diff --git a/11/jdk/alpine/Dockerfile b/11/jdk/alpine/Dockerfile index 27e8199c7..9af90cad5 100644 --- a/11/jdk/alpine/Dockerfile +++ b/11/jdk/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -60,6 +62,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jdk/ubi/ubi9-minimal/Dockerfile b/11/jdk/ubi/ubi9-minimal/Dockerfile index 9057dbf97..4c4d11a9b 100644 --- a/11/jdk/ubi/ubi9-minimal/Dockerfile +++ b/11/jdk/ubi/ubi9-minimal/Dockerfile @@ -53,6 +53,10 @@ RUN set -eux; \ ESUM='f2087cc3abdd509b74facf8e43e81e36244d14c70dec080b8f3a662695417ca7'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.25_9.tar.gz'; \ ;; \ + ppc64le) \ + ESUM='0014ffdae26d2b8f840b4842e3f9d4edc3576b4a961770708273d8ecc86ba5b6'; \ + BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_ppc64le_linux_hotspot_11.0.25_9.tar.gz'; \ + ;; \ x86_64) \ ESUM='191baa2e052627614022171400a917d28f0987dc54da48aaf07b06f552bb9884'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_x64_linux_hotspot_11.0.25_9.tar.gz'; \ @@ -63,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jdk/ubuntu/focal/Dockerfile b/11/jdk/ubuntu/focal/Dockerfile index 8d9efb712..09f28512c 100644 --- a/11/jdk/ubuntu/focal/Dockerfile +++ b/11/jdk/ubuntu/focal/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -59,12 +61,22 @@ RUN set -eux; \ ESUM='f2087cc3abdd509b74facf8e43e81e36244d14c70dec080b8f3a662695417ca7'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.25_9.tar.gz'; \ ;; \ + ppc64el) \ + ESUM='0014ffdae26d2b8f840b4842e3f9d4edc3576b4a961770708273d8ecc86ba5b6'; \ + BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_ppc64le_linux_hotspot_11.0.25_9.tar.gz'; \ + ;; \ *) \ echo "Unsupported arch: ${ARCH}"; \ exit 1; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jdk/ubuntu/jammy/Dockerfile b/11/jdk/ubuntu/jammy/Dockerfile index 0abc5200d..3d6d8139b 100644 --- a/11/jdk/ubuntu/jammy/Dockerfile +++ b/11/jdk/ubuntu/jammy/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -59,12 +61,22 @@ RUN set -eux; \ ESUM='f2087cc3abdd509b74facf8e43e81e36244d14c70dec080b8f3a662695417ca7'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.25_9.tar.gz'; \ ;; \ + ppc64el) \ + ESUM='0014ffdae26d2b8f840b4842e3f9d4edc3576b4a961770708273d8ecc86ba5b6'; \ + BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_ppc64le_linux_hotspot_11.0.25_9.tar.gz'; \ + ;; \ *) \ echo "Unsupported arch: ${ARCH}"; \ exit 1; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jdk/ubuntu/noble/Dockerfile b/11/jdk/ubuntu/noble/Dockerfile index 0427f41bf..93c0c2c51 100644 --- a/11/jdk/ubuntu/noble/Dockerfile +++ b/11/jdk/ubuntu/noble/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -59,12 +61,22 @@ RUN set -eux; \ ESUM='f2087cc3abdd509b74facf8e43e81e36244d14c70dec080b8f3a662695417ca7'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.25_9.tar.gz'; \ ;; \ + ppc64el) \ + ESUM='0014ffdae26d2b8f840b4842e3f9d4edc3576b4a961770708273d8ecc86ba5b6'; \ + BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_ppc64le_linux_hotspot_11.0.25_9.tar.gz'; \ + ;; \ *) \ echo "Unsupported arch: ${ARCH}"; \ exit 1; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jre/alpine/Dockerfile b/11/jre/alpine/Dockerfile index 3b8aa07cb..c39f61fc0 100644 --- a/11/jre/alpine/Dockerfile +++ b/11/jre/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -60,6 +62,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jre/ubi/ubi9-minimal/Dockerfile b/11/jre/ubi/ubi9-minimal/Dockerfile index dbf077cf0..138f1ed4c 100644 --- a/11/jre/ubi/ubi9-minimal/Dockerfile +++ b/11/jre/ubi/ubi9-minimal/Dockerfile @@ -53,6 +53,10 @@ RUN set -eux; \ ESUM='e37ba6636e31f3c9191ac7e3fd0ab7fb354a2f3b320d68bfb95efd1e053134c9'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_aarch64_linux_hotspot_11.0.25_9.tar.gz'; \ ;; \ + ppc64le) \ + ESUM='7e7edaf34c29c304514d60f40f6c9ce58eb3e32b0dec20bb6ccd1cfbb4456698'; \ + BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_ppc64le_linux_hotspot_11.0.25_9.tar.gz'; \ + ;; \ x86_64) \ ESUM='84cd7101f39172a4db085fb52940595bb14dad6bc3afb5bf82ee497eceaf86d3'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_x64_linux_hotspot_11.0.25_9.tar.gz'; \ @@ -63,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jre/ubuntu/focal/Dockerfile b/11/jre/ubuntu/focal/Dockerfile index 31b42761e..540c037ee 100644 --- a/11/jre/ubuntu/focal/Dockerfile +++ b/11/jre/ubuntu/focal/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -59,12 +61,22 @@ RUN set -eux; \ ESUM='e37ba6636e31f3c9191ac7e3fd0ab7fb354a2f3b320d68bfb95efd1e053134c9'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_aarch64_linux_hotspot_11.0.25_9.tar.gz'; \ ;; \ + ppc64el) \ + ESUM='7e7edaf34c29c304514d60f40f6c9ce58eb3e32b0dec20bb6ccd1cfbb4456698'; \ + BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_ppc64le_linux_hotspot_11.0.25_9.tar.gz'; \ + ;; \ *) \ echo "Unsupported arch: ${ARCH}"; \ exit 1; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jre/ubuntu/jammy/Dockerfile b/11/jre/ubuntu/jammy/Dockerfile index 36e75dae5..59c6c9bc0 100644 --- a/11/jre/ubuntu/jammy/Dockerfile +++ b/11/jre/ubuntu/jammy/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -59,12 +61,22 @@ RUN set -eux; \ ESUM='e37ba6636e31f3c9191ac7e3fd0ab7fb354a2f3b320d68bfb95efd1e053134c9'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_aarch64_linux_hotspot_11.0.25_9.tar.gz'; \ ;; \ + ppc64el) \ + ESUM='7e7edaf34c29c304514d60f40f6c9ce58eb3e32b0dec20bb6ccd1cfbb4456698'; \ + BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_ppc64le_linux_hotspot_11.0.25_9.tar.gz'; \ + ;; \ *) \ echo "Unsupported arch: ${ARCH}"; \ exit 1; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/11/jre/ubuntu/noble/Dockerfile b/11/jre/ubuntu/noble/Dockerfile index 62899b379..f5054dd7b 100644 --- a/11/jre/ubuntu/noble/Dockerfile +++ b/11/jre/ubuntu/noble/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -59,12 +61,22 @@ RUN set -eux; \ ESUM='e37ba6636e31f3c9191ac7e3fd0ab7fb354a2f3b320d68bfb95efd1e053134c9'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_aarch64_linux_hotspot_11.0.25_9.tar.gz'; \ ;; \ + ppc64el) \ + ESUM='7e7edaf34c29c304514d60f40f6c9ce58eb3e32b0dec20bb6ccd1cfbb4456698'; \ + BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_ppc64le_linux_hotspot_11.0.25_9.tar.gz'; \ + ;; \ *) \ echo "Unsupported arch: ${ARCH}"; \ exit 1; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jdk/alpine/Dockerfile b/17/jdk/alpine/Dockerfile index 0d2b304a0..ea856fad7 100644 --- a/17/jdk/alpine/Dockerfile +++ b/17/jdk/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -63,6 +65,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jdk/ubi/ubi9-minimal/Dockerfile b/17/jdk/ubi/ubi9-minimal/Dockerfile index 4611eeccd..20b92e468 100644 --- a/17/jdk/ubi/ubi9-minimal/Dockerfile +++ b/17/jdk/ubi/ubi9-minimal/Dockerfile @@ -67,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jdk/ubuntu/focal/Dockerfile b/17/jdk/ubuntu/focal/Dockerfile index b9bb02518..cbd43e6da 100644 --- a/17/jdk/ubuntu/focal/Dockerfile +++ b/17/jdk/ubuntu/focal/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -62,6 +64,10 @@ RUN set -eux; \ ESUM='0c17fa4f14c0d2cc9e9334f996fccdddc5da4459d768f3105c7ff0283c47bf62'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.13_11.tar.gz'; \ ;; \ + armhf) \ + ESUM='e69d43be937e05dbccae4cc98f732ed86aa11993234bf5ad6e81c30475a78ce7'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_arm_linux_hotspot_17.0.13_11.tar.gz'; \ + ;; \ ppc64el) \ ESUM='d4e553c6fa7afdfe2577420c6e77a558db8113a3cef84e755384148f5610834e'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_ppc64le_linux_hotspot_17.0.13_11.tar.gz'; \ @@ -72,6 +78,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jdk/ubuntu/jammy/Dockerfile b/17/jdk/ubuntu/jammy/Dockerfile index 96888e3dc..152bc3e73 100644 --- a/17/jdk/ubuntu/jammy/Dockerfile +++ b/17/jdk/ubuntu/jammy/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -62,6 +64,10 @@ RUN set -eux; \ ESUM='0c17fa4f14c0d2cc9e9334f996fccdddc5da4459d768f3105c7ff0283c47bf62'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.13_11.tar.gz'; \ ;; \ + armhf) \ + ESUM='e69d43be937e05dbccae4cc98f732ed86aa11993234bf5ad6e81c30475a78ce7'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_arm_linux_hotspot_17.0.13_11.tar.gz'; \ + ;; \ ppc64el) \ ESUM='d4e553c6fa7afdfe2577420c6e77a558db8113a3cef84e755384148f5610834e'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_ppc64le_linux_hotspot_17.0.13_11.tar.gz'; \ @@ -72,6 +78,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jdk/ubuntu/noble/Dockerfile b/17/jdk/ubuntu/noble/Dockerfile index 93664db07..5919da074 100644 --- a/17/jdk/ubuntu/noble/Dockerfile +++ b/17/jdk/ubuntu/noble/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -62,6 +64,10 @@ RUN set -eux; \ ESUM='0c17fa4f14c0d2cc9e9334f996fccdddc5da4459d768f3105c7ff0283c47bf62'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.13_11.tar.gz'; \ ;; \ + armhf) \ + ESUM='e69d43be937e05dbccae4cc98f732ed86aa11993234bf5ad6e81c30475a78ce7'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_arm_linux_hotspot_17.0.13_11.tar.gz'; \ + ;; \ ppc64el) \ ESUM='d4e553c6fa7afdfe2577420c6e77a558db8113a3cef84e755384148f5610834e'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_ppc64le_linux_hotspot_17.0.13_11.tar.gz'; \ @@ -76,6 +82,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jre/alpine/Dockerfile b/17/jre/alpine/Dockerfile index 7c3c7db76..7019f1b5c 100644 --- a/17/jre/alpine/Dockerfile +++ b/17/jre/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -60,6 +62,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jre/ubi/ubi9-minimal/Dockerfile b/17/jre/ubi/ubi9-minimal/Dockerfile index 33c8934d4..34a7f7f15 100644 --- a/17/jre/ubi/ubi9-minimal/Dockerfile +++ b/17/jre/ubi/ubi9-minimal/Dockerfile @@ -67,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jre/ubuntu/focal/Dockerfile b/17/jre/ubuntu/focal/Dockerfile index 30cfe3395..055bc1d25 100644 --- a/17/jre/ubuntu/focal/Dockerfile +++ b/17/jre/ubuntu/focal/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -59,6 +61,10 @@ RUN set -eux; \ ESUM='97c4fb748eaa1292fb2f28fec90a3eba23e35974ef67f8b3aa304ad4db2ba162'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_aarch64_linux_hotspot_17.0.13_11.tar.gz'; \ ;; \ + armhf) \ + ESUM='f9c4008680db016c9cab26cc2739d4553898911522f6a78a611fafa1f5270c88'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_arm_linux_hotspot_17.0.13_11.tar.gz'; \ + ;; \ ppc64el) \ ESUM='790f53fcc95cc76ed8f27d3146cf789fc354a2afb7148cffd197ca61a643212f'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_ppc64le_linux_hotspot_17.0.13_11.tar.gz'; \ @@ -69,6 +75,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jre/ubuntu/jammy/Dockerfile b/17/jre/ubuntu/jammy/Dockerfile index afb85171f..01d0ab163 100644 --- a/17/jre/ubuntu/jammy/Dockerfile +++ b/17/jre/ubuntu/jammy/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -59,6 +61,10 @@ RUN set -eux; \ ESUM='97c4fb748eaa1292fb2f28fec90a3eba23e35974ef67f8b3aa304ad4db2ba162'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_aarch64_linux_hotspot_17.0.13_11.tar.gz'; \ ;; \ + armhf) \ + ESUM='f9c4008680db016c9cab26cc2739d4553898911522f6a78a611fafa1f5270c88'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_arm_linux_hotspot_17.0.13_11.tar.gz'; \ + ;; \ ppc64el) \ ESUM='790f53fcc95cc76ed8f27d3146cf789fc354a2afb7148cffd197ca61a643212f'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_ppc64le_linux_hotspot_17.0.13_11.tar.gz'; \ @@ -69,6 +75,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/17/jre/ubuntu/noble/Dockerfile b/17/jre/ubuntu/noble/Dockerfile index 67bf61ada..831b7da59 100644 --- a/17/jre/ubuntu/noble/Dockerfile +++ b/17/jre/ubuntu/noble/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -59,6 +61,10 @@ RUN set -eux; \ ESUM='97c4fb748eaa1292fb2f28fec90a3eba23e35974ef67f8b3aa304ad4db2ba162'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_aarch64_linux_hotspot_17.0.13_11.tar.gz'; \ ;; \ + armhf) \ + ESUM='f9c4008680db016c9cab26cc2739d4553898911522f6a78a611fafa1f5270c88'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_arm_linux_hotspot_17.0.13_11.tar.gz'; \ + ;; \ ppc64el) \ ESUM='790f53fcc95cc76ed8f27d3146cf789fc354a2afb7148cffd197ca61a643212f'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_ppc64le_linux_hotspot_17.0.13_11.tar.gz'; \ @@ -73,6 +79,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/21/jdk/alpine/Dockerfile b/21/jdk/alpine/Dockerfile index 02a66b42a..431000554 100644 --- a/21/jdk/alpine/Dockerfile +++ b/21/jdk/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -67,6 +69,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/21/jdk/ubi/ubi9-minimal/Dockerfile b/21/jdk/ubi/ubi9-minimal/Dockerfile index 756b3af49..32bbb3d13 100644 --- a/21/jdk/ubi/ubi9-minimal/Dockerfile +++ b/21/jdk/ubi/ubi9-minimal/Dockerfile @@ -67,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/21/jdk/ubuntu/jammy/Dockerfile b/21/jdk/ubuntu/jammy/Dockerfile index 308611578..b19358380 100644 --- a/21/jdk/ubuntu/jammy/Dockerfile +++ b/21/jdk/ubuntu/jammy/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -72,6 +74,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/21/jdk/ubuntu/noble/Dockerfile b/21/jdk/ubuntu/noble/Dockerfile index 11886ab14..19bb1ba2c 100644 --- a/21/jdk/ubuntu/noble/Dockerfile +++ b/21/jdk/ubuntu/noble/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -76,6 +78,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/21/jre/alpine/Dockerfile b/21/jre/alpine/Dockerfile index f41eebff7..2fbc6a191 100644 --- a/21/jre/alpine/Dockerfile +++ b/21/jre/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -64,6 +66,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/21/jre/ubi/ubi9-minimal/Dockerfile b/21/jre/ubi/ubi9-minimal/Dockerfile index 3021ac816..3c451c6b8 100644 --- a/21/jre/ubi/ubi9-minimal/Dockerfile +++ b/21/jre/ubi/ubi9-minimal/Dockerfile @@ -67,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/21/jre/ubuntu/jammy/Dockerfile b/21/jre/ubuntu/jammy/Dockerfile index 9515704a6..38641c4a4 100644 --- a/21/jre/ubuntu/jammy/Dockerfile +++ b/21/jre/ubuntu/jammy/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -69,6 +71,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/21/jre/ubuntu/noble/Dockerfile b/21/jre/ubuntu/noble/Dockerfile index 5dcfa65a9..25637d519 100644 --- a/21/jre/ubuntu/noble/Dockerfile +++ b/21/jre/ubuntu/noble/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -73,6 +75,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/23/jdk/alpine/Dockerfile b/23/jdk/alpine/Dockerfile index d8761b929..56586ec9b 100644 --- a/23/jdk/alpine/Dockerfile +++ b/23/jdk/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -63,6 +65,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/23/jdk/ubi/ubi9-minimal/Dockerfile b/23/jdk/ubi/ubi9-minimal/Dockerfile index 56ecd00a3..2620a6dc4 100644 --- a/23/jdk/ubi/ubi9-minimal/Dockerfile +++ b/23/jdk/ubi/ubi9-minimal/Dockerfile @@ -63,6 +63,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/23/jdk/ubuntu/noble/Dockerfile b/23/jdk/ubuntu/noble/Dockerfile index 33ffb13b4..9192ca920 100644 --- a/23/jdk/ubuntu/noble/Dockerfile +++ b/23/jdk/ubuntu/noble/Dockerfile @@ -29,6 +29,8 @@ RUN set -eux; \ apt-get update; \ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -70,6 +72,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/23/jre/alpine/Dockerfile b/23/jre/alpine/Dockerfile index bf1925ca6..eb0f7b327 100644 --- a/23/jre/alpine/Dockerfile +++ b/23/jre/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -60,6 +62,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/23/jre/ubi/ubi9-minimal/Dockerfile b/23/jre/ubi/ubi9-minimal/Dockerfile index ff7c88643..d2a0840a8 100644 --- a/23/jre/ubi/ubi9-minimal/Dockerfile +++ b/23/jre/ubi/ubi9-minimal/Dockerfile @@ -63,6 +63,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/23/jre/ubuntu/noble/Dockerfile b/23/jre/ubuntu/noble/Dockerfile index 574c83cbb..baad2c830 100644 --- a/23/jre/ubuntu/noble/Dockerfile +++ b/23/jre/ubuntu/noble/Dockerfile @@ -29,6 +29,8 @@ RUN set -eux; \ apt-get update; \ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -67,6 +69,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jdk/alpine/Dockerfile b/8/jdk/alpine/Dockerfile index 649eba723..239ec5d73 100644 --- a/8/jdk/alpine/Dockerfile +++ b/8/jdk/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -60,6 +62,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jdk/ubi/ubi9-minimal/Dockerfile b/8/jdk/ubi/ubi9-minimal/Dockerfile index 11c5851f1..25fca7334 100644 --- a/8/jdk/ubi/ubi9-minimal/Dockerfile +++ b/8/jdk/ubi/ubi9-minimal/Dockerfile @@ -63,6 +63,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jdk/ubuntu/focal/Dockerfile b/8/jdk/ubuntu/focal/Dockerfile index 9eb86bcbb..7edfbd3cd 100644 --- a/8/jdk/ubuntu/focal/Dockerfile +++ b/8/jdk/ubuntu/focal/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -65,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jdk/ubuntu/jammy/Dockerfile b/8/jdk/ubuntu/jammy/Dockerfile index 6e11c5da1..1d4a8a382 100644 --- a/8/jdk/ubuntu/jammy/Dockerfile +++ b/8/jdk/ubuntu/jammy/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -65,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jdk/ubuntu/noble/Dockerfile b/8/jdk/ubuntu/noble/Dockerfile index 7b19b3d83..dbbf17ff7 100644 --- a/8/jdk/ubuntu/noble/Dockerfile +++ b/8/jdk/ubuntu/noble/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -65,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jdk/windows/nanoserver-1809/Dockerfile b/8/jdk/windows/nanoserver-1809/Dockerfile index f5069d5ee..0d2397783 100644 --- a/8/jdk/windows/nanoserver-1809/Dockerfile +++ b/8/jdk/windows/nanoserver-1809/Dockerfile @@ -21,7 +21,7 @@ FROM mcr.microsoft.com/windows/nanoserver:1809 SHELL ["cmd", "/s", "/c"] -ENV JAVA_VERSION=jdk8u422-b05 +ENV JAVA_VERSION=jdk8u432-b06 ENV JAVA_HOME C:\\openjdk-8 # "ERROR: Access to the registry path is denied." @@ -31,7 +31,7 @@ RUN echo Updating PATH: %JAVA_HOME%\bin;%PATH% \ && echo Complete. USER ContainerUser -COPY --from=eclipse-temurin:8u422-b05-jdk-windowsservercore-1809 $JAVA_HOME $JAVA_HOME +COPY --from=eclipse-temurin:8u432-b06-jdk-windowsservercore-1809 $JAVA_HOME $JAVA_HOME RUN echo Verifying install ... \ && echo javac -version && javac -version \ diff --git a/8/jdk/windows/nanoserver-ltsc2022/Dockerfile b/8/jdk/windows/nanoserver-ltsc2022/Dockerfile index 6933b6e79..ab8a5030e 100644 --- a/8/jdk/windows/nanoserver-ltsc2022/Dockerfile +++ b/8/jdk/windows/nanoserver-ltsc2022/Dockerfile @@ -21,7 +21,7 @@ FROM mcr.microsoft.com/windows/nanoserver:ltsc2022 SHELL ["cmd", "/s", "/c"] -ENV JAVA_VERSION=jdk8u422-b05 +ENV JAVA_VERSION=jdk8u432-b06 ENV JAVA_HOME C:\\openjdk-8 # "ERROR: Access to the registry path is denied." @@ -31,7 +31,7 @@ RUN echo Updating PATH: %JAVA_HOME%\bin;%PATH% \ && echo Complete. USER ContainerUser -COPY --from=eclipse-temurin:8u422-b05-jdk-windowsservercore-ltsc2022 $JAVA_HOME $JAVA_HOME +COPY --from=eclipse-temurin:8u432-b06-jdk-windowsservercore-ltsc2022 $JAVA_HOME $JAVA_HOME RUN echo Verifying install ... \ && echo javac -version && javac -version \ diff --git a/8/jdk/windows/windowsservercore-1809/Dockerfile b/8/jdk/windows/windowsservercore-1809/Dockerfile index d6feaeb4b..3c781bccb 100644 --- a/8/jdk/windows/windowsservercore-1809/Dockerfile +++ b/8/jdk/windows/windowsservercore-1809/Dockerfile @@ -22,12 +22,12 @@ FROM mcr.microsoft.com/windows/servercore:1809 # $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] -ENV JAVA_VERSION=jdk8u422-b05 +ENV JAVA_VERSION=jdk8u432-b06 -RUN Write-Host ('Downloading https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u422-b05/OpenJDK8U-jdk_x64_windows_hotspot_8u422b05.msi ...'); \ - curl.exe -LfsSo openjdk.msi https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u422-b05/OpenJDK8U-jdk_x64_windows_hotspot_8u422b05.msi ; \ - Write-Host ('Verifying sha256 (9944b308061827c8ad26bedd573eac334c12eaa72c8b7f5ee73a5795e7710204) ...'); \ - if ((Get-FileHash openjdk.msi -Algorithm sha256).Hash -ne '9944b308061827c8ad26bedd573eac334c12eaa72c8b7f5ee73a5795e7710204') { \ +RUN Write-Host ('Downloading https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jdk_x64_windows_hotspot_8u432b06.msi ...'); \ + curl.exe -LfsSo openjdk.msi https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jdk_x64_windows_hotspot_8u432b06.msi ; \ + Write-Host ('Verifying sha256 (c9280205858928756374d930d4b539c59b1cb470425d2cf300b943c56efe4d86) ...'); \ + if ((Get-FileHash openjdk.msi -Algorithm sha256).Hash -ne 'c9280205858928756374d930d4b539c59b1cb470425d2cf300b943c56efe4d86') { \ Write-Host 'FAILED!'; \ exit 1; \ }; \ diff --git a/8/jdk/windows/windowsservercore-ltsc2022/Dockerfile b/8/jdk/windows/windowsservercore-ltsc2022/Dockerfile index c4ae0cd7c..1a0c7eea5 100644 --- a/8/jdk/windows/windowsservercore-ltsc2022/Dockerfile +++ b/8/jdk/windows/windowsservercore-ltsc2022/Dockerfile @@ -22,12 +22,12 @@ FROM mcr.microsoft.com/windows/servercore:ltsc2022 # $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] -ENV JAVA_VERSION=jdk8u422-b05 +ENV JAVA_VERSION=jdk8u432-b06 -RUN Write-Host ('Downloading https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u422-b05/OpenJDK8U-jdk_x64_windows_hotspot_8u422b05.msi ...'); \ - curl.exe -LfsSo openjdk.msi https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u422-b05/OpenJDK8U-jdk_x64_windows_hotspot_8u422b05.msi ; \ - Write-Host ('Verifying sha256 (9944b308061827c8ad26bedd573eac334c12eaa72c8b7f5ee73a5795e7710204) ...'); \ - if ((Get-FileHash openjdk.msi -Algorithm sha256).Hash -ne '9944b308061827c8ad26bedd573eac334c12eaa72c8b7f5ee73a5795e7710204') { \ +RUN Write-Host ('Downloading https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jdk_x64_windows_hotspot_8u432b06.msi ...'); \ + curl.exe -LfsSo openjdk.msi https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jdk_x64_windows_hotspot_8u432b06.msi ; \ + Write-Host ('Verifying sha256 (c9280205858928756374d930d4b539c59b1cb470425d2cf300b943c56efe4d86) ...'); \ + if ((Get-FileHash openjdk.msi -Algorithm sha256).Hash -ne 'c9280205858928756374d930d4b539c59b1cb470425d2cf300b943c56efe4d86') { \ Write-Host 'FAILED!'; \ exit 1; \ }; \ diff --git a/8/jre/alpine/Dockerfile b/8/jre/alpine/Dockerfile index e0daf20ee..8a3cf05f6 100644 --- a/8/jre/alpine/Dockerfile +++ b/8/jre/alpine/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ @@ -60,6 +62,12 @@ RUN set -eux; \ ;; \ esac; \ wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jre/ubi/ubi9-minimal/Dockerfile b/8/jre/ubi/ubi9-minimal/Dockerfile index 9115bed14..ca7ad7026 100644 --- a/8/jre/ubi/ubi9-minimal/Dockerfile +++ b/8/jre/ubi/ubi9-minimal/Dockerfile @@ -63,6 +63,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jre/ubuntu/focal/Dockerfile b/8/jre/ubuntu/focal/Dockerfile index 1554be56f..e87fcfab2 100644 --- a/8/jre/ubuntu/focal/Dockerfile +++ b/8/jre/ubuntu/focal/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -65,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jre/ubuntu/jammy/Dockerfile b/8/jre/ubuntu/jammy/Dockerfile index 24bf272e6..f3523f6ab 100644 --- a/8/jre/ubuntu/jammy/Dockerfile +++ b/8/jre/ubuntu/jammy/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -65,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jre/ubuntu/noble/Dockerfile b/8/jre/ubuntu/noble/Dockerfile index ac6935ce7..4d4121788 100644 --- a/8/jre/ubuntu/noble/Dockerfile +++ b/8/jre/ubuntu/noble/Dockerfile @@ -31,6 +31,8 @@ RUN set -eux; \ # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255 curl \ wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -65,6 +67,12 @@ RUN set -eux; \ ;; \ esac; \ wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget --progress=dot:giga -O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/8/jre/windows/nanoserver-1809/Dockerfile b/8/jre/windows/nanoserver-1809/Dockerfile index beeb0644d..019b07099 100644 --- a/8/jre/windows/nanoserver-1809/Dockerfile +++ b/8/jre/windows/nanoserver-1809/Dockerfile @@ -21,7 +21,7 @@ FROM mcr.microsoft.com/windows/nanoserver:1809 SHELL ["cmd", "/s", "/c"] -ENV JAVA_VERSION=jdk8u422-b05 +ENV JAVA_VERSION=jdk8u432-b06 ENV JAVA_HOME C:\\openjdk-8 # "ERROR: Access to the registry path is denied." @@ -31,7 +31,7 @@ RUN echo Updating PATH: %JAVA_HOME%\bin;%PATH% \ && echo Complete. USER ContainerUser -COPY --from=eclipse-temurin:8u422-b05-jre-windowsservercore-1809 $JAVA_HOME $JAVA_HOME +COPY --from=eclipse-temurin:8u432-b06-jre-windowsservercore-1809 $JAVA_HOME $JAVA_HOME RUN echo Verifying install ... \ && echo java -version && java -version \ diff --git a/8/jre/windows/nanoserver-ltsc2022/Dockerfile b/8/jre/windows/nanoserver-ltsc2022/Dockerfile index 9ea4aa23b..82fae8d56 100644 --- a/8/jre/windows/nanoserver-ltsc2022/Dockerfile +++ b/8/jre/windows/nanoserver-ltsc2022/Dockerfile @@ -21,7 +21,7 @@ FROM mcr.microsoft.com/windows/nanoserver:ltsc2022 SHELL ["cmd", "/s", "/c"] -ENV JAVA_VERSION=jdk8u422-b05 +ENV JAVA_VERSION=jdk8u432-b06 ENV JAVA_HOME C:\\openjdk-8 # "ERROR: Access to the registry path is denied." @@ -31,7 +31,7 @@ RUN echo Updating PATH: %JAVA_HOME%\bin;%PATH% \ && echo Complete. USER ContainerUser -COPY --from=eclipse-temurin:8u422-b05-jre-windowsservercore-ltsc2022 $JAVA_HOME $JAVA_HOME +COPY --from=eclipse-temurin:8u432-b06-jre-windowsservercore-ltsc2022 $JAVA_HOME $JAVA_HOME RUN echo Verifying install ... \ && echo java -version && java -version \ diff --git a/8/jre/windows/windowsservercore-1809/Dockerfile b/8/jre/windows/windowsservercore-1809/Dockerfile index 93c4c4f41..f5b9a4396 100644 --- a/8/jre/windows/windowsservercore-1809/Dockerfile +++ b/8/jre/windows/windowsservercore-1809/Dockerfile @@ -22,12 +22,12 @@ FROM mcr.microsoft.com/windows/servercore:1809 # $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] -ENV JAVA_VERSION=jdk8u422-b05 +ENV JAVA_VERSION=jdk8u432-b06 -RUN Write-Host ('Downloading https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u422-b05/OpenJDK8U-jre_x64_windows_hotspot_8u422b05.msi ...'); \ - curl.exe -LfsSo openjdk.msi https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u422-b05/OpenJDK8U-jre_x64_windows_hotspot_8u422b05.msi ; \ - Write-Host ('Verifying sha256 (6a53b2e2e0eee6b238d79999e4de2fac70efc03922d48ea6d1007f50e7c11307) ...'); \ - if ((Get-FileHash openjdk.msi -Algorithm sha256).Hash -ne '6a53b2e2e0eee6b238d79999e4de2fac70efc03922d48ea6d1007f50e7c11307') { \ +RUN Write-Host ('Downloading https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jre_x64_windows_hotspot_8u432b06.msi ...'); \ + curl.exe -LfsSo openjdk.msi https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jre_x64_windows_hotspot_8u432b06.msi ; \ + Write-Host ('Verifying sha256 (34801770278c26045517fc1851396d7bf66c7c32fa6f9965b968d55adbebda4b) ...'); \ + if ((Get-FileHash openjdk.msi -Algorithm sha256).Hash -ne '34801770278c26045517fc1851396d7bf66c7c32fa6f9965b968d55adbebda4b') { \ Write-Host 'FAILED!'; \ exit 1; \ }; \ diff --git a/8/jre/windows/windowsservercore-ltsc2022/Dockerfile b/8/jre/windows/windowsservercore-ltsc2022/Dockerfile index 096ccd558..2576cc19e 100644 --- a/8/jre/windows/windowsservercore-ltsc2022/Dockerfile +++ b/8/jre/windows/windowsservercore-ltsc2022/Dockerfile @@ -22,12 +22,12 @@ FROM mcr.microsoft.com/windows/servercore:ltsc2022 # $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] -ENV JAVA_VERSION=jdk8u422-b05 +ENV JAVA_VERSION=jdk8u432-b06 -RUN Write-Host ('Downloading https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u422-b05/OpenJDK8U-jre_x64_windows_hotspot_8u422b05.msi ...'); \ - curl.exe -LfsSo openjdk.msi https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u422-b05/OpenJDK8U-jre_x64_windows_hotspot_8u422b05.msi ; \ - Write-Host ('Verifying sha256 (6a53b2e2e0eee6b238d79999e4de2fac70efc03922d48ea6d1007f50e7c11307) ...'); \ - if ((Get-FileHash openjdk.msi -Algorithm sha256).Hash -ne '6a53b2e2e0eee6b238d79999e4de2fac70efc03922d48ea6d1007f50e7c11307') { \ +RUN Write-Host ('Downloading https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jre_x64_windows_hotspot_8u432b06.msi ...'); \ + curl.exe -LfsSo openjdk.msi https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jre_x64_windows_hotspot_8u432b06.msi ; \ + Write-Host ('Verifying sha256 (34801770278c26045517fc1851396d7bf66c7c32fa6f9965b968d55adbebda4b) ...'); \ + if ((Get-FileHash openjdk.msi -Algorithm sha256).Hash -ne '34801770278c26045517fc1851396d7bf66c7c32fa6f9965b968d55adbebda4b') { \ Write-Host 'FAILED!'; \ exit 1; \ }; \ diff --git a/docker_templates/alpine-linux.Dockerfile.j2 b/docker_templates/alpine-linux.Dockerfile.j2 index 9344dd20f..a8f251dec 100644 --- a/docker_templates/alpine-linux.Dockerfile.j2 +++ b/docker_templates/alpine-linux.Dockerfile.j2 @@ -10,6 +10,8 @@ RUN set -eux; \ # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 fontconfig ttf-dejavu \ + # gnupg required to verify the signature + gnupg \ # utilities for keeping Alpine and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit-trust \ diff --git a/docker_templates/partials/multi-arch-install.j2 b/docker_templates/partials/multi-arch-install.j2 index 4f8a9e6a0..3083bbdd4 100644 --- a/docker_templates/partials/multi-arch-install.j2 +++ b/docker_templates/partials/multi-arch-install.j2 @@ -19,6 +19,12 @@ RUN set -eux; \ ;; \ esac; \ wget {% if os != "alpine-linux" %}--progress=dot:giga {% endif %}-O /tmp/openjdk.tar.gz ${BINARY_URL}; \ + wget {% if os != "alpine-linux" %}--progress=dot:giga {% endif %}-O /tmp/openjdk.tar.gz.sig ${BINARY_URL}.sig; \ + export GNUPGHOME="$(mktemp -d)"; \ + # gpg: key 843C48A565F8F04B: "Adoptium GPG Key (DEB/RPM Signing Key) " imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B; \ + gpg --batch --verify /tmp/openjdk.tar.gz.sig /tmp/openjdk.tar.gz; \ + rm -r "$GNUPGHOME" /tmp/openjdk.tar.gz.sig; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p "$JAVA_HOME"; \ tar --extract \ diff --git a/docker_templates/ubuntu.Dockerfile.j2 b/docker_templates/ubuntu.Dockerfile.j2 index f5c13653a..9f912f9a2 100644 --- a/docker_templates/ubuntu.Dockerfile.j2 +++ b/docker_templates/ubuntu.Dockerfile.j2 @@ -12,6 +12,8 @@ RUN set -eux; \ curl \ {% endif -%} wget \ + # gnupg required to verify the signature + gnupg \ # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077