add comments to dependencies for easier auditing

adoptium · Oct 25, 2023 · 90c7ef4 · 90c7ef4
1 parent fab1753
commit 90c7ef4
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 24 deletions.
diff --git a/docker_templates/centos.Dockerfile.j2 b/docker_templates/centos.Dockerfile.j2
@@ -4,8 +4,28 @@ FROM {{ base_image }}
 
 {% include 'partials/nix-env.j2' %}
 
-RUN yum install -y tzdata openssl curl wget ca-certificates fontconfig gzip tar {% if version|int >= 13 %}binutils {% endif %}\
-    && yum clean all
+RUN set -eux; \
+    yum install -y \
+    gzip \
+    tar \
+    {% if version|int < 22 -%}
+    # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255
+    curl \
+    {% endif -%}
+    wget \
+    tzdata \
+    openssl \
+    # utilities for keeping Ubuntu and OpenJDK CA certificates in sync
+    # https://github.com/adoptium/containers/issues/293
+    ca-certificates \
+    fontconfig \
+    {% if version|int >= 13 -%}
+    # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351
+    # Error: java.io.IOException: Cannot run program "objcopy": error=2, No such file or directory
+    binutils \
+    {% endif -%}
+    ; \
+    rm -rf /var/cache/yum
 
 ENV JAVA_VERSION {{ java_version }}
 

diff --git a/docker_templates/partials/multi-arch-install.j2 b/docker_templates/partials/multi-arch-install.j2
@@ -16,7 +16,7 @@
          exit 1; \
          ;; \
     esac; \
-    wget -O /tmp/openjdk.tar.gz ${BINARY_URL}; \
+    wget --progress=dot:giga -O /tmp/openjdk.tar.gz ${BINARY_URL}; \
     echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \
     mkdir -p "$JAVA_HOME"; \
     tar --extract \

diff --git a/docker_templates/partials/version-check.j2 b/docker_templates/partials/version-check.j2
@@ -1,19 +1,10 @@
-RUN {% if version|int >= 11 -%}
-    {% if os_family != "windows" -%}
-    set -eux; \
-    && echo Verifying install ... \
-    && fileEncoding="$(echo 'System.out.println(System.getProperty("file.encoding"))' | jshell -s -)"; [ "$fileEncoding" = 'UTF-8' ]; rm -rf ~/.java \
-    {% else -%}
-    echo Verifying install ... \
+RUN {% if os_family != "windows" %}set -eux; \
+    {% else %}{% endif %}echo "Verifying install ..."; \
+    {% if os_family != "windows" and version|int >= 11 -%}
+    fileEncoding="$(echo 'System.out.println(System.getProperty("file.encoding"))' | jshell -s -)"; [ "$fileEncoding" = 'UTF-8' ]; rm -rf ~/.java; \
     {% endif -%}
     {% if image_type == "jdk" -%}
-    && echo javac --version && javac --version \
+    echo javac {% if version|int >= 11 %}--{% else %}-{% endif %}version && javac {% if version|int >= 11 %}--{% else %}-{% endif %}version; \
     {% endif -%}
-    && echo java --version && java --version \
-    {% else -%}
-    {% if image_type == "jdk" -%}
-    && echo javac -version && javac -version \
-    {% endif -%}
-    && echo java -version && java -version \
-    {% endif -%}
-    && echo Complete.
+    echo java {% if version|int >= 11 %}--{% else %}-{% endif %}version && java {% if version|int >= 11 %}--{% else %}-{% endif %}version; \
+    echo "Complete."
diff --git a/docker_templates/ubuntu.Dockerfile.j2 b/docker_templates/ubuntu.Dockerfile.j2
@@ -4,11 +4,30 @@ FROM {{ base_image }}
 
 {% include 'partials/nix-env.j2' %}
 
-RUN apt-get update \
-    && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata curl wget ca-certificates fontconfig locales p11-kit {% if version|int >= 13 %}binutils {% endif %}\
-    && echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen \
-    && locale-gen en_US.UTF-8 \
-    && rm -rf /var/lib/apt/lists/*
+RUN set -eux; \
+    apt-get update; \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+    {% if version|int < 22 -%}
+    # curl required for historical reasons, see https://github.com/adoptium/containers/issues/255
+    curl \
+    {% endif -%}
+    wget \
+    fontconfig \
+    # utilities for keeping Ubuntu and OpenJDK CA certificates in sync
+    # https://github.com/adoptium/containers/issues/293
+    ca-certificates p11-kit \
+    {% if version|int >= 13 -%}
+    # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351
+    # Error: java.io.IOException: Cannot run program "objcopy": error=2, No such file or directory
+    binutils \
+    {% endif -%}
+    tzdata \
+    # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8
+    locales \
+    ; \
+    echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen; \
+    locale-gen en_US.UTF-8; \
+    rm -rf /var/lib/apt/lists/*
 
 ENV JAVA_VERSION {{ java_version }}