diff --git a/11/jdk/bullseye/Dockerfile b/11/jdk/bullseye/Dockerfile deleted file mode 100644 index 351c98bc..00000000 --- a/11/jdk/bullseye/Dockerfile +++ /dev/null @@ -1,115 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM buildpack-deps:bullseye-scm - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - bzip2 \ - unzip \ - xz-utils \ - \ -# java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory -# java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager -# https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - fontconfig libfreetype6 \ - \ -# utilities for keeping Debian and OpenJDK CA certificates in sync - ca-certificates p11-kit \ - ; \ - rm -rf /var/lib/apt/lists/* - -ENV JAVA_HOME /usr/local/openjdk-11 -RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 11.0.16 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(dpkg --print-architecture)"; \ - case "$arch" in \ - 'amd64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jdk_x64_linux_11.0.16_8.tar.gz'; \ - ;; \ - 'arm64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jdk_aarch64_linux_11.0.16_8.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; \ - wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ -# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) -# see https://github.com/docker-library/openjdk/issues/327 -# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 -# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in -# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 - { \ - echo '#!/usr/bin/env bash'; \ - echo 'set -Eeuo pipefail'; \ - echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/lib/security/cacerts"'; \ - } > /etc/ca-certificates/update.d/docker-openjdk; \ - chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ - /etc/ca-certificates/update.d/docker-openjdk; \ - \ -# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 - find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ - ldconfig; \ - \ -# https://github.com/docker-library/openjdk/issues/212#issuecomment-420979840 -# https://openjdk.java.net/jeps/341 - java -Xshare:dump; \ - \ -# basic smoke test - fileEncoding="$(echo 'System.out.println(System.getProperty("file.encoding"))' | jshell -s -)"; [ "$fileEncoding" = 'UTF-8' ]; rm -rf ~/.java; \ - javac --version; \ - java --version - -# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) -CMD ["jshell"] diff --git a/11/jdk/buster/Dockerfile b/11/jdk/buster/Dockerfile deleted file mode 100644 index 32ab87ba..00000000 --- a/11/jdk/buster/Dockerfile +++ /dev/null @@ -1,115 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM buildpack-deps:buster-scm - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - bzip2 \ - unzip \ - xz-utils \ - \ -# java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory -# java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager -# https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - fontconfig libfreetype6 \ - \ -# utilities for keeping Debian and OpenJDK CA certificates in sync - ca-certificates p11-kit \ - ; \ - rm -rf /var/lib/apt/lists/* - -ENV JAVA_HOME /usr/local/openjdk-11 -RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 11.0.16 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(dpkg --print-architecture)"; \ - case "$arch" in \ - 'amd64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jdk_x64_linux_11.0.16_8.tar.gz'; \ - ;; \ - 'arm64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jdk_aarch64_linux_11.0.16_8.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; \ - wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ -# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) -# see https://github.com/docker-library/openjdk/issues/327 -# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 -# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in -# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 - { \ - echo '#!/usr/bin/env bash'; \ - echo 'set -Eeuo pipefail'; \ - echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/lib/security/cacerts"'; \ - } > /etc/ca-certificates/update.d/docker-openjdk; \ - chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ - /etc/ca-certificates/update.d/docker-openjdk; \ - \ -# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 - find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ - ldconfig; \ - \ -# https://github.com/docker-library/openjdk/issues/212#issuecomment-420979840 -# https://openjdk.java.net/jeps/341 - java -Xshare:dump; \ - \ -# basic smoke test - fileEncoding="$(echo 'System.out.println(System.getProperty("file.encoding"))' | jshell -s -)"; [ "$fileEncoding" = 'UTF-8' ]; rm -rf ~/.java; \ - javac --version; \ - java --version - -# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) -CMD ["jshell"] diff --git a/11/jdk/oraclelinux7/Dockerfile b/11/jdk/oraclelinux7/Dockerfile deleted file mode 100644 index b17286d8..00000000 --- a/11/jdk/oraclelinux7/Dockerfile +++ /dev/null @@ -1,107 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM oraclelinux:7-slim - -RUN set -eux; \ -# https://unix.stackexchange.com/a/477127/153467 - yum install -y --setopt=skip_missing_names_on_install=False \ - gzip \ - tar \ - \ -# jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 -# Error: java.io.IOException: Cannot run program "objcopy": error=2, No such file or directory - binutils \ -# java.lang.UnsatisfiedLinkError: /usr/java/openjdk-12/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory -# https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - freetype fontconfig \ - ; \ - rm -rf /var/cache/yum - -ENV JAVA_HOME /usr/java/openjdk-11 -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG en_US.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 11.0.16 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(objdump="$(command -v objdump)" && objdump --file-headers "$objdump" | awk -F '[:,]+[[:space:]]+' '$1 == "architecture" { print $2 }')"; \ - case "$arch" in \ - 'i386:x86-64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jdk_x64_linux_11.0.16_8.tar.gz'; \ - ;; \ - 'aarch64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jdk_aarch64_linux_11.0.16_8.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - curl -fL -o openjdk.tgz "$downloadUrl"; \ - curl -fL -o openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ - rm -rf "$JAVA_HOME/lib/security/cacerts"; \ -# see "update-ca-trust" script which creates/maintains this cacerts bundle - ln -sT /etc/pki/ca-trust/extracted/java/cacerts "$JAVA_HOME/lib/security/cacerts"; \ - \ -# https://github.com/oracle/docker-images/blob/a56e0d1ed968ff669d2e2ba8a1483d0f3acc80c0/OracleJava/java-8/Dockerfile#L17-L19 - ln -sfT "$JAVA_HOME" /usr/java/default; \ - ln -sfT "$JAVA_HOME" /usr/java/latest; \ - for bin in "$JAVA_HOME/bin/"*; do \ - base="$(basename "$bin")"; \ - [ ! -e "/usr/bin/$base" ]; \ - alternatives --install "/usr/bin/$base" "$base" "$bin" 20000; \ - done; \ - \ -# https://github.com/docker-library/openjdk/issues/212#issuecomment-420979840 -# https://openjdk.java.net/jeps/341 - java -Xshare:dump; \ - \ -# basic smoke test - fileEncoding="$(echo 'System.out.println(System.getProperty("file.encoding"))' | jshell -s -)"; [ "$fileEncoding" = 'UTF-8' ]; rm -rf ~/.java; \ - javac --version; \ - java --version - -# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) -CMD ["jshell"] diff --git a/11/jdk/oraclelinux8/Dockerfile b/11/jdk/oraclelinux8/Dockerfile deleted file mode 100644 index c83b8bc1..00000000 --- a/11/jdk/oraclelinux8/Dockerfile +++ /dev/null @@ -1,106 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM oraclelinux:8-slim - -RUN set -eux; \ - microdnf install \ - gzip \ - tar \ - \ -# jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 -# Error: java.io.IOException: Cannot run program "objcopy": error=2, No such file or directory - binutils \ -# java.lang.UnsatisfiedLinkError: /usr/java/openjdk-12/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory -# https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - freetype fontconfig \ - ; \ - microdnf clean all - -ENV JAVA_HOME /usr/java/openjdk-11 -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 11.0.16 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(objdump="$(command -v objdump)" && objdump --file-headers "$objdump" | awk -F '[:,]+[[:space:]]+' '$1 == "architecture" { print $2 }')"; \ - case "$arch" in \ - 'i386:x86-64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jdk_x64_linux_11.0.16_8.tar.gz'; \ - ;; \ - 'aarch64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jdk_aarch64_linux_11.0.16_8.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - curl -fL -o openjdk.tgz "$downloadUrl"; \ - curl -fL -o openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ - rm -rf "$JAVA_HOME/lib/security/cacerts"; \ -# see "update-ca-trust" script which creates/maintains this cacerts bundle - ln -sT /etc/pki/ca-trust/extracted/java/cacerts "$JAVA_HOME/lib/security/cacerts"; \ - \ -# https://github.com/oracle/docker-images/blob/a56e0d1ed968ff669d2e2ba8a1483d0f3acc80c0/OracleJava/java-8/Dockerfile#L17-L19 - ln -sfT "$JAVA_HOME" /usr/java/default; \ - ln -sfT "$JAVA_HOME" /usr/java/latest; \ - for bin in "$JAVA_HOME/bin/"*; do \ - base="$(basename "$bin")"; \ - [ ! -e "/usr/bin/$base" ]; \ - alternatives --install "/usr/bin/$base" "$base" "$bin" 20000; \ - done; \ - \ -# https://github.com/docker-library/openjdk/issues/212#issuecomment-420979840 -# https://openjdk.java.net/jeps/341 - java -Xshare:dump; \ - \ -# basic smoke test - fileEncoding="$(echo 'System.out.println(System.getProperty("file.encoding"))' | jshell -s -)"; [ "$fileEncoding" = 'UTF-8' ]; rm -rf ~/.java; \ - javac --version; \ - java --version - -# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) -CMD ["jshell"] diff --git a/11/jdk/slim-bullseye/Dockerfile b/11/jdk/slim-bullseye/Dockerfile deleted file mode 100644 index 99d903d3..00000000 --- a/11/jdk/slim-bullseye/Dockerfile +++ /dev/null @@ -1,119 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bullseye-slim - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ -# utilities for keeping Debian and OpenJDK CA certificates in sync - ca-certificates p11-kit \ - ; \ - rm -rf /var/lib/apt/lists/* - -ENV JAVA_HOME /usr/local/openjdk-11 -RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 11.0.16 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(dpkg --print-architecture)"; \ - case "$arch" in \ - 'amd64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jdk_x64_linux_11.0.16_8.tar.gz'; \ - ;; \ - 'arm64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jdk_aarch64_linux_11.0.16_8.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - dirmngr \ - gnupg \ - wget \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; \ - wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - \ -# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) -# see https://github.com/docker-library/openjdk/issues/327 -# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 -# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in -# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 - { \ - echo '#!/usr/bin/env bash'; \ - echo 'set -Eeuo pipefail'; \ - echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/lib/security/cacerts"'; \ - } > /etc/ca-certificates/update.d/docker-openjdk; \ - chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ - /etc/ca-certificates/update.d/docker-openjdk; \ - \ -# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 - find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ - ldconfig; \ - \ -# https://github.com/docker-library/openjdk/issues/212#issuecomment-420979840 -# https://openjdk.java.net/jeps/341 - java -Xshare:dump; \ - \ -# basic smoke test - fileEncoding="$(echo 'System.out.println(System.getProperty("file.encoding"))' | jshell -s -)"; [ "$fileEncoding" = 'UTF-8' ]; rm -rf ~/.java; \ - javac --version; \ - java --version - -# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) -CMD ["jshell"] diff --git a/11/jdk/slim-buster/Dockerfile b/11/jdk/slim-buster/Dockerfile deleted file mode 100644 index 4b65c5dd..00000000 --- a/11/jdk/slim-buster/Dockerfile +++ /dev/null @@ -1,119 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:buster-slim - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ -# utilities for keeping Debian and OpenJDK CA certificates in sync - ca-certificates p11-kit \ - ; \ - rm -rf /var/lib/apt/lists/* - -ENV JAVA_HOME /usr/local/openjdk-11 -RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 11.0.16 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(dpkg --print-architecture)"; \ - case "$arch" in \ - 'amd64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jdk_x64_linux_11.0.16_8.tar.gz'; \ - ;; \ - 'arm64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jdk_aarch64_linux_11.0.16_8.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - dirmngr \ - gnupg \ - wget \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; \ - wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - \ -# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) -# see https://github.com/docker-library/openjdk/issues/327 -# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 -# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in -# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 - { \ - echo '#!/usr/bin/env bash'; \ - echo 'set -Eeuo pipefail'; \ - echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/lib/security/cacerts"'; \ - } > /etc/ca-certificates/update.d/docker-openjdk; \ - chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ - /etc/ca-certificates/update.d/docker-openjdk; \ - \ -# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 - find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ - ldconfig; \ - \ -# https://github.com/docker-library/openjdk/issues/212#issuecomment-420979840 -# https://openjdk.java.net/jeps/341 - java -Xshare:dump; \ - \ -# basic smoke test - fileEncoding="$(echo 'System.out.println(System.getProperty("file.encoding"))' | jshell -s -)"; [ "$fileEncoding" = 'UTF-8' ]; rm -rf ~/.java; \ - javac --version; \ - java --version - -# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) -CMD ["jshell"] diff --git a/11/jdk/windows/nanoserver-1809/Dockerfile b/11/jdk/windows/nanoserver-1809/Dockerfile deleted file mode 100644 index dd08f522..00000000 --- a/11/jdk/windows/nanoserver-1809/Dockerfile +++ /dev/null @@ -1,41 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM mcr.microsoft.com/windows/nanoserver:1809 - -SHELL ["cmd", "/s", "/c"] - -ENV JAVA_HOME C:\\openjdk-11 -# "ERROR: Access to the registry path is denied." -USER ContainerAdministrator -RUN echo Updating PATH: %JAVA_HOME%\bin;%PATH% \ - && setx /M PATH %JAVA_HOME%\bin;%PATH% \ - && echo Complete. -USER ContainerUser - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 11.0.16 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -COPY --from=openjdk:11.0.16-jdk-windowsservercore-1809 $JAVA_HOME $JAVA_HOME - -RUN echo Verifying install ... \ - && echo javac --version && javac --version \ - && echo java --version && java --version \ - && echo Complete. - -# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) -CMD ["jshell"] diff --git a/11/jdk/windows/windowsservercore-1809/Dockerfile b/11/jdk/windows/windowsservercore-1809/Dockerfile deleted file mode 100644 index 019ec1cb..00000000 --- a/11/jdk/windows/windowsservercore-1809/Dockerfile +++ /dev/null @@ -1,68 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM mcr.microsoft.com/windows/servercore:1809 - -# $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 -SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] - -# enable TLS 1.2 -# https://docs.microsoft.com/en-us/system-center/vmm/install-tls?view=sc-vmm-1801 -# https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enable-tls-12 -RUN Write-Host 'Enabling TLS 1.2 (https://githubengineering.com/crypto-removal-notice/) ...'; \ - $tls12RegBase = 'HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2'; \ - if (Test-Path $tls12RegBase) { throw ('"{0}" already exists!' -f $tls12RegBase) }; \ - New-Item -Path ('{0}/Client' -f $tls12RegBase) -Force; \ - New-Item -Path ('{0}/Server' -f $tls12RegBase) -Force; \ - New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \ - New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \ - New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \ - New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \ - Write-Host 'Complete.' - -ENV JAVA_HOME C:\\openjdk-11 -RUN $newPath = ('{0}\bin;{1}' -f $env:JAVA_HOME, $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - setx /M PATH $newPath; \ - Write-Host 'Complete.' - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 11.0.16 -ENV JAVA_URL https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jdk_x64_windows_11.0.16_8.zip -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN Write-Host ('Downloading {0} ...' -f $env:JAVA_URL); \ - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ - Invoke-WebRequest -Uri $env:JAVA_URL -OutFile 'openjdk.zip'; \ -# TODO signature? checksum? - \ - Write-Host 'Expanding ...'; \ - New-Item -ItemType Directory -Path C:\temp | Out-Null; \ - Expand-Archive openjdk.zip -DestinationPath C:\temp; \ - Move-Item -Path C:\temp\* -Destination $env:JAVA_HOME; \ - Remove-Item C:\temp; \ - \ - Write-Host 'Removing ...'; \ - Remove-Item openjdk.zip -Force; \ - \ - Write-Host 'Verifying install ...'; \ - Write-Host ' javac --version'; javac --version; \ - Write-Host ' java --version'; java --version; \ - \ - Write-Host 'Complete.' - -# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) -CMD ["jshell"] diff --git a/11/jdk/windows/windowsservercore-ltsc2022/Dockerfile b/11/jdk/windows/windowsservercore-ltsc2022/Dockerfile deleted file mode 100644 index 18c4c315..00000000 --- a/11/jdk/windows/windowsservercore-ltsc2022/Dockerfile +++ /dev/null @@ -1,68 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM mcr.microsoft.com/windows/servercore:ltsc2022 - -# $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 -SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] - -# enable TLS 1.2 -# https://docs.microsoft.com/en-us/system-center/vmm/install-tls?view=sc-vmm-1801 -# https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enable-tls-12 -RUN Write-Host 'Enabling TLS 1.2 (https://githubengineering.com/crypto-removal-notice/) ...'; \ - $tls12RegBase = 'HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2'; \ - if (Test-Path $tls12RegBase) { throw ('"{0}" already exists!' -f $tls12RegBase) }; \ - New-Item -Path ('{0}/Client' -f $tls12RegBase) -Force; \ - New-Item -Path ('{0}/Server' -f $tls12RegBase) -Force; \ - New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \ - New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \ - New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \ - New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \ - Write-Host 'Complete.' - -ENV JAVA_HOME C:\\openjdk-11 -RUN $newPath = ('{0}\bin;{1}' -f $env:JAVA_HOME, $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - setx /M PATH $newPath; \ - Write-Host 'Complete.' - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 11.0.16 -ENV JAVA_URL https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jdk_x64_windows_11.0.16_8.zip -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN Write-Host ('Downloading {0} ...' -f $env:JAVA_URL); \ - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ - Invoke-WebRequest -Uri $env:JAVA_URL -OutFile 'openjdk.zip'; \ -# TODO signature? checksum? - \ - Write-Host 'Expanding ...'; \ - New-Item -ItemType Directory -Path C:\temp | Out-Null; \ - Expand-Archive openjdk.zip -DestinationPath C:\temp; \ - Move-Item -Path C:\temp\* -Destination $env:JAVA_HOME; \ - Remove-Item C:\temp; \ - \ - Write-Host 'Removing ...'; \ - Remove-Item openjdk.zip -Force; \ - \ - Write-Host 'Verifying install ...'; \ - Write-Host ' javac --version'; javac --version; \ - Write-Host ' java --version'; java --version; \ - \ - Write-Host 'Complete.' - -# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) -CMD ["jshell"] diff --git a/11/jre/bullseye/Dockerfile b/11/jre/bullseye/Dockerfile deleted file mode 100644 index 3a9df482..00000000 --- a/11/jre/bullseye/Dockerfile +++ /dev/null @@ -1,110 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM buildpack-deps:bullseye-curl - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - bzip2 \ - unzip \ - xz-utils \ - \ -# java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory -# java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager -# https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - fontconfig libfreetype6 \ - \ -# utilities for keeping Debian and OpenJDK CA certificates in sync - ca-certificates p11-kit \ - ; \ - rm -rf /var/lib/apt/lists/* - -ENV JAVA_HOME /usr/local/openjdk-11 -RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 11.0.16 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(dpkg --print-architecture)"; \ - case "$arch" in \ - 'amd64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jre_x64_linux_11.0.16_8.tar.gz'; \ - ;; \ - 'arm64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jre_aarch64_linux_11.0.16_8.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; \ - wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ -# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) -# see https://github.com/docker-library/openjdk/issues/327 -# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 -# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in -# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 - { \ - echo '#!/usr/bin/env bash'; \ - echo 'set -Eeuo pipefail'; \ - echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/lib/security/cacerts"'; \ - } > /etc/ca-certificates/update.d/docker-openjdk; \ - chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ - /etc/ca-certificates/update.d/docker-openjdk; \ - \ -# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 - find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ - ldconfig; \ - \ -# https://github.com/docker-library/openjdk/issues/212#issuecomment-420979840 -# https://openjdk.java.net/jeps/341 - java -Xshare:dump; \ - \ -# basic smoke test - java --version diff --git a/11/jre/buster/Dockerfile b/11/jre/buster/Dockerfile deleted file mode 100644 index e20f03e3..00000000 --- a/11/jre/buster/Dockerfile +++ /dev/null @@ -1,110 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM buildpack-deps:buster-curl - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - bzip2 \ - unzip \ - xz-utils \ - \ -# java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory -# java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager -# https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - fontconfig libfreetype6 \ - \ -# utilities for keeping Debian and OpenJDK CA certificates in sync - ca-certificates p11-kit \ - ; \ - rm -rf /var/lib/apt/lists/* - -ENV JAVA_HOME /usr/local/openjdk-11 -RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 11.0.16 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(dpkg --print-architecture)"; \ - case "$arch" in \ - 'amd64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jre_x64_linux_11.0.16_8.tar.gz'; \ - ;; \ - 'arm64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jre_aarch64_linux_11.0.16_8.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; \ - wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ -# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) -# see https://github.com/docker-library/openjdk/issues/327 -# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 -# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in -# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 - { \ - echo '#!/usr/bin/env bash'; \ - echo 'set -Eeuo pipefail'; \ - echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/lib/security/cacerts"'; \ - } > /etc/ca-certificates/update.d/docker-openjdk; \ - chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ - /etc/ca-certificates/update.d/docker-openjdk; \ - \ -# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 - find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ - ldconfig; \ - \ -# https://github.com/docker-library/openjdk/issues/212#issuecomment-420979840 -# https://openjdk.java.net/jeps/341 - java -Xshare:dump; \ - \ -# basic smoke test - java --version diff --git a/11/jre/slim-bullseye/Dockerfile b/11/jre/slim-bullseye/Dockerfile deleted file mode 100644 index 6503fd04..00000000 --- a/11/jre/slim-bullseye/Dockerfile +++ /dev/null @@ -1,114 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bullseye-slim - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ -# utilities for keeping Debian and OpenJDK CA certificates in sync - ca-certificates p11-kit \ - ; \ - rm -rf /var/lib/apt/lists/* - -ENV JAVA_HOME /usr/local/openjdk-11 -RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 11.0.16 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(dpkg --print-architecture)"; \ - case "$arch" in \ - 'amd64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jre_x64_linux_11.0.16_8.tar.gz'; \ - ;; \ - 'arm64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jre_aarch64_linux_11.0.16_8.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - dirmngr \ - gnupg \ - wget \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; \ - wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - \ -# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) -# see https://github.com/docker-library/openjdk/issues/327 -# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 -# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in -# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 - { \ - echo '#!/usr/bin/env bash'; \ - echo 'set -Eeuo pipefail'; \ - echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/lib/security/cacerts"'; \ - } > /etc/ca-certificates/update.d/docker-openjdk; \ - chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ - /etc/ca-certificates/update.d/docker-openjdk; \ - \ -# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 - find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ - ldconfig; \ - \ -# https://github.com/docker-library/openjdk/issues/212#issuecomment-420979840 -# https://openjdk.java.net/jeps/341 - java -Xshare:dump; \ - \ -# basic smoke test - java --version diff --git a/11/jre/slim-buster/Dockerfile b/11/jre/slim-buster/Dockerfile deleted file mode 100644 index 9adfd8cf..00000000 --- a/11/jre/slim-buster/Dockerfile +++ /dev/null @@ -1,114 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:buster-slim - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ -# utilities for keeping Debian and OpenJDK CA certificates in sync - ca-certificates p11-kit \ - ; \ - rm -rf /var/lib/apt/lists/* - -ENV JAVA_HOME /usr/local/openjdk-11 -RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 11.0.16 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(dpkg --print-architecture)"; \ - case "$arch" in \ - 'amd64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jre_x64_linux_11.0.16_8.tar.gz'; \ - ;; \ - 'arm64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jre_aarch64_linux_11.0.16_8.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - dirmngr \ - gnupg \ - wget \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; \ - wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - \ -# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) -# see https://github.com/docker-library/openjdk/issues/327 -# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 -# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in -# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 - { \ - echo '#!/usr/bin/env bash'; \ - echo 'set -Eeuo pipefail'; \ - echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/lib/security/cacerts"'; \ - } > /etc/ca-certificates/update.d/docker-openjdk; \ - chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ - /etc/ca-certificates/update.d/docker-openjdk; \ - \ -# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 - find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ - ldconfig; \ - \ -# https://github.com/docker-library/openjdk/issues/212#issuecomment-420979840 -# https://openjdk.java.net/jeps/341 - java -Xshare:dump; \ - \ -# basic smoke test - java --version diff --git a/11/jre/windows/nanoserver-1809/Dockerfile b/11/jre/windows/nanoserver-1809/Dockerfile deleted file mode 100644 index 90caec27..00000000 --- a/11/jre/windows/nanoserver-1809/Dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM mcr.microsoft.com/windows/nanoserver:1809 - -SHELL ["cmd", "/s", "/c"] - -ENV JAVA_HOME C:\\openjdk-11 -# "ERROR: Access to the registry path is denied." -USER ContainerAdministrator -RUN echo Updating PATH: %JAVA_HOME%\bin;%PATH% \ - && setx /M PATH %JAVA_HOME%\bin;%PATH% \ - && echo Complete. -USER ContainerUser - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 11.0.16 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -COPY --from=openjdk:11.0.16-jre-windowsservercore-1809 $JAVA_HOME $JAVA_HOME - -RUN echo Verifying install ... \ - && echo java --version && java --version \ - && echo Complete. diff --git a/11/jre/windows/windowsservercore-1809/Dockerfile b/11/jre/windows/windowsservercore-1809/Dockerfile deleted file mode 100644 index 5628058a..00000000 --- a/11/jre/windows/windowsservercore-1809/Dockerfile +++ /dev/null @@ -1,64 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM mcr.microsoft.com/windows/servercore:1809 - -# $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 -SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] - -# enable TLS 1.2 -# https://docs.microsoft.com/en-us/system-center/vmm/install-tls?view=sc-vmm-1801 -# https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enable-tls-12 -RUN Write-Host 'Enabling TLS 1.2 (https://githubengineering.com/crypto-removal-notice/) ...'; \ - $tls12RegBase = 'HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2'; \ - if (Test-Path $tls12RegBase) { throw ('"{0}" already exists!' -f $tls12RegBase) }; \ - New-Item -Path ('{0}/Client' -f $tls12RegBase) -Force; \ - New-Item -Path ('{0}/Server' -f $tls12RegBase) -Force; \ - New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \ - New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \ - New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \ - New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \ - Write-Host 'Complete.' - -ENV JAVA_HOME C:\\openjdk-11 -RUN $newPath = ('{0}\bin;{1}' -f $env:JAVA_HOME, $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - setx /M PATH $newPath; \ - Write-Host 'Complete.' - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 11.0.16 -ENV JAVA_URL https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jre_x64_windows_11.0.16_8.zip -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN Write-Host ('Downloading {0} ...' -f $env:JAVA_URL); \ - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ - Invoke-WebRequest -Uri $env:JAVA_URL -OutFile 'openjdk.zip'; \ -# TODO signature? checksum? - \ - Write-Host 'Expanding ...'; \ - New-Item -ItemType Directory -Path C:\temp | Out-Null; \ - Expand-Archive openjdk.zip -DestinationPath C:\temp; \ - Move-Item -Path C:\temp\* -Destination $env:JAVA_HOME; \ - Remove-Item C:\temp; \ - \ - Write-Host 'Removing ...'; \ - Remove-Item openjdk.zip -Force; \ - \ - Write-Host 'Verifying install ...'; \ - Write-Host ' java --version'; java --version; \ - \ - Write-Host 'Complete.' diff --git a/11/jre/windows/windowsservercore-ltsc2022/Dockerfile b/11/jre/windows/windowsservercore-ltsc2022/Dockerfile deleted file mode 100644 index 4c983e8c..00000000 --- a/11/jre/windows/windowsservercore-ltsc2022/Dockerfile +++ /dev/null @@ -1,64 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM mcr.microsoft.com/windows/servercore:ltsc2022 - -# $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 -SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] - -# enable TLS 1.2 -# https://docs.microsoft.com/en-us/system-center/vmm/install-tls?view=sc-vmm-1801 -# https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enable-tls-12 -RUN Write-Host 'Enabling TLS 1.2 (https://githubengineering.com/crypto-removal-notice/) ...'; \ - $tls12RegBase = 'HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2'; \ - if (Test-Path $tls12RegBase) { throw ('"{0}" already exists!' -f $tls12RegBase) }; \ - New-Item -Path ('{0}/Client' -f $tls12RegBase) -Force; \ - New-Item -Path ('{0}/Server' -f $tls12RegBase) -Force; \ - New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \ - New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \ - New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \ - New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \ - Write-Host 'Complete.' - -ENV JAVA_HOME C:\\openjdk-11 -RUN $newPath = ('{0}\bin;{1}' -f $env:JAVA_HOME, $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - setx /M PATH $newPath; \ - Write-Host 'Complete.' - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 11.0.16 -ENV JAVA_URL https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jre_x64_windows_11.0.16_8.zip -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN Write-Host ('Downloading {0} ...' -f $env:JAVA_URL); \ - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ - Invoke-WebRequest -Uri $env:JAVA_URL -OutFile 'openjdk.zip'; \ -# TODO signature? checksum? - \ - Write-Host 'Expanding ...'; \ - New-Item -ItemType Directory -Path C:\temp | Out-Null; \ - Expand-Archive openjdk.zip -DestinationPath C:\temp; \ - Move-Item -Path C:\temp\* -Destination $env:JAVA_HOME; \ - Remove-Item C:\temp; \ - \ - Write-Host 'Removing ...'; \ - Remove-Item openjdk.zip -Force; \ - \ - Write-Host 'Verifying install ...'; \ - Write-Host ' java --version'; java --version; \ - \ - Write-Host 'Complete.' diff --git a/8/jdk/bullseye/Dockerfile b/8/jdk/bullseye/Dockerfile deleted file mode 100644 index d84f0f92..00000000 --- a/8/jdk/bullseye/Dockerfile +++ /dev/null @@ -1,107 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM buildpack-deps:bullseye-scm - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - bzip2 \ - unzip \ - xz-utils \ - \ -# java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory -# java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager -# https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - fontconfig libfreetype6 \ - \ -# utilities for keeping Debian and OpenJDK CA certificates in sync - ca-certificates p11-kit \ - ; \ - rm -rf /var/lib/apt/lists/* - -ENV JAVA_HOME /usr/local/openjdk-8 -RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 8u342 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(dpkg --print-architecture)"; \ - case "$arch" in \ - 'amd64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_x64_linux_8u342b07.tar.gz'; \ - ;; \ - 'arm64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_aarch64_linux_8u342b07.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; \ - wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ -# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) -# see https://github.com/docker-library/openjdk/issues/327 -# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 -# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in -# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 - { \ - echo '#!/usr/bin/env bash'; \ - echo 'set -Eeuo pipefail'; \ - echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/jre/lib/security/cacerts"'; \ - } > /etc/ca-certificates/update.d/docker-openjdk; \ - chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ - /etc/ca-certificates/update.d/docker-openjdk; \ - \ -# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 - find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ - ldconfig; \ - \ -# basic smoke test - javac -version; \ - java -version diff --git a/8/jdk/buster/Dockerfile b/8/jdk/buster/Dockerfile deleted file mode 100644 index 4850cde4..00000000 --- a/8/jdk/buster/Dockerfile +++ /dev/null @@ -1,107 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM buildpack-deps:buster-scm - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - bzip2 \ - unzip \ - xz-utils \ - \ -# java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory -# java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager -# https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - fontconfig libfreetype6 \ - \ -# utilities for keeping Debian and OpenJDK CA certificates in sync - ca-certificates p11-kit \ - ; \ - rm -rf /var/lib/apt/lists/* - -ENV JAVA_HOME /usr/local/openjdk-8 -RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 8u342 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(dpkg --print-architecture)"; \ - case "$arch" in \ - 'amd64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_x64_linux_8u342b07.tar.gz'; \ - ;; \ - 'arm64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_aarch64_linux_8u342b07.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; \ - wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ -# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) -# see https://github.com/docker-library/openjdk/issues/327 -# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 -# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in -# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 - { \ - echo '#!/usr/bin/env bash'; \ - echo 'set -Eeuo pipefail'; \ - echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/jre/lib/security/cacerts"'; \ - } > /etc/ca-certificates/update.d/docker-openjdk; \ - chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ - /etc/ca-certificates/update.d/docker-openjdk; \ - \ -# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 - find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ - ldconfig; \ - \ -# basic smoke test - javac -version; \ - java -version diff --git a/8/jdk/oraclelinux7/Dockerfile b/8/jdk/oraclelinux7/Dockerfile deleted file mode 100644 index 33c1c80d..00000000 --- a/8/jdk/oraclelinux7/Dockerfile +++ /dev/null @@ -1,99 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM oraclelinux:7-slim - -RUN set -eux; \ -# https://unix.stackexchange.com/a/477127/153467 - yum install -y --setopt=skip_missing_names_on_install=False \ - gzip \ - tar \ - \ -# jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 -# Error: java.io.IOException: Cannot run program "objcopy": error=2, No such file or directory - binutils \ -# java.lang.UnsatisfiedLinkError: /usr/java/openjdk-12/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory -# https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - freetype fontconfig \ - ; \ - rm -rf /var/cache/yum - -ENV JAVA_HOME /usr/java/openjdk-8 -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG en_US.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 8u342 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(objdump="$(command -v objdump)" && objdump --file-headers "$objdump" | awk -F '[:,]+[[:space:]]+' '$1 == "architecture" { print $2 }')"; \ - case "$arch" in \ - 'i386:x86-64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_x64_linux_8u342b07.tar.gz'; \ - ;; \ - 'aarch64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_aarch64_linux_8u342b07.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - curl -fL -o openjdk.tgz "$downloadUrl"; \ - curl -fL -o openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ - rm -rf "$JAVA_HOME/jre/lib/security/cacerts"; \ -# see "update-ca-trust" script which creates/maintains this cacerts bundle - ln -sT /etc/pki/ca-trust/extracted/java/cacerts "$JAVA_HOME/jre/lib/security/cacerts"; \ - \ -# https://github.com/oracle/docker-images/blob/a56e0d1ed968ff669d2e2ba8a1483d0f3acc80c0/OracleJava/java-8/Dockerfile#L17-L19 - ln -sfT "$JAVA_HOME" /usr/java/default; \ - ln -sfT "$JAVA_HOME" /usr/java/latest; \ - for bin in "$JAVA_HOME/bin/"*; do \ - base="$(basename "$bin")"; \ - [ ! -e "/usr/bin/$base" ]; \ - alternatives --install "/usr/bin/$base" "$base" "$bin" 20000; \ - done; \ - \ -# basic smoke test - javac -version; \ - java -version diff --git a/8/jdk/oraclelinux8/Dockerfile b/8/jdk/oraclelinux8/Dockerfile deleted file mode 100644 index 24a6e456..00000000 --- a/8/jdk/oraclelinux8/Dockerfile +++ /dev/null @@ -1,98 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM oraclelinux:8-slim - -RUN set -eux; \ - microdnf install \ - gzip \ - tar \ - \ -# jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 -# Error: java.io.IOException: Cannot run program "objcopy": error=2, No such file or directory - binutils \ -# java.lang.UnsatisfiedLinkError: /usr/java/openjdk-12/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory -# https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - freetype fontconfig \ - ; \ - microdnf clean all - -ENV JAVA_HOME /usr/java/openjdk-8 -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 8u342 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(objdump="$(command -v objdump)" && objdump --file-headers "$objdump" | awk -F '[:,]+[[:space:]]+' '$1 == "architecture" { print $2 }')"; \ - case "$arch" in \ - 'i386:x86-64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_x64_linux_8u342b07.tar.gz'; \ - ;; \ - 'aarch64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_aarch64_linux_8u342b07.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - curl -fL -o openjdk.tgz "$downloadUrl"; \ - curl -fL -o openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ - rm -rf "$JAVA_HOME/jre/lib/security/cacerts"; \ -# see "update-ca-trust" script which creates/maintains this cacerts bundle - ln -sT /etc/pki/ca-trust/extracted/java/cacerts "$JAVA_HOME/jre/lib/security/cacerts"; \ - \ -# https://github.com/oracle/docker-images/blob/a56e0d1ed968ff669d2e2ba8a1483d0f3acc80c0/OracleJava/java-8/Dockerfile#L17-L19 - ln -sfT "$JAVA_HOME" /usr/java/default; \ - ln -sfT "$JAVA_HOME" /usr/java/latest; \ - for bin in "$JAVA_HOME/bin/"*; do \ - base="$(basename "$bin")"; \ - [ ! -e "/usr/bin/$base" ]; \ - alternatives --install "/usr/bin/$base" "$base" "$bin" 20000; \ - done; \ - \ -# basic smoke test - javac -version; \ - java -version diff --git a/8/jdk/slim-bullseye/Dockerfile b/8/jdk/slim-bullseye/Dockerfile deleted file mode 100644 index a2553504..00000000 --- a/8/jdk/slim-bullseye/Dockerfile +++ /dev/null @@ -1,111 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bullseye-slim - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ -# utilities for keeping Debian and OpenJDK CA certificates in sync - ca-certificates p11-kit \ - ; \ - rm -rf /var/lib/apt/lists/* - -ENV JAVA_HOME /usr/local/openjdk-8 -RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 8u342 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(dpkg --print-architecture)"; \ - case "$arch" in \ - 'amd64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_x64_linux_8u342b07.tar.gz'; \ - ;; \ - 'arm64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_aarch64_linux_8u342b07.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - dirmngr \ - gnupg \ - wget \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; \ - wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - \ -# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) -# see https://github.com/docker-library/openjdk/issues/327 -# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 -# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in -# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 - { \ - echo '#!/usr/bin/env bash'; \ - echo 'set -Eeuo pipefail'; \ - echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/jre/lib/security/cacerts"'; \ - } > /etc/ca-certificates/update.d/docker-openjdk; \ - chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ - /etc/ca-certificates/update.d/docker-openjdk; \ - \ -# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 - find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ - ldconfig; \ - \ -# basic smoke test - javac -version; \ - java -version diff --git a/8/jdk/slim-buster/Dockerfile b/8/jdk/slim-buster/Dockerfile deleted file mode 100644 index befeea18..00000000 --- a/8/jdk/slim-buster/Dockerfile +++ /dev/null @@ -1,111 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:buster-slim - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ -# utilities for keeping Debian and OpenJDK CA certificates in sync - ca-certificates p11-kit \ - ; \ - rm -rf /var/lib/apt/lists/* - -ENV JAVA_HOME /usr/local/openjdk-8 -RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 8u342 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(dpkg --print-architecture)"; \ - case "$arch" in \ - 'amd64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_x64_linux_8u342b07.tar.gz'; \ - ;; \ - 'arm64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_aarch64_linux_8u342b07.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - dirmngr \ - gnupg \ - wget \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; \ - wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - \ -# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) -# see https://github.com/docker-library/openjdk/issues/327 -# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 -# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in -# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 - { \ - echo '#!/usr/bin/env bash'; \ - echo 'set -Eeuo pipefail'; \ - echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/jre/lib/security/cacerts"'; \ - } > /etc/ca-certificates/update.d/docker-openjdk; \ - chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ - /etc/ca-certificates/update.d/docker-openjdk; \ - \ -# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 - find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ - ldconfig; \ - \ -# basic smoke test - javac -version; \ - java -version diff --git a/8/jdk/windows/nanoserver-1809/Dockerfile b/8/jdk/windows/nanoserver-1809/Dockerfile deleted file mode 100644 index ac79abd4..00000000 --- a/8/jdk/windows/nanoserver-1809/Dockerfile +++ /dev/null @@ -1,38 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM mcr.microsoft.com/windows/nanoserver:1809 - -SHELL ["cmd", "/s", "/c"] - -ENV JAVA_HOME C:\\openjdk-8 -# "ERROR: Access to the registry path is denied." -USER ContainerAdministrator -RUN echo Updating PATH: %JAVA_HOME%\bin;%PATH% \ - && setx /M PATH %JAVA_HOME%\bin;%PATH% \ - && echo Complete. -USER ContainerUser - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 8u342 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -COPY --from=openjdk:8u342-jdk-windowsservercore-1809 $JAVA_HOME $JAVA_HOME - -RUN echo Verifying install ... \ - && echo javac -version && javac -version \ - && echo java -version && java -version \ - && echo Complete. diff --git a/8/jdk/windows/windowsservercore-1809/Dockerfile b/8/jdk/windows/windowsservercore-1809/Dockerfile deleted file mode 100644 index 13572adb..00000000 --- a/8/jdk/windows/windowsservercore-1809/Dockerfile +++ /dev/null @@ -1,65 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM mcr.microsoft.com/windows/servercore:1809 - -# $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 -SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] - -# enable TLS 1.2 -# https://docs.microsoft.com/en-us/system-center/vmm/install-tls?view=sc-vmm-1801 -# https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enable-tls-12 -RUN Write-Host 'Enabling TLS 1.2 (https://githubengineering.com/crypto-removal-notice/) ...'; \ - $tls12RegBase = 'HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2'; \ - if (Test-Path $tls12RegBase) { throw ('"{0}" already exists!' -f $tls12RegBase) }; \ - New-Item -Path ('{0}/Client' -f $tls12RegBase) -Force; \ - New-Item -Path ('{0}/Server' -f $tls12RegBase) -Force; \ - New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \ - New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \ - New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \ - New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \ - Write-Host 'Complete.' - -ENV JAVA_HOME C:\\openjdk-8 -RUN $newPath = ('{0}\bin;{1}' -f $env:JAVA_HOME, $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - setx /M PATH $newPath; \ - Write-Host 'Complete.' - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 8u342 -ENV JAVA_URL https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_x64_windows_8u342b07.zip -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN Write-Host ('Downloading {0} ...' -f $env:JAVA_URL); \ - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ - Invoke-WebRequest -Uri $env:JAVA_URL -OutFile 'openjdk.zip'; \ -# TODO signature? checksum? - \ - Write-Host 'Expanding ...'; \ - New-Item -ItemType Directory -Path C:\temp | Out-Null; \ - Expand-Archive openjdk.zip -DestinationPath C:\temp; \ - Move-Item -Path C:\temp\* -Destination $env:JAVA_HOME; \ - Remove-Item C:\temp; \ - \ - Write-Host 'Removing ...'; \ - Remove-Item openjdk.zip -Force; \ - \ - Write-Host 'Verifying install ...'; \ - Write-Host ' javac -version'; javac -version; \ - Write-Host ' java -version'; java -version; \ - \ - Write-Host 'Complete.' diff --git a/8/jdk/windows/windowsservercore-ltsc2022/Dockerfile b/8/jdk/windows/windowsservercore-ltsc2022/Dockerfile deleted file mode 100644 index ed5f15dc..00000000 --- a/8/jdk/windows/windowsservercore-ltsc2022/Dockerfile +++ /dev/null @@ -1,65 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM mcr.microsoft.com/windows/servercore:ltsc2022 - -# $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 -SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] - -# enable TLS 1.2 -# https://docs.microsoft.com/en-us/system-center/vmm/install-tls?view=sc-vmm-1801 -# https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enable-tls-12 -RUN Write-Host 'Enabling TLS 1.2 (https://githubengineering.com/crypto-removal-notice/) ...'; \ - $tls12RegBase = 'HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2'; \ - if (Test-Path $tls12RegBase) { throw ('"{0}" already exists!' -f $tls12RegBase) }; \ - New-Item -Path ('{0}/Client' -f $tls12RegBase) -Force; \ - New-Item -Path ('{0}/Server' -f $tls12RegBase) -Force; \ - New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \ - New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \ - New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \ - New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \ - Write-Host 'Complete.' - -ENV JAVA_HOME C:\\openjdk-8 -RUN $newPath = ('{0}\bin;{1}' -f $env:JAVA_HOME, $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - setx /M PATH $newPath; \ - Write-Host 'Complete.' - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 8u342 -ENV JAVA_URL https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_x64_windows_8u342b07.zip -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN Write-Host ('Downloading {0} ...' -f $env:JAVA_URL); \ - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ - Invoke-WebRequest -Uri $env:JAVA_URL -OutFile 'openjdk.zip'; \ -# TODO signature? checksum? - \ - Write-Host 'Expanding ...'; \ - New-Item -ItemType Directory -Path C:\temp | Out-Null; \ - Expand-Archive openjdk.zip -DestinationPath C:\temp; \ - Move-Item -Path C:\temp\* -Destination $env:JAVA_HOME; \ - Remove-Item C:\temp; \ - \ - Write-Host 'Removing ...'; \ - Remove-Item openjdk.zip -Force; \ - \ - Write-Host 'Verifying install ...'; \ - Write-Host ' javac -version'; javac -version; \ - Write-Host ' java -version'; java -version; \ - \ - Write-Host 'Complete.' diff --git a/8/jre/bullseye/Dockerfile b/8/jre/bullseye/Dockerfile deleted file mode 100644 index d1c2d972..00000000 --- a/8/jre/bullseye/Dockerfile +++ /dev/null @@ -1,106 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM buildpack-deps:bullseye-curl - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - bzip2 \ - unzip \ - xz-utils \ - \ -# java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory -# java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager -# https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - fontconfig libfreetype6 \ - \ -# utilities for keeping Debian and OpenJDK CA certificates in sync - ca-certificates p11-kit \ - ; \ - rm -rf /var/lib/apt/lists/* - -ENV JAVA_HOME /usr/local/openjdk-8 -RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 8u342 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(dpkg --print-architecture)"; \ - case "$arch" in \ - 'amd64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jre_x64_linux_8u342b07.tar.gz'; \ - ;; \ - 'arm64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jre_aarch64_linux_8u342b07.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; \ - wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ -# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) -# see https://github.com/docker-library/openjdk/issues/327 -# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 -# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in -# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 - { \ - echo '#!/usr/bin/env bash'; \ - echo 'set -Eeuo pipefail'; \ - echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/lib/security/cacerts"'; \ - } > /etc/ca-certificates/update.d/docker-openjdk; \ - chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ - /etc/ca-certificates/update.d/docker-openjdk; \ - \ -# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 - find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ - ldconfig; \ - \ -# basic smoke test - java -version diff --git a/8/jre/buster/Dockerfile b/8/jre/buster/Dockerfile deleted file mode 100644 index 80e651f5..00000000 --- a/8/jre/buster/Dockerfile +++ /dev/null @@ -1,106 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM buildpack-deps:buster-curl - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - bzip2 \ - unzip \ - xz-utils \ - \ -# java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory -# java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager -# https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 - fontconfig libfreetype6 \ - \ -# utilities for keeping Debian and OpenJDK CA certificates in sync - ca-certificates p11-kit \ - ; \ - rm -rf /var/lib/apt/lists/* - -ENV JAVA_HOME /usr/local/openjdk-8 -RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 8u342 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(dpkg --print-architecture)"; \ - case "$arch" in \ - 'amd64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jre_x64_linux_8u342b07.tar.gz'; \ - ;; \ - 'arm64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jre_aarch64_linux_8u342b07.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; \ - wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ -# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) -# see https://github.com/docker-library/openjdk/issues/327 -# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 -# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in -# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 - { \ - echo '#!/usr/bin/env bash'; \ - echo 'set -Eeuo pipefail'; \ - echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/lib/security/cacerts"'; \ - } > /etc/ca-certificates/update.d/docker-openjdk; \ - chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ - /etc/ca-certificates/update.d/docker-openjdk; \ - \ -# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 - find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ - ldconfig; \ - \ -# basic smoke test - java -version diff --git a/8/jre/slim-bullseye/Dockerfile b/8/jre/slim-bullseye/Dockerfile deleted file mode 100644 index c2236d49..00000000 --- a/8/jre/slim-bullseye/Dockerfile +++ /dev/null @@ -1,110 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:bullseye-slim - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ -# utilities for keeping Debian and OpenJDK CA certificates in sync - ca-certificates p11-kit \ - ; \ - rm -rf /var/lib/apt/lists/* - -ENV JAVA_HOME /usr/local/openjdk-8 -RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 8u342 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(dpkg --print-architecture)"; \ - case "$arch" in \ - 'amd64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jre_x64_linux_8u342b07.tar.gz'; \ - ;; \ - 'arm64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jre_aarch64_linux_8u342b07.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - dirmngr \ - gnupg \ - wget \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; \ - wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - \ -# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) -# see https://github.com/docker-library/openjdk/issues/327 -# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 -# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in -# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 - { \ - echo '#!/usr/bin/env bash'; \ - echo 'set -Eeuo pipefail'; \ - echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/lib/security/cacerts"'; \ - } > /etc/ca-certificates/update.d/docker-openjdk; \ - chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ - /etc/ca-certificates/update.d/docker-openjdk; \ - \ -# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 - find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ - ldconfig; \ - \ -# basic smoke test - java -version diff --git a/8/jre/slim-buster/Dockerfile b/8/jre/slim-buster/Dockerfile deleted file mode 100644 index bec72c03..00000000 --- a/8/jre/slim-buster/Dockerfile +++ /dev/null @@ -1,110 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM debian:buster-slim - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ -# utilities for keeping Debian and OpenJDK CA certificates in sync - ca-certificates p11-kit \ - ; \ - rm -rf /var/lib/apt/lists/* - -ENV JAVA_HOME /usr/local/openjdk-8 -RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 8u342 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN set -eux; \ - \ - arch="$(dpkg --print-architecture)"; \ - case "$arch" in \ - 'amd64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jre_x64_linux_8u342b07.tar.gz'; \ - ;; \ - 'arm64') \ - downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jre_aarch64_linux_8u342b07.tar.gz'; \ - ;; \ - *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \ - esac; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - dirmngr \ - gnupg \ - wget \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; \ - wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - \ - mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz*; \ - \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - \ -# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store) -# see https://github.com/docker-library/openjdk/issues/327 -# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075 -# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in -# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29 - { \ - echo '#!/usr/bin/env bash'; \ - echo 'set -Eeuo pipefail'; \ - echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/lib/security/cacerts"'; \ - } > /etc/ca-certificates/update.d/docker-openjdk; \ - chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ - /etc/ca-certificates/update.d/docker-openjdk; \ - \ -# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 - find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ - ldconfig; \ - \ -# basic smoke test - java -version diff --git a/8/jre/windows/nanoserver-1809/Dockerfile b/8/jre/windows/nanoserver-1809/Dockerfile deleted file mode 100644 index 23b9d180..00000000 --- a/8/jre/windows/nanoserver-1809/Dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM mcr.microsoft.com/windows/nanoserver:1809 - -SHELL ["cmd", "/s", "/c"] - -ENV JAVA_HOME C:\\openjdk-8 -# "ERROR: Access to the registry path is denied." -USER ContainerAdministrator -RUN echo Updating PATH: %JAVA_HOME%\bin;%PATH% \ - && setx /M PATH %JAVA_HOME%\bin;%PATH% \ - && echo Complete. -USER ContainerUser - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 8u342 -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -COPY --from=openjdk:8u342-jre-windowsservercore-1809 $JAVA_HOME $JAVA_HOME - -RUN echo Verifying install ... \ - && echo java -version && java -version \ - && echo Complete. diff --git a/8/jre/windows/windowsservercore-1809/Dockerfile b/8/jre/windows/windowsservercore-1809/Dockerfile deleted file mode 100644 index 690bc49a..00000000 --- a/8/jre/windows/windowsservercore-1809/Dockerfile +++ /dev/null @@ -1,64 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM mcr.microsoft.com/windows/servercore:1809 - -# $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 -SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] - -# enable TLS 1.2 -# https://docs.microsoft.com/en-us/system-center/vmm/install-tls?view=sc-vmm-1801 -# https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enable-tls-12 -RUN Write-Host 'Enabling TLS 1.2 (https://githubengineering.com/crypto-removal-notice/) ...'; \ - $tls12RegBase = 'HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2'; \ - if (Test-Path $tls12RegBase) { throw ('"{0}" already exists!' -f $tls12RegBase) }; \ - New-Item -Path ('{0}/Client' -f $tls12RegBase) -Force; \ - New-Item -Path ('{0}/Server' -f $tls12RegBase) -Force; \ - New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \ - New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \ - New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \ - New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \ - Write-Host 'Complete.' - -ENV JAVA_HOME C:\\openjdk-8 -RUN $newPath = ('{0}\bin;{1}' -f $env:JAVA_HOME, $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - setx /M PATH $newPath; \ - Write-Host 'Complete.' - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 8u342 -ENV JAVA_URL https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jre_x64_windows_8u342b07.zip -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN Write-Host ('Downloading {0} ...' -f $env:JAVA_URL); \ - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ - Invoke-WebRequest -Uri $env:JAVA_URL -OutFile 'openjdk.zip'; \ -# TODO signature? checksum? - \ - Write-Host 'Expanding ...'; \ - New-Item -ItemType Directory -Path C:\temp | Out-Null; \ - Expand-Archive openjdk.zip -DestinationPath C:\temp; \ - Move-Item -Path C:\temp\* -Destination $env:JAVA_HOME; \ - Remove-Item C:\temp; \ - \ - Write-Host 'Removing ...'; \ - Remove-Item openjdk.zip -Force; \ - \ - Write-Host 'Verifying install ...'; \ - Write-Host ' java -version'; java -version; \ - \ - Write-Host 'Complete.' diff --git a/8/jre/windows/windowsservercore-ltsc2022/Dockerfile b/8/jre/windows/windowsservercore-ltsc2022/Dockerfile deleted file mode 100644 index 9c7d339a..00000000 --- a/8/jre/windows/windowsservercore-ltsc2022/Dockerfile +++ /dev/null @@ -1,64 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM mcr.microsoft.com/windows/servercore:ltsc2022 - -# $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324 -SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] - -# enable TLS 1.2 -# https://docs.microsoft.com/en-us/system-center/vmm/install-tls?view=sc-vmm-1801 -# https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enable-tls-12 -RUN Write-Host 'Enabling TLS 1.2 (https://githubengineering.com/crypto-removal-notice/) ...'; \ - $tls12RegBase = 'HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2'; \ - if (Test-Path $tls12RegBase) { throw ('"{0}" already exists!' -f $tls12RegBase) }; \ - New-Item -Path ('{0}/Client' -f $tls12RegBase) -Force; \ - New-Item -Path ('{0}/Server' -f $tls12RegBase) -Force; \ - New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \ - New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \ - New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \ - New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \ - Write-Host 'Complete.' - -ENV JAVA_HOME C:\\openjdk-8 -RUN $newPath = ('{0}\bin;{1}' -f $env:JAVA_HOME, $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - setx /M PATH $newPath; \ - Write-Host 'Complete.' - -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION 8u342 -ENV JAVA_URL https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jre_x64_windows_8u342b07.zip -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > - -RUN Write-Host ('Downloading {0} ...' -f $env:JAVA_URL); \ - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ - Invoke-WebRequest -Uri $env:JAVA_URL -OutFile 'openjdk.zip'; \ -# TODO signature? checksum? - \ - Write-Host 'Expanding ...'; \ - New-Item -ItemType Directory -Path C:\temp | Out-Null; \ - Expand-Archive openjdk.zip -DestinationPath C:\temp; \ - Move-Item -Path C:\temp\* -Destination $env:JAVA_HOME; \ - Remove-Item C:\temp; \ - \ - Write-Host 'Removing ...'; \ - Remove-Item openjdk.zip -Force; \ - \ - Write-Host 'Verifying install ...'; \ - Write-Host ' java -version'; java -version; \ - \ - Write-Host 'Complete.' diff --git a/Dockerfile-linux.template b/Dockerfile-linux.template index 5d29bcb3..2dec6088 100644 --- a/Dockerfile-linux.template +++ b/Dockerfile-linux.template @@ -84,12 +84,10 @@ RUN set -eux; \ unzip \ xz-utils \ \ -{{ if env.version | tonumber >= 13 then ( -}} # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 # Error: java.io.IOException: Cannot run program "objcopy": error=2, No such file or directory binutils \ \ -{{ ) else "" end -}} # java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 @@ -102,9 +100,6 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* ENV JAVA_HOME /usr/local/openjdk-{{ env.version }} -{{ if env.version | tonumber < 16 then ( -}} -RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility -{{ ) else "" end -}} {{ ) end -}} @@ -116,7 +111,6 @@ ENV LANG {{ if is_oracle and oracle_version == "7" then "en_US.UTF-8" else "C.UT {{ ) end -}} {{ def java_version: if is_alpine then .alpine.version else .version end -}} -{{ if .source == "oracle" then ( -}} # https://jdk.java.net/ # > # > Java Development Kit builds, from Oracle @@ -125,21 +119,6 @@ ENV JAVA_VERSION {{ java_version }} {{ if is_alpine then ( -}} # "For Alpine Linux, builds are produced on a reduced schedule and may not be in sync with the other platforms." {{ ) else "" end -}} -{{ ) else ( -}} -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -ENV JAVA_VERSION {{ java_version }} -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > -{{ ) end -}} {{ def arches: @@ -213,10 +192,6 @@ RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends \ -{{ if .source == "adopt" then ( -}} - dirmngr \ - gnupg \ -{{ ) else "" end -}} wget \ ; \ rm -rf /var/lib/apt/lists/*; \ @@ -225,27 +200,6 @@ RUN set -eux; \ {{ wget_command }} openjdk.tgz "$downloadUrl"; \ {{ if [ arches[] ] | any(has("sha256")) then ( -}} echo "$downloadSha256 *openjdk.tgz" | sha256sum {{ if is_alpine then "-c" else "--strict --check" end }} -; \ -{{ ) else "" end -}} -{{ if .source == "adopt" then ( -}} - {{ wget_command }} openjdk.tgz.asc "$downloadUrl.sign"; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ -# pre-fetch Andrew Haley's (the OpenJDK 8 and 11 Updates OpenJDK project lead) key so we can verify that the OpenJDK key was signed by it -# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190) -# we pre-fetch this so that the signature it makes on the OpenJDK key can survive "import-clean" in gpg - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \ -# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense? -# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07 - gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \ - gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \ - | tee /dev/stderr \ - | grep '0xA5CD6035332FA671' \ - | grep 'Andrew Haley'; \ - gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \ -{{ if is_oracle then "" else ( -}} - gpgconf --kill all; \ -{{ ) end -}} - rm -rf "$GNUPGHOME"; \ {{ ) else "" end -}} \ mkdir -p "$JAVA_HOME"; \ @@ -263,23 +217,14 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ \ {{ ) else "" end -}} -{{ - def cacerts_file: - # 8-jdk uses "$JAVA_HOME/jre/lib/security/cacerts" and 8-jre and 11+ use "$JAVA_HOME/lib/security/cacerts" directly (no "jre" directory) - if env.version == "8" and env.javaType == "jdk" then - "$JAVA_HOME/jre/lib/security/cacerts" - else - "$JAVA_HOME/lib/security/cacerts" - end --}} {{ if is_alpine then ( -}} - rm -rf "{{ cacerts_file }}"; \ + rm -rf "$JAVA_HOME/lib/security/cacerts"; \ # see "java-cacerts" package installed above (which maintains "/etc/ssl/certs/java/cacerts" for us) - ln -sT /etc/ssl/certs/java/cacerts "{{ cacerts_file }}"; \ + ln -sT /etc/ssl/certs/java/cacerts "$JAVA_HOME/lib/security/cacerts"; \ {{ ) elif is_oracle then ( -}} - rm -rf "{{ cacerts_file }}"; \ + rm -rf "$JAVA_HOME/lib/security/cacerts"; \ # see "update-ca-trust" script which creates/maintains this cacerts bundle - ln -sT /etc/pki/ca-trust/extracted/java/cacerts "{{ cacerts_file }}"; \ + ln -sT /etc/pki/ca-trust/extracted/java/cacerts "$JAVA_HOME/lib/security/cacerts"; \ \ # https://github.com/oracle/docker-images/blob/a56e0d1ed968ff669d2e2ba8a1483d0f3acc80c0/OracleJava/java-8/Dockerfile#L17-L19 ln -sfT "$JAVA_HOME" /usr/java/default; \ @@ -298,7 +243,7 @@ RUN set -eux; \ { \ echo '#!/usr/bin/env bash'; \ echo 'set -Eeuo pipefail'; \ - echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "{{ cacerts_file }}"'; \ + echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/lib/security/cacerts"'; \ } > /etc/ca-certificates/update.d/docker-openjdk; \ chmod +x /etc/ca-certificates/update.d/docker-openjdk; \ /etc/ca-certificates/update.d/docker-openjdk; \ @@ -308,13 +253,6 @@ RUN set -eux; \ ldconfig; \ {{ ) end -}} \ -{{ if env.version == "8" then ( -}} -# basic smoke test -{{ if env.javaType == "jdk" then ( -}} - javac -version; \ -{{ ) else "" end -}} - java -version -{{ ) else ( -}} # https://github.com/docker-library/openjdk/issues/212#issuecomment-420979840 # https://openjdk.java.net/jeps/341 java -Xshare:dump; \ @@ -330,4 +268,3 @@ CMD ["jshell"] {{ ) else ( -}} java --version {{ ) end -}} -{{ ) end -}} diff --git a/Dockerfile-windows.template b/Dockerfile-windows.template index 0fdbf3f2..3df7d5ef 100644 --- a/Dockerfile-windows.template +++ b/Dockerfile-windows.template @@ -35,19 +35,10 @@ RUN echo Updating PATH: %JAVA_HOME%\bin;%PATH% \ USER ContainerUser {{ ) end -}} -{{ if .source == "oracle" then ( -}} # https://jdk.java.net/ # > # > Java Development Kit builds, from Oracle # > -{{ ) else ( -}} -# https://adoptopenjdk.net/upstream.html -# > -# > What are these binaries? -# > -# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/. -# > -{{ ) end -}} ENV JAVA_VERSION {{ .version }} {{ if env.windowsVariant == "servercore" then ( -}} {{ # TODO $env:PROCESSOR_ARCHITECTURE for arm64v8 someday (https://superuser.com/a/1441469/101945) -}} @@ -56,14 +47,6 @@ ENV JAVA_URL {{ .[env.javaType].arches["windows-amd64"].url }} ENV JAVA_SHA256 {{ .[env.javaType].arches["windows-amd64"].sha256 }} {{ ) else "" end -}} {{ ) else "" end -}} -{{ if .source == "adopt" then ( -}} -# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246 -# > -# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead. -# > ... -# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them. -# > -{{ ) else "" end -}} {{ if env.windowsVariant == "servercore" then ( -}} RUN Write-Host ('Downloading {0} ...' -f $env:JAVA_URL); \ @@ -89,11 +72,10 @@ RUN Write-Host ('Downloading {0} ...' -f $env:JAVA_URL); \ Remove-Item openjdk.zip -Force; \ \ Write-Host 'Verifying install ...'; \ -{{ def version_flag: if env.version == "8" then "-version" else "--version" end -}} {{ if env.javaType == "jdk" then ( -}} - Write-Host ' javac {{ version_flag }}'; javac {{ version_flag }}; \ + Write-Host ' javac --version'; javac --version; \ {{ ) else "" end -}} - Write-Host ' java {{ version_flag }}'; java {{ version_flag }}; \ + Write-Host ' java --version'; java --version; \ \ Write-Host 'Complete.' {{ ) else ( -}} @@ -101,12 +83,12 @@ COPY --from=openjdk:{{ .version | gsub("[+]"; "-") }}-{{ env.javaType }}-windows RUN echo Verifying install ... \ {{ if env.javaType == "jdk" then ( -}} - && echo javac {{ version_flag }} && javac {{ version_flag }} \ + && echo javac --version && javac --version \ {{ ) else "" end -}} - && echo java {{ version_flag }} && java {{ version_flag }} \ + && echo java --version && java --version \ && echo Complete. {{ ) end -}} -{{ if env.version != "8" and env.javaType == "jdk" then ( -}} +{{ if env.javaType == "jdk" then ( -}} # "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell) CMD ["jshell"] diff --git a/versions.json b/versions.json index 8281f735..bc8639b0 100644 --- a/versions.json +++ b/versions.json @@ -1,45 +1,4 @@ { - "11": { - "jdk": { - "arches": { - "amd64": { - "url": "https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jdk_x64_linux_11.0.16_8.tar.gz" - }, - "arm64v8": { - "url": "https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jdk_aarch64_linux_11.0.16_8.tar.gz" - }, - "windows-amd64": { - "url": "https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jdk_x64_windows_11.0.16_8.zip" - } - } - }, - "jre": { - "arches": { - "amd64": { - "url": "https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jre_x64_linux_11.0.16_8.tar.gz" - }, - "arm64v8": { - "url": "https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jre_aarch64_linux_11.0.16_8.tar.gz" - }, - "windows-amd64": { - "url": "https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases/download/jdk-11.0.16%2B8/OpenJDK11U-jre_x64_windows_11.0.16_8.zip" - } - } - }, - "source": "adopt", - "variants": [ - "oraclelinux8", - "oraclelinux7", - "bullseye", - "slim-bullseye", - "buster", - "slim-buster", - "windows/windowsservercore-ltsc2022", - "windows/windowsservercore-1809", - "windows/nanoserver-1809" - ], - "version": "11.0.16" - }, "18": { "jdk": { "arches": { @@ -57,7 +16,6 @@ } } }, - "source": "oracle", "variants": [ "oraclelinux8", "oraclelinux7", @@ -88,7 +46,6 @@ } } }, - "source": "oracle", "variants": [ "oraclelinux8", "oraclelinux7", @@ -119,7 +76,6 @@ } } }, - "source": "oracle", "variants": [ "oraclelinux8", "oraclelinux7", @@ -132,46 +88,5 @@ "windows/nanoserver-1809" ], "version": "20-ea+10" - }, - "8": { - "jdk": { - "arches": { - "amd64": { - "url": "https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_x64_linux_8u342b07.tar.gz" - }, - "arm64v8": { - "url": "https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_aarch64_linux_8u342b07.tar.gz" - }, - "windows-amd64": { - "url": "https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_x64_windows_8u342b07.zip" - } - } - }, - "jre": { - "arches": { - "amd64": { - "url": "https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jre_x64_linux_8u342b07.tar.gz" - }, - "arm64v8": { - "url": "https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jre_aarch64_linux_8u342b07.tar.gz" - }, - "windows-amd64": { - "url": "https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jre_x64_windows_8u342b07.zip" - } - } - }, - "source": "adopt", - "variants": [ - "oraclelinux8", - "oraclelinux7", - "bullseye", - "slim-bullseye", - "buster", - "slim-buster", - "windows/windowsservercore-ltsc2022", - "windows/windowsservercore-1809", - "windows/nanoserver-1809" - ], - "version": "8u342" } } diff --git a/versions.sh b/versions.sh index 1672f23f..5c3cad8c 100755 --- a/versions.sh +++ b/versions.sh @@ -56,52 +56,6 @@ abs-url() { echo "$url" } -adopt-github-url() { - local javaVersion="$1"; shift - - local url - url="$( - curl -fsS --head "https://github.com/AdoptOpenJDK/openjdk${javaVersion}-upstream-binaries/releases/latest" | tac|tac \ - | tr -d '\r' \ - | awk 'tolower($1) == "location:" { print $2; found = 1; exit } END { if (!found) { exit 1 } }' - )" || return 1 - - url="$(abs-url "$url" 'https://github.com')" || return 1 - - echo "$url" -} - -adopt-sources-url() { - local githubUrl="$1"; shift - - local url - url="$( - _get "$githubUrl" \ - -oEm1 'href="[^"]+-sources_[^"]+[.]tar[.]gz"' \ - | cut -d'"' -f2 \ - || : - )" - [ -n "$url" ] || return 1 - - url="$(abs-url "$url" "$githubUrl")" || return 1 - - echo "$url" -} - -adopt-version() { - local githubUrl="$1"; shift - - local version - version="$( - _get "$githubUrl" \ - -oE '.+' \ - | grep -oE ' OpenJDK [^ ]+ ' \ - | cut -d' ' -f3 - )" || return 1 - - echo "$version" -} - jdk-java-net-download-url() { local javaVersion="$1"; shift local fileSuffix="$1"; shift @@ -116,11 +70,6 @@ jdk-java-net-download-version() { downloadVersion="$(grep -Eom1 "openjdk-$javaVersion[^_]*_" <<<"$downloadUrl")" || return 1 downloadVersion="${downloadVersion%_}" downloadVersion="${downloadVersion#openjdk-}" - if [ "$javaVersion" = '11' ]; then - # 11 is now GA, so drop any +NN (https://github.com/docker-library/openjdk/pull/235#issuecomment-425378941) - # future releases will be 11.0.1, for example - downloadVersion="${downloadVersion%%+*}" - fi echo "$downloadVersion" } @@ -145,123 +94,59 @@ sed_s_pre() { for version in "${versions[@]}"; do export version doc='{}' - if [ "$version" -le 11 ]; then - githubUrl="$(adopt-github-url "$version")" - sourcesUrl="$(adopt-sources-url "$githubUrl")" - javaUrlBaseBase="${sourcesUrl%%-sources_*}-" - javaUrlVersion="${sourcesUrl#${javaUrlBaseBase}sources_}" - javaUrlVersion="${javaUrlVersion%.tar.gz}" - - adoptVersion="$(adopt-version "$githubUrl")" - echo "$version: $adoptVersion" - export adoptVersion - doc="$(jq <<<"$doc" -c ' - .version = env.adoptVersion - | .source = "adopt" - ')" - - possibleArches=( - # https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases - # https://github.com/AdoptOpenJDK/openjdk11-upstream-binaries/releases - 'aarch64_linux' - 'x64_linux' - 'x64_windows' - ) - - for javaType in jdk jre; do - export javaType - javaUrlBase="${javaUrlBaseBase}${javaType}_" # "jre_", "jdk_", etc - for arch in "${possibleArches[@]}"; do - downloadUrl="${javaUrlBase}${arch}_${javaUrlVersion}" - case "$arch" in - *_linux) downloadUrl+='.tar.gz'; bashbrewArch= ;; - *_windows) downloadUrl+='.zip'; bashbrewArch='windows-' ;; - *) echo >&2 "error: unknown Adopt Upstream arch: '$arch'"; exit 1 ;; - esac - downloadFile="$(basename "$downloadUrl")" - if _get "$githubUrl" -qF "$downloadFile"; then - case "$arch" in - aarch64_*) bashbrewArch+='arm64v8' ;; - x64_*) bashbrewArch+='amd64' ;; - *) echo >&2 "error: unknown Adopt Upstream arch: '$arch'"; exit 1 ;; - esac - export bashbrewArch downloadUrl - doc="$(jq <<<"$doc" -c ' - .[env.javaType].arches[env.bashbrewArch] = { - url: env.downloadUrl, - } - ')" - fi - done - done - else - doc="$(jq <<<"$doc" -c ' - .source = "oracle" - ')" - possibleArches=( - # https://jdk.java.net/18/ - # https://jdk.java.net/19/ - 'linux-aarch64' - 'linux-x64' - 'linux-x64-musl' - 'windows-x64' - ) - for arch in "${possibleArches[@]}"; do - downloadSuffix="_${arch}_bin" + possibleArches=( + # https://jdk.java.net/18/ + # https://jdk.java.net/19/ + 'linux-aarch64' + 'linux-x64' + 'linux-x64-musl' + 'windows-x64' + ) + for arch in "${possibleArches[@]}"; do + downloadSuffix="_${arch}_bin" + case "$arch" in + linux-*) downloadSuffix+='.tar.gz'; bashbrewArch= ;; + windows-*) downloadSuffix+='.zip'; bashbrewArch='windows-' ;; + *) echo >&2 "error: unknown Oracle arch: '$arch'"; exit 1 ;; + esac + jqExprPrefix= + if [[ "$arch" == *-musl ]]; then + jqExprPrefix='.alpine' + fi + if downloadUrl="$(jdk-java-net-download-url "$version" "$downloadSuffix")" \ + && [ -n "$downloadUrl" ] \ + && downloadSha256="$(_get "$downloadUrl.sha256")" \ + && [ -n "$downloadSha256" ] \ + ; then + downloadVersion="$(jdk-java-net-download-version "$version" "$downloadUrl")" + currentVersion="$(jq <<<"$doc" -r "$jqExprPrefix.version // \"\"")" + if [ -n "$currentVersion" ] && [ "$currentVersion" != "$downloadVersion" ]; then + echo >&2 "error: Oracle version mismatch: '$currentVersion' vs '$downloadVersion'" + exit 1 + elif [ -z "$currentVersion" ]; then + echo "$version: $downloadVersion${jqExprPrefix:+ (alpine)}" + fi case "$arch" in - linux-*) downloadSuffix+='.tar.gz'; bashbrewArch= ;; - windows-*) downloadSuffix+='.zip'; bashbrewArch='windows-' ;; + *-aarch64*) bashbrewArch+='arm64v8' ;; + *-x64*) bashbrewArch+='amd64' ;; *) echo >&2 "error: unknown Oracle arch: '$arch'"; exit 1 ;; esac - jqExprPrefix= - if [[ "$arch" == *-musl ]]; then - jqExprPrefix='.alpine' - fi - if downloadUrl="$(jdk-java-net-download-url "$version" "$downloadSuffix")" \ - && [ -n "$downloadUrl" ] \ - && downloadSha256="$(_get "$downloadUrl.sha256")" \ - && [ -n "$downloadSha256" ] \ - ; then - downloadVersion="$(jdk-java-net-download-version "$version" "$downloadUrl")" - currentVersion="$(jq <<<"$doc" -r "$jqExprPrefix.version // \"\"")" - if [ -n "$currentVersion" ] && [ "$currentVersion" != "$downloadVersion" ]; then - echo >&2 "error: Oracle version mismatch: '$currentVersion' vs '$downloadVersion'" - exit 1 - elif [ -z "$currentVersion" ]; then - echo "$version: $downloadVersion${jqExprPrefix:+ (alpine)}" - fi - case "$arch" in - *-aarch64*) bashbrewArch+='arm64v8' ;; - *-x64*) bashbrewArch+='amd64' ;; - *) echo >&2 "error: unknown Oracle arch: '$arch'"; exit 1 ;; - esac - export arch bashbrewArch downloadUrl downloadSha256 downloadVersion - doc="$(jq <<<"$doc" -c ' - '"$jqExprPrefix"'.version = env.downloadVersion - | '"$jqExprPrefix"'.jdk.arches[env.bashbrewArch] = { - url: env.downloadUrl, - sha256: env.downloadSha256, - } - ')" - fi - done - fi + export arch bashbrewArch downloadUrl downloadSha256 downloadVersion + doc="$(jq <<<"$doc" -c ' + '"$jqExprPrefix"'.version = env.downloadVersion + | '"$jqExprPrefix"'.jdk.arches[env.bashbrewArch] = { + url: env.downloadUrl, + sha256: env.downloadSha256, + } + ')" + fi + done if ! jq <<<"$doc" -e '[ .. | objects | select(has("arches")) | .arches | has("amd64") ] | all' &> /dev/null; then echo >&2 "error: missing 'amd64' for '$version'; cowardly refusing to continue! (because this is almost always a scraping flake or similar bug)" exit 1 fi - if [ "$version" = '11' ]; then - for arch in arm64v8 windows-amd64; do - export arch - if ! jq <<<"$doc" -e '[ .. | objects | select(has("arches")) | .arches | has(env.arch) ] | all' &> /dev/null; then - echo >&2 "error: missing '$arch' for '$version'; cowardly refusing to continue! (because this is almost always a scraping flake or similar bug)" - exit 1 - fi - done - fi - json="$(jq <<<"$json" -c --argjson doc "$doc" ' .[env.version] = $doc + { variants: [