From d590af45eafdd1c1834c8609cdcbe4d5d5fe14fa Mon Sep 17 00:00:00 2001 From: George Adams Date: Thu, 25 Jan 2024 10:48:50 +0000 Subject: [PATCH 1/2] use bash entrypoint for Ubuntu --- docker_templates/scripts/entrypoint.ubuntu.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker_templates/scripts/entrypoint.ubuntu.sh b/docker_templates/scripts/entrypoint.ubuntu.sh index 8d496201e..562528611 120000 --- a/docker_templates/scripts/entrypoint.ubuntu.sh +++ b/docker_templates/scripts/entrypoint.ubuntu.sh @@ -1 +1 @@ -entrypoint.alpine-linux.sh \ No newline at end of file +entrypoint.ubi9-minimal.sh \ No newline at end of file From 9c89a3117308a4c713398ba5aa3553013da29b75 Mon Sep 17 00:00:00 2001 From: George Adams Date: Thu, 25 Jan 2024 10:55:41 +0000 Subject: [PATCH 2/2] updates --- 11/jdk/ubuntu/focal/entrypoint.sh | 10 +++--- 11/jdk/ubuntu/jammy/entrypoint.sh | 10 +++--- 11/jre/ubuntu/focal/entrypoint.sh | 10 +++--- 11/jre/ubuntu/jammy/entrypoint.sh | 10 +++--- 17/jdk/ubuntu/focal/entrypoint.sh | 10 +++--- 17/jdk/ubuntu/jammy/entrypoint.sh | 10 +++--- 17/jre/ubuntu/focal/entrypoint.sh | 10 +++--- 17/jre/ubuntu/jammy/entrypoint.sh | 10 +++--- 21/jdk/ubuntu/jammy/entrypoint.sh | 10 +++--- 21/jre/ubuntu/jammy/entrypoint.sh | 10 +++--- 8/jdk/ubuntu/focal/entrypoint.sh | 10 +++--- 8/jdk/ubuntu/jammy/entrypoint.sh | 10 +++--- 8/jre/ubuntu/focal/entrypoint.sh | 10 +++--- 8/jre/ubuntu/jammy/entrypoint.sh | 10 +++--- docker_templates/scripts/entrypoint.ubuntu.sh | 31 ++++++++++++++++++- 15 files changed, 100 insertions(+), 71 deletions(-) mode change 120000 => 100755 docker_templates/scripts/entrypoint.ubuntu.sh diff --git a/11/jdk/ubuntu/focal/entrypoint.sh b/11/jdk/ubuntu/focal/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/11/jdk/ubuntu/focal/entrypoint.sh +++ b/11/jdk/ubuntu/focal/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/11/jdk/ubuntu/jammy/entrypoint.sh b/11/jdk/ubuntu/jammy/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/11/jdk/ubuntu/jammy/entrypoint.sh +++ b/11/jdk/ubuntu/jammy/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/11/jre/ubuntu/focal/entrypoint.sh b/11/jre/ubuntu/focal/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/11/jre/ubuntu/focal/entrypoint.sh +++ b/11/jre/ubuntu/focal/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/11/jre/ubuntu/jammy/entrypoint.sh b/11/jre/ubuntu/jammy/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/11/jre/ubuntu/jammy/entrypoint.sh +++ b/11/jre/ubuntu/jammy/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/17/jdk/ubuntu/focal/entrypoint.sh b/17/jdk/ubuntu/focal/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/17/jdk/ubuntu/focal/entrypoint.sh +++ b/17/jdk/ubuntu/focal/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/17/jdk/ubuntu/jammy/entrypoint.sh b/17/jdk/ubuntu/jammy/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/17/jdk/ubuntu/jammy/entrypoint.sh +++ b/17/jdk/ubuntu/jammy/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/17/jre/ubuntu/focal/entrypoint.sh b/17/jre/ubuntu/focal/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/17/jre/ubuntu/focal/entrypoint.sh +++ b/17/jre/ubuntu/focal/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/17/jre/ubuntu/jammy/entrypoint.sh b/17/jre/ubuntu/jammy/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/17/jre/ubuntu/jammy/entrypoint.sh +++ b/17/jre/ubuntu/jammy/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/21/jdk/ubuntu/jammy/entrypoint.sh b/21/jdk/ubuntu/jammy/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/21/jdk/ubuntu/jammy/entrypoint.sh +++ b/21/jdk/ubuntu/jammy/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/21/jre/ubuntu/jammy/entrypoint.sh b/21/jre/ubuntu/jammy/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/21/jre/ubuntu/jammy/entrypoint.sh +++ b/21/jre/ubuntu/jammy/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/8/jdk/ubuntu/focal/entrypoint.sh b/8/jdk/ubuntu/focal/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/8/jdk/ubuntu/focal/entrypoint.sh +++ b/8/jdk/ubuntu/focal/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/8/jdk/ubuntu/jammy/entrypoint.sh b/8/jdk/ubuntu/jammy/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/8/jdk/ubuntu/jammy/entrypoint.sh +++ b/8/jdk/ubuntu/jammy/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/8/jre/ubuntu/focal/entrypoint.sh b/8/jre/ubuntu/focal/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/8/jre/ubuntu/focal/entrypoint.sh +++ b/8/jre/ubuntu/focal/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/8/jre/ubuntu/jammy/entrypoint.sh b/8/jre/ubuntu/jammy/entrypoint.sh index 029cade7e..dfcf546f9 100755 --- a/8/jre/ubuntu/jammy/entrypoint.sh +++ b/8/jre/ubuntu/jammy/entrypoint.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env sh -# Converted to POSIX shell to avoid the need for bash in the image +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details set -e @@ -9,15 +9,15 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the # system location, for whatever reason. - if [ -d /certificates ] && [ -n "$(ls -A /certificates 2>/dev/null)" ]; then + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then cp -a /certificates/* /usr/local/share/ca-certificates/ fi - CACERT="$JAVA_HOME/lib/security/cacerts" + CACERT=$JAVA_HOME/lib/security/cacerts # JDK8 puts its JRE in a subdirectory if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then - CACERT="$JAVA_HOME/jre/lib/security/cacerts" + CACERT=$JAVA_HOME/jre/lib/security/cacerts fi # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we diff --git a/docker_templates/scripts/entrypoint.ubuntu.sh b/docker_templates/scripts/entrypoint.ubuntu.sh deleted file mode 120000 index 562528611..000000000 --- a/docker_templates/scripts/entrypoint.ubuntu.sh +++ /dev/null @@ -1 +0,0 @@ -entrypoint.ubi9-minimal.sh \ No newline at end of file diff --git a/docker_templates/scripts/entrypoint.ubuntu.sh b/docker_templates/scripts/entrypoint.ubuntu.sh new file mode 100755 index 000000000..dfcf546f9 --- /dev/null +++ b/docker_templates/scripts/entrypoint.ubuntu.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash +# Sheband needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details + +set -e + +# Opt-in is only activated if the environment variable is set +if [ -n "$USE_SYSTEM_CA_CERTS" ]; then + + # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty. + # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the + # system location, for whatever reason. + if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then + cp -a /certificates/* /usr/local/share/ca-certificates/ + fi + + CACERT=$JAVA_HOME/lib/security/cacerts + + # JDK8 puts its JRE in a subdirectory + if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then + CACERT=$JAVA_HOME/jre/lib/security/cacerts + fi + + # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we + # might as well just generate the truststore and skip the hooks. + update-ca-certificates + + trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT" +fi + +exec "$@"