmp/openjdk.tar.gz ${JAVA_HOME}/lib/src.zip; - -RUN set -eux; \ - echo "Verifying install ..."; \ - fileEncoding="$(echo 'System.out.println(System.getProperty("file.encoding"))' | jshell -s -)"; [ "$fileEncoding" = 'UTF-8' ]; rm -rf ~/.java; \ - echo "javac --version"; javac --version; \ - echo "java --version"; java --version; \ - echo "Complete." -COPY entrypoint.sh /__cacert_entrypoint.sh -ENTRYPOINT ["/__cacert_entrypoint.sh"] - -CMD ["jshell"] diff --git a/17/jdk/centos/entrypoint.sh b/17/jdk/centos/entrypoint.sh deleted file mode 100755 index dfa0f703f..000000000 --- a/17/jdk/centos/entrypoint.sh +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image - -set -e - -# JDK truststore location -CACERT=$JAVA_HOME/lib/security/cacerts - -# JDK8 puts its JRE in a subdirectory -if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT=$JAVA_HOME/jre/lib/security/cacerts -fi - -# Opt-in is only activated if the environment variable is set -if [ -n "$USE_SYSTEM_CA_CERTS" ]; then - - if [ ! -w /tmp ]; then - echo "Using additional CA certificates requires write permissions to /tmp. Cannot create truststore." - exit 1 - fi - - # Figure out whether we can write to the JVM truststore. If we can, we'll add the certificates there. If not, - # we'll use a temporary truststore. - if [ ! -w "$CACERT" ]; then - # We cannot write to the JVM truststore, so we create a temporary one - CACERT_NEW=$(mktemp) - echo "Using a temporary truststore at $CACERT_NEW" - cp $CACERT $CACERT_NEW - CACERT=$CACERT_NEW - # If we use a custom truststore, we need to make sure that the JVM uses it - export JAVA_TOOL_OPTIONS="${JAVA_TOOL_OPTIONS} -Djavax.net.ssl.trustStore=${CACERT} -Djavax.net.ssl.trustStorePassword=changeit" - fi - - tmp_store=$(mktemp) - - # Copy full system CA store to a temporary location - trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$tmp_store" - - # Add the system CA certificates to the JVM truststore. - keytool -importkeystore -destkeystore "$CACERT" -srckeystore "$tmp_store" -srcstorepass changeit -deststorepass changeit -noprompt # >/dev/null - - # Import the additional certificate into JVM truststore - for i in /certificates/*crt; do - if [ ! -f "$i" ]; then - continue - fi - keytool -import -noprompt -alias "$(basename "$i" .crt)" -file "$i" -keystore "$CACERT" -storepass changeit # >/dev/null - done - - # Add additional certificates to the system CA store. This requires write permissions to several system - # locations, which is not possible in a container with read-only filesystem and/or non-root container. - if [ "$(id -u)" -eq 0 ]; then - - # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. - # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the - # system location, for whatever reason. - if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - - # UBI/CentOS - if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then - cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ - fi - - # Ubuntu/Alpine - if [ -d /usr/local/share/ca-certificates/ ]; then - cp -La /certificates/* /usr/local/share/ca-certificates/ - fi - fi - - # UBI/CentOS - if which update-ca-trust >/dev/null; then - update-ca-trust - fi - - # Ubuntu/Alpine - if which update-ca-certificates >/dev/null; then - update-ca-certificates - fi - else - # If we are not root, we cannot update the system truststore. That's bad news for tools like `curl` and `wget`, - # but since the JVM is the primary focus here, we can live with that. - true - fi -fi - -# Let's provide a variable with the correct path for tools that want or need to use it -export CACERT - -exec "$@" diff --git a/17/jdk/ubi/ubi9-minimal/entrypoint.sh b/17/jdk/ubi/ubi9-minimal/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/17/jdk/ubi/ubi9-minimal/entrypoint.sh +++ b/17/jdk/ubi/ubi9-minimal/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/17/jdk/ubuntu/focal/entrypoint.sh b/17/jdk/ubuntu/focal/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/17/jdk/ubuntu/focal/entrypoint.sh +++ b/17/jdk/ubuntu/focal/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/17/jdk/ubuntu/jammy/entrypoint.sh b/17/jdk/ubuntu/jammy/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/17/jdk/ubuntu/jammy/entrypoint.sh +++ b/17/jdk/ubuntu/jammy/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/17/jre/alpine/entrypoint.sh b/17/jre/alpine/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/17/jre/alpine/entrypoint.sh +++ b/17/jre/alpine/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/17/jre/centos/Dockerfile b/17/jre/centos/Dockerfile deleted file mode 100644 index 001b4f854..000000000 --- a/17/jre/centos/Dockerfile +++ /dev/null @@ -1,84 +0,0 @@ -# ------------------------------------------------------------------------------ -# NOTE: THIS DOCKERFILE IS GENERATED VIA "generate_dockerfiles.py" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# ------------------------------------------------------------------------------ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -FROM centos:7 - -ENV JAVA_HOME /opt/java/openjdk -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' - -RUN set -eux; \ - yum install -y \ - gzip \ - tar \ - # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 - curl \ - wget \ - tzdata \ - # utilities for keeping Centos and OpenJDK CA certificates in sync - # https://github.com/adoptium/containers/issues/293 - ca-certificates \ - # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory - # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager - # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - fontconfig \ - ; \ - rm -rf /var/cache/yum - -ENV JAVA_VERSION jdk-17.0.11+9 - -RUN set -eux; \ - ARCH="$(rpm --query --queryformat='%{ARCH}' rpm)"; \ - case "${ARCH}" in \ - aarch64) \ - ESUM='ccfa23c25790475c84df983cc5f729b94c04d9ea9863912deb15c6266782cf16'; \ - BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.11%2B9/OpenJDK17U-jre_aarch64_linux_hotspot_17.0.11_9.tar.gz'; \ - ;; \ - ppc64le) \ - ESUM='884b5cb817e50010b4d0a3252afb6a80db18995af19bbd16a37348b2c37949bc'; \ - BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.11%2B9/OpenJDK17U-jre_ppc64le_linux_hotspot_17.0.11_9.tar.gz'; \ - ;; \ - x86_64) \ - ESUM='bcb1b7b8ad68c93093f09b591b7cb17161d39891f7d29d33a586f5a328603707'; \ - BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.11%2B9/OpenJDK17U-jre_x64_linux_hotspot_17.0.11_9.tar.gz'; \ - ;; \ - *) \ - echo "Unsupported arch: ${ARCH}"; \ - exit 1; \ - ;; \ - esac; \ - wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ - echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file /tmp/openjdk.tar.gz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm -f /tmp/openjdk.tar.gz ${JAVA_HOME}/lib/src.zip; - -RUN set -eux; \ - echo "Verifying install ..."; \ - echo "java --version"; java --version; \ - echo "Complete." -COPY entrypoint.sh /__cacert_entrypoint.sh -ENTRYPOINT ["/__cacert_entrypoint.sh"] diff --git a/17/jre/centos/entrypoint.sh b/17/jre/centos/entrypoint.sh deleted file mode 100755 index dfa0f703f..000000000 --- a/17/jre/centos/entrypoint.sh +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image - -set -e - -# JDK truststore location -CACERT=$JAVA_HOME/lib/security/cacerts - -# JDK8 puts its JRE in a subdirectory -if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT=$JAVA_HOME/jre/lib/security/cacerts -fi - -# Opt-in is only activated if the environment variable is set -if [ -n "$USE_SYSTEM_CA_CERTS" ]; then - - if [ ! -w /tmp ]; then - echo "Using additional CA certificates requires write permissions to /tmp. Cannot create truststore." - exit 1 - fi - - # Figure out whether we can write to the JVM truststore. If we can, we'll add the certificates there. If not, - # we'll use a temporary truststore. - if [ ! -w "$CACERT" ]; then - # We cannot write to the JVM truststore, so we create a temporary one - CACERT_NEW=$(mktemp) - echo "Using a temporary truststore at $CACERT_NEW" - cp $CACERT $CACERT_NEW - CACERT=$CACERT_NEW - # If we use a custom truststore, we need to make sure that the JVM uses it - export JAVA_TOOL_OPTIONS="${JAVA_TOOL_OPTIONS} -Djavax.net.ssl.trustStore=${CACERT} -Djavax.net.ssl.trustStorePassword=changeit" - fi - - tmp_store=$(mktemp) - - # Copy full system CA store to a temporary location - trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$tmp_store" - - # Add the system CA certificates to the JVM truststore. - keytool -importkeystore -destkeystore "$CACERT" -srckeystore "$tmp_store" -srcstorepass changeit -deststorepass changeit -noprompt # >/dev/null - - # Import the additional certificate into JVM truststore - for i in /certificates/*crt; do - if [ ! -f "$i" ]; then - continue - fi - keytool -import -noprompt -alias "$(basename "$i" .crt)" -file "$i" -keystore "$CACERT" -storepass changeit # >/dev/null - done - - # Add additional certificates to the system CA store. This requires write permissions to several system - # locations, which is not possible in a container with read-only filesystem and/or non-root container. - if [ "$(id -u)" -eq 0 ]; then - - # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. - # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the - # system location, for whatever reason. - if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - - # UBI/CentOS - if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then - cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ - fi - - # Ubuntu/Alpine - if [ -d /usr/local/share/ca-certificates/ ]; then - cp -La /certificates/* /usr/local/share/ca-certificates/ - fi - fi - - # UBI/CentOS - if which update-ca-trust >/dev/null; then - update-ca-trust - fi - - # Ubuntu/Alpine - if which update-ca-certificates >/dev/null; then - update-ca-certificates - fi - else - # If we are not root, we cannot update the system truststore. That's bad news for tools like `curl` and `wget`, - # but since the JVM is the primary focus here, we can live with that. - true - fi -fi - -# Let's provide a variable with the correct path for tools that want or need to use it -export CACERT - -exec "$@" diff --git a/17/jre/ubi/ubi9-minimal/entrypoint.sh b/17/jre/ubi/ubi9-minimal/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/17/jre/ubi/ubi9-minimal/entrypoint.sh +++ b/17/jre/ubi/ubi9-minimal/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/17/jre/ubuntu/focal/entrypoint.sh b/17/jre/ubuntu/focal/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/17/jre/ubuntu/focal/entrypoint.sh +++ b/17/jre/ubuntu/focal/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/17/jre/ubuntu/jammy/entrypoint.sh b/17/jre/ubuntu/jammy/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/17/jre/ubuntu/jammy/entrypoint.sh +++ b/17/jre/ubuntu/jammy/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/18/jdk/centos/Dockerfile.releases.full b/18/jdk/centos/Dockerfile.releases.full deleted file mode 100644 index 9c9e52f79..000000000 --- a/18/jdk/centos/Dockerfile.releases.full +++ /dev/null @@ -1,70 +0,0 @@ -# ------------------------------------------------------------------------------ -# NOTE: THIS DOCKERFILE IS GENERATED VIA "update_multiarch.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# ------------------------------------------------------------------------------ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -FROM centos:7 - -ENV JAVA_HOME /opt/java/openjdk -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' - -RUN yum install -y tzdata openssl curl wget ca-certificates fontconfig gzip tar binutils \ - && yum clean all - -ENV JAVA_VERSION jdk-18.0.2.1+1 - -RUN set -eux; \ - ARCH="$(objdump="$(command -v objdump)" && objdump --file-headers "$objdump" | awk -F '[:,]+[[:space:]]+' '$1 == "architecture" { print $2 }')"; \ - case "${ARCH}" in \ - aarch64|arm64) \ - ESUM='262be608e266fd76d7496af83b2832be853c3aaf7460d6a4da198cd40db74553'; \ - BINARY_URL='https://github.com/adoptium/temurin18-binaries/releases/download/jdk-18.0.2.1%2B1/OpenJDK18U-jdk_aarch64_linux_hotspot_18.0.2.1_1.tar.gz'; \ - ;; \ - ppc64el|powerpc:common64) \ - ESUM='030261a2189a8f773fda543a85ab9beb4c430bf81ca5be37cf6cb970b5ccbb03'; \ - BINARY_URL='https://github.com/adoptium/temurin18-binaries/releases/download/jdk-18.0.2.1%2B1/OpenJDK18U-jdk_ppc64le_linux_hotspot_18.0.2.1_1.tar.gz'; \ - ;; \ - amd64|i386:x86-64) \ - ESUM='7d6beba8cfc0a8347f278f7414351191a95a707d46b6586e9a786f2669af0f8b'; \ - BINARY_URL='https://github.com/adoptium/temurin18-binaries/releases/download/jdk-18.0.2.1%2B1/OpenJDK18U-jdk_x64_linux_hotspot_18.0.2.1_1.tar.gz'; \ - ;; \ - *) \ - echo "Unsupported arch: ${ARCH}"; \ - exit 1; \ - ;; \ - esac; \ - wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ - echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file /tmp/openjdk.tar.gz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm -f /tmp/openjdk.tar.gz ${JAVA_HOME}/lib/src.zip; - -RUN echo Verifying install ... \ - && fileEncoding="$(echo 'System.out.println(System.getProperty("file.encoding"))' | jshell -s -)"; [ "$fileEncoding" = 'UTF-8' ]; rm -rf ~/.java \ - && echo javac --version && javac --version \ - && echo java --version && java --version \ - && echo Complete. - -CMD ["jshell"] diff --git a/18/jre/centos/Dockerfile.releases.full b/18/jre/centos/Dockerfile.releases.full deleted file mode 100644 index 914e2f108..000000000 --- a/18/jre/centos/Dockerfile.releases.full +++ /dev/null @@ -1,67 +0,0 @@ -# ------------------------------------------------------------------------------ -# NOTE: THIS DOCKERFILE IS GENERATED VIA "update_multiarch.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# ------------------------------------------------------------------------------ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -FROM centos:7 - -ENV JAVA_HOME /opt/java/openjdk -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' - -RUN yum install -y tzdata openssl curl wget ca-certificates fontconfig gzip tar binutils \ - && yum clean all - -ENV JAVA_VERSION jdk-18.0.2.1+1 - -RUN set -eux; \ - ARCH="$(objdump="$(command -v objdump)" && objdump --file-headers "$objdump" | awk -F '[:,]+[[:space:]]+' '$1 == "architecture" { print $2 }')"; \ - case "${ARCH}" in \ - aarch64|arm64) \ - ESUM='e11e00438c2f6f79f86ff1ca2b015913b0e16bd9491953a082d5c786402cb50a'; \ - BINARY_URL='https://github.com/adoptium/temurin18-binaries/releases/download/jdk-18.0.2.1%2B1/OpenJDK18U-jre_aarch64_linux_hotspot_18.0.2.1_1.tar.gz'; \ - ;; \ - ppc64el|powerpc:common64) \ - ESUM='2298504c99b4c15f620f70415215e481766d2b2f784d066206eed8c583922f8f'; \ - BINARY_URL='https://github.com/adoptium/temurin18-binaries/releases/download/jdk-18.0.2.1%2B1/OpenJDK18U-jre_ppc64le_linux_hotspot_18.0.2.1_1.tar.gz'; \ - ;; \ - amd64|i386:x86-64) \ - ESUM='74f602ab5abaa554859a5e92a65e5bb6e23c2d4165228299c7f54ed56dbc5959'; \ - BINARY_URL='https://github.com/adoptium/temurin18-binaries/releases/download/jdk-18.0.2.1%2B1/OpenJDK18U-jre_x64_linux_hotspot_18.0.2.1_1.tar.gz'; \ - ;; \ - *) \ - echo "Unsupported arch: ${ARCH}"; \ - exit 1; \ - ;; \ - esac; \ - wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ - echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file /tmp/openjdk.tar.gz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm -f /tmp/openjdk.tar.gz ${JAVA_HOME}/lib/src.zip; - -RUN echo Verifying install ... \ - && fileEncoding="$(echo 'System.out.println(System.getProperty("file.encoding"))' | jshell -s -)"; [ "$fileEncoding" = 'UTF-8' ]; rm -rf ~/.java \ - && echo java --version && java --version \ - && echo Complete. diff --git a/19/jdk/centos/Dockerfile.releases.full b/19/jdk/centos/Dockerfile.releases.full deleted file mode 100644 index 4eaf0f1a8..000000000 --- a/19/jdk/centos/Dockerfile.releases.full +++ /dev/null @@ -1,70 +0,0 @@ -# ------------------------------------------------------------------------------ -# NOTE: THIS DOCKERFILE IS GENERATED VIA "update_multiarch.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# ------------------------------------------------------------------------------ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -FROM centos:7 - -ENV JAVA_HOME /opt/java/openjdk -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' - -RUN yum install -y tzdata openssl curl wget ca-certificates fontconfig gzip tar binutils \ - && yum clean all - -ENV JAVA_VERSION jdk-19.0.2+7 - -RUN set -eux; \ - ARCH="$(objdump="$(command -v objdump)" && objdump --file-headers "$objdump" | awk -F '[:,]+[[:space:]]+' '$1 == "architecture" { print $2 }')"; \ - case "${ARCH}" in \ - aarch64|arm64) \ - ESUM='1c4be9aa173cb0deb0d215643d9509c8900e5497290b29eee4bee335fa57984f'; \ - BINARY_URL='https://github.com/adoptium/temurin19-binaries/releases/download/jdk-19.0.2%2B7/OpenJDK19U-jdk_aarch64_linux_hotspot_19.0.2_7.tar.gz'; \ - ;; \ - ppc64el|powerpc:common64) \ - ESUM='173d1256dfb9d13d309b5390e6bdf72d143b512201b0868f9d349d5ed3d64072'; \ - BINARY_URL='https://github.com/adoptium/temurin19-binaries/releases/download/jdk-19.0.2%2B7/OpenJDK19U-jdk_ppc64le_linux_hotspot_19.0.2_7.tar.gz'; \ - ;; \ - amd64|i386:x86-64) \ - ESUM='3a3ba7a3f8c3a5999e2c91ea1dca843435a0d1c43737bd2f6822b2f02fc52165'; \ - BINARY_URL='https://github.com/adoptium/temurin19-binaries/releases/download/jdk-19.0.2%2B7/OpenJDK19U-jdk_x64_linux_hotspot_19.0.2_7.tar.gz'; \ - ;; \ - *) \ - echo "Unsupported arch: ${ARCH}"; \ - exit 1; \ - ;; \ - esac; \ - wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ - echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file /tmp/openjdk.tar.gz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm -f /tmp/openjdk.tar.gz ${JAVA_HOME}/lib/src.zip; - -RUN echo Verifying install ... \ - && fileEncoding="$(echo 'System.out.println(System.getProperty("file.encoding"))' | jshell -s -)"; [ "$fileEncoding" = 'UTF-8' ]; rm -rf ~/.java \ - && echo javac --version && javac --version \ - && echo java --version && java --version \ - && echo Complete. - -CMD ["jshell"] diff --git a/19/jre/centos/Dockerfile.releases.full b/19/jre/centos/Dockerfile.releases.full deleted file mode 100644 index 1d940f7a8..000000000 --- a/19/jre/centos/Dockerfile.releases.full +++ /dev/null @@ -1,67 +0,0 @@ -# ------------------------------------------------------------------------------ -# NOTE: THIS DOCKERFILE IS GENERATED VIA "update_multiarch.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# ------------------------------------------------------------------------------ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -FROM centos:7 - -ENV JAVA_HOME /opt/java/openjdk -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' - -RUN yum install -y tzdata openssl curl wget ca-certificates fontconfig gzip tar binutils \ - && yum clean all - -ENV JAVA_VERSION jdk-19.0.2+7 - -RUN set -eux; \ - ARCH="$(objdump="$(command -v objdump)" && objdump --file-headers "$objdump" | awk -F '[:,]+[[:space:]]+' '$1 == "architecture" { print $2 }')"; \ - case "${ARCH}" in \ - aarch64|arm64) \ - ESUM='3653f9e5ad21e4744e5a655e243fba2895651029bee23f3d2366d5debc41a736'; \ - BINARY_URL='https://github.com/adoptium/temurin19-binaries/releases/download/jdk-19.0.2%2B7/OpenJDK19U-jre_aarch64_linux_hotspot_19.0.2_7.tar.gz'; \ - ;; \ - ppc64el|powerpc:common64) \ - ESUM='a30203431c7c21602227d39368c5af6e7abd19000d6da5562de7f3f5c57cbad5'; \ - BINARY_URL='https://github.com/adoptium/temurin19-binaries/releases/download/jdk-19.0.2%2B7/OpenJDK19U-jre_ppc64le_linux_hotspot_19.0.2_7.tar.gz'; \ - ;; \ - amd64|i386:x86-64) \ - ESUM='7386e10c74f00a4382be0540bc0494854804ad79427d8a50ac77a4c7208ff348'; \ - BINARY_URL='https://github.com/adoptium/temurin19-binaries/releases/download/jdk-19.0.2%2B7/OpenJDK19U-jre_x64_linux_hotspot_19.0.2_7.tar.gz'; \ - ;; \ - *) \ - echo "Unsupported arch: ${ARCH}"; \ - exit 1; \ - ;; \ - esac; \ - wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ - echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file /tmp/openjdk.tar.gz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm -f /tmp/openjdk.tar.gz ${JAVA_HOME}/lib/src.zip; - -RUN echo Verifying install ... \ - && fileEncoding="$(echo 'System.out.println(System.getProperty("file.encoding"))' | jshell -s -)"; [ "$fileEncoding" = 'UTF-8' ]; rm -rf ~/.java \ - && echo java --version && java --version \ - && echo Complete. diff --git a/21/jdk/alpine/entrypoint.sh b/21/jdk/alpine/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/21/jdk/alpine/entrypoint.sh +++ b/21/jdk/alpine/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/21/jdk/ubi/ubi9-minimal/entrypoint.sh b/21/jdk/ubi/ubi9-minimal/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/21/jdk/ubi/ubi9-minimal/entrypoint.sh +++ b/21/jdk/ubi/ubi9-minimal/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/21/jdk/ubuntu/jammy/entrypoint.sh b/21/jdk/ubuntu/jammy/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/21/jdk/ubuntu/jammy/entrypoint.sh +++ b/21/jdk/ubuntu/jammy/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/21/jre/alpine/entrypoint.sh b/21/jre/alpine/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/21/jre/alpine/entrypoint.sh +++ b/21/jre/alpine/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/21/jre/ubi/ubi9-minimal/entrypoint.sh b/21/jre/ubi/ubi9-minimal/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/21/jre/ubi/ubi9-minimal/entrypoint.sh +++ b/21/jre/ubi/ubi9-minimal/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/21/jre/ubuntu/jammy/entrypoint.sh b/21/jre/ubuntu/jammy/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/21/jre/ubuntu/jammy/entrypoint.sh +++ b/21/jre/ubuntu/jammy/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/22/jdk/alpine/entrypoint.sh b/22/jdk/alpine/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/22/jdk/alpine/entrypoint.sh +++ b/22/jdk/alpine/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/22/jdk/ubi/ubi9-minimal/entrypoint.sh b/22/jdk/ubi/ubi9-minimal/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/22/jdk/ubi/ubi9-minimal/entrypoint.sh +++ b/22/jdk/ubi/ubi9-minimal/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/22/jdk/ubuntu/jammy/entrypoint.sh b/22/jdk/ubuntu/jammy/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/22/jdk/ubuntu/jammy/entrypoint.sh +++ b/22/jdk/ubuntu/jammy/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/22/jre/alpine/entrypoint.sh b/22/jre/alpine/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/22/jre/alpine/entrypoint.sh +++ b/22/jre/alpine/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/22/jre/ubi/ubi9-minimal/entrypoint.sh b/22/jre/ubi/ubi9-minimal/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/22/jre/ubi/ubi9-minimal/entrypoint.sh +++ b/22/jre/ubi/ubi9-minimal/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/22/jre/ubuntu/jammy/entrypoint.sh b/22/jre/ubuntu/jammy/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/22/jre/ubuntu/jammy/entrypoint.sh +++ b/22/jre/ubuntu/jammy/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/8/jdk/alpine/entrypoint.sh b/8/jdk/alpine/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/8/jdk/alpine/entrypoint.sh +++ b/8/jdk/alpine/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/8/jdk/centos/Dockerfile b/8/jdk/centos/Dockerfile deleted file mode 100644 index cf56c298c..000000000 --- a/8/jdk/centos/Dockerfile +++ /dev/null @@ -1,85 +0,0 @@ -# ------------------------------------------------------------------------------ -# NOTE: THIS DOCKERFILE IS GENERATED VIA "generate_dockerfiles.py" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# ------------------------------------------------------------------------------ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -FROM centos:7 - -ENV JAVA_HOME /opt/java/openjdk -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' - -RUN set -eux; \ - yum install -y \ - gzip \ - tar \ - # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 - curl \ - wget \ - tzdata \ - # utilities for keeping Centos and OpenJDK CA certificates in sync - # https://github.com/adoptium/containers/issues/293 - ca-certificates \ - # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory - # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager - # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - fontconfig \ - ; \ - rm -rf /var/cache/yum - -ENV JAVA_VERSION jdk8u412-b08 - -RUN set -eux; \ - ARCH="$(rpm --query --queryformat='%{ARCH}' rpm)"; \ - case "${ARCH}" in \ - aarch64) \ - ESUM='3504d748a93f23cac8c060bd33231bd51e90dcb620f38dadc6239b6cd2a5011c'; \ - BINARY_URL='https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u412-b08/OpenJDK8U-jdk_aarch64_linux_hotspot_8u412b08.tar.gz'; \ - ;; \ - ppc64le) \ - ESUM='6b7ed7996788075e182dd33349288346240fbce540e50fd77aecfc309a5ada19'; \ - BINARY_URL='https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u412-b08/OpenJDK8U-jdk_ppc64le_linux_hotspot_8u412b08.tar.gz'; \ - ;; \ - x86_64) \ - ESUM='b9884a96f78543276a6399c3eb8c2fd8a80e6b432ea50e87d3d12d495d1d2808'; \ - BINARY_URL='https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u412-b08/OpenJDK8U-jdk_x64_linux_hotspot_8u412b08.tar.gz'; \ - ;; \ - *) \ - echo "Unsupported arch: ${ARCH}"; \ - exit 1; \ - ;; \ - esac; \ - wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ - echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file /tmp/openjdk.tar.gz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm -f /tmp/openjdk.tar.gz ${JAVA_HOME}/lib/src.zip; - -RUN set -eux; \ - echo "Verifying install ..."; \ - echo "javac -version"; javac -version; \ - echo "java -version"; java -version; \ - echo "Complete." -COPY entrypoint.sh /__cacert_entrypoint.sh -ENTRYPOINT ["/__cacert_entrypoint.sh"] diff --git a/8/jdk/centos/entrypoint.sh b/8/jdk/centos/entrypoint.sh deleted file mode 100755 index dfa0f703f..000000000 --- a/8/jdk/centos/entrypoint.sh +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image - -set -e - -# JDK truststore location -CACERT=$JAVA_HOME/lib/security/cacerts - -# JDK8 puts its JRE in a subdirectory -if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT=$JAVA_HOME/jre/lib/security/cacerts -fi - -# Opt-in is only activated if the environment variable is set -if [ -n "$USE_SYSTEM_CA_CERTS" ]; then - - if [ ! -w /tmp ]; then - echo "Using additional CA certificates requires write permissions to /tmp. Cannot create truststore." - exit 1 - fi - - # Figure out whether we can write to the JVM truststore. If we can, we'll add the certificates there. If not, - # we'll use a temporary truststore. - if [ ! -w "$CACERT" ]; then - # We cannot write to the JVM truststore, so we create a temporary one - CACERT_NEW=$(mktemp) - echo "Using a temporary truststore at $CACERT_NEW" - cp $CACERT $CACERT_NEW - CACERT=$CACERT_NEW - # If we use a custom truststore, we need to make sure that the JVM uses it - export JAVA_TOOL_OPTIONS="${JAVA_TOOL_OPTIONS} -Djavax.net.ssl.trustStore=${CACERT} -Djavax.net.ssl.trustStorePassword=changeit" - fi - - tmp_store=$(mktemp) - - # Copy full system CA store to a temporary location - trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$tmp_store" - - # Add the system CA certificates to the JVM truststore. - keytool -importkeystore -destkeystore "$CACERT" -srckeystore "$tmp_store" -srcstorepass changeit -deststorepass changeit -noprompt # >/dev/null - - # Import the additional certificate into JVM truststore - for i in /certificates/*crt; do - if [ ! -f "$i" ]; then - continue - fi - keytool -import -noprompt -alias "$(basename "$i" .crt)" -file "$i" -keystore "$CACERT" -storepass changeit # >/dev/null - done - - # Add additional certificates to the system CA store. This requires write permissions to several system - # locations, which is not possible in a container with read-only filesystem and/or non-root container. - if [ "$(id -u)" -eq 0 ]; then - - # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. - # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the - # system location, for whatever reason. - if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - - # UBI/CentOS - if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then - cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ - fi - - # Ubuntu/Alpine - if [ -d /usr/local/share/ca-certificates/ ]; then - cp -La /certificates/* /usr/local/share/ca-certificates/ - fi - fi - - # UBI/CentOS - if which update-ca-trust >/dev/null; then - update-ca-trust - fi - - # Ubuntu/Alpine - if which update-ca-certificates >/dev/null; then - update-ca-certificates - fi - else - # If we are not root, we cannot update the system truststore. That's bad news for tools like `curl` and `wget`, - # but since the JVM is the primary focus here, we can live with that. - true - fi -fi - -# Let's provide a variable with the correct path for tools that want or need to use it -export CACERT - -exec "$@" diff --git a/8/jdk/ubi/ubi9-minimal/entrypoint.sh b/8/jdk/ubi/ubi9-minimal/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/8/jdk/ubi/ubi9-minimal/entrypoint.sh +++ b/8/jdk/ubi/ubi9-minimal/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/8/jdk/ubuntu/focal/entrypoint.sh b/8/jdk/ubuntu/focal/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/8/jdk/ubuntu/focal/entrypoint.sh +++ b/8/jdk/ubuntu/focal/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/8/jdk/ubuntu/jammy/entrypoint.sh b/8/jdk/ubuntu/jammy/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/8/jdk/ubuntu/jammy/entrypoint.sh +++ b/8/jdk/ubuntu/jammy/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/8/jre/alpine/entrypoint.sh b/8/jre/alpine/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/8/jre/alpine/entrypoint.sh +++ b/8/jre/alpine/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/8/jre/centos/Dockerfile b/8/jre/centos/Dockerfile deleted file mode 100644 index 980dc2a5d..000000000 --- a/8/jre/centos/Dockerfile +++ /dev/null @@ -1,84 +0,0 @@ -# ------------------------------------------------------------------------------ -# NOTE: THIS DOCKERFILE IS GENERATED VIA "generate_dockerfiles.py" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# ------------------------------------------------------------------------------ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -FROM centos:7 - -ENV JAVA_HOME /opt/java/openjdk -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' - -RUN set -eux; \ - yum install -y \ - gzip \ - tar \ - # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 - curl \ - wget \ - tzdata \ - # utilities for keeping Centos and OpenJDK CA certificates in sync - # https://github.com/adoptium/containers/issues/293 - ca-certificates \ - # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory - # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager - # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - fontconfig \ - ; \ - rm -rf /var/cache/yum - -ENV JAVA_VERSION jdk8u412-b08 - -RUN set -eux; \ - ARCH="$(rpm --query --queryformat='%{ARCH}' rpm)"; \ - case "${ARCH}" in \ - aarch64) \ - ESUM='17550a6a4ddf71ac81ba8f276467bc58f036c123c0f1bafcafd69f70e3e49cf5'; \ - BINARY_URL='https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u412-b08/OpenJDK8U-jre_aarch64_linux_hotspot_8u412b08.tar.gz'; \ - ;; \ - ppc64le) \ - ESUM='d3157230c01b320e47ad6df650e83b15f8f76294d0df9f1c03867d07fe2883c9'; \ - BINARY_URL='https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u412-b08/OpenJDK8U-jre_ppc64le_linux_hotspot_8u412b08.tar.gz'; \ - ;; \ - x86_64) \ - ESUM='a8d994332a2ff15d48bf04405c3b2f6bd331a928dd96639b15e62891f7172363'; \ - BINARY_URL='https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u412-b08/OpenJDK8U-jre_x64_linux_hotspot_8u412b08.tar.gz'; \ - ;; \ - *) \ - echo "Unsupported arch: ${ARCH}"; \ - exit 1; \ - ;; \ - esac; \ - wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ - echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file /tmp/openjdk.tar.gz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm -f /tmp/openjdk.tar.gz ${JAVA_HOME}/lib/src.zip; - -RUN set -eux; \ - echo "Verifying install ..."; \ - echo "java -version"; java -version; \ - echo "Complete." -COPY entrypoint.sh /__cacert_entrypoint.sh -ENTRYPOINT ["/__cacert_entrypoint.sh"] diff --git a/8/jre/centos/entrypoint.sh b/8/jre/centos/entrypoint.sh deleted file mode 100755 index dfa0f703f..000000000 --- a/8/jre/centos/entrypoint.sh +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image - -set -e - -# JDK truststore location -CACERT=$JAVA_HOME/lib/security/cacerts - -# JDK8 puts its JRE in a subdirectory -if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT=$JAVA_HOME/jre/lib/security/cacerts -fi - -# Opt-in is only activated if the environment variable is set -if [ -n "$USE_SYSTEM_CA_CERTS" ]; then - - if [ ! -w /tmp ]; then - echo "Using additional CA certificates requires write permissions to /tmp. Cannot create truststore." - exit 1 - fi - - # Figure out whether we can write to the JVM truststore. If we can, we'll add the certificates there. If not, - # we'll use a temporary truststore. - if [ ! -w "$CACERT" ]; then - # We cannot write to the JVM truststore, so we create a temporary one - CACERT_NEW=$(mktemp) - echo "Using a temporary truststore at $CACERT_NEW" - cp $CACERT $CACERT_NEW - CACERT=$CACERT_NEW - # If we use a custom truststore, we need to make sure that the JVM uses it - export JAVA_TOOL_OPTIONS="${JAVA_TOOL_OPTIONS} -Djavax.net.ssl.trustStore=${CACERT} -Djavax.net.ssl.trustStorePassword=changeit" - fi - - tmp_store=$(mktemp) - - # Copy full system CA store to a temporary location - trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$tmp_store" - - # Add the system CA certificates to the JVM truststore. - keytool -importkeystore -destkeystore "$CACERT" -srckeystore "$tmp_store" -srcstorepass changeit -deststorepass changeit -noprompt # >/dev/null - - # Import the additional certificate into JVM truststore - for i in /certificates/*crt; do - if [ ! -f "$i" ]; then - continue - fi - keytool -import -noprompt -alias "$(basename "$i" .crt)" -file "$i" -keystore "$CACERT" -storepass changeit # >/dev/null - done - - # Add additional certificates to the system CA store. This requires write permissions to several system - # locations, which is not possible in a container with read-only filesystem and/or non-root container. - if [ "$(id -u)" -eq 0 ]; then - - # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. - # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the - # system location, for whatever reason. - if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - - # UBI/CentOS - if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then - cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ - fi - - # Ubuntu/Alpine - if [ -d /usr/local/share/ca-certificates/ ]; then - cp -La /certificates/* /usr/local/share/ca-certificates/ - fi - fi - - # UBI/CentOS - if which update-ca-trust >/dev/null; then - update-ca-trust - fi - - # Ubuntu/Alpine - if which update-ca-certificates >/dev/null; then - update-ca-certificates - fi - else - # If we are not root, we cannot update the system truststore. That's bad news for tools like `curl` and `wget`, - # but since the JVM is the primary focus here, we can live with that. - true - fi -fi - -# Let's provide a variable with the correct path for tools that want or need to use it -export CACERT - -exec "$@" diff --git a/8/jre/ubi/ubi9-minimal/entrypoint.sh b/8/jre/ubi/ubi9-minimal/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/8/jre/ubi/ubi9-minimal/entrypoint.sh +++ b/8/jre/ubi/ubi9-minimal/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/8/jre/ubuntu/focal/entrypoint.sh b/8/jre/ubuntu/focal/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/8/jre/ubuntu/focal/entrypoint.sh +++ b/8/jre/ubuntu/focal/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/8/jre/ubuntu/jammy/entrypoint.sh b/8/jre/ubuntu/jammy/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/8/jre/ubuntu/jammy/entrypoint.sh +++ b/8/jre/ubuntu/jammy/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/README.md b/README.md index 9008657d7..455dc58b2 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ If you are looking for the usage README then please head to the [Official Docker ## Supported Images -In general, we support Alpine, CentOS, UBI, Ubuntu and Windows containers. +In general, we support Alpine, UBI, Ubuntu and Windows containers. [List of Supported Images By Tag](https://github.com/docker-library/docs/tree/master/eclipse-temurin#simple-tags) diff --git a/config/hotspot.yml b/config/hotspot.yml index bc89374dc..b6646e1a8 100644 --- a/config/hotspot.yml +++ b/config/hotspot.yml @@ -13,7 +13,7 @@ # supported_distributions: - OS: [alpine, focal, jammy, centos, ubi9-minimal, windowsservercore-1809, nanoserver-1809, windowsservercore-ltsc2022, nanoserver-ltsc2022] + OS: [alpine, focal, jammy, ubi9-minimal, windowsservercore-1809, nanoserver-1809, windowsservercore-ltsc2022, nanoserver-ltsc2022] Versions: [8, 11, 17, 21, 22] configurations: @@ -29,12 +29,6 @@ configurations: deprecated: 20 os: ubuntu - - directory: centos - architectures: [aarch64, ppc64le, x64] - image: centos:7 - deprecated: 20 - os: centos - - directory: ubi/ubi9-minimal architectures: [aarch64, ppc64le, s390x, x64] image: redhat/ubi9-minimal diff --git a/docker_templates/centos.Dockerfile.j2 b/docker_templates/centos.Dockerfile.j2 deleted file mode 100644 index 1fbbfc15d..000000000 --- a/docker_templates/centos.Dockerfile.j2 +++ /dev/null @@ -1,35 +0,0 @@ -{% include 'partials/license.j2' %} - -FROM {{ base_image }} - -{% include 'partials/nix-env.j2' %} - -RUN set -eux; \ - yum install -y \ - gzip \ - tar \ -{% include 'partials/binutils.j2' -%} - {% if version|int < 22 -%} - # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 - curl \ - {% endif -%} - wget \ - tzdata \ - # utilities for keeping Centos and OpenJDK CA certificates in sync - # https://github.com/adoptium/containers/issues/293 - ca-certificates \ - # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory - # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager - # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - fontconfig \ - ; \ - rm -rf /var/cache/yum - -ENV JAVA_VERSION {{ java_version }} - -{% include 'partials/multi-arch-install.j2' %} - -{% include 'partials/version-check.j2' %} -COPY entrypoint.sh /__cacert_entrypoint.sh -ENTRYPOINT ["/__cacert_entrypoint.sh"] -{% include 'partials/jshell.j2' %} \ No newline at end of file diff --git a/docker_templates/entrypoint.sh b/docker_templates/entrypoint.sh index dfa0f703f..0a5c75c36 100755 --- a/docker_templates/entrypoint.sh +++ b/docker_templates/entrypoint.sh @@ -56,7 +56,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # system location, for whatever reason. if [ -d /certificates ] && [ "$(ls -A /certificates 2>/dev/null)" ]; then - # UBI/CentOS + # UBI if [ -d /usr/share/pki/ca-trust-source/anchors/ ]; then cp -La /certificates/* /usr/share/pki/ca-trust-source/anchors/ fi @@ -67,7 +67,7 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then fi fi - # UBI/CentOS + # UBI if which update-ca-trust >/dev/null; then update-ca-trust fi diff --git a/docker_templates/partials/arch-variable.j2 b/docker_templates/partials/arch-variable.j2 index db325d4f6..b40f728de 100644 --- a/docker_templates/partials/arch-variable.j2 +++ b/docker_templates/partials/arch-variable.j2 @@ -2,6 +2,6 @@ ARCH="$(dpkg --print-architecture)"; \ {%- elif os == "alpine-linux" %} ARCH="$(apk --print-arch)"; \ -{%- elif os == "centos" or os == "ubi9-minimal" %} +{%- elif os == "ubi9-minimal" %} ARCH="$(rpm --query --queryformat='%{ARCH}' rpm)"; \ {%- endif -%} \ No newline at end of file diff --git a/dockerhub_doc_config_update.sh b/dockerhub_doc_config_update.sh index 5de74877e..7a8554bed 100755 --- a/dockerhub_doc_config_update.sh +++ b/dockerhub_doc_config_update.sh @@ -37,7 +37,7 @@ all_packages="jdk jre" # Fetch the latest manifest from the official repo wget -q -O official-eclipse-temurin https://raw.githubusercontent.com/docker-library/official-images/master/library/eclipse-temurin -oses="alpine ubuntu centos ubi windowsservercore-ltsc2022 nanoserver-ltsc2022 windowsservercore-1809 nanoserver-1809" +oses="alpine ubuntu ubi windowsservercore-ltsc2022 nanoserver-ltsc2022 windowsservercore-1809 nanoserver-1809" # The image which is used by default when pulling shared tags on linux e.g 8-jdk default_linux_image="jammy" @@ -73,7 +73,6 @@ function generate_official_image_tags() { case $os in "ubuntu") distro=$(echo $dfdir | awk -F '/' '{ print $4 }' ) ;; "ubi") distro=$(echo $dfdir | awk -F '/' '{ print $4 }' ) ;; - "centos") distro="centos7" ;; "windows") distro=$(echo $dfdir | awk -F '/' '{ print $4 }' ) ;; *) distro=$os;; esac