From 0582ed7bcc58d7ddd5febc83dd123cbf6ba8bf2c Mon Sep 17 00:00:00 2001 From: eclipse-temurin-bot <81643974+eclipse-temurin-bot@users.noreply.github.com> Date: Mon, 21 Oct 2024 17:16:33 +0200 Subject: [PATCH 1/3] dockerfile: automated nightly updates (#671) --- 17/jdk/ubuntu/focal/Dockerfile | 4 ++++ 17/jdk/ubuntu/jammy/Dockerfile | 4 ++++ 17/jdk/ubuntu/noble/Dockerfile | 4 ++++ 17/jre/ubuntu/focal/Dockerfile | 4 ++++ 17/jre/ubuntu/jammy/Dockerfile | 4 ++++ 17/jre/ubuntu/noble/Dockerfile | 4 ++++ 6 files changed, 24 insertions(+) diff --git a/17/jdk/ubuntu/focal/Dockerfile b/17/jdk/ubuntu/focal/Dockerfile index b9bb02518..dbad35913 100644 --- a/17/jdk/ubuntu/focal/Dockerfile +++ b/17/jdk/ubuntu/focal/Dockerfile @@ -62,6 +62,10 @@ RUN set -eux; \ ESUM='0c17fa4f14c0d2cc9e9334f996fccdddc5da4459d768f3105c7ff0283c47bf62'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.13_11.tar.gz'; \ ;; \ + armhf) \ + ESUM='e69d43be937e05dbccae4cc98f732ed86aa11993234bf5ad6e81c30475a78ce7'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_arm_linux_hotspot_17.0.13_11.tar.gz'; \ + ;; \ ppc64el) \ ESUM='d4e553c6fa7afdfe2577420c6e77a558db8113a3cef84e755384148f5610834e'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_ppc64le_linux_hotspot_17.0.13_11.tar.gz'; \ diff --git a/17/jdk/ubuntu/jammy/Dockerfile b/17/jdk/ubuntu/jammy/Dockerfile index 96888e3dc..e1cab21c7 100644 --- a/17/jdk/ubuntu/jammy/Dockerfile +++ b/17/jdk/ubuntu/jammy/Dockerfile @@ -62,6 +62,10 @@ RUN set -eux; \ ESUM='0c17fa4f14c0d2cc9e9334f996fccdddc5da4459d768f3105c7ff0283c47bf62'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.13_11.tar.gz'; \ ;; \ + armhf) \ + ESUM='e69d43be937e05dbccae4cc98f732ed86aa11993234bf5ad6e81c30475a78ce7'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_arm_linux_hotspot_17.0.13_11.tar.gz'; \ + ;; \ ppc64el) \ ESUM='d4e553c6fa7afdfe2577420c6e77a558db8113a3cef84e755384148f5610834e'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_ppc64le_linux_hotspot_17.0.13_11.tar.gz'; \ diff --git a/17/jdk/ubuntu/noble/Dockerfile b/17/jdk/ubuntu/noble/Dockerfile index 93664db07..c3380b168 100644 --- a/17/jdk/ubuntu/noble/Dockerfile +++ b/17/jdk/ubuntu/noble/Dockerfile @@ -62,6 +62,10 @@ RUN set -eux; \ ESUM='0c17fa4f14c0d2cc9e9334f996fccdddc5da4459d768f3105c7ff0283c47bf62'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.13_11.tar.gz'; \ ;; \ + armhf) \ + ESUM='e69d43be937e05dbccae4cc98f732ed86aa11993234bf5ad6e81c30475a78ce7'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_arm_linux_hotspot_17.0.13_11.tar.gz'; \ + ;; \ ppc64el) \ ESUM='d4e553c6fa7afdfe2577420c6e77a558db8113a3cef84e755384148f5610834e'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_ppc64le_linux_hotspot_17.0.13_11.tar.gz'; \ diff --git a/17/jre/ubuntu/focal/Dockerfile b/17/jre/ubuntu/focal/Dockerfile index 30cfe3395..b68ef3277 100644 --- a/17/jre/ubuntu/focal/Dockerfile +++ b/17/jre/ubuntu/focal/Dockerfile @@ -59,6 +59,10 @@ RUN set -eux; \ ESUM='97c4fb748eaa1292fb2f28fec90a3eba23e35974ef67f8b3aa304ad4db2ba162'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_aarch64_linux_hotspot_17.0.13_11.tar.gz'; \ ;; \ + armhf) \ + ESUM='f9c4008680db016c9cab26cc2739d4553898911522f6a78a611fafa1f5270c88'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_arm_linux_hotspot_17.0.13_11.tar.gz'; \ + ;; \ ppc64el) \ ESUM='790f53fcc95cc76ed8f27d3146cf789fc354a2afb7148cffd197ca61a643212f'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_ppc64le_linux_hotspot_17.0.13_11.tar.gz'; \ diff --git a/17/jre/ubuntu/jammy/Dockerfile b/17/jre/ubuntu/jammy/Dockerfile index afb85171f..ee2bb740c 100644 --- a/17/jre/ubuntu/jammy/Dockerfile +++ b/17/jre/ubuntu/jammy/Dockerfile @@ -59,6 +59,10 @@ RUN set -eux; \ ESUM='97c4fb748eaa1292fb2f28fec90a3eba23e35974ef67f8b3aa304ad4db2ba162'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_aarch64_linux_hotspot_17.0.13_11.tar.gz'; \ ;; \ + armhf) \ + ESUM='f9c4008680db016c9cab26cc2739d4553898911522f6a78a611fafa1f5270c88'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_arm_linux_hotspot_17.0.13_11.tar.gz'; \ + ;; \ ppc64el) \ ESUM='790f53fcc95cc76ed8f27d3146cf789fc354a2afb7148cffd197ca61a643212f'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_ppc64le_linux_hotspot_17.0.13_11.tar.gz'; \ diff --git a/17/jre/ubuntu/noble/Dockerfile b/17/jre/ubuntu/noble/Dockerfile index 67bf61ada..16e226241 100644 --- a/17/jre/ubuntu/noble/Dockerfile +++ b/17/jre/ubuntu/noble/Dockerfile @@ -59,6 +59,10 @@ RUN set -eux; \ ESUM='97c4fb748eaa1292fb2f28fec90a3eba23e35974ef67f8b3aa304ad4db2ba162'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_aarch64_linux_hotspot_17.0.13_11.tar.gz'; \ ;; \ + armhf) \ + ESUM='f9c4008680db016c9cab26cc2739d4553898911522f6a78a611fafa1f5270c88'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_arm_linux_hotspot_17.0.13_11.tar.gz'; \ + ;; \ ppc64el) \ ESUM='790f53fcc95cc76ed8f27d3146cf789fc354a2afb7148cffd197ca61a643212f'; \ BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_ppc64le_linux_hotspot_17.0.13_11.tar.gz'; \ From fb7ceb1d513e62e6eec8024cba620a726025bd79 Mon Sep 17 00:00:00 2001 From: George Adams Date: Mon, 21 Oct 2024 17:54:17 +0100 Subject: [PATCH 2/3] Fix Certificate Import Issue by Generating Unique Aliases in cacert script (#642) * Fix Certificate Import Issue by Generating Unique Aliases in cacert script * add test --- .../certs_duplicate_cn/cert1.crt | 17 +++++++++++++++++ .../certs_duplicate_cn/cert2.crt | 17 +++++++++++++++++ .../expected-std-out.txt | 2 +- .test/tests/java-ca-certificates-update/run.sh | 18 +++++++++++++++++- 11/jdk/alpine/entrypoint.sh | 14 ++++++++++++-- 11/jdk/ubi/ubi9-minimal/entrypoint.sh | 14 ++++++++++++-- 11/jdk/ubuntu/focal/entrypoint.sh | 14 ++++++++++++-- 11/jdk/ubuntu/jammy/entrypoint.sh | 14 ++++++++++++-- 11/jdk/ubuntu/noble/entrypoint.sh | 14 ++++++++++++-- 11/jre/alpine/entrypoint.sh | 14 ++++++++++++-- 11/jre/ubi/ubi9-minimal/entrypoint.sh | 14 ++++++++++++-- 11/jre/ubuntu/focal/entrypoint.sh | 14 ++++++++++++-- 11/jre/ubuntu/jammy/entrypoint.sh | 14 ++++++++++++-- 11/jre/ubuntu/noble/entrypoint.sh | 14 ++++++++++++-- 17/jdk/alpine/entrypoint.sh | 14 ++++++++++++-- 17/jdk/ubi/ubi9-minimal/entrypoint.sh | 14 ++++++++++++-- 17/jdk/ubuntu/focal/entrypoint.sh | 14 ++++++++++++-- 17/jdk/ubuntu/jammy/entrypoint.sh | 14 ++++++++++++-- 17/jdk/ubuntu/noble/entrypoint.sh | 14 ++++++++++++-- 17/jre/alpine/entrypoint.sh | 14 ++++++++++++-- 17/jre/ubi/ubi9-minimal/entrypoint.sh | 14 ++++++++++++-- 17/jre/ubuntu/focal/entrypoint.sh | 14 ++++++++++++-- 17/jre/ubuntu/jammy/entrypoint.sh | 14 ++++++++++++-- 17/jre/ubuntu/noble/entrypoint.sh | 14 ++++++++++++-- 21/jdk/alpine/entrypoint.sh | 14 ++++++++++++-- 21/jdk/ubi/ubi9-minimal/entrypoint.sh | 14 ++++++++++++-- 21/jdk/ubuntu/jammy/entrypoint.sh | 14 ++++++++++++-- 21/jdk/ubuntu/noble/entrypoint.sh | 14 ++++++++++++-- 21/jre/alpine/entrypoint.sh | 14 ++++++++++++-- 21/jre/ubi/ubi9-minimal/entrypoint.sh | 14 ++++++++++++-- 21/jre/ubuntu/jammy/entrypoint.sh | 14 ++++++++++++-- 21/jre/ubuntu/noble/entrypoint.sh | 14 ++++++++++++-- 23/jdk/alpine/entrypoint.sh | 14 ++++++++++++-- 23/jdk/ubi/ubi9-minimal/entrypoint.sh | 14 ++++++++++++-- 23/jdk/ubuntu/noble/entrypoint.sh | 14 ++++++++++++-- 23/jre/alpine/entrypoint.sh | 14 ++++++++++++-- 23/jre/ubi/ubi9-minimal/entrypoint.sh | 14 ++++++++++++-- 23/jre/ubuntu/noble/entrypoint.sh | 14 ++++++++++++-- 8/jdk/alpine/entrypoint.sh | 14 ++++++++++++-- 8/jdk/ubi/ubi9-minimal/entrypoint.sh | 14 ++++++++++++-- 8/jdk/ubuntu/focal/entrypoint.sh | 14 ++++++++++++-- 8/jdk/ubuntu/jammy/entrypoint.sh | 14 ++++++++++++-- 8/jdk/ubuntu/noble/entrypoint.sh | 14 ++++++++++++-- 8/jre/alpine/entrypoint.sh | 14 ++++++++++++-- 8/jre/ubi/ubi9-minimal/entrypoint.sh | 14 ++++++++++++-- 8/jre/ubuntu/focal/entrypoint.sh | 14 ++++++++++++-- 8/jre/ubuntu/jammy/entrypoint.sh | 14 ++++++++++++-- 8/jre/ubuntu/noble/entrypoint.sh | 14 ++++++++++++-- docker_templates/entrypoint.sh.j2 | 14 ++++++++++++-- 49 files changed, 592 insertions(+), 92 deletions(-) create mode 100644 .test/tests/java-ca-certificates-update/certs_duplicate_cn/cert1.crt create mode 100644 .test/tests/java-ca-certificates-update/certs_duplicate_cn/cert2.crt diff --git a/.test/tests/java-ca-certificates-update/certs_duplicate_cn/cert1.crt b/.test/tests/java-ca-certificates-update/certs_duplicate_cn/cert1.crt new file mode 100644 index 000000000..50e111da9 --- /dev/null +++ b/.test/tests/java-ca-certificates-update/certs_duplicate_cn/cert1.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICzDCCAbSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1kb2Nr +ZXJidWlsZGVyMB4XDTI0MDgyNzA5MDIwMFoXDTI1MDgyNzA5MDIwMFowGDEWMBQG +A1UEAwwNZG9ja2VyYnVpbGRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBANIIAbZXdD1qOy/cdaLN0p7emnRUMgMhhL91F7/GA3LBCyURSBTNuaI2ibq+ +BxUjldsv8HOaesLG0Au4iaggnMK6YPHThDOqOw6ME4ghAD/10l6lHf+kTRvN4eC9 +bv3H1jieejVFIgienFfuFKcsNCFKPp4Rh7+D5HHJ3wtBVfaLT4K4q46Qlvkow7s8 +cQ3WSdvpsLDZo7cN1fRWMNHhDFbIs/DGkbhZUAxxUkUoUPyn+zvpRTY6QXoAQe57 +ed9qhhXQcpbHtHN8ecTenC2KEXQuGC0/KaqEJgTqE5W7Ihg0EvGeYpzdSt6ELSFx +WL3COwk/xTCcIqBPSiYmwPMKmd0CAwEAAaMhMB8wHQYDVR0OBBYEFCspyA0xL4b+ +2/cDj4tGqxI9L0/KMA0GCSqGSIb3DQEBCwUAA4IBAQC/UmqrbRfvmK5YX6uCBVA0 +SczwSuQRM7Zgi8PMCKLH4NvoeP6cYnAc46uaO3sp9iAv/LCw7Rw7A/LvZWmVCYPp +AstB6kI7nTDHULRGEk3aUar7B8uAVbMNF9V8iOnlk2G2qTvHMW9I4rGtQKqK6YXd +0m2XZ6UOEzNBPKDHqFfNOYpo1qts5CDLynGIX0tFTSlks5BMrV13xn/4giRj4UHY +bmElscCTfR/anNxGIBUp7dqGsv4zOeCE6kac4vsENyS+x+a8W0yveTY+TQnfKalT +KjZXCkPsZp2vZY6eCv2/09L94nXGMB40NDVOaDD/d2fZuQPadRTsF4AqEt9CsN5n +-----END CERTIFICATE----- diff --git a/.test/tests/java-ca-certificates-update/certs_duplicate_cn/cert2.crt b/.test/tests/java-ca-certificates-update/certs_duplicate_cn/cert2.crt new file mode 100644 index 000000000..c4cb6c73e --- /dev/null +++ b/.test/tests/java-ca-certificates-update/certs_duplicate_cn/cert2.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICzDCCAbSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1kb2Nr +ZXJidWlsZGVyMB4XDTI0MDgyNzA5MDIwNFoXDTI1MDgyNzA5MDIwNFowGDEWMBQG +A1UEAwwNZG9ja2VyYnVpbGRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBANIIAbZXdD1qOy/cdaLN0p7emnRUMgMhhL91F7/GA3LBCyURSBTNuaI2ibq+ +BxUjldsv8HOaesLG0Au4iaggnMK6YPHThDOqOw6ME4ghAD/10l6lHf+kTRvN4eC9 +bv3H1jieejVFIgienFfuFKcsNCFKPp4Rh7+D5HHJ3wtBVfaLT4K4q46Qlvkow7s8 +cQ3WSdvpsLDZo7cN1fRWMNHhDFbIs/DGkbhZUAxxUkUoUPyn+zvpRTY6QXoAQe57 +ed9qhhXQcpbHtHN8ecTenC2KEXQuGC0/KaqEJgTqE5W7Ihg0EvGeYpzdSt6ELSFx +WL3COwk/xTCcIqBPSiYmwPMKmd0CAwEAAaMhMB8wHQYDVR0OBBYEFCspyA0xL4b+ +2/cDj4tGqxI9L0/KMA0GCSqGSIb3DQEBCwUAA4IBAQAbEOXj4VHl3BvmoLEw3ykk +5c4CZwTuKOm7gh6MJB6iPZIord/LyjLoMh/Mbhy5uNNKxyA53aeZzsc3q35Uks9K +Tm02Pz6LQ3gMBvXQ/FfFu1+RXHbDOD5I9enrEsXTx4PGylFv8/9LqBfGiFGxPy6a +C8s8d22AZsL1P6iwxNoQgfBSSqZhH/mKJyYqFwlqBmo/PQTVt2noWP6afBOfUs4W +AGaeJUexLAem487MlPuzaSAr397zhvCVt7GNAkMwzU2KxH9auJ/5NFy1YyDSgsa0 +9rcy1gZGzJdOR2AbOZ1FXXqsw91S5SAzb+qR54KIusJ4ON+bPaQc7ZtnNKvbnBxG +-----END CERTIFICATE----- diff --git a/.test/tests/java-ca-certificates-update/expected-std-out.txt b/.test/tests/java-ca-certificates-update/expected-std-out.txt index ba9d1a89e..125c0b6d4 100644 --- a/.test/tests/java-ca-certificates-update/expected-std-out.txt +++ b/.test/tests/java-ca-certificates-update/expected-std-out.txt @@ -1 +1 @@ -010101000001010101000001 +0101010000010001010100000100 diff --git a/.test/tests/java-ca-certificates-update/run.sh b/.test/tests/java-ca-certificates-update/run.sh index ca7f72d87..fec848d98 100755 --- a/.test/tests/java-ca-certificates-update/run.sh +++ b/.test/tests/java-ca-certificates-update/run.sh @@ -10,7 +10,7 @@ CMD1=date # CMD2 in each run is to check for the `dockerbuilder` certificate in the Java keystore. Entrypoint export $CACERT to # point to the Java keystore. -CMD2=(sh -c "keytool -list -keystore \"\$JRE_CACERTS_PATH\" -storepass changeit -alias dockerbuilder && keytool -list -keystore \"\$JRE_CACERTS_PATH\" -storepass changeit -alias dockerbuilder2") +CMD2=(sh -c "keytool -list -keystore \"\$JRE_CACERTS_PATH\" -storepass changeit -alias dockerbuilder && keytool -list -keystore \"\$JRE_CACERTS_PATH\" -storepass changeit -alias dockerbuilder2") # For a custom entrypoint test, we need to create a new image. This image will get cleaned up at the end of the script # by the `finish` trap function. @@ -75,6 +75,14 @@ echo -n $? docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" "${CMD2[@]}" >&/dev/null echo -n $? +# Test run 7: Two certificates with the same CN are mounted and the environment variable is set. +# We expect both CMD1 to succeed and CMD2 to find both certificates. +docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_duplicate_cn:/certificates "$1" $CMD1 >&/dev/null +echo -n $? +CMD3=(sh -c "keytool -list -keystore \"\$JRE_CACERTS_PATH\" -storepass changeit -alias dockerbuilder && keytool -list -keystore \"\$JRE_CACERTS_PATH\" -storepass changeit -alias dockerbuilder_02") +docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_duplicate_cn:/certificates "$1" "${CMD3[@]}" >&/dev/null +echo -n $? + # # PHASE 2: Non-root containers # @@ -119,3 +127,11 @@ docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 -- echo -n $? docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" "${CMD2[@]}" >&/dev/null echo -n $? + +# Test run 7: Two certificates with the same CN are mounted and the environment variable is set. +# We expect both CMD1 to succeed and CMD2 to find both certificates. +docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_duplicate_cn:/certificates "$1" $CMD1 >&/dev/null +echo -n $? +CMD3=(sh -c "keytool -list -keystore \"\$JRE_CACERTS_PATH\" -storepass changeit -alias dockerbuilder && keytool -list -keystore \"\$JRE_CACERTS_PATH\" -storepass changeit -alias dockerbuilder_02") +docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_duplicate_cn:/certificates "$1" "${CMD3[@]}" >&/dev/null +echo -n $? diff --git a/11/jdk/alpine/entrypoint.sh b/11/jdk/alpine/entrypoint.sh index 306dd4c34..7822fe589 100644 --- a/11/jdk/alpine/entrypoint.sh +++ b/11/jdk/alpine/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/11/jdk/ubi/ubi9-minimal/entrypoint.sh b/11/jdk/ubi/ubi9-minimal/entrypoint.sh index c00c03280..9735e1932 100644 --- a/11/jdk/ubi/ubi9-minimal/entrypoint.sh +++ b/11/jdk/ubi/ubi9-minimal/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/11/jdk/ubuntu/focal/entrypoint.sh b/11/jdk/ubuntu/focal/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/11/jdk/ubuntu/focal/entrypoint.sh +++ b/11/jdk/ubuntu/focal/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/11/jdk/ubuntu/jammy/entrypoint.sh b/11/jdk/ubuntu/jammy/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/11/jdk/ubuntu/jammy/entrypoint.sh +++ b/11/jdk/ubuntu/jammy/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/11/jdk/ubuntu/noble/entrypoint.sh b/11/jdk/ubuntu/noble/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/11/jdk/ubuntu/noble/entrypoint.sh +++ b/11/jdk/ubuntu/noble/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/11/jre/alpine/entrypoint.sh b/11/jre/alpine/entrypoint.sh index 306dd4c34..7822fe589 100644 --- a/11/jre/alpine/entrypoint.sh +++ b/11/jre/alpine/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/11/jre/ubi/ubi9-minimal/entrypoint.sh b/11/jre/ubi/ubi9-minimal/entrypoint.sh index c00c03280..9735e1932 100644 --- a/11/jre/ubi/ubi9-minimal/entrypoint.sh +++ b/11/jre/ubi/ubi9-minimal/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/11/jre/ubuntu/focal/entrypoint.sh b/11/jre/ubuntu/focal/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/11/jre/ubuntu/focal/entrypoint.sh +++ b/11/jre/ubuntu/focal/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/11/jre/ubuntu/jammy/entrypoint.sh b/11/jre/ubuntu/jammy/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/11/jre/ubuntu/jammy/entrypoint.sh +++ b/11/jre/ubuntu/jammy/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/11/jre/ubuntu/noble/entrypoint.sh b/11/jre/ubuntu/noble/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/11/jre/ubuntu/noble/entrypoint.sh +++ b/11/jre/ubuntu/noble/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/17/jdk/alpine/entrypoint.sh b/17/jdk/alpine/entrypoint.sh index 306dd4c34..7822fe589 100644 --- a/17/jdk/alpine/entrypoint.sh +++ b/17/jdk/alpine/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/17/jdk/ubi/ubi9-minimal/entrypoint.sh b/17/jdk/ubi/ubi9-minimal/entrypoint.sh index c00c03280..9735e1932 100644 --- a/17/jdk/ubi/ubi9-minimal/entrypoint.sh +++ b/17/jdk/ubi/ubi9-minimal/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/17/jdk/ubuntu/focal/entrypoint.sh b/17/jdk/ubuntu/focal/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/17/jdk/ubuntu/focal/entrypoint.sh +++ b/17/jdk/ubuntu/focal/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/17/jdk/ubuntu/jammy/entrypoint.sh b/17/jdk/ubuntu/jammy/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/17/jdk/ubuntu/jammy/entrypoint.sh +++ b/17/jdk/ubuntu/jammy/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/17/jdk/ubuntu/noble/entrypoint.sh b/17/jdk/ubuntu/noble/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/17/jdk/ubuntu/noble/entrypoint.sh +++ b/17/jdk/ubuntu/noble/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/17/jre/alpine/entrypoint.sh b/17/jre/alpine/entrypoint.sh index 306dd4c34..7822fe589 100644 --- a/17/jre/alpine/entrypoint.sh +++ b/17/jre/alpine/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/17/jre/ubi/ubi9-minimal/entrypoint.sh b/17/jre/ubi/ubi9-minimal/entrypoint.sh index c00c03280..9735e1932 100644 --- a/17/jre/ubi/ubi9-minimal/entrypoint.sh +++ b/17/jre/ubi/ubi9-minimal/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/17/jre/ubuntu/focal/entrypoint.sh b/17/jre/ubuntu/focal/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/17/jre/ubuntu/focal/entrypoint.sh +++ b/17/jre/ubuntu/focal/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/17/jre/ubuntu/jammy/entrypoint.sh b/17/jre/ubuntu/jammy/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/17/jre/ubuntu/jammy/entrypoint.sh +++ b/17/jre/ubuntu/jammy/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/17/jre/ubuntu/noble/entrypoint.sh b/17/jre/ubuntu/noble/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/17/jre/ubuntu/noble/entrypoint.sh +++ b/17/jre/ubuntu/noble/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/21/jdk/alpine/entrypoint.sh b/21/jdk/alpine/entrypoint.sh index 306dd4c34..7822fe589 100644 --- a/21/jdk/alpine/entrypoint.sh +++ b/21/jdk/alpine/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/21/jdk/ubi/ubi9-minimal/entrypoint.sh b/21/jdk/ubi/ubi9-minimal/entrypoint.sh index c00c03280..9735e1932 100644 --- a/21/jdk/ubi/ubi9-minimal/entrypoint.sh +++ b/21/jdk/ubi/ubi9-minimal/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/21/jdk/ubuntu/jammy/entrypoint.sh b/21/jdk/ubuntu/jammy/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/21/jdk/ubuntu/jammy/entrypoint.sh +++ b/21/jdk/ubuntu/jammy/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/21/jdk/ubuntu/noble/entrypoint.sh b/21/jdk/ubuntu/noble/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/21/jdk/ubuntu/noble/entrypoint.sh +++ b/21/jdk/ubuntu/noble/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/21/jre/alpine/entrypoint.sh b/21/jre/alpine/entrypoint.sh index 306dd4c34..7822fe589 100644 --- a/21/jre/alpine/entrypoint.sh +++ b/21/jre/alpine/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/21/jre/ubi/ubi9-minimal/entrypoint.sh b/21/jre/ubi/ubi9-minimal/entrypoint.sh index c00c03280..9735e1932 100644 --- a/21/jre/ubi/ubi9-minimal/entrypoint.sh +++ b/21/jre/ubi/ubi9-minimal/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/21/jre/ubuntu/jammy/entrypoint.sh b/21/jre/ubuntu/jammy/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/21/jre/ubuntu/jammy/entrypoint.sh +++ b/21/jre/ubuntu/jammy/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/21/jre/ubuntu/noble/entrypoint.sh b/21/jre/ubuntu/noble/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/21/jre/ubuntu/noble/entrypoint.sh +++ b/21/jre/ubuntu/noble/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/23/jdk/alpine/entrypoint.sh b/23/jdk/alpine/entrypoint.sh index 306dd4c34..7822fe589 100644 --- a/23/jdk/alpine/entrypoint.sh +++ b/23/jdk/alpine/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/23/jdk/ubi/ubi9-minimal/entrypoint.sh b/23/jdk/ubi/ubi9-minimal/entrypoint.sh index c00c03280..9735e1932 100644 --- a/23/jdk/ubi/ubi9-minimal/entrypoint.sh +++ b/23/jdk/ubi/ubi9-minimal/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/23/jdk/ubuntu/noble/entrypoint.sh b/23/jdk/ubuntu/noble/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/23/jdk/ubuntu/noble/entrypoint.sh +++ b/23/jdk/ubuntu/noble/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/23/jre/alpine/entrypoint.sh b/23/jre/alpine/entrypoint.sh index 306dd4c34..7822fe589 100644 --- a/23/jre/alpine/entrypoint.sh +++ b/23/jre/alpine/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/23/jre/ubi/ubi9-minimal/entrypoint.sh b/23/jre/ubi/ubi9-minimal/entrypoint.sh index c00c03280..9735e1932 100644 --- a/23/jre/ubi/ubi9-minimal/entrypoint.sh +++ b/23/jre/ubi/ubi9-minimal/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/23/jre/ubuntu/noble/entrypoint.sh b/23/jre/ubuntu/noble/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/23/jre/ubuntu/noble/entrypoint.sh +++ b/23/jre/ubuntu/noble/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/8/jdk/alpine/entrypoint.sh b/8/jdk/alpine/entrypoint.sh index 25253b7d2..59c24f493 100644 --- a/8/jdk/alpine/entrypoint.sh +++ b/8/jdk/alpine/entrypoint.sh @@ -73,8 +73,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/8/jdk/ubi/ubi9-minimal/entrypoint.sh b/8/jdk/ubi/ubi9-minimal/entrypoint.sh index 9e4443332..160c7fe00 100644 --- a/8/jdk/ubi/ubi9-minimal/entrypoint.sh +++ b/8/jdk/ubi/ubi9-minimal/entrypoint.sh @@ -73,8 +73,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/8/jdk/ubuntu/focal/entrypoint.sh b/8/jdk/ubuntu/focal/entrypoint.sh index 129e5cccb..5ef8b651e 100644 --- a/8/jdk/ubuntu/focal/entrypoint.sh +++ b/8/jdk/ubuntu/focal/entrypoint.sh @@ -73,8 +73,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/8/jdk/ubuntu/jammy/entrypoint.sh b/8/jdk/ubuntu/jammy/entrypoint.sh index 129e5cccb..5ef8b651e 100644 --- a/8/jdk/ubuntu/jammy/entrypoint.sh +++ b/8/jdk/ubuntu/jammy/entrypoint.sh @@ -73,8 +73,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/8/jdk/ubuntu/noble/entrypoint.sh b/8/jdk/ubuntu/noble/entrypoint.sh index 129e5cccb..5ef8b651e 100644 --- a/8/jdk/ubuntu/noble/entrypoint.sh +++ b/8/jdk/ubuntu/noble/entrypoint.sh @@ -73,8 +73,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/8/jre/alpine/entrypoint.sh b/8/jre/alpine/entrypoint.sh index 306dd4c34..7822fe589 100644 --- a/8/jre/alpine/entrypoint.sh +++ b/8/jre/alpine/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/8/jre/ubi/ubi9-minimal/entrypoint.sh b/8/jre/ubi/ubi9-minimal/entrypoint.sh index c00c03280..9735e1932 100644 --- a/8/jre/ubi/ubi9-minimal/entrypoint.sh +++ b/8/jre/ubi/ubi9-minimal/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/8/jre/ubuntu/focal/entrypoint.sh b/8/jre/ubuntu/focal/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/8/jre/ubuntu/focal/entrypoint.sh +++ b/8/jre/ubuntu/focal/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/8/jre/ubuntu/jammy/entrypoint.sh b/8/jre/ubuntu/jammy/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/8/jre/ubuntu/jammy/entrypoint.sh +++ b/8/jre/ubuntu/jammy/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/8/jre/ubuntu/noble/entrypoint.sh b/8/jre/ubuntu/noble/entrypoint.sh index d51059c11..8093ab1ee 100644 --- a/8/jre/ubuntu/noble/entrypoint.sh +++ b/8/jre/ubuntu/noble/entrypoint.sh @@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null diff --git a/docker_templates/entrypoint.sh.j2 b/docker_templates/entrypoint.sh.j2 index 6825f5a9e..ffbb555f0 100755 --- a/docker_templates/entrypoint.sh.j2 +++ b/docker_templates/entrypoint.sh.j2 @@ -64,8 +64,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}' for crt in "$tmp_dir/$BASENAME"-*; do - # Create an alias for the certificate - ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + # Extract the Common Name (CN) and Serial Number from the certificate + CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') + SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p') + + # Check if an alias with the CN already exists in the keystore + ALIAS=$CN + if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then + # If the CN already exists, append the serial number to the alias + ALIAS="${CN}_${SERIAL}" + fi + + echo "Adding certificate with alias $ALIAS to the JVM truststore" # Add the certificate to the JVM truststore keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null From 2c958201adc093ab8c313da4c552d33e2eec90de Mon Sep 17 00:00:00 2001 From: eclipse-temurin-bot <81643974+eclipse-temurin-bot@users.noreply.github.com> Date: Mon, 21 Oct 2024 18:54:55 +0200 Subject: [PATCH 3/3] dockerfile: automated nightly updates (#672) --- 11/jdk/ubi/ubi9-minimal/Dockerfile | 4 ++++ 11/jdk/ubuntu/focal/Dockerfile | 4 ++++ 11/jdk/ubuntu/jammy/Dockerfile | 4 ++++ 11/jdk/ubuntu/noble/Dockerfile | 4 ++++ 11/jre/ubi/ubi9-minimal/Dockerfile | 4 ++++ 11/jre/ubuntu/focal/Dockerfile | 4 ++++ 11/jre/ubuntu/jammy/Dockerfile | 4 ++++ 11/jre/ubuntu/noble/Dockerfile | 4 ++++ 8/jdk/windows/nanoserver-1809/Dockerfile | 4 ++-- 8/jdk/windows/nanoserver-ltsc2022/Dockerfile | 4 ++-- 8/jdk/windows/windowsservercore-1809/Dockerfile | 10 +++++----- 8/jdk/windows/windowsservercore-ltsc2022/Dockerfile | 10 +++++----- 8/jre/windows/nanoserver-1809/Dockerfile | 4 ++-- 8/jre/windows/nanoserver-ltsc2022/Dockerfile | 4 ++-- 8/jre/windows/windowsservercore-1809/Dockerfile | 10 +++++----- 8/jre/windows/windowsservercore-ltsc2022/Dockerfile | 10 +++++----- 16 files changed, 60 insertions(+), 28 deletions(-) diff --git a/11/jdk/ubi/ubi9-minimal/Dockerfile b/11/jdk/ubi/ubi9-minimal/Dockerfile index 9057dbf97..79caca7a2 100644 --- a/11/jdk/ubi/ubi9-minimal/Dockerfile +++ b/11/jdk/ubi/ubi9-minimal/Dockerfile @@ -53,6 +53,10 @@ RUN set -eux; \ ESUM='f2087cc3abdd509b74facf8e43e81e36244d14c70dec080b8f3a662695417ca7'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.25_9.tar.gz'; \ ;; \ + ppc64le) \ + ESUM='0014ffdae26d2b8f840b4842e3f9d4edc3576b4a961770708273d8ecc86ba5b6'; \ + BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_ppc64le_linux_hotspot_11.0.25_9.tar.gz'; \ + ;; \ x86_64) \ ESUM='191baa2e052627614022171400a917d28f0987dc54da48aaf07b06f552bb9884'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_x64_linux_hotspot_11.0.25_9.tar.gz'; \ diff --git a/11/jdk/ubuntu/focal/Dockerfile b/11/jdk/ubuntu/focal/Dockerfile index 8d9efb712..9a0065801 100644 --- a/11/jdk/ubuntu/focal/Dockerfile +++ b/11/jdk/ubuntu/focal/Dockerfile @@ -59,6 +59,10 @@ RUN set -eux; \ ESUM='f2087cc3abdd509b74facf8e43e81e36244d14c70dec080b8f3a662695417ca7'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.25_9.tar.gz'; \ ;; \ + ppc64el) \ + ESUM='0014ffdae26d2b8f840b4842e3f9d4edc3576b4a961770708273d8ecc86ba5b6'; \ + BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_ppc64le_linux_hotspot_11.0.25_9.tar.gz'; \ + ;; \ *) \ echo "Unsupported arch: ${ARCH}"; \ exit 1; \ diff --git a/11/jdk/ubuntu/jammy/Dockerfile b/11/jdk/ubuntu/jammy/Dockerfile index 0abc5200d..5f716a0d3 100644 --- a/11/jdk/ubuntu/jammy/Dockerfile +++ b/11/jdk/ubuntu/jammy/Dockerfile @@ -59,6 +59,10 @@ RUN set -eux; \ ESUM='f2087cc3abdd509b74facf8e43e81e36244d14c70dec080b8f3a662695417ca7'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.25_9.tar.gz'; \ ;; \ + ppc64el) \ + ESUM='0014ffdae26d2b8f840b4842e3f9d4edc3576b4a961770708273d8ecc86ba5b6'; \ + BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_ppc64le_linux_hotspot_11.0.25_9.tar.gz'; \ + ;; \ *) \ echo "Unsupported arch: ${ARCH}"; \ exit 1; \ diff --git a/11/jdk/ubuntu/noble/Dockerfile b/11/jdk/ubuntu/noble/Dockerfile index 0427f41bf..afd588b4b 100644 --- a/11/jdk/ubuntu/noble/Dockerfile +++ b/11/jdk/ubuntu/noble/Dockerfile @@ -59,6 +59,10 @@ RUN set -eux; \ ESUM='f2087cc3abdd509b74facf8e43e81e36244d14c70dec080b8f3a662695417ca7'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.25_9.tar.gz'; \ ;; \ + ppc64el) \ + ESUM='0014ffdae26d2b8f840b4842e3f9d4edc3576b4a961770708273d8ecc86ba5b6'; \ + BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_ppc64le_linux_hotspot_11.0.25_9.tar.gz'; \ + ;; \ *) \ echo "Unsupported arch: ${ARCH}"; \ exit 1; \ diff --git a/11/jre/ubi/ubi9-minimal/Dockerfile b/11/jre/ubi/ubi9-minimal/Dockerfile index dbf077cf0..c31954624 100644 --- a/11/jre/ubi/ubi9-minimal/Dockerfile +++ b/11/jre/ubi/ubi9-minimal/Dockerfile @@ -53,6 +53,10 @@ RUN set -eux; \ ESUM='e37ba6636e31f3c9191ac7e3fd0ab7fb354a2f3b320d68bfb95efd1e053134c9'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_aarch64_linux_hotspot_11.0.25_9.tar.gz'; \ ;; \ + ppc64le) \ + ESUM='7e7edaf34c29c304514d60f40f6c9ce58eb3e32b0dec20bb6ccd1cfbb4456698'; \ + BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_ppc64le_linux_hotspot_11.0.25_9.tar.gz'; \ + ;; \ x86_64) \ ESUM='84cd7101f39172a4db085fb52940595bb14dad6bc3afb5bf82ee497eceaf86d3'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_x64_linux_hotspot_11.0.25_9.tar.gz'; \ diff --git a/11/jre/ubuntu/focal/Dockerfile b/11/jre/ubuntu/focal/Dockerfile index 31b42761e..cf18700a4 100644 --- a/11/jre/ubuntu/focal/Dockerfile +++ b/11/jre/ubuntu/focal/Dockerfile @@ -59,6 +59,10 @@ RUN set -eux; \ ESUM='e37ba6636e31f3c9191ac7e3fd0ab7fb354a2f3b320d68bfb95efd1e053134c9'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_aarch64_linux_hotspot_11.0.25_9.tar.gz'; \ ;; \ + ppc64el) \ + ESUM='7e7edaf34c29c304514d60f40f6c9ce58eb3e32b0dec20bb6ccd1cfbb4456698'; \ + BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_ppc64le_linux_hotspot_11.0.25_9.tar.gz'; \ + ;; \ *) \ echo "Unsupported arch: ${ARCH}"; \ exit 1; \ diff --git a/11/jre/ubuntu/jammy/Dockerfile b/11/jre/ubuntu/jammy/Dockerfile index 36e75dae5..765092893 100644 --- a/11/jre/ubuntu/jammy/Dockerfile +++ b/11/jre/ubuntu/jammy/Dockerfile @@ -59,6 +59,10 @@ RUN set -eux; \ ESUM='e37ba6636e31f3c9191ac7e3fd0ab7fb354a2f3b320d68bfb95efd1e053134c9'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_aarch64_linux_hotspot_11.0.25_9.tar.gz'; \ ;; \ + ppc64el) \ + ESUM='7e7edaf34c29c304514d60f40f6c9ce58eb3e32b0dec20bb6ccd1cfbb4456698'; \ + BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_ppc64le_linux_hotspot_11.0.25_9.tar.gz'; \ + ;; \ *) \ echo "Unsupported arch: ${ARCH}"; \ exit 1; \ diff --git a/11/jre/ubuntu/noble/Dockerfile b/11/jre/ubuntu/noble/Dockerfile index 62899b379..3351bc0e8 100644 --- a/11/jre/ubuntu/noble/Dockerfile +++ b/11/jre/ubuntu/noble/Dockerfile @@ -59,6 +59,10 @@ RUN set -eux; \ ESUM='e37ba6636e31f3c9191ac7e3fd0ab7fb354a2f3b320d68bfb95efd1e053134c9'; \ BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_aarch64_linux_hotspot_11.0.25_9.tar.gz'; \ ;; \ + ppc64el) \ + ESUM='7e7edaf34c29c304514d60f40f6c9ce58eb3e32b0dec20bb6ccd1cfbb4456698'; \ + BINARY_URL='https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_ppc64le_linux_hotspot_11.0.25_9.tar.gz'; \ + ;; \ *) \ echo "Unsupported arch: ${ARCH}"; \ exit 1; \ diff --git a/8/jdk/windows/nanoserver-1809/Dockerfile b/8/jdk/windows/nanoserver-1809/Dockerfile index f5069d5ee..0d2397783 100644 --- a/8/jdk/windows/nanoserver-1809/Dockerfile +++ b/8/jdk/windows/nanoserver-1809/Dockerfile @@ -21,7 +21,7 @@ FROM mcr.microsoft.com/windows/nanoserver:1809 SHELL ["cmd", "/s", "/c"] -ENV JAVA_VERSION=jdk8u422-b05 +ENV JAVA_VERSION=jdk8u432-b06 ENV JAVA_HOME C:\\openjdk-8 # "ERROR: Access to the registry path is denied." @@ -31,7 +31,7 @@ RUN echo Updating PATH: %JAVA_HOME%\bin;%PATH% \ && echo Complete. USER ContainerUser -COPY --from=eclipse-temurin:8u422-b05-jdk-windowsservercore-1809 $JAVA_HOME $JAVA_HOME +COPY --from=eclipse-temurin:8u432-b06-jdk-windowsservercore-1809 $JAVA_HOME $JAVA_HOME RUN echo Verifying install ... \ && echo javac -version && javac -version \ diff --git a/8/jdk/windows/nanoserver-ltsc2022/Dockerfile b/8/jdk/windows/nanoserver-ltsc2022/Dockerfile index 6933b6e79..ab8a5030e 100644 --- a/8/jdk/windows/nanoserver-ltsc2022/Dockerfile +++ b/8/jdk/windows/nanoserver-ltsc2022/Dockerfile @@ -21,7 +21,7 @@ FROM mcr.microsoft.com/windows/nanoserver:ltsc2022 SHELL ["cmd", "/s", "/c"] -ENV JAVA_VERSION=jdk8u422-b05 +ENV JAVA_VERSION=jdk8u432-b06 ENV JAVA_HOME C:\\openjdk-8 # "ERROR: Access to the registry path is denied." @@ -31,7 +31,7 @@ RUN echo Updating PATH: %JAVA_HOME%\bin;%PATH% \ && echo Complete. USER ContainerUser -COPY --from=eclipse-temurin:8u422-b05-jdk-windowsservercore-ltsc2022 $JAVA_HOME $JAVA_HOME +COPY --from=eclipse-temurin:8u432-b06-jdk-windowsservercore-ltsc2022 $JAVA_HOME $JAVA_HOME RUN echo Verifying install ... \ && echo javac -version && javac -version \ diff --git a/8/jdk/windows/windowsservercore-1809/Dockerfile b/8/jdk/windows/windowsservercore-1809/Dockerfile index d6feaeb4b..3c781bccb 100644 --- a/8/jdk/windows/windowsservercore-1809/Dockerfile +++ b/8/jdk/windows/windowsservercore-1809/Dockerfile @@ -22,12 +22,12 @@ FROM mcr.microsoft.com/windows/servercore:1809 # $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] -ENV JAVA_VERSION=jdk8u422-b05 +ENV JAVA_VERSION=jdk8u432-b06 -RUN Write-Host ('Downloading https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u422-b05/OpenJDK8U-jdk_x64_windows_hotspot_8u422b05.msi ...'); \ - curl.exe -LfsSo openjdk.msi https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u422-b05/OpenJDK8U-jdk_x64_windows_hotspot_8u422b05.msi ; \ - Write-Host ('Verifying sha256 (9944b308061827c8ad26bedd573eac334c12eaa72c8b7f5ee73a5795e7710204) ...'); \ - if ((Get-FileHash openjdk.msi -Algorithm sha256).Hash -ne '9944b308061827c8ad26bedd573eac334c12eaa72c8b7f5ee73a5795e7710204') { \ +RUN Write-Host ('Downloading https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jdk_x64_windows_hotspot_8u432b06.msi ...'); \ + curl.exe -LfsSo openjdk.msi https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jdk_x64_windows_hotspot_8u432b06.msi ; \ + Write-Host ('Verifying sha256 (c9280205858928756374d930d4b539c59b1cb470425d2cf300b943c56efe4d86) ...'); \ + if ((Get-FileHash openjdk.msi -Algorithm sha256).Hash -ne 'c9280205858928756374d930d4b539c59b1cb470425d2cf300b943c56efe4d86') { \ Write-Host 'FAILED!'; \ exit 1; \ }; \ diff --git a/8/jdk/windows/windowsservercore-ltsc2022/Dockerfile b/8/jdk/windows/windowsservercore-ltsc2022/Dockerfile index c4ae0cd7c..1a0c7eea5 100644 --- a/8/jdk/windows/windowsservercore-ltsc2022/Dockerfile +++ b/8/jdk/windows/windowsservercore-ltsc2022/Dockerfile @@ -22,12 +22,12 @@ FROM mcr.microsoft.com/windows/servercore:ltsc2022 # $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] -ENV JAVA_VERSION=jdk8u422-b05 +ENV JAVA_VERSION=jdk8u432-b06 -RUN Write-Host ('Downloading https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u422-b05/OpenJDK8U-jdk_x64_windows_hotspot_8u422b05.msi ...'); \ - curl.exe -LfsSo openjdk.msi https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u422-b05/OpenJDK8U-jdk_x64_windows_hotspot_8u422b05.msi ; \ - Write-Host ('Verifying sha256 (9944b308061827c8ad26bedd573eac334c12eaa72c8b7f5ee73a5795e7710204) ...'); \ - if ((Get-FileHash openjdk.msi -Algorithm sha256).Hash -ne '9944b308061827c8ad26bedd573eac334c12eaa72c8b7f5ee73a5795e7710204') { \ +RUN Write-Host ('Downloading https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jdk_x64_windows_hotspot_8u432b06.msi ...'); \ + curl.exe -LfsSo openjdk.msi https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jdk_x64_windows_hotspot_8u432b06.msi ; \ + Write-Host ('Verifying sha256 (c9280205858928756374d930d4b539c59b1cb470425d2cf300b943c56efe4d86) ...'); \ + if ((Get-FileHash openjdk.msi -Algorithm sha256).Hash -ne 'c9280205858928756374d930d4b539c59b1cb470425d2cf300b943c56efe4d86') { \ Write-Host 'FAILED!'; \ exit 1; \ }; \ diff --git a/8/jre/windows/nanoserver-1809/Dockerfile b/8/jre/windows/nanoserver-1809/Dockerfile index beeb0644d..019b07099 100644 --- a/8/jre/windows/nanoserver-1809/Dockerfile +++ b/8/jre/windows/nanoserver-1809/Dockerfile @@ -21,7 +21,7 @@ FROM mcr.microsoft.com/windows/nanoserver:1809 SHELL ["cmd", "/s", "/c"] -ENV JAVA_VERSION=jdk8u422-b05 +ENV JAVA_VERSION=jdk8u432-b06 ENV JAVA_HOME C:\\openjdk-8 # "ERROR: Access to the registry path is denied." @@ -31,7 +31,7 @@ RUN echo Updating PATH: %JAVA_HOME%\bin;%PATH% \ && echo Complete. USER ContainerUser -COPY --from=eclipse-temurin:8u422-b05-jre-windowsservercore-1809 $JAVA_HOME $JAVA_HOME +COPY --from=eclipse-temurin:8u432-b06-jre-windowsservercore-1809 $JAVA_HOME $JAVA_HOME RUN echo Verifying install ... \ && echo java -version && java -version \ diff --git a/8/jre/windows/nanoserver-ltsc2022/Dockerfile b/8/jre/windows/nanoserver-ltsc2022/Dockerfile index 9ea4aa23b..82fae8d56 100644 --- a/8/jre/windows/nanoserver-ltsc2022/Dockerfile +++ b/8/jre/windows/nanoserver-ltsc2022/Dockerfile @@ -21,7 +21,7 @@ FROM mcr.microsoft.com/windows/nanoserver:ltsc2022 SHELL ["cmd", "/s", "/c"] -ENV JAVA_VERSION=jdk8u422-b05 +ENV JAVA_VERSION=jdk8u432-b06 ENV JAVA_HOME C:\\openjdk-8 # "ERROR: Access to the registry path is denied." @@ -31,7 +31,7 @@ RUN echo Updating PATH: %JAVA_HOME%\bin;%PATH% \ && echo Complete. USER ContainerUser -COPY --from=eclipse-temurin:8u422-b05-jre-windowsservercore-ltsc2022 $JAVA_HOME $JAVA_HOME +COPY --from=eclipse-temurin:8u432-b06-jre-windowsservercore-ltsc2022 $JAVA_HOME $JAVA_HOME RUN echo Verifying install ... \ && echo java -version && java -version \ diff --git a/8/jre/windows/windowsservercore-1809/Dockerfile b/8/jre/windows/windowsservercore-1809/Dockerfile index 93c4c4f41..f5b9a4396 100644 --- a/8/jre/windows/windowsservercore-1809/Dockerfile +++ b/8/jre/windows/windowsservercore-1809/Dockerfile @@ -22,12 +22,12 @@ FROM mcr.microsoft.com/windows/servercore:1809 # $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] -ENV JAVA_VERSION=jdk8u422-b05 +ENV JAVA_VERSION=jdk8u432-b06 -RUN Write-Host ('Downloading https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u422-b05/OpenJDK8U-jre_x64_windows_hotspot_8u422b05.msi ...'); \ - curl.exe -LfsSo openjdk.msi https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u422-b05/OpenJDK8U-jre_x64_windows_hotspot_8u422b05.msi ; \ - Write-Host ('Verifying sha256 (6a53b2e2e0eee6b238d79999e4de2fac70efc03922d48ea6d1007f50e7c11307) ...'); \ - if ((Get-FileHash openjdk.msi -Algorithm sha256).Hash -ne '6a53b2e2e0eee6b238d79999e4de2fac70efc03922d48ea6d1007f50e7c11307') { \ +RUN Write-Host ('Downloading https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jre_x64_windows_hotspot_8u432b06.msi ...'); \ + curl.exe -LfsSo openjdk.msi https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jre_x64_windows_hotspot_8u432b06.msi ; \ + Write-Host ('Verifying sha256 (34801770278c26045517fc1851396d7bf66c7c32fa6f9965b968d55adbebda4b) ...'); \ + if ((Get-FileHash openjdk.msi -Algorithm sha256).Hash -ne '34801770278c26045517fc1851396d7bf66c7c32fa6f9965b968d55adbebda4b') { \ Write-Host 'FAILED!'; \ exit 1; \ }; \ diff --git a/8/jre/windows/windowsservercore-ltsc2022/Dockerfile b/8/jre/windows/windowsservercore-ltsc2022/Dockerfile index 096ccd558..2576cc19e 100644 --- a/8/jre/windows/windowsservercore-ltsc2022/Dockerfile +++ b/8/jre/windows/windowsservercore-ltsc2022/Dockerfile @@ -22,12 +22,12 @@ FROM mcr.microsoft.com/windows/servercore:ltsc2022 # $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] -ENV JAVA_VERSION=jdk8u422-b05 +ENV JAVA_VERSION=jdk8u432-b06 -RUN Write-Host ('Downloading https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u422-b05/OpenJDK8U-jre_x64_windows_hotspot_8u422b05.msi ...'); \ - curl.exe -LfsSo openjdk.msi https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u422-b05/OpenJDK8U-jre_x64_windows_hotspot_8u422b05.msi ; \ - Write-Host ('Verifying sha256 (6a53b2e2e0eee6b238d79999e4de2fac70efc03922d48ea6d1007f50e7c11307) ...'); \ - if ((Get-FileHash openjdk.msi -Algorithm sha256).Hash -ne '6a53b2e2e0eee6b238d79999e4de2fac70efc03922d48ea6d1007f50e7c11307') { \ +RUN Write-Host ('Downloading https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jre_x64_windows_hotspot_8u432b06.msi ...'); \ + curl.exe -LfsSo openjdk.msi https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jre_x64_windows_hotspot_8u432b06.msi ; \ + Write-Host ('Verifying sha256 (34801770278c26045517fc1851396d7bf66c7c32fa6f9965b968d55adbebda4b) ...'); \ + if ((Get-FileHash openjdk.msi -Algorithm sha256).Hash -ne '34801770278c26045517fc1851396d7bf66c7c32fa6f9965b968d55adbebda4b') { \ Write-Host 'FAILED!'; \ exit 1; \ }; \