diff --git a/11/jdk/ubuntu/focal/entrypoint.sh b/11/jdk/ubuntu/focal/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/11/jdk/ubuntu/focal/entrypoint.sh +++ b/11/jdk/ubuntu/focal/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/11/jdk/ubuntu/jammy/entrypoint.sh b/11/jdk/ubuntu/jammy/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/11/jdk/ubuntu/jammy/entrypoint.sh +++ b/11/jdk/ubuntu/jammy/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/11/jre/ubuntu/focal/entrypoint.sh b/11/jre/ubuntu/focal/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/11/jre/ubuntu/focal/entrypoint.sh +++ b/11/jre/ubuntu/focal/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/11/jre/ubuntu/jammy/entrypoint.sh b/11/jre/ubuntu/jammy/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/11/jre/ubuntu/jammy/entrypoint.sh +++ b/11/jre/ubuntu/jammy/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/17/jdk/ubuntu/focal/entrypoint.sh b/17/jdk/ubuntu/focal/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/17/jdk/ubuntu/focal/entrypoint.sh +++ b/17/jdk/ubuntu/focal/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/17/jdk/ubuntu/jammy/entrypoint.sh b/17/jdk/ubuntu/jammy/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/17/jdk/ubuntu/jammy/entrypoint.sh +++ b/17/jdk/ubuntu/jammy/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/17/jre/ubuntu/focal/entrypoint.sh b/17/jre/ubuntu/focal/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/17/jre/ubuntu/focal/entrypoint.sh +++ b/17/jre/ubuntu/focal/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/17/jre/ubuntu/jammy/entrypoint.sh b/17/jre/ubuntu/jammy/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/17/jre/ubuntu/jammy/entrypoint.sh +++ b/17/jre/ubuntu/jammy/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/21/jdk/ubuntu/jammy/entrypoint.sh b/21/jdk/ubuntu/jammy/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/21/jdk/ubuntu/jammy/entrypoint.sh +++ b/21/jdk/ubuntu/jammy/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/21/jre/ubuntu/jammy/entrypoint.sh b/21/jre/ubuntu/jammy/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/21/jre/ubuntu/jammy/entrypoint.sh +++ b/21/jre/ubuntu/jammy/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/8/jdk/ubuntu/focal/entrypoint.sh b/8/jdk/ubuntu/focal/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/8/jdk/ubuntu/focal/entrypoint.sh +++ b/8/jdk/ubuntu/focal/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/8/jdk/ubuntu/jammy/entrypoint.sh b/8/jdk/ubuntu/jammy/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/8/jdk/ubuntu/jammy/entrypoint.sh +++ b/8/jdk/ubuntu/jammy/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/8/jre/ubuntu/focal/entrypoint.sh b/8/jre/ubuntu/focal/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/8/jre/ubuntu/focal/entrypoint.sh +++ b/8/jre/ubuntu/focal/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/8/jre/ubuntu/jammy/entrypoint.sh b/8/jre/ubuntu/jammy/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/8/jre/ubuntu/jammy/entrypoint.sh +++ b/8/jre/ubuntu/jammy/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/docker_templates/scripts/entrypoint.ubuntu.sh b/docker_templates/scripts/entrypoint.ubuntu.sh deleted file mode 120000 index 8d496201e..000000000 --- a/docker_templates/scripts/entrypoint.ubuntu.sh +++ /dev/null @@ -1 +0,0 @@ -entrypoint.alpine-linux.sh \ No newline at end of file diff --git a/docker_templates/scripts/entrypoint.ubuntu.sh b/docker_templates/scripts/entrypoint.ubuntu.sh new file mode 100755 index 000000000..dfcf546f9 --- /dev/null +++ b/docker_templates/scripts/entrypoint.ubuntu.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details + +set -e + +# Opt-in is only activated if the environment variable is set +if [ -n "$USE_SYSTEM_CA_CERTS" ]; then + + # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. + # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the + # system location, for whatever reason. + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then + cp -a /certificates/* /usr/local/share/ca-certificates/ + fi + + CACERT=$JAVA_HOME/lib/security/cacerts + + # JDK8 puts its JRE in a subdirectory + if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then + CACERT=$JAVA_HOME/jre/lib/security/cacerts + fi + + # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we + # might as well just generate the truststore and skip the hooks. + update-ca-certificates + + trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" +fi + +exec "$@"