87 lines
3.8 KiB
Docker
87 lines
3.8 KiB
Docker
FROM endial/ubuntu:v18.04
|
|
|
|
ENV JAVA_VERSION 8u242
|
|
ENV JAVA_URL_VERSION 8u242b08
|
|
ENV JAVA_BASE_URL https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u242-b08/OpenJDK8U-jre_
|
|
|
|
LABEL \
|
|
"Version"="v8u242" \
|
|
"Description"="Docker images for openJDK 8u242 based on Ubuntu 18.04." \
|
|
"Dockerfile"="https://github.com/endial/docker-openjdk" \
|
|
"Vendor"="Endial Fang (endial@126.com)"
|
|
|
|
# Default to UTF-8 file.encoding
|
|
ENV LANG C.UTF-8
|
|
|
|
ENV JAVA_HOME /usr/local/openjdk-8
|
|
ENV PATH ${JAVA_HOME}/bin:${PATH}
|
|
|
|
RUN set -eux; \
|
|
mkdir -p ${JAVA_HOME}; \
|
|
\
|
|
# 设置程序使用静默安装,而非交互模式;类似tzdata等程序需要使用静默安装
|
|
export DEBIAN_FRONTEND=noninteractive; \
|
|
\
|
|
# 更新源,并安装临时使用的软件包(使用完后可删除)
|
|
fetchDeps=" \
|
|
bzip2 \
|
|
unzip \
|
|
xz-utils \
|
|
ca-certificates p11-kit \
|
|
# 签名验证工具
|
|
dirmngr \
|
|
gnupg \
|
|
fontconfig libfreetype6 \
|
|
wget \
|
|
"; \
|
|
apt update; \
|
|
apt install -y --no-install-recommends ${fetchDeps}; \
|
|
\
|
|
wget -O openjdk.tgz.asc "${JAVA_BASE_URL}x64_linux_${JAVA_URL_VERSION}.tar.gz.sign"; \
|
|
wget -O openjdk.tgz "${JAVA_BASE_URL}x64_linux_${JAVA_URL_VERSION}.tar.gz" --progress=dot:giga; \
|
|
\
|
|
# 安装软件包需要使用的GPG证书
|
|
export GNUPGHOME="$(mktemp -d)"; \
|
|
# TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense?
|
|
# no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07
|
|
gpg --batch --keyserver ha.pool.sks-keyservers.net --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \
|
|
# also verify that key was signed by Andrew Haley (the OpenJDK 8 and 11 Updates OpenJDK project lead)
|
|
# (https://github.com/docker-library/openjdk/pull/322#discussion_r286839190)
|
|
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \
|
|
gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \
|
|
| tee /dev/stderr \
|
|
| grep '0xA5CD6035332FA671' \
|
|
| grep 'Andrew Haley'; \
|
|
gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \
|
|
gpgconf --kill all; \
|
|
rm -rf "$GNUPGHOME"; \
|
|
\
|
|
tar --extract --file openjdk.tgz --strip-components 1 --no-same-owner --directory "$JAVA_HOME"; \
|
|
rm openjdk.tgz*; \
|
|
\
|
|
# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store)
|
|
{ \
|
|
echo '#!/usr/bin/env bash'; \
|
|
echo 'set -Eeuo pipefail'; \
|
|
echo 'if ! [ -d "$JAVA_HOME" ]; then echo >&2 "error: missing JAVA_HOME environment variable"; exit 1; fi'; \
|
|
# 8-jdk uses "$JAVA_HOME/jre/lib/security/cacerts" and 8-jre and 11+ uses "$JAVA_HOME/lib/security/cacerts" directly (no "jre" directory)
|
|
echo 'cacertsFile=; for f in "$JAVA_HOME/lib/security/cacerts" "$JAVA_HOME/jre/lib/security/cacerts"; do if [ -e "$f" ]; then cacertsFile="$f"; break; fi; done'; \
|
|
echo 'if [ -z "$cacertsFile" ] || ! [ -f "$cacertsFile" ]; then echo >&2 "error: failed to find cacerts file in $JAVA_HOME"; exit 1; fi'; \
|
|
echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$cacertsFile"'; \
|
|
} > /etc/ca-certificates/update.d/docker-openjdk; \
|
|
chmod +x /etc/ca-certificates/update.d/docker-openjdk; \
|
|
/etc/ca-certificates/update.d/docker-openjdk; \
|
|
\
|
|
find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \
|
|
ldconfig; \
|
|
\
|
|
# 删除临时软件包,清理缓存
|
|
apt purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false ${fetchDeps}; \
|
|
apt autoclean -y; \
|
|
rm -rf /var/lib/apt/lists/*; \
|
|
\
|
|
java -version;
|
|
|
|
|
|
CMD []
|