From 572682ed1cb951ab8d978e8015e4a910093db920 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 16 Jul 2019 16:32:52 -0700 Subject: [PATCH] Add 11-jre variants --- 11/jre/Dockerfile | 93 ++++++++++++++++++ 11/jre/slim/Dockerfile | 97 +++++++++++++++++++ .../windows/windowsservercore-1803/Dockerfile | 39 ++++++++ .../windows/windowsservercore-1809/Dockerfile | 39 ++++++++ .../windowsservercore-ltsc2016/Dockerfile | 39 ++++++++ 5 files changed, 307 insertions(+) create mode 100644 11/jre/Dockerfile create mode 100644 11/jre/slim/Dockerfile create mode 100644 11/jre/windows/windowsservercore-1803/Dockerfile create mode 100644 11/jre/windows/windowsservercore-1809/Dockerfile create mode 100644 11/jre/windows/windowsservercore-ltsc2016/Dockerfile diff --git a/11/jre/Dockerfile b/11/jre/Dockerfile new file mode 100644 index 00000000..0e538325 --- /dev/null +++ b/11/jre/Dockerfile @@ -0,0 +1,93 @@ +FROM buildpack-deps:stretch-curl + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + bzip2 \ + unzip \ + xz-utils \ + \ +# utilities for keeping Debian and OpenJDK CA certificates in sync + ca-certificates p11-kit \ + \ +# java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory +# java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager +# https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 + fontconfig libfreetype6 \ + ; \ + rm -rf /var/lib/apt/lists/* + +# Default to UTF-8 file.encoding +ENV LANG C.UTF-8 + +ENV JAVA_HOME /usr/local/openjdk-11 +ENV PATH $JAVA_HOME/bin:$PATH + +# backwards compatibility shim +RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] + +# https://adoptopenjdk.net/upstream.html +ENV JAVA_VERSION 11.0.4 +ENV JAVA_BASE_URL https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.4%2B11/OpenJDK11U-jre_ +ENV JAVA_URL_VERSION 11.0.4_11 +# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 + +RUN set -eux; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ + amd64) upstreamArch='x64' ;; \ + arm64) upstreamArch='aarch64' ;; \ + *) echo >&2 "error: unsupported architecture: $dpkgArch" ;; \ + esac; \ + \ + wget -O openjdk.tgz.asc "${JAVA_BASE_URL}${upstreamArch}_linux_${JAVA_URL_VERSION}.tar.gz.sign"; \ + wget -O openjdk.tgz "${JAVA_BASE_URL}${upstreamArch}_linux_${JAVA_URL_VERSION}.tar.gz" --progress=dot:giga; \ + \ + export GNUPGHOME="$(mktemp -d)"; \ +# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ +# https://github.com/docker-library/openjdk/pull/322#discussion_r286839190 + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ + gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F | grep '0xA5CD6035332FA671' | grep 'Andrew Haley'; \ + gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ + mkdir -p "$JAVA_HOME"; \ + tar --extract \ + --file openjdk.tgz \ + --directory "$JAVA_HOME" \ + --strip-components 1 \ + --no-same-owner \ + ; \ + rm openjdk.tgz*; \ + \ +# TODO strip "demo" and "man" folders? + \ +# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) +# see https://github.com/docker-library/openjdk/issues/327 +# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 +# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in +# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 + { \ + echo '#!/usr/bin/env bash'; \ + echo 'set -Eeuo pipefail'; \ + echo 'if ! [ -d "$JAVA_HOME" ]; then echo >&2 "error: missing JAVA_HOME environment variable"; exit 1; fi'; \ +# 8-jdk uses "$JAVA_HOME/jre/lib/security/cacerts" and 8-jre and 11+ uses "$JAVA_HOME/lib/security/cacerts" directly (no "jre" directory) + echo 'cacertsFile=; for f in "$JAVA_HOME/lib/security/cacerts" "$JAVA_HOME/jre/lib/security/cacerts"; do if [ -e "$f" ]; then cacertsFile="$f"; break; fi; done'; \ + echo 'if [ -z "$cacertsFile" ] || ! [ -f "$cacertsFile" ]; then echo >&2 "error: failed to find cacerts file in $JAVA_HOME"; exit 1; fi'; \ + echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$cacertsFile"'; \ + } > /etc/ca-certificates/update.d/docker-openjdk; \ + chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ + /etc/ca-certificates/update.d/docker-openjdk; \ + \ +# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 + find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ + ldconfig; \ + \ +# basic smoke test + java --version + +# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) +CMD ["jshell"] diff --git a/11/jre/slim/Dockerfile b/11/jre/slim/Dockerfile new file mode 100644 index 00000000..8ba124d8 --- /dev/null +++ b/11/jre/slim/Dockerfile @@ -0,0 +1,97 @@ +FROM debian:buster-slim + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# utilities for keeping Debian and OpenJDK CA certificates in sync + ca-certificates p11-kit \ + ; \ + rm -rf /var/lib/apt/lists/* + +# Default to UTF-8 file.encoding +ENV LANG C.UTF-8 + +ENV JAVA_HOME /usr/local/openjdk-11 +ENV PATH $JAVA_HOME/bin:$PATH + +# backwards compatibility shim +RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] + +# https://adoptopenjdk.net/upstream.html +ENV JAVA_VERSION 11.0.4 +ENV JAVA_BASE_URL https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.4%2B11/OpenJDK11U-jre_ +ENV JAVA_URL_VERSION 11.0.4_11 +# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 + +RUN set -eux; \ + \ + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ + amd64) upstreamArch='x64' ;; \ + arm64) upstreamArch='aarch64' ;; \ + *) echo >&2 "error: unsupported architecture: $dpkgArch" ;; \ + esac; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + dirmngr \ + gnupg \ + wget \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + wget -O openjdk.tgz.asc "${JAVA_BASE_URL}${upstreamArch}_linux_${JAVA_URL_VERSION}.tar.gz.sign"; \ + wget -O openjdk.tgz "${JAVA_BASE_URL}${upstreamArch}_linux_${JAVA_URL_VERSION}.tar.gz" --progress=dot:giga; \ + \ + export GNUPGHOME="$(mktemp -d)"; \ +# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ +# https://github.com/docker-library/openjdk/pull/322#discussion_r286839190 + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ + gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F | grep '0xA5CD6035332FA671' | grep 'Andrew Haley'; \ + gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ + mkdir -p "$JAVA_HOME"; \ + tar --extract \ + --file openjdk.tgz \ + --directory "$JAVA_HOME" \ + --strip-components 1 \ + --no-same-owner \ + ; \ + rm openjdk.tgz*; \ + \ +# TODO strip "demo" and "man" folders? + \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ +# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) +# see https://github.com/docker-library/openjdk/issues/327 +# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 +# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in +# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 + { \ + echo '#!/usr/bin/env bash'; \ + echo 'set -Eeuo pipefail'; \ + echo 'if ! [ -d "$JAVA_HOME" ]; then echo >&2 "error: missing JAVA_HOME environment variable"; exit 1; fi'; \ +# 8-jdk uses "$JAVA_HOME/jre/lib/security/cacerts" and 8-jre and 11+ uses "$JAVA_HOME/lib/security/cacerts" directly (no "jre" directory) + echo 'cacertsFile=; for f in "$JAVA_HOME/lib/security/cacerts" "$JAVA_HOME/jre/lib/security/cacerts"; do if [ -e "$f" ]; then cacertsFile="$f"; break; fi; done'; \ + echo 'if [ -z "$cacertsFile" ] || ! [ -f "$cacertsFile" ]; then echo >&2 "error: failed to find cacerts file in $JAVA_HOME"; exit 1; fi'; \ + echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$cacertsFile"'; \ + } > /etc/ca-certificates/update.d/docker-openjdk; \ + chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ + /etc/ca-certificates/update.d/docker-openjdk; \ + \ +# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 + find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ + ldconfig; \ + \ +# basic smoke test + java --version + +# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) +CMD ["jshell"] diff --git a/11/jre/windows/windowsservercore-1803/Dockerfile b/11/jre/windows/windowsservercore-1803/Dockerfile new file mode 100644 index 00000000..50eec7ab --- /dev/null +++ b/11/jre/windows/windowsservercore-1803/Dockerfile @@ -0,0 +1,39 @@ +FROM mcr.microsoft.com/windows/servercore:1803 + +# $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 +SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] + +ENV JAVA_HOME C:\\openjdk-11 +RUN $newPath = ('{0}\bin;{1}' -f $env:JAVA_HOME, $env:PATH); \ + Write-Host ('Updating PATH: {0}' -f $newPath); \ +# Nano Server does not have "[Environment]::SetEnvironmentVariable()" + setx /M PATH $newPath + +# https://adoptopenjdk.net/upstream.html +ENV JAVA_VERSION 11.0.4 +ENV JAVA_BASE_URL https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.4%2B11/OpenJDK11U-jre_ +ENV JAVA_URL_VERSION 11.0.4_11 +# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 + +RUN $url = ('{0}x64_windows_{1}.zip' -f $env:JAVA_BASE_URL, $env:JAVA_URL_VERSION); \ + Write-Host ('Downloading {0} ...' -f $url); \ + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ + Invoke-WebRequest -Uri $url -OutFile 'openjdk.zip'; \ +# TODO signature? checksum? + \ + Write-Host 'Expanding ...'; \ + New-Item -ItemType Directory -Path C:\temp | Out-Null; \ + Expand-Archive openjdk.zip -DestinationPath C:\temp; \ + Move-Item -Path C:\temp\* -Destination $env:JAVA_HOME; \ + Remove-Item C:\temp; \ + \ + Write-Host 'Removing ...'; \ + Remove-Item openjdk.zip -Force; \ + \ + Write-Host 'Verifying install ...'; \ + Write-Host ' java --version'; java --version; \ + \ + Write-Host 'Complete.' + +# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) +CMD ["jshell"] diff --git a/11/jre/windows/windowsservercore-1809/Dockerfile b/11/jre/windows/windowsservercore-1809/Dockerfile new file mode 100644 index 00000000..06f2505d --- /dev/null +++ b/11/jre/windows/windowsservercore-1809/Dockerfile @@ -0,0 +1,39 @@ +FROM mcr.microsoft.com/windows/servercore:1809 + +# $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 +SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] + +ENV JAVA_HOME C:\\openjdk-11 +RUN $newPath = ('{0}\bin;{1}' -f $env:JAVA_HOME, $env:PATH); \ + Write-Host ('Updating PATH: {0}' -f $newPath); \ +# Nano Server does not have "[Environment]::SetEnvironmentVariable()" + setx /M PATH $newPath + +# https://adoptopenjdk.net/upstream.html +ENV JAVA_VERSION 11.0.4 +ENV JAVA_BASE_URL https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.4%2B11/OpenJDK11U-jre_ +ENV JAVA_URL_VERSION 11.0.4_11 +# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 + +RUN $url = ('{0}x64_windows_{1}.zip' -f $env:JAVA_BASE_URL, $env:JAVA_URL_VERSION); \ + Write-Host ('Downloading {0} ...' -f $url); \ + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ + Invoke-WebRequest -Uri $url -OutFile 'openjdk.zip'; \ +# TODO signature? checksum? + \ + Write-Host 'Expanding ...'; \ + New-Item -ItemType Directory -Path C:\temp | Out-Null; \ + Expand-Archive openjdk.zip -DestinationPath C:\temp; \ + Move-Item -Path C:\temp\* -Destination $env:JAVA_HOME; \ + Remove-Item C:\temp; \ + \ + Write-Host 'Removing ...'; \ + Remove-Item openjdk.zip -Force; \ + \ + Write-Host 'Verifying install ...'; \ + Write-Host ' java --version'; java --version; \ + \ + Write-Host 'Complete.' + +# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) +CMD ["jshell"] diff --git a/11/jre/windows/windowsservercore-ltsc2016/Dockerfile b/11/jre/windows/windowsservercore-ltsc2016/Dockerfile new file mode 100644 index 00000000..6fb673a1 --- /dev/null +++ b/11/jre/windows/windowsservercore-ltsc2016/Dockerfile @@ -0,0 +1,39 @@ +FROM mcr.microsoft.com/windows/servercore:ltsc2016 + +# $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 +SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] + +ENV JAVA_HOME C:\\openjdk-11 +RUN $newPath = ('{0}\bin;{1}' -f $env:JAVA_HOME, $env:PATH); \ + Write-Host ('Updating PATH: {0}' -f $newPath); \ +# Nano Server does not have "[Environment]::SetEnvironmentVariable()" + setx /M PATH $newPath + +# https://adoptopenjdk.net/upstream.html +ENV JAVA_VERSION 11.0.4 +ENV JAVA_BASE_URL https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.4%2B11/OpenJDK11U-jre_ +ENV JAVA_URL_VERSION 11.0.4_11 +# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 + +RUN $url = ('{0}x64_windows_{1}.zip' -f $env:JAVA_BASE_URL, $env:JAVA_URL_VERSION); \ + Write-Host ('Downloading {0} ...' -f $url); \ + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ + Invoke-WebRequest -Uri $url -OutFile 'openjdk.zip'; \ +# TODO signature? checksum? + \ + Write-Host 'Expanding ...'; \ + New-Item -ItemType Directory -Path C:\temp | Out-Null; \ + Expand-Archive openjdk.zip -DestinationPath C:\temp; \ + Move-Item -Path C:\temp\* -Destination $env:JAVA_HOME; \ + Remove-Item C:\temp; \ + \ + Write-Host 'Removing ...'; \ + Remove-Item openjdk.zip -Force; \ + \ + Write-Host 'Verifying install ...'; \ + Write-Host ' java --version'; java --version; \ + \ + Write-Host 'Complete.' + +# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) +CMD ["jshell"]