From 511753bf5a35d7d83eff0b9a7d58e63c66af508a Mon Sep 17 00:00:00 2001 From: George Adams Date: Tue, 22 Oct 2024 14:51:31 +0100 Subject: [PATCH] use multistage build dockerfiles for JDK24+ --- config/{hotspot.yml => temurin.yml} | 0 .../alpine-linux.multistage.Dockerfile.j2 | 47 +++++++++++++++ .../ubi9-minimal.multistage.Dockerfile.j2 | 41 +++++++++++++ .../ubuntu.multistage.Dockerfile.j2 | 58 +++++++++++++++++++ generate_dockerfiles.py | 7 ++- 5 files changed, 151 insertions(+), 2 deletions(-) rename config/{hotspot.yml => temurin.yml} (100%) create mode 100644 docker_templates/alpine-linux.multistage.Dockerfile.j2 create mode 100644 docker_templates/ubi9-minimal.multistage.Dockerfile.j2 create mode 100644 docker_templates/ubuntu.multistage.Dockerfile.j2 diff --git a/config/hotspot.yml b/config/temurin.yml similarity index 100% rename from config/hotspot.yml rename to config/temurin.yml diff --git a/docker_templates/alpine-linux.multistage.Dockerfile.j2 b/docker_templates/alpine-linux.multistage.Dockerfile.j2 new file mode 100644 index 000000000..37ac72015 --- /dev/null +++ b/docker_templates/alpine-linux.multistage.Dockerfile.j2 @@ -0,0 +1,47 @@ +{% include 'partials/license.j2' %} + +FROM {{ base_image }} AS build + +{% include 'partials/nix-env.j2' %} + +RUN set -eux; \ + apk add --no-cache \ + # gnupg required to verify the signature + gnupg + +{% include 'partials/java-version.j2' %} + +{% include 'partials/multi-arch-install.j2' %} + +FROM {{ base_image }} + +ENV JAVA_HOME=/opt/java/openjdk + +RUN set -eux; \ + apk add --no-cache \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 + fontconfig ttf-dejavu \ + # utilities for keeping Alpine and OpenJDK CA certificates in sync + # https://github.com/adoptium/containers/issues/293 + ca-certificates p11-kit-trust \ + # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 + musl-locales musl-locales-lang \ + {%- include 'partials/binutils.j2' %} + tzdata \ + # Contains `csplit` used for splitting multiple certificates in one file to multiple files, since keytool can + # only import one at a time. + coreutils \ + # Needed to extract CN and generate aliases for certificates + openssl \ + ; \ + rm -rf /var/cache/apk/* + +{% include 'partials/java-version.j2' %} + +COPY --from=build $JAVA_HOME $JAVA_HOME + +{% include 'partials/version-check.j2' %} +{% include 'partials/entrypoint.j2' %} +{% include 'partials/jshell.j2' %} diff --git a/docker_templates/ubi9-minimal.multistage.Dockerfile.j2 b/docker_templates/ubi9-minimal.multistage.Dockerfile.j2 new file mode 100644 index 000000000..0be381223 --- /dev/null +++ b/docker_templates/ubi9-minimal.multistage.Dockerfile.j2 @@ -0,0 +1,41 @@ +{% include 'partials/license.j2' %} + +FROM {{ base_image }} AS build + +ENV JAVA_HOME=/opt/java/openjdk + +RUN set -eux; \ + microdnf install -y \ + gzip \ + tar \ + wget + +{% include 'partials/multi-arch-install.j2' %} + +FROM {{ base_image }} + +{% include 'partials/nix-env.j2' %} + +RUN set -eux; \ + microdnf install -y \ + # Required for jlink + binutils \ + tzdata \ + # utilities for keeping UBI and OpenJDK CA certificates in sync + # https://github.com/adoptium/containers/issues/293 + ca-certificates \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 + fontconfig \ + glibc-langpack-en \ + ; \ + microdnf clean all + +{% include 'partials/java-version.j2' %} + +COPY --from=build $JAVA_HOME $JAVA_HOME + +{% include 'partials/version-check.j2' %} +{% include 'partials/entrypoint.j2' %} +{% include 'partials/jshell.j2' %} diff --git a/docker_templates/ubuntu.multistage.Dockerfile.j2 b/docker_templates/ubuntu.multistage.Dockerfile.j2 new file mode 100644 index 000000000..75895f5c1 --- /dev/null +++ b/docker_templates/ubuntu.multistage.Dockerfile.j2 @@ -0,0 +1,58 @@ +{% include 'partials/license.j2' %} + +FROM {{ base_image }} AS build + +ENV JAVA_HOME=/opt/java/openjdk + +RUN set -eux; \ + apt-get update; \ + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ + # required for SSL certificate checking + ca-certificates \ + # gnupg required to verify the signature + gnupg \ + wget + +{% include 'partials/multi-arch-install.j2' %} + +FROM {{ base_image }} + +{% include 'partials/nix-env.j2' %} + +RUN set -eux; \ + apt-get update; \ + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ + # java.lang.UnsatisfiedLinkError: libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 + fontconfig \ + # utilities for keeping Ubuntu and OpenJDK CA certificates in sync + # https://github.com/adoptium/containers/issues/293 + ca-certificates p11-kit \ + {%- include 'partials/binutils.j2' %} + tzdata \ + # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 + locales \ + ; \ + echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen; \ + locale-gen en_US.UTF-8; \ + rm -rf /var/lib/apt/lists/* + +{% include 'partials/java-version.j2' %} + +COPY --from=build $JAVA_HOME $JAVA_HOME + +RUN set -eux; \ + # https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 + find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ + {% if version|int >= 11 -%} + ldconfig; \ + # https://github.com/docker-library/openjdk/issues/212#issuecomment-420979840 + # https://openjdk.java.net/jeps/341 + java -Xshare:dump; +{% else -%} + ldconfig; +{% endif %} +{% include 'partials/version-check.j2' %} +{% include 'partials/entrypoint.j2' %} +{% include 'partials/jshell.j2' %} diff --git a/generate_dockerfiles.py b/generate_dockerfiles.py index 4576050dd..065e741ac 100644 --- a/generate_dockerfiles.py +++ b/generate_dockerfiles.py @@ -65,7 +65,7 @@ def archHelper(arch, os_name): # Load the YAML configuration -with open("config/hotspot.yml", "r") as file: +with open("config/temurin.yml", "r") as file: config = yaml.safe_load(file) # Iterate through OS families and then configurations @@ -82,10 +82,13 @@ def archHelper(arch, os_name): # Define the path for the template based on OS template_name = f"{os_name}.Dockerfile.j2" - template = env.get_template(template_name) # Create output directories if they don't exist for version in versions: + # For JDK24+ use multistage build + if version >= 24 and os_family != "windows": + template_name = f"{os_name}.multistage.Dockerfile.j2" + template = env.get_template(template_name) # if deprecated is set and version is greater than or equal to deprecated, skip if deprecated and version >= deprecated: continue