[feat:8] 创建OpenJDK 8u242版本JRE及JDK镜像Dockerfile文件

2020-04-21 17:38:26 +08:00
parent 1b835b309a
commit 955ca55c84
6 changed files with 261 additions and 0 deletions
@@ -0,0 +1,87 @@
+FROM endial/ubuntu:v18.04
+
+ENV JAVA_VERSION 8u242
+ENV JAVA_URL_VERSION 8u242b08
+ENV JAVA_BASE_URL https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u242-b08/OpenJDK8U-jdk_
+
+LABEL \
+	"Version"="v8u242" \
+	"Description"="Docker images for openJDK 8u242 based on Ubuntu 18.04." \
+	"Dockerfile"="https://github.com/endial/docker-openjdk" \
+	"Vendor"="Endial Fang (endial@126.com)"
+
+# Default to UTF-8 file.encoding
+ENV LANG C.UTF-8
+
+ENV JAVA_HOME /usr/local/openjdk-8
+ENV PATH ${JAVA_HOME}/bin:${PATH}
+
+RUN set -eux; \
+	mkdir -p ${JAVA_HOME}; \
+	\
+# 设置程序使用静默安装，而非交互模式；类似tzdata等程序需要使用静默安装
+	export DEBIAN_FRONTEND=noninteractive; \
+	\
+# 更新源，并安装临时使用的软件包（使用完后可删除）
+	fetchDeps=" \
+		bzip2 \
+		unzip \
+		xz-utils \
+# 签名验证工具
+		dirmngr \
+		gnupg \
+		ca-certificates p11-kit \
+		fontconfig libfreetype6 \
+		wget \
+	"; \
+	apt update; \
+	apt install -y --no-install-recommends ${fetchDeps}; \
+	\
+	wget -O openjdk.tgz.asc "${JAVA_BASE_URL}x64_linux_${JAVA_URL_VERSION}.tar.gz.sign"; \
+	wget -O openjdk.tgz "${JAVA_BASE_URL}x64_linux_${JAVA_URL_VERSION}.tar.gz" --progress=dot:giga; \
+	\
+# 安装软件包需要使用的GPG证书
+	export GNUPGHOME="$(mktemp -d)"; \
+# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense?
+# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07
+	gpg --batch --keyserver ha.pool.sks-keyservers.net --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \
+# also verify that key was signed by Andrew Haley (the OpenJDK 8 and 11 Updates OpenJDK project lead)
+# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190)
+	gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \
+	gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \
+		| tee /dev/stderr \
+		| grep '0xA5CD6035332FA671' \
+		| grep 'Andrew Haley'; \
+	gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \
+	gpgconf --kill all; \
+	rm -rf "$GNUPGHOME"; \
+	\
+	tar --extract --file openjdk.tgz --strip-components 1 --no-same-owner --directory "$JAVA_HOME"; \
+	rm openjdk.tgz*; \
+	\
+# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store)
+	{ \
+		echo '#!/usr/bin/env bash'; \
+		echo 'set -Eeuo pipefail'; \
+		echo 'if ! [ -d "$JAVA_HOME" ]; then echo >&2 "error: missing JAVA_HOME environment variable"; exit 1; fi'; \
+# 8-jdk uses "$JAVA_HOME/jre/lib/security/cacerts" and 8-jre and 11+ uses "$JAVA_HOME/lib/security/cacerts" directly (no "jre" directory)
+		echo 'cacertsFile=; for f in "$JAVA_HOME/lib/security/cacerts" "$JAVA_HOME/jre/lib/security/cacerts"; do if [ -e "$f" ]; then cacertsFile="$f"; break; fi; done'; \
+		echo 'if [ -z "$cacertsFile" ] || ! [ -f "$cacertsFile" ]; then echo >&2 "error: failed to find cacerts file in $JAVA_HOME"; exit 1; fi'; \
+		echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$cacertsFile"'; \
+	} > /etc/ca-certificates/update.d/docker-openjdk; \
+	chmod +x /etc/ca-certificates/update.d/docker-openjdk; \
+	/etc/ca-certificates/update.d/docker-openjdk; \
+	\
+	find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \
+	ldconfig; \
+	\
+# 删除临时软件包，清理缓存
+	apt purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false ${fetchDeps}; \
+	apt autoclean -y; \
+	rm -rf /var/lib/apt/lists/*; \
+	\
+	javac -version; \
+	java -version;
+
+
+CMD []
@@ -0,0 +1,29 @@
+# 简介
+
+OpenJDK 1.8 (JDK 8u242) 版本基于的Ubuntu系统的Docker镜像。
+
+
+
+## 基本信息
+
+* 镜像地址：endial/openjdk:v8u242-jdk
+* 依赖镜像：endial/ubuntu:v18.04
+
+
+
+## 使用说明
+
+本镜像为基础JAVA环境镜像，主要用来为后续应用开发提供基础环境使用。
+
+基本验证命令：
+
+```shell
+docker run -it --rm endial/openjdk:v8u242-jre javac -version
+```
+
+
+
+----
+
+本文原始来源 [Endial Fang](https://github.com/endial) @ [Github.com](https://github.com)
+
@@ -0,0 +1,14 @@
+#!/bin/sh
+# docker entrypoint script
+
+echo "[i] Initial Container"
+
+# allow the container to be started with `--user` or `-u`
+# if [ "$1" = 'app-name' -a "$(id -u)" = '0' ]; then
+# 	echo "[i] Restart container with user: user-name"
+# 	echo ""
+# 	exec gosu user-name "$0" "$@"
+# fi
+
+echo "[i] Start Application"
+exec "$@"
@@ -0,0 +1,86 @@
+FROM endial/ubuntu:v18.04
+
+ENV JAVA_VERSION 8u242
+ENV JAVA_URL_VERSION 8u242b08
+ENV JAVA_BASE_URL https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u242-b08/OpenJDK8U-jre_
+
+LABEL \
+	"Version"="v8u242" \
+	"Description"="Docker images for openJDK 8u242 based on Ubuntu 18.04." \
+	"Dockerfile"="https://github.com/endial/docker-openjdk" \
+	"Vendor"="Endial Fang (endial@126.com)"
+
+# Default to UTF-8 file.encoding
+ENV LANG C.UTF-8
+
+ENV JAVA_HOME /usr/local/openjdk-8
+ENV PATH ${JAVA_HOME}/bin:${PATH}
+
+RUN set -eux; \
+	mkdir -p ${JAVA_HOME}; \
+	\
+# 设置程序使用静默安装，而非交互模式；类似tzdata等程序需要使用静默安装
+	export DEBIAN_FRONTEND=noninteractive; \
+	\
+# 更新源，并安装临时使用的软件包（使用完后可删除）
+	fetchDeps=" \
+		bzip2 \
+		unzip \
+		xz-utils \
+		ca-certificates p11-kit \
+# 签名验证工具
+		dirmngr \
+		gnupg \
+		fontconfig libfreetype6 \
+		wget \
+	"; \
+	apt update; \
+	apt install -y --no-install-recommends ${fetchDeps}; \
+	\
+	wget -O openjdk.tgz.asc "${JAVA_BASE_URL}x64_linux_${JAVA_URL_VERSION}.tar.gz.sign"; \
+	wget -O openjdk.tgz "${JAVA_BASE_URL}x64_linux_${JAVA_URL_VERSION}.tar.gz" --progress=dot:giga; \
+	\
+# 安装软件包需要使用的GPG证书
+	export GNUPGHOME="$(mktemp -d)"; \
+# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense?
+# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07
+	gpg --batch --keyserver ha.pool.sks-keyservers.net --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \
+# also verify that key was signed by Andrew Haley (the OpenJDK 8 and 11 Updates OpenJDK project lead)
+# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190)
+	gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \
+	gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \
+		| tee /dev/stderr \
+		| grep '0xA5CD6035332FA671' \
+		| grep 'Andrew Haley'; \
+	gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \
+	gpgconf --kill all; \
+	rm -rf "$GNUPGHOME"; \
+	\
+	tar --extract --file openjdk.tgz --strip-components 1 --no-same-owner --directory "$JAVA_HOME"; \
+	rm openjdk.tgz*; \
+	\
+# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store)
+	{ \
+		echo '#!/usr/bin/env bash'; \
+		echo 'set -Eeuo pipefail'; \
+		echo 'if ! [ -d "$JAVA_HOME" ]; then echo >&2 "error: missing JAVA_HOME environment variable"; exit 1; fi'; \
+# 8-jdk uses "$JAVA_HOME/jre/lib/security/cacerts" and 8-jre and 11+ uses "$JAVA_HOME/lib/security/cacerts" directly (no "jre" directory)
+		echo 'cacertsFile=; for f in "$JAVA_HOME/lib/security/cacerts" "$JAVA_HOME/jre/lib/security/cacerts"; do if [ -e "$f" ]; then cacertsFile="$f"; break; fi; done'; \
+		echo 'if [ -z "$cacertsFile" ] || ! [ -f "$cacertsFile" ]; then echo >&2 "error: failed to find cacerts file in $JAVA_HOME"; exit 1; fi'; \
+		echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$cacertsFile"'; \
+	} > /etc/ca-certificates/update.d/docker-openjdk; \
+	chmod +x /etc/ca-certificates/update.d/docker-openjdk; \
+	/etc/ca-certificates/update.d/docker-openjdk; \
+	\
+	find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \
+	ldconfig; \
+	\
+# 删除临时软件包，清理缓存
+	apt purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false ${fetchDeps}; \
+	apt autoclean -y; \
+	rm -rf /var/lib/apt/lists/*; \
+	\
+	java -version;
+
+
+CMD []
@@ -0,0 +1,31 @@
+# 简介
+
+OpenJDK 1.8 (JRE 8u242) 版本基于的Ubuntu系统的Docker镜像。
+
+
+
+## 基本信息
+
+* 镜像地址：endial/openjdk:v8u242-jre
+  * 依赖镜像：endial/ubuntu:v18.04
+
+
+
+## 使用说明
+
+本镜像为基础JAVA环境镜像，主要用来为后续应用开发提供基础环境使用。
+
+基本验证命令：
+
+```shell
+docker run -it --rm endial/openjdk:v8u242-jre java -version
+```
+
+
+
+
+
+----
+
+本文原始来源 [Endial Fang](https://github.com/endial) @ [Github.com](https://github.com)
+
@@ -0,0 +1,14 @@
+#!/bin/sh
+# docker entrypoint script
+
+echo "[i] Initial Container"
+
+# allow the container to be started with `--user` or `-u`
+# if [ "$1" = 'app-name' -a "$(id -u)" = '0' ]; then
+# 	echo "[i] Restart container with user: user-name"
+# 	echo ""
+# 	exec gosu user-name "$0" "$@"
+# fi
+
+echo "[i] Start Application"
+exec "$@"