-
Notifications
You must be signed in to change notification settings - Fork 477
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
307 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
FROM buildpack-deps:stretch-curl | ||
|
||
RUN set -eux; \ | ||
apt-get update; \ | ||
apt-get install -y --no-install-recommends \ | ||
bzip2 \ | ||
unzip \ | ||
xz-utils \ | ||
\ | ||
# utilities for keeping Debian and OpenJDK CA certificates in sync | ||
ca-certificates p11-kit \ | ||
\ | ||
# java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory | ||
# java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager | ||
# https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 | ||
fontconfig libfreetype6 \ | ||
; \ | ||
rm -rf /var/lib/apt/lists/* | ||
|
||
# Default to UTF-8 file.encoding | ||
ENV LANG C.UTF-8 | ||
|
||
ENV JAVA_HOME /usr/local/openjdk-11 | ||
ENV PATH $JAVA_HOME/bin:$PATH | ||
|
||
# backwards compatibility shim | ||
RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] | ||
|
||
# https://adoptopenjdk.net/upstream.html | ||
ENV JAVA_VERSION 11.0.4 | ||
ENV JAVA_BASE_URL https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.4%2B11/OpenJDK11U-jre_ | ||
ENV JAVA_URL_VERSION 11.0.4_11 | ||
# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 | ||
|
||
RUN set -eux; \ | ||
\ | ||
dpkgArch="$(dpkg --print-architecture)"; \ | ||
case "$dpkgArch" in \ | ||
amd64) upstreamArch='x64' ;; \ | ||
arm64) upstreamArch='aarch64' ;; \ | ||
*) echo >&2 "error: unsupported architecture: $dpkgArch" ;; \ | ||
esac; \ | ||
\ | ||
wget -O openjdk.tgz.asc "${JAVA_BASE_URL}${upstreamArch}_linux_${JAVA_URL_VERSION}.tar.gz.sign"; \ | ||
wget -O openjdk.tgz "${JAVA_BASE_URL}${upstreamArch}_linux_${JAVA_URL_VERSION}.tar.gz" --progress=dot:giga; \ | ||
\ | ||
export GNUPGHOME="$(mktemp -d)"; \ | ||
# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? | ||
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ | ||
# https://github.com/docker-library/openjdk/pull/322#discussion_r286839190 | ||
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ | ||
gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F | grep '0xA5CD6035332FA671' | grep 'Andrew Haley'; \ | ||
gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ | ||
gpgconf --kill all; \ | ||
rm -rf "$GNUPGHOME"; \ | ||
\ | ||
mkdir -p "$JAVA_HOME"; \ | ||
tar --extract \ | ||
--file openjdk.tgz \ | ||
--directory "$JAVA_HOME" \ | ||
--strip-components 1 \ | ||
--no-same-owner \ | ||
; \ | ||
rm openjdk.tgz*; \ | ||
\ | ||
# TODO strip "demo" and "man" folders? | ||
\ | ||
# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) | ||
# see https://github.com/docker-library/openjdk/issues/327 | ||
# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 | ||
# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in | ||
# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 | ||
{ \ | ||
echo '#!/usr/bin/env bash'; \ | ||
echo 'set -Eeuo pipefail'; \ | ||
echo 'if ! [ -d "$JAVA_HOME" ]; then echo >&2 "error: missing JAVA_HOME environment variable"; exit 1; fi'; \ | ||
# 8-jdk uses "$JAVA_HOME/jre/lib/security/cacerts" and 8-jre and 11+ uses "$JAVA_HOME/lib/security/cacerts" directly (no "jre" directory) | ||
echo 'cacertsFile=; for f in "$JAVA_HOME/lib/security/cacerts" "$JAVA_HOME/jre/lib/security/cacerts"; do if [ -e "$f" ]; then cacertsFile="$f"; break; fi; done'; \ | ||
echo 'if [ -z "$cacertsFile" ] || ! [ -f "$cacertsFile" ]; then echo >&2 "error: failed to find cacerts file in $JAVA_HOME"; exit 1; fi'; \ | ||
echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$cacertsFile"'; \ | ||
} > /etc/ca-certificates/update.d/docker-openjdk; \ | ||
chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ | ||
/etc/ca-certificates/update.d/docker-openjdk; \ | ||
\ | ||
# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 | ||
find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ | ||
ldconfig; \ | ||
\ | ||
# basic smoke test | ||
java --version | ||
|
||
# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) | ||
CMD ["jshell"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
FROM debian:buster-slim | ||
|
||
RUN set -eux; \ | ||
apt-get update; \ | ||
apt-get install -y --no-install-recommends \ | ||
# utilities for keeping Debian and OpenJDK CA certificates in sync | ||
ca-certificates p11-kit \ | ||
; \ | ||
rm -rf /var/lib/apt/lists/* | ||
|
||
# Default to UTF-8 file.encoding | ||
ENV LANG C.UTF-8 | ||
|
||
ENV JAVA_HOME /usr/local/openjdk-11 | ||
ENV PATH $JAVA_HOME/bin:$PATH | ||
|
||
# backwards compatibility shim | ||
RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] | ||
|
||
# https://adoptopenjdk.net/upstream.html | ||
ENV JAVA_VERSION 11.0.4 | ||
ENV JAVA_BASE_URL https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.4%2B11/OpenJDK11U-jre_ | ||
ENV JAVA_URL_VERSION 11.0.4_11 | ||
# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 | ||
|
||
RUN set -eux; \ | ||
\ | ||
dpkgArch="$(dpkg --print-architecture)"; \ | ||
case "$dpkgArch" in \ | ||
amd64) upstreamArch='x64' ;; \ | ||
arm64) upstreamArch='aarch64' ;; \ | ||
*) echo >&2 "error: unsupported architecture: $dpkgArch" ;; \ | ||
esac; \ | ||
\ | ||
savedAptMark="$(apt-mark showmanual)"; \ | ||
apt-get update; \ | ||
apt-get install -y --no-install-recommends \ | ||
dirmngr \ | ||
gnupg \ | ||
wget \ | ||
; \ | ||
rm -rf /var/lib/apt/lists/*; \ | ||
\ | ||
wget -O openjdk.tgz.asc "${JAVA_BASE_URL}${upstreamArch}_linux_${JAVA_URL_VERSION}.tar.gz.sign"; \ | ||
wget -O openjdk.tgz "${JAVA_BASE_URL}${upstreamArch}_linux_${JAVA_URL_VERSION}.tar.gz" --progress=dot:giga; \ | ||
\ | ||
export GNUPGHOME="$(mktemp -d)"; \ | ||
# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? | ||
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ | ||
# https://github.com/docker-library/openjdk/pull/322#discussion_r286839190 | ||
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ | ||
gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F | grep '0xA5CD6035332FA671' | grep 'Andrew Haley'; \ | ||
gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ | ||
gpgconf --kill all; \ | ||
rm -rf "$GNUPGHOME"; \ | ||
\ | ||
mkdir -p "$JAVA_HOME"; \ | ||
tar --extract \ | ||
--file openjdk.tgz \ | ||
--directory "$JAVA_HOME" \ | ||
--strip-components 1 \ | ||
--no-same-owner \ | ||
; \ | ||
rm openjdk.tgz*; \ | ||
\ | ||
# TODO strip "demo" and "man" folders? | ||
\ | ||
apt-mark auto '.*' > /dev/null; \ | ||
[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ | ||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ | ||
\ | ||
# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) | ||
# see https://github.com/docker-library/openjdk/issues/327 | ||
# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 | ||
# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in | ||
# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 | ||
{ \ | ||
echo '#!/usr/bin/env bash'; \ | ||
echo 'set -Eeuo pipefail'; \ | ||
echo 'if ! [ -d "$JAVA_HOME" ]; then echo >&2 "error: missing JAVA_HOME environment variable"; exit 1; fi'; \ | ||
# 8-jdk uses "$JAVA_HOME/jre/lib/security/cacerts" and 8-jre and 11+ uses "$JAVA_HOME/lib/security/cacerts" directly (no "jre" directory) | ||
echo 'cacertsFile=; for f in "$JAVA_HOME/lib/security/cacerts" "$JAVA_HOME/jre/lib/security/cacerts"; do if [ -e "$f" ]; then cacertsFile="$f"; break; fi; done'; \ | ||
echo 'if [ -z "$cacertsFile" ] || ! [ -f "$cacertsFile" ]; then echo >&2 "error: failed to find cacerts file in $JAVA_HOME"; exit 1; fi'; \ | ||
echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$cacertsFile"'; \ | ||
} > /etc/ca-certificates/update.d/docker-openjdk; \ | ||
chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ | ||
/etc/ca-certificates/update.d/docker-openjdk; \ | ||
\ | ||
# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 | ||
find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ | ||
ldconfig; \ | ||
\ | ||
# basic smoke test | ||
java --version | ||
|
||
# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) | ||
CMD ["jshell"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
FROM mcr.microsoft.com/windows/servercore:1803 | ||
|
||
# $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 | ||
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] | ||
|
||
ENV JAVA_HOME C:\\openjdk-11 | ||
RUN $newPath = ('{0}\bin;{1}' -f $env:JAVA_HOME, $env:PATH); \ | ||
Write-Host ('Updating PATH: {0}' -f $newPath); \ | ||
# Nano Server does not have "[Environment]::SetEnvironmentVariable()" | ||
setx /M PATH $newPath | ||
|
||
# https://adoptopenjdk.net/upstream.html | ||
ENV JAVA_VERSION 11.0.4 | ||
ENV JAVA_BASE_URL https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.4%2B11/OpenJDK11U-jre_ | ||
ENV JAVA_URL_VERSION 11.0.4_11 | ||
# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 | ||
|
||
RUN $url = ('{0}x64_windows_{1}.zip' -f $env:JAVA_BASE_URL, $env:JAVA_URL_VERSION); \ | ||
Write-Host ('Downloading {0} ...' -f $url); \ | ||
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ | ||
Invoke-WebRequest -Uri $url -OutFile 'openjdk.zip'; \ | ||
# TODO signature? checksum? | ||
\ | ||
Write-Host 'Expanding ...'; \ | ||
New-Item -ItemType Directory -Path C:\temp | Out-Null; \ | ||
Expand-Archive openjdk.zip -DestinationPath C:\temp; \ | ||
Move-Item -Path C:\temp\* -Destination $env:JAVA_HOME; \ | ||
Remove-Item C:\temp; \ | ||
\ | ||
Write-Host 'Removing ...'; \ | ||
Remove-Item openjdk.zip -Force; \ | ||
\ | ||
Write-Host 'Verifying install ...'; \ | ||
Write-Host ' java --version'; java --version; \ | ||
\ | ||
Write-Host 'Complete.' | ||
|
||
# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) | ||
CMD ["jshell"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
FROM mcr.microsoft.com/windows/servercore:1809 | ||
|
||
# $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 | ||
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] | ||
|
||
ENV JAVA_HOME C:\\openjdk-11 | ||
RUN $newPath = ('{0}\bin;{1}' -f $env:JAVA_HOME, $env:PATH); \ | ||
Write-Host ('Updating PATH: {0}' -f $newPath); \ | ||
# Nano Server does not have "[Environment]::SetEnvironmentVariable()" | ||
setx /M PATH $newPath | ||
|
||
# https://adoptopenjdk.net/upstream.html | ||
ENV JAVA_VERSION 11.0.4 | ||
ENV JAVA_BASE_URL https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.4%2B11/OpenJDK11U-jre_ | ||
ENV JAVA_URL_VERSION 11.0.4_11 | ||
# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 | ||
|
||
RUN $url = ('{0}x64_windows_{1}.zip' -f $env:JAVA_BASE_URL, $env:JAVA_URL_VERSION); \ | ||
Write-Host ('Downloading {0} ...' -f $url); \ | ||
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ | ||
Invoke-WebRequest -Uri $url -OutFile 'openjdk.zip'; \ | ||
# TODO signature? checksum? | ||
\ | ||
Write-Host 'Expanding ...'; \ | ||
New-Item -ItemType Directory -Path C:\temp | Out-Null; \ | ||
Expand-Archive openjdk.zip -DestinationPath C:\temp; \ | ||
Move-Item -Path C:\temp\* -Destination $env:JAVA_HOME; \ | ||
Remove-Item C:\temp; \ | ||
\ | ||
Write-Host 'Removing ...'; \ | ||
Remove-Item openjdk.zip -Force; \ | ||
\ | ||
Write-Host 'Verifying install ...'; \ | ||
Write-Host ' java --version'; java --version; \ | ||
\ | ||
Write-Host 'Complete.' | ||
|
||
# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) | ||
CMD ["jshell"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
FROM mcr.microsoft.com/windows/servercore:ltsc2016 | ||
|
||
# $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 | ||
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] | ||
|
||
ENV JAVA_HOME C:\\openjdk-11 | ||
RUN $newPath = ('{0}\bin;{1}' -f $env:JAVA_HOME, $env:PATH); \ | ||
Write-Host ('Updating PATH: {0}' -f $newPath); \ | ||
# Nano Server does not have "[Environment]::SetEnvironmentVariable()" | ||
setx /M PATH $newPath | ||
|
||
# https://adoptopenjdk.net/upstream.html | ||
ENV JAVA_VERSION 11.0.4 | ||
ENV JAVA_BASE_URL https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.4%2B11/OpenJDK11U-jre_ | ||
ENV JAVA_URL_VERSION 11.0.4_11 | ||
# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 | ||
|
||
RUN $url = ('{0}x64_windows_{1}.zip' -f $env:JAVA_BASE_URL, $env:JAVA_URL_VERSION); \ | ||
Write-Host ('Downloading {0} ...' -f $url); \ | ||
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ | ||
Invoke-WebRequest -Uri $url -OutFile 'openjdk.zip'; \ | ||
# TODO signature? checksum? | ||
\ | ||
Write-Host 'Expanding ...'; \ | ||
New-Item -ItemType Directory -Path C:\temp | Out-Null; \ | ||
Expand-Archive openjdk.zip -DestinationPath C:\temp; \ | ||
Move-Item -Path C:\temp\* -Destination $env:JAVA_HOME; \ | ||
Remove-Item C:\temp; \ | ||
\ | ||
Write-Host 'Removing ...'; \ | ||
Remove-Item openjdk.zip -Force; \ | ||
\ | ||
Write-Host 'Verifying install ...'; \ | ||
Write-Host ' java --version'; java --version; \ | ||
\ | ||
Write-Host 'Complete.' | ||
|
||
# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) | ||
CMD ["jshell"] |