From 3c338f5a61329f9058a115e1efc4d34c7de9ab52 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 16 Jun 2022 17:00:49 -0700 Subject: [PATCH] WIP Co-Authored-By: Mike L (Add temurin-ubi9-minimal) --- 10.1/jdk11/corretto-al2023/Dockerfile | 160 +++++++++++ 10.1/jdk11/corretto-alpine3.20/Dockerfile | 140 ++++++++++ 10.1/jdk11/corretto-alpine3.21/Dockerfile | 140 ++++++++++ 10.1/jdk11/corretto-alpine3.22/Dockerfile | 140 ++++++++++ 10.1/jdk11/corretto-alpine3.23/Dockerfile | 140 ++++++++++ 10.1/jdk11/sapmachine-jammy/Dockerfile | 154 +++++++++++ 10.1/jdk11/sapmachine-noble/Dockerfile | 154 +++++++++++ 10.1/jdk11/semeru-jammy/Dockerfile | 154 +++++++++++ 10.1/jdk11/semeru-noble/Dockerfile | 154 +++++++++++ 10.1/jdk11/temurin-alpine3.20/Dockerfile | 144 ++++++++++ 10.1/jdk11/temurin-alpine3.21/Dockerfile | 144 ++++++++++ 10.1/jdk11/temurin-alpine3.22/Dockerfile | 144 ++++++++++ 10.1/jdk11/temurin-alpine3.23/Dockerfile | 144 ++++++++++ 10.1/jdk11/temurin-jammy/Dockerfile | 18 +- 10.1/jdk11/temurin-noble/Dockerfile | 18 +- 10.1/jdk11/temurin-ubi10-minimal/Dockerfile | 167 +++++++++++ 10.1/jdk11/temurin-ubi9-minimal/Dockerfile | 167 +++++++++++ 10.1/jdk17/corretto-al2023/Dockerfile | 160 +++++++++++ 10.1/jdk17/corretto-alpine3.20/Dockerfile | 140 ++++++++++ 10.1/jdk17/corretto-alpine3.21/Dockerfile | 140 ++++++++++ 10.1/jdk17/corretto-alpine3.22/Dockerfile | 140 ++++++++++ 10.1/jdk17/corretto-alpine3.23/Dockerfile | 140 ++++++++++ 10.1/jdk17/sapmachine-jammy/Dockerfile | 154 +++++++++++ 10.1/jdk17/sapmachine-noble/Dockerfile | 154 +++++++++++ 10.1/jdk17/semeru-jammy/Dockerfile | 154 +++++++++++ 10.1/jdk17/semeru-noble/Dockerfile | 154 +++++++++++ 10.1/jdk17/temurin-alpine3.20/Dockerfile | 144 ++++++++++ 10.1/jdk17/temurin-alpine3.21/Dockerfile | 144 ++++++++++ 10.1/jdk17/temurin-alpine3.22/Dockerfile | 144 ++++++++++ 10.1/jdk17/temurin-alpine3.23/Dockerfile | 144 ++++++++++ 10.1/jdk17/temurin-jammy/Dockerfile | 18 +- 10.1/jdk17/temurin-noble/Dockerfile | 18 +- 10.1/jdk17/temurin-ubi10-minimal/Dockerfile | 167 +++++++++++ 10.1/jdk17/temurin-ubi9-minimal/Dockerfile | 167 +++++++++++ 10.1/jdk21/corretto-al2023/Dockerfile | 160 +++++++++++ 10.1/jdk21/corretto-alpine3.20/Dockerfile | 140 ++++++++++ 10.1/jdk21/corretto-alpine3.21/Dockerfile | 140 ++++++++++ 10.1/jdk21/corretto-alpine3.22/Dockerfile | 140 ++++++++++ 10.1/jdk21/corretto-alpine3.23/Dockerfile | 140 ++++++++++ 10.1/jdk21/sapmachine-jammy/Dockerfile | 154 +++++++++++ 10.1/jdk21/sapmachine-noble/Dockerfile | 154 +++++++++++ 10.1/jdk21/semeru-jammy/Dockerfile | 154 +++++++++++ 10.1/jdk21/semeru-noble/Dockerfile | 154 +++++++++++ 10.1/jdk21/temurin-alpine3.20/Dockerfile | 144 ++++++++++ 10.1/jdk21/temurin-alpine3.21/Dockerfile | 144 ++++++++++ 10.1/jdk21/temurin-alpine3.22/Dockerfile | 144 ++++++++++ 10.1/jdk21/temurin-alpine3.23/Dockerfile | 144 ++++++++++ 10.1/jdk21/temurin-jammy/Dockerfile | 18 +- 10.1/jdk21/temurin-noble/Dockerfile | 18 +- 10.1/jdk21/temurin-ubi10-minimal/Dockerfile | 167 +++++++++++ 10.1/jdk21/temurin-ubi9-minimal/Dockerfile | 167 +++++++++++ 10.1/jdk25/corretto-al2023/Dockerfile | 160 +++++++++++ 10.1/jdk25/corretto-alpine3.20/Dockerfile | 140 ++++++++++ 10.1/jdk25/corretto-alpine3.21/Dockerfile | 140 ++++++++++ 10.1/jdk25/corretto-alpine3.22/Dockerfile | 140 ++++++++++ 10.1/jdk25/corretto-alpine3.23/Dockerfile | 140 ++++++++++ 10.1/jdk25/sapmachine-jammy/Dockerfile | 154 +++++++++++ 10.1/jdk25/sapmachine-noble/Dockerfile | 154 +++++++++++ 10.1/jdk25/semeru-jammy/Dockerfile | 154 +++++++++++ 10.1/jdk25/semeru-noble/Dockerfile | 154 +++++++++++ 10.1/jdk25/temurin-alpine3.21/Dockerfile | 144 ++++++++++ 10.1/jdk25/temurin-alpine3.22/Dockerfile | 144 ++++++++++ 10.1/jdk25/temurin-alpine3.23/Dockerfile | 144 ++++++++++ 10.1/jdk25/temurin-jammy/Dockerfile | 18 +- 10.1/jdk25/temurin-noble/Dockerfile | 18 +- 10.1/jdk25/temurin-ubi10-minimal/Dockerfile | 167 +++++++++++ 10.1/jdk27/openjdk-bookworm/Dockerfile | 154 +++++++++++ 10.1/jdk27/openjdk-oraclelinux9/Dockerfile | 163 +++++++++++ 10.1/jdk27/openjdk-slim-bookworm/Dockerfile | 154 +++++++++++ 10.1/jdk27/openjdk-slim-trixie/Dockerfile | 154 +++++++++++ 10.1/jdk27/openjdk-trixie/Dockerfile | 154 +++++++++++ 10.1/jre11/semeru-jammy/Dockerfile | 39 +++ 10.1/jre11/semeru-noble/Dockerfile | 39 +++ 10.1/jre11/temurin-alpine3.20/Dockerfile | 42 +++ 10.1/jre11/temurin-alpine3.21/Dockerfile | 42 +++ 10.1/jre11/temurin-alpine3.22/Dockerfile | 42 +++ 10.1/jre11/temurin-alpine3.23/Dockerfile | 42 +++ 10.1/jre11/temurin-ubi10-minimal/Dockerfile | 45 +++ 10.1/jre11/temurin-ubi9-minimal/Dockerfile | 45 +++ 10.1/jre17/semeru-jammy/Dockerfile | 39 +++ 10.1/jre17/semeru-noble/Dockerfile | 39 +++ 10.1/jre17/temurin-alpine3.20/Dockerfile | 42 +++ 10.1/jre17/temurin-alpine3.21/Dockerfile | 42 +++ 10.1/jre17/temurin-alpine3.22/Dockerfile | 42 +++ 10.1/jre17/temurin-alpine3.23/Dockerfile | 42 +++ 10.1/jre17/temurin-ubi10-minimal/Dockerfile | 45 +++ 10.1/jre17/temurin-ubi9-minimal/Dockerfile | 45 +++ 10.1/jre21/semeru-jammy/Dockerfile | 39 +++ 10.1/jre21/semeru-noble/Dockerfile | 39 +++ 10.1/jre21/temurin-alpine3.20/Dockerfile | 42 +++ 10.1/jre21/temurin-alpine3.21/Dockerfile | 42 +++ 10.1/jre21/temurin-alpine3.22/Dockerfile | 42 +++ 10.1/jre21/temurin-alpine3.23/Dockerfile | 42 +++ 10.1/jre21/temurin-ubi10-minimal/Dockerfile | 45 +++ 10.1/jre21/temurin-ubi9-minimal/Dockerfile | 45 +++ 10.1/jre25/semeru-jammy/Dockerfile | 39 +++ 10.1/jre25/semeru-noble/Dockerfile | 39 +++ 10.1/jre25/temurin-alpine3.21/Dockerfile | 42 +++ 10.1/jre25/temurin-alpine3.22/Dockerfile | 42 +++ 10.1/jre25/temurin-alpine3.23/Dockerfile | 42 +++ 10.1/jre25/temurin-ubi10-minimal/Dockerfile | 45 +++ 11.0/jdk17/corretto-al2023/Dockerfile | 160 +++++++++++ 11.0/jdk17/corretto-alpine3.20/Dockerfile | 140 ++++++++++ 11.0/jdk17/corretto-alpine3.21/Dockerfile | 140 ++++++++++ 11.0/jdk17/corretto-alpine3.22/Dockerfile | 140 ++++++++++ 11.0/jdk17/corretto-alpine3.23/Dockerfile | 140 ++++++++++ 11.0/jdk17/sapmachine-jammy/Dockerfile | 154 +++++++++++ 11.0/jdk17/sapmachine-noble/Dockerfile | 154 +++++++++++ 11.0/jdk17/semeru-jammy/Dockerfile | 154 +++++++++++ 11.0/jdk17/semeru-noble/Dockerfile | 154 +++++++++++ 11.0/jdk17/temurin-alpine3.20/Dockerfile | 144 ++++++++++ 11.0/jdk17/temurin-alpine3.21/Dockerfile | 144 ++++++++++ 11.0/jdk17/temurin-alpine3.22/Dockerfile | 144 ++++++++++ 11.0/jdk17/temurin-alpine3.23/Dockerfile | 144 ++++++++++ 11.0/jdk17/temurin-jammy/Dockerfile | 18 +- 11.0/jdk17/temurin-noble/Dockerfile | 18 +- 11.0/jdk17/temurin-ubi10-minimal/Dockerfile | 167 +++++++++++ 11.0/jdk17/temurin-ubi9-minimal/Dockerfile | 167 +++++++++++ 11.0/jdk21/corretto-al2023/Dockerfile | 160 +++++++++++ 11.0/jdk21/corretto-alpine3.20/Dockerfile | 140 ++++++++++ 11.0/jdk21/corretto-alpine3.21/Dockerfile | 140 ++++++++++ 11.0/jdk21/corretto-alpine3.22/Dockerfile | 140 ++++++++++ 11.0/jdk21/corretto-alpine3.23/Dockerfile | 140 ++++++++++ 11.0/jdk21/sapmachine-jammy/Dockerfile | 154 +++++++++++ 11.0/jdk21/sapmachine-noble/Dockerfile | 154 +++++++++++ 11.0/jdk21/semeru-jammy/Dockerfile | 154 +++++++++++ 11.0/jdk21/semeru-noble/Dockerfile | 154 +++++++++++ 11.0/jdk21/temurin-alpine3.20/Dockerfile | 144 ++++++++++ 11.0/jdk21/temurin-alpine3.21/Dockerfile | 144 ++++++++++ 11.0/jdk21/temurin-alpine3.22/Dockerfile | 144 ++++++++++ 11.0/jdk21/temurin-alpine3.23/Dockerfile | 144 ++++++++++ 11.0/jdk21/temurin-jammy/Dockerfile | 18 +- 11.0/jdk21/temurin-noble/Dockerfile | 18 +- 11.0/jdk21/temurin-ubi10-minimal/Dockerfile | 167 +++++++++++ 11.0/jdk21/temurin-ubi9-minimal/Dockerfile | 167 +++++++++++ 11.0/jdk25/corretto-al2023/Dockerfile | 160 +++++++++++ 11.0/jdk25/corretto-alpine3.20/Dockerfile | 140 ++++++++++ 11.0/jdk25/corretto-alpine3.21/Dockerfile | 140 ++++++++++ 11.0/jdk25/corretto-alpine3.22/Dockerfile | 140 ++++++++++ 11.0/jdk25/corretto-alpine3.23/Dockerfile | 140 ++++++++++ 11.0/jdk25/sapmachine-jammy/Dockerfile | 154 +++++++++++ 11.0/jdk25/sapmachine-noble/Dockerfile | 154 +++++++++++ 11.0/jdk25/semeru-jammy/Dockerfile | 154 +++++++++++ 11.0/jdk25/semeru-noble/Dockerfile | 154 +++++++++++ 11.0/jdk25/temurin-alpine3.21/Dockerfile | 144 ++++++++++ 11.0/jdk25/temurin-alpine3.22/Dockerfile | 144 ++++++++++ 11.0/jdk25/temurin-alpine3.23/Dockerfile | 144 ++++++++++ 11.0/jdk25/temurin-jammy/Dockerfile | 18 +- 11.0/jdk25/temurin-noble/Dockerfile | 18 +- 11.0/jdk25/temurin-ubi10-minimal/Dockerfile | 167 +++++++++++ 11.0/jdk27/openjdk-bookworm/Dockerfile | 154 +++++++++++ 11.0/jdk27/openjdk-oraclelinux9/Dockerfile | 163 +++++++++++ 11.0/jdk27/openjdk-slim-bookworm/Dockerfile | 154 +++++++++++ 11.0/jdk27/openjdk-slim-trixie/Dockerfile | 154 +++++++++++ 11.0/jdk27/openjdk-trixie/Dockerfile | 154 +++++++++++ 11.0/jre17/semeru-jammy/Dockerfile | 39 +++ 11.0/jre17/semeru-noble/Dockerfile | 39 +++ 11.0/jre17/temurin-alpine3.20/Dockerfile | 42 +++ 11.0/jre17/temurin-alpine3.21/Dockerfile | 42 +++ 11.0/jre17/temurin-alpine3.22/Dockerfile | 42 +++ 11.0/jre17/temurin-alpine3.23/Dockerfile | 42 +++ 11.0/jre17/temurin-ubi10-minimal/Dockerfile | 45 +++ 11.0/jre17/temurin-ubi9-minimal/Dockerfile | 45 +++ 11.0/jre21/semeru-jammy/Dockerfile | 39 +++ 11.0/jre21/semeru-noble/Dockerfile | 39 +++ 11.0/jre21/temurin-alpine3.20/Dockerfile | 42 +++ 11.0/jre21/temurin-alpine3.21/Dockerfile | 42 +++ 11.0/jre21/temurin-alpine3.22/Dockerfile | 42 +++ 11.0/jre21/temurin-alpine3.23/Dockerfile | 42 +++ 11.0/jre21/temurin-ubi10-minimal/Dockerfile | 45 +++ 11.0/jre21/temurin-ubi9-minimal/Dockerfile | 45 +++ 11.0/jre25/semeru-jammy/Dockerfile | 39 +++ 11.0/jre25/semeru-noble/Dockerfile | 39 +++ 11.0/jre25/temurin-alpine3.21/Dockerfile | 42 +++ 11.0/jre25/temurin-alpine3.22/Dockerfile | 42 +++ 11.0/jre25/temurin-alpine3.23/Dockerfile | 42 +++ 11.0/jre25/temurin-ubi10-minimal/Dockerfile | 45 +++ 9.0/jdk11/corretto-al2/Dockerfile | 27 +- 9.0/jdk11/corretto-al2023/Dockerfile | 162 +++++++++++ 9.0/jdk11/corretto-alpine3.20/Dockerfile | 142 ++++++++++ 9.0/jdk11/corretto-alpine3.21/Dockerfile | 142 ++++++++++ 9.0/jdk11/corretto-alpine3.22/Dockerfile | 142 ++++++++++ 9.0/jdk11/corretto-alpine3.23/Dockerfile | 142 ++++++++++ 9.0/jdk11/sapmachine-jammy/Dockerfile | 156 +++++++++++ 9.0/jdk11/sapmachine-noble/Dockerfile | 156 +++++++++++ 9.0/jdk11/semeru-jammy/Dockerfile | 156 +++++++++++ 9.0/jdk11/semeru-noble/Dockerfile | 156 +++++++++++ 9.0/jdk11/temurin-alpine3.20/Dockerfile | 146 ++++++++++ 9.0/jdk11/temurin-alpine3.21/Dockerfile | 146 ++++++++++ 9.0/jdk11/temurin-alpine3.22/Dockerfile | 146 ++++++++++ 9.0/jdk11/temurin-alpine3.23/Dockerfile | 146 ++++++++++ 9.0/jdk11/temurin-jammy/Dockerfile | 18 +- 9.0/jdk11/temurin-noble/Dockerfile | 18 +- 9.0/jdk11/temurin-ubi10-minimal/Dockerfile | 169 ++++++++++++ 9.0/jdk11/temurin-ubi9-minimal/Dockerfile | 169 ++++++++++++ 9.0/jdk17/corretto-al2/Dockerfile | 27 +- 9.0/jdk17/corretto-al2023/Dockerfile | 162 +++++++++++ 9.0/jdk17/corretto-alpine3.20/Dockerfile | 142 ++++++++++ 9.0/jdk17/corretto-alpine3.21/Dockerfile | 142 ++++++++++ 9.0/jdk17/corretto-alpine3.22/Dockerfile | 142 ++++++++++ 9.0/jdk17/corretto-alpine3.23/Dockerfile | 142 ++++++++++ 9.0/jdk17/sapmachine-jammy/Dockerfile | 156 +++++++++++ 9.0/jdk17/sapmachine-noble/Dockerfile | 156 +++++++++++ 9.0/jdk17/semeru-jammy/Dockerfile | 156 +++++++++++ 9.0/jdk17/semeru-noble/Dockerfile | 156 +++++++++++ 9.0/jdk17/temurin-alpine3.20/Dockerfile | 146 ++++++++++ 9.0/jdk17/temurin-alpine3.21/Dockerfile | 146 ++++++++++ 9.0/jdk17/temurin-alpine3.22/Dockerfile | 146 ++++++++++ 9.0/jdk17/temurin-alpine3.23/Dockerfile | 146 ++++++++++ 9.0/jdk17/temurin-jammy/Dockerfile | 18 +- 9.0/jdk17/temurin-noble/Dockerfile | 18 +- 9.0/jdk17/temurin-ubi10-minimal/Dockerfile | 169 ++++++++++++ 9.0/jdk17/temurin-ubi9-minimal/Dockerfile | 169 ++++++++++++ 9.0/jdk21/corretto-al2/Dockerfile | 27 +- 9.0/jdk21/corretto-al2023/Dockerfile | 162 +++++++++++ 9.0/jdk21/corretto-alpine3.20/Dockerfile | 142 ++++++++++ 9.0/jdk21/corretto-alpine3.21/Dockerfile | 142 ++++++++++ 9.0/jdk21/corretto-alpine3.22/Dockerfile | 142 ++++++++++ 9.0/jdk21/corretto-alpine3.23/Dockerfile | 142 ++++++++++ 9.0/jdk21/sapmachine-jammy/Dockerfile | 156 +++++++++++ 9.0/jdk21/sapmachine-noble/Dockerfile | 156 +++++++++++ 9.0/jdk21/semeru-jammy/Dockerfile | 156 +++++++++++ 9.0/jdk21/semeru-noble/Dockerfile | 156 +++++++++++ 9.0/jdk21/temurin-alpine3.20/Dockerfile | 146 ++++++++++ 9.0/jdk21/temurin-alpine3.21/Dockerfile | 146 ++++++++++ 9.0/jdk21/temurin-alpine3.22/Dockerfile | 146 ++++++++++ 9.0/jdk21/temurin-alpine3.23/Dockerfile | 146 ++++++++++ 9.0/jdk21/temurin-jammy/Dockerfile | 18 +- 9.0/jdk21/temurin-noble/Dockerfile | 18 +- 9.0/jdk21/temurin-ubi10-minimal/Dockerfile | 169 ++++++++++++ 9.0/jdk21/temurin-ubi9-minimal/Dockerfile | 169 ++++++++++++ 9.0/jdk25/corretto-al2023/Dockerfile | 162 +++++++++++ 9.0/jdk25/corretto-alpine3.20/Dockerfile | 142 ++++++++++ 9.0/jdk25/corretto-alpine3.21/Dockerfile | 142 ++++++++++ 9.0/jdk25/corretto-alpine3.22/Dockerfile | 142 ++++++++++ 9.0/jdk25/corretto-alpine3.23/Dockerfile | 142 ++++++++++ 9.0/jdk25/sapmachine-jammy/Dockerfile | 156 +++++++++++ 9.0/jdk25/sapmachine-noble/Dockerfile | 156 +++++++++++ 9.0/jdk25/semeru-jammy/Dockerfile | 156 +++++++++++ 9.0/jdk25/semeru-noble/Dockerfile | 156 +++++++++++ 9.0/jdk25/temurin-alpine3.21/Dockerfile | 146 ++++++++++ 9.0/jdk25/temurin-alpine3.22/Dockerfile | 146 ++++++++++ 9.0/jdk25/temurin-alpine3.23/Dockerfile | 146 ++++++++++ 9.0/jdk25/temurin-jammy/Dockerfile | 18 +- 9.0/jdk25/temurin-noble/Dockerfile | 18 +- 9.0/jdk25/temurin-ubi10-minimal/Dockerfile | 169 ++++++++++++ 9.0/jdk27/openjdk-bookworm/Dockerfile | 156 +++++++++++ 9.0/jdk27/openjdk-oraclelinux8/Dockerfile | 165 +++++++++++ 9.0/jdk27/openjdk-oraclelinux9/Dockerfile | 165 +++++++++++ 9.0/jdk27/openjdk-slim-bookworm/Dockerfile | 156 +++++++++++ 9.0/jdk27/openjdk-slim-trixie/Dockerfile | 156 +++++++++++ 9.0/jdk27/openjdk-trixie/Dockerfile | 156 +++++++++++ 9.0/jdk8/corretto-al2/Dockerfile | 27 +- 9.0/jdk8/corretto-al2023/Dockerfile | 162 +++++++++++ 9.0/jdk8/corretto-alpine3.20/Dockerfile | 142 ++++++++++ 9.0/jdk8/corretto-alpine3.21/Dockerfile | 142 ++++++++++ 9.0/jdk8/corretto-alpine3.22/Dockerfile | 142 ++++++++++ 9.0/jdk8/corretto-alpine3.23/Dockerfile | 142 ++++++++++ 9.0/jdk8/semeru-jammy/Dockerfile | 156 +++++++++++ 9.0/jdk8/semeru-noble/Dockerfile | 156 +++++++++++ 9.0/jdk8/temurin-alpine3.20/Dockerfile | 146 ++++++++++ 9.0/jdk8/temurin-alpine3.21/Dockerfile | 146 ++++++++++ 9.0/jdk8/temurin-alpine3.22/Dockerfile | 146 ++++++++++ 9.0/jdk8/temurin-alpine3.23/Dockerfile | 146 ++++++++++ 9.0/jdk8/temurin-jammy/Dockerfile | 18 +- 9.0/jdk8/temurin-noble/Dockerfile | 18 +- 9.0/jdk8/temurin-ubi10-minimal/Dockerfile | 169 ++++++++++++ 9.0/jdk8/temurin-ubi9-minimal/Dockerfile | 169 ++++++++++++ 9.0/jre11/semeru-jammy/Dockerfile | 39 +++ 9.0/jre11/semeru-noble/Dockerfile | 39 +++ 9.0/jre11/temurin-alpine3.20/Dockerfile | 42 +++ 9.0/jre11/temurin-alpine3.21/Dockerfile | 42 +++ 9.0/jre11/temurin-alpine3.22/Dockerfile | 42 +++ 9.0/jre11/temurin-alpine3.23/Dockerfile | 42 +++ 9.0/jre11/temurin-ubi10-minimal/Dockerfile | 45 +++ 9.0/jre11/temurin-ubi9-minimal/Dockerfile | 45 +++ 9.0/jre17/semeru-jammy/Dockerfile | 39 +++ 9.0/jre17/semeru-noble/Dockerfile | 39 +++ 9.0/jre17/temurin-alpine3.20/Dockerfile | 42 +++ 9.0/jre17/temurin-alpine3.21/Dockerfile | 42 +++ 9.0/jre17/temurin-alpine3.22/Dockerfile | 42 +++ 9.0/jre17/temurin-alpine3.23/Dockerfile | 42 +++ 9.0/jre17/temurin-ubi10-minimal/Dockerfile | 45 +++ 9.0/jre17/temurin-ubi9-minimal/Dockerfile | 45 +++ 9.0/jre21/semeru-jammy/Dockerfile | 39 +++ 9.0/jre21/semeru-noble/Dockerfile | 39 +++ 9.0/jre21/temurin-alpine3.20/Dockerfile | 42 +++ 9.0/jre21/temurin-alpine3.21/Dockerfile | 42 +++ 9.0/jre21/temurin-alpine3.22/Dockerfile | 42 +++ 9.0/jre21/temurin-alpine3.23/Dockerfile | 42 +++ 9.0/jre21/temurin-ubi10-minimal/Dockerfile | 45 +++ 9.0/jre21/temurin-ubi9-minimal/Dockerfile | 45 +++ 9.0/jre25/semeru-jammy/Dockerfile | 39 +++ 9.0/jre25/semeru-noble/Dockerfile | 39 +++ 9.0/jre25/temurin-alpine3.21/Dockerfile | 42 +++ 9.0/jre25/temurin-alpine3.22/Dockerfile | 42 +++ 9.0/jre25/temurin-alpine3.23/Dockerfile | 42 +++ 9.0/jre25/temurin-ubi10-minimal/Dockerfile | 45 +++ 9.0/jre8/corretto-al2023/Dockerfile | 41 +++ 9.0/jre8/corretto-alpine3.20/Dockerfile | 38 +++ 9.0/jre8/corretto-alpine3.21/Dockerfile | 38 +++ 9.0/jre8/corretto-alpine3.22/Dockerfile | 38 +++ 9.0/jre8/corretto-alpine3.23/Dockerfile | 38 +++ 9.0/jre8/semeru-jammy/Dockerfile | 39 +++ 9.0/jre8/semeru-noble/Dockerfile | 39 +++ 9.0/jre8/temurin-alpine3.20/Dockerfile | 42 +++ 9.0/jre8/temurin-alpine3.21/Dockerfile | 42 +++ 9.0/jre8/temurin-alpine3.22/Dockerfile | 42 +++ 9.0/jre8/temurin-alpine3.23/Dockerfile | 42 +++ 9.0/jre8/temurin-ubi10-minimal/Dockerfile | 45 +++ 9.0/jre8/temurin-ubi9-minimal/Dockerfile | 45 +++ Dockerfile.template | 123 +++++++-- from.jq | 12 +- generate-stackbrew-library.sh | 8 +- shared.jq | 24 +- versions.json | 289 +++++++++++++++++++- versions.sh | 20 +- 317 files changed, 33037 insertions(+), 308 deletions(-) create mode 100644 10.1/jdk11/corretto-al2023/Dockerfile create mode 100644 10.1/jdk11/corretto-alpine3.20/Dockerfile create mode 100644 10.1/jdk11/corretto-alpine3.21/Dockerfile create mode 100644 10.1/jdk11/corretto-alpine3.22/Dockerfile create mode 100644 10.1/jdk11/corretto-alpine3.23/Dockerfile create mode 100644 10.1/jdk11/sapmachine-jammy/Dockerfile create mode 100644 10.1/jdk11/sapmachine-noble/Dockerfile create mode 100644 10.1/jdk11/semeru-jammy/Dockerfile create mode 100644 10.1/jdk11/semeru-noble/Dockerfile create mode 100644 10.1/jdk11/temurin-alpine3.20/Dockerfile create mode 100644 10.1/jdk11/temurin-alpine3.21/Dockerfile create mode 100644 10.1/jdk11/temurin-alpine3.22/Dockerfile create mode 100644 10.1/jdk11/temurin-alpine3.23/Dockerfile create mode 100644 10.1/jdk11/temurin-ubi10-minimal/Dockerfile create mode 100644 10.1/jdk11/temurin-ubi9-minimal/Dockerfile create mode 100644 10.1/jdk17/corretto-al2023/Dockerfile create mode 100644 10.1/jdk17/corretto-alpine3.20/Dockerfile create mode 100644 10.1/jdk17/corretto-alpine3.21/Dockerfile create mode 100644 10.1/jdk17/corretto-alpine3.22/Dockerfile create mode 100644 10.1/jdk17/corretto-alpine3.23/Dockerfile create mode 100644 10.1/jdk17/sapmachine-jammy/Dockerfile create mode 100644 10.1/jdk17/sapmachine-noble/Dockerfile create mode 100644 10.1/jdk17/semeru-jammy/Dockerfile create mode 100644 10.1/jdk17/semeru-noble/Dockerfile create mode 100644 10.1/jdk17/temurin-alpine3.20/Dockerfile create mode 100644 10.1/jdk17/temurin-alpine3.21/Dockerfile create mode 100644 10.1/jdk17/temurin-alpine3.22/Dockerfile create mode 100644 10.1/jdk17/temurin-alpine3.23/Dockerfile create mode 100644 10.1/jdk17/temurin-ubi10-minimal/Dockerfile create mode 100644 10.1/jdk17/temurin-ubi9-minimal/Dockerfile create mode 100644 10.1/jdk21/corretto-al2023/Dockerfile create mode 100644 10.1/jdk21/corretto-alpine3.20/Dockerfile create mode 100644 10.1/jdk21/corretto-alpine3.21/Dockerfile create mode 100644 10.1/jdk21/corretto-alpine3.22/Dockerfile create mode 100644 10.1/jdk21/corretto-alpine3.23/Dockerfile create mode 100644 10.1/jdk21/sapmachine-jammy/Dockerfile create mode 100644 10.1/jdk21/sapmachine-noble/Dockerfile create mode 100644 10.1/jdk21/semeru-jammy/Dockerfile create mode 100644 10.1/jdk21/semeru-noble/Dockerfile create mode 100644 10.1/jdk21/temurin-alpine3.20/Dockerfile create mode 100644 10.1/jdk21/temurin-alpine3.21/Dockerfile create mode 100644 10.1/jdk21/temurin-alpine3.22/Dockerfile create mode 100644 10.1/jdk21/temurin-alpine3.23/Dockerfile create mode 100644 10.1/jdk21/temurin-ubi10-minimal/Dockerfile create mode 100644 10.1/jdk21/temurin-ubi9-minimal/Dockerfile create mode 100644 10.1/jdk25/corretto-al2023/Dockerfile create mode 100644 10.1/jdk25/corretto-alpine3.20/Dockerfile create mode 100644 10.1/jdk25/corretto-alpine3.21/Dockerfile create mode 100644 10.1/jdk25/corretto-alpine3.22/Dockerfile create mode 100644 10.1/jdk25/corretto-alpine3.23/Dockerfile create mode 100644 10.1/jdk25/sapmachine-jammy/Dockerfile create mode 100644 10.1/jdk25/sapmachine-noble/Dockerfile create mode 100644 10.1/jdk25/semeru-jammy/Dockerfile create mode 100644 10.1/jdk25/semeru-noble/Dockerfile create mode 100644 10.1/jdk25/temurin-alpine3.21/Dockerfile create mode 100644 10.1/jdk25/temurin-alpine3.22/Dockerfile create mode 100644 10.1/jdk25/temurin-alpine3.23/Dockerfile create mode 100644 10.1/jdk25/temurin-ubi10-minimal/Dockerfile create mode 100644 10.1/jdk27/openjdk-bookworm/Dockerfile create mode 100644 10.1/jdk27/openjdk-oraclelinux9/Dockerfile create mode 100644 10.1/jdk27/openjdk-slim-bookworm/Dockerfile create mode 100644 10.1/jdk27/openjdk-slim-trixie/Dockerfile create mode 100644 10.1/jdk27/openjdk-trixie/Dockerfile create mode 100644 10.1/jre11/semeru-jammy/Dockerfile create mode 100644 10.1/jre11/semeru-noble/Dockerfile create mode 100644 10.1/jre11/temurin-alpine3.20/Dockerfile create mode 100644 10.1/jre11/temurin-alpine3.21/Dockerfile create mode 100644 10.1/jre11/temurin-alpine3.22/Dockerfile create mode 100644 10.1/jre11/temurin-alpine3.23/Dockerfile create mode 100644 10.1/jre11/temurin-ubi10-minimal/Dockerfile create mode 100644 10.1/jre11/temurin-ubi9-minimal/Dockerfile create mode 100644 10.1/jre17/semeru-jammy/Dockerfile create mode 100644 10.1/jre17/semeru-noble/Dockerfile create mode 100644 10.1/jre17/temurin-alpine3.20/Dockerfile create mode 100644 10.1/jre17/temurin-alpine3.21/Dockerfile create mode 100644 10.1/jre17/temurin-alpine3.22/Dockerfile create mode 100644 10.1/jre17/temurin-alpine3.23/Dockerfile create mode 100644 10.1/jre17/temurin-ubi10-minimal/Dockerfile create mode 100644 10.1/jre17/temurin-ubi9-minimal/Dockerfile create mode 100644 10.1/jre21/semeru-jammy/Dockerfile create mode 100644 10.1/jre21/semeru-noble/Dockerfile create mode 100644 10.1/jre21/temurin-alpine3.20/Dockerfile create mode 100644 10.1/jre21/temurin-alpine3.21/Dockerfile create mode 100644 10.1/jre21/temurin-alpine3.22/Dockerfile create mode 100644 10.1/jre21/temurin-alpine3.23/Dockerfile create mode 100644 10.1/jre21/temurin-ubi10-minimal/Dockerfile create mode 100644 10.1/jre21/temurin-ubi9-minimal/Dockerfile create mode 100644 10.1/jre25/semeru-jammy/Dockerfile create mode 100644 10.1/jre25/semeru-noble/Dockerfile create mode 100644 10.1/jre25/temurin-alpine3.21/Dockerfile create mode 100644 10.1/jre25/temurin-alpine3.22/Dockerfile create mode 100644 10.1/jre25/temurin-alpine3.23/Dockerfile create mode 100644 10.1/jre25/temurin-ubi10-minimal/Dockerfile create mode 100644 11.0/jdk17/corretto-al2023/Dockerfile create mode 100644 11.0/jdk17/corretto-alpine3.20/Dockerfile create mode 100644 11.0/jdk17/corretto-alpine3.21/Dockerfile create mode 100644 11.0/jdk17/corretto-alpine3.22/Dockerfile create mode 100644 11.0/jdk17/corretto-alpine3.23/Dockerfile create mode 100644 11.0/jdk17/sapmachine-jammy/Dockerfile create mode 100644 11.0/jdk17/sapmachine-noble/Dockerfile create mode 100644 11.0/jdk17/semeru-jammy/Dockerfile create mode 100644 11.0/jdk17/semeru-noble/Dockerfile create mode 100644 11.0/jdk17/temurin-alpine3.20/Dockerfile create mode 100644 11.0/jdk17/temurin-alpine3.21/Dockerfile create mode 100644 11.0/jdk17/temurin-alpine3.22/Dockerfile create mode 100644 11.0/jdk17/temurin-alpine3.23/Dockerfile create mode 100644 11.0/jdk17/temurin-ubi10-minimal/Dockerfile create mode 100644 11.0/jdk17/temurin-ubi9-minimal/Dockerfile create mode 100644 11.0/jdk21/corretto-al2023/Dockerfile create mode 100644 11.0/jdk21/corretto-alpine3.20/Dockerfile create mode 100644 11.0/jdk21/corretto-alpine3.21/Dockerfile create mode 100644 11.0/jdk21/corretto-alpine3.22/Dockerfile create mode 100644 11.0/jdk21/corretto-alpine3.23/Dockerfile create mode 100644 11.0/jdk21/sapmachine-jammy/Dockerfile create mode 100644 11.0/jdk21/sapmachine-noble/Dockerfile create mode 100644 11.0/jdk21/semeru-jammy/Dockerfile create mode 100644 11.0/jdk21/semeru-noble/Dockerfile create mode 100644 11.0/jdk21/temurin-alpine3.20/Dockerfile create mode 100644 11.0/jdk21/temurin-alpine3.21/Dockerfile create mode 100644 11.0/jdk21/temurin-alpine3.22/Dockerfile create mode 100644 11.0/jdk21/temurin-alpine3.23/Dockerfile create mode 100644 11.0/jdk21/temurin-ubi10-minimal/Dockerfile create mode 100644 11.0/jdk21/temurin-ubi9-minimal/Dockerfile create mode 100644 11.0/jdk25/corretto-al2023/Dockerfile create mode 100644 11.0/jdk25/corretto-alpine3.20/Dockerfile create mode 100644 11.0/jdk25/corretto-alpine3.21/Dockerfile create mode 100644 11.0/jdk25/corretto-alpine3.22/Dockerfile create mode 100644 11.0/jdk25/corretto-alpine3.23/Dockerfile create mode 100644 11.0/jdk25/sapmachine-jammy/Dockerfile create mode 100644 11.0/jdk25/sapmachine-noble/Dockerfile create mode 100644 11.0/jdk25/semeru-jammy/Dockerfile create mode 100644 11.0/jdk25/semeru-noble/Dockerfile create mode 100644 11.0/jdk25/temurin-alpine3.21/Dockerfile create mode 100644 11.0/jdk25/temurin-alpine3.22/Dockerfile create mode 100644 11.0/jdk25/temurin-alpine3.23/Dockerfile create mode 100644 11.0/jdk25/temurin-ubi10-minimal/Dockerfile create mode 100644 11.0/jdk27/openjdk-bookworm/Dockerfile create mode 100644 11.0/jdk27/openjdk-oraclelinux9/Dockerfile create mode 100644 11.0/jdk27/openjdk-slim-bookworm/Dockerfile create mode 100644 11.0/jdk27/openjdk-slim-trixie/Dockerfile create mode 100644 11.0/jdk27/openjdk-trixie/Dockerfile create mode 100644 11.0/jre17/semeru-jammy/Dockerfile create mode 100644 11.0/jre17/semeru-noble/Dockerfile create mode 100644 11.0/jre17/temurin-alpine3.20/Dockerfile create mode 100644 11.0/jre17/temurin-alpine3.21/Dockerfile create mode 100644 11.0/jre17/temurin-alpine3.22/Dockerfile create mode 100644 11.0/jre17/temurin-alpine3.23/Dockerfile create mode 100644 11.0/jre17/temurin-ubi10-minimal/Dockerfile create mode 100644 11.0/jre17/temurin-ubi9-minimal/Dockerfile create mode 100644 11.0/jre21/semeru-jammy/Dockerfile create mode 100644 11.0/jre21/semeru-noble/Dockerfile create mode 100644 11.0/jre21/temurin-alpine3.20/Dockerfile create mode 100644 11.0/jre21/temurin-alpine3.21/Dockerfile create mode 100644 11.0/jre21/temurin-alpine3.22/Dockerfile create mode 100644 11.0/jre21/temurin-alpine3.23/Dockerfile create mode 100644 11.0/jre21/temurin-ubi10-minimal/Dockerfile create mode 100644 11.0/jre21/temurin-ubi9-minimal/Dockerfile create mode 100644 11.0/jre25/semeru-jammy/Dockerfile create mode 100644 11.0/jre25/semeru-noble/Dockerfile create mode 100644 11.0/jre25/temurin-alpine3.21/Dockerfile create mode 100644 11.0/jre25/temurin-alpine3.22/Dockerfile create mode 100644 11.0/jre25/temurin-alpine3.23/Dockerfile create mode 100644 11.0/jre25/temurin-ubi10-minimal/Dockerfile create mode 100644 9.0/jdk11/corretto-al2023/Dockerfile create mode 100644 9.0/jdk11/corretto-alpine3.20/Dockerfile create mode 100644 9.0/jdk11/corretto-alpine3.21/Dockerfile create mode 100644 9.0/jdk11/corretto-alpine3.22/Dockerfile create mode 100644 9.0/jdk11/corretto-alpine3.23/Dockerfile create mode 100644 9.0/jdk11/sapmachine-jammy/Dockerfile create mode 100644 9.0/jdk11/sapmachine-noble/Dockerfile create mode 100644 9.0/jdk11/semeru-jammy/Dockerfile create mode 100644 9.0/jdk11/semeru-noble/Dockerfile create mode 100644 9.0/jdk11/temurin-alpine3.20/Dockerfile create mode 100644 9.0/jdk11/temurin-alpine3.21/Dockerfile create mode 100644 9.0/jdk11/temurin-alpine3.22/Dockerfile create mode 100644 9.0/jdk11/temurin-alpine3.23/Dockerfile create mode 100644 9.0/jdk11/temurin-ubi10-minimal/Dockerfile create mode 100644 9.0/jdk11/temurin-ubi9-minimal/Dockerfile create mode 100644 9.0/jdk17/corretto-al2023/Dockerfile create mode 100644 9.0/jdk17/corretto-alpine3.20/Dockerfile create mode 100644 9.0/jdk17/corretto-alpine3.21/Dockerfile create mode 100644 9.0/jdk17/corretto-alpine3.22/Dockerfile create mode 100644 9.0/jdk17/corretto-alpine3.23/Dockerfile create mode 100644 9.0/jdk17/sapmachine-jammy/Dockerfile create mode 100644 9.0/jdk17/sapmachine-noble/Dockerfile create mode 100644 9.0/jdk17/semeru-jammy/Dockerfile create mode 100644 9.0/jdk17/semeru-noble/Dockerfile create mode 100644 9.0/jdk17/temurin-alpine3.20/Dockerfile create mode 100644 9.0/jdk17/temurin-alpine3.21/Dockerfile create mode 100644 9.0/jdk17/temurin-alpine3.22/Dockerfile create mode 100644 9.0/jdk17/temurin-alpine3.23/Dockerfile create mode 100644 9.0/jdk17/temurin-ubi10-minimal/Dockerfile create mode 100644 9.0/jdk17/temurin-ubi9-minimal/Dockerfile create mode 100644 9.0/jdk21/corretto-al2023/Dockerfile create mode 100644 9.0/jdk21/corretto-alpine3.20/Dockerfile create mode 100644 9.0/jdk21/corretto-alpine3.21/Dockerfile create mode 100644 9.0/jdk21/corretto-alpine3.22/Dockerfile create mode 100644 9.0/jdk21/corretto-alpine3.23/Dockerfile create mode 100644 9.0/jdk21/sapmachine-jammy/Dockerfile create mode 100644 9.0/jdk21/sapmachine-noble/Dockerfile create mode 100644 9.0/jdk21/semeru-jammy/Dockerfile create mode 100644 9.0/jdk21/semeru-noble/Dockerfile create mode 100644 9.0/jdk21/temurin-alpine3.20/Dockerfile create mode 100644 9.0/jdk21/temurin-alpine3.21/Dockerfile create mode 100644 9.0/jdk21/temurin-alpine3.22/Dockerfile create mode 100644 9.0/jdk21/temurin-alpine3.23/Dockerfile create mode 100644 9.0/jdk21/temurin-ubi10-minimal/Dockerfile create mode 100644 9.0/jdk21/temurin-ubi9-minimal/Dockerfile create mode 100644 9.0/jdk25/corretto-al2023/Dockerfile create mode 100644 9.0/jdk25/corretto-alpine3.20/Dockerfile create mode 100644 9.0/jdk25/corretto-alpine3.21/Dockerfile create mode 100644 9.0/jdk25/corretto-alpine3.22/Dockerfile create mode 100644 9.0/jdk25/corretto-alpine3.23/Dockerfile create mode 100644 9.0/jdk25/sapmachine-jammy/Dockerfile create mode 100644 9.0/jdk25/sapmachine-noble/Dockerfile create mode 100644 9.0/jdk25/semeru-jammy/Dockerfile create mode 100644 9.0/jdk25/semeru-noble/Dockerfile create mode 100644 9.0/jdk25/temurin-alpine3.21/Dockerfile create mode 100644 9.0/jdk25/temurin-alpine3.22/Dockerfile create mode 100644 9.0/jdk25/temurin-alpine3.23/Dockerfile create mode 100644 9.0/jdk25/temurin-ubi10-minimal/Dockerfile create mode 100644 9.0/jdk27/openjdk-bookworm/Dockerfile create mode 100644 9.0/jdk27/openjdk-oraclelinux8/Dockerfile create mode 100644 9.0/jdk27/openjdk-oraclelinux9/Dockerfile create mode 100644 9.0/jdk27/openjdk-slim-bookworm/Dockerfile create mode 100644 9.0/jdk27/openjdk-slim-trixie/Dockerfile create mode 100644 9.0/jdk27/openjdk-trixie/Dockerfile create mode 100644 9.0/jdk8/corretto-al2023/Dockerfile create mode 100644 9.0/jdk8/corretto-alpine3.20/Dockerfile create mode 100644 9.0/jdk8/corretto-alpine3.21/Dockerfile create mode 100644 9.0/jdk8/corretto-alpine3.22/Dockerfile create mode 100644 9.0/jdk8/corretto-alpine3.23/Dockerfile create mode 100644 9.0/jdk8/semeru-jammy/Dockerfile create mode 100644 9.0/jdk8/semeru-noble/Dockerfile create mode 100644 9.0/jdk8/temurin-alpine3.20/Dockerfile create mode 100644 9.0/jdk8/temurin-alpine3.21/Dockerfile create mode 100644 9.0/jdk8/temurin-alpine3.22/Dockerfile create mode 100644 9.0/jdk8/temurin-alpine3.23/Dockerfile create mode 100644 9.0/jdk8/temurin-ubi10-minimal/Dockerfile create mode 100644 9.0/jdk8/temurin-ubi9-minimal/Dockerfile create mode 100644 9.0/jre11/semeru-jammy/Dockerfile create mode 100644 9.0/jre11/semeru-noble/Dockerfile create mode 100644 9.0/jre11/temurin-alpine3.20/Dockerfile create mode 100644 9.0/jre11/temurin-alpine3.21/Dockerfile create mode 100644 9.0/jre11/temurin-alpine3.22/Dockerfile create mode 100644 9.0/jre11/temurin-alpine3.23/Dockerfile create mode 100644 9.0/jre11/temurin-ubi10-minimal/Dockerfile create mode 100644 9.0/jre11/temurin-ubi9-minimal/Dockerfile create mode 100644 9.0/jre17/semeru-jammy/Dockerfile create mode 100644 9.0/jre17/semeru-noble/Dockerfile create mode 100644 9.0/jre17/temurin-alpine3.20/Dockerfile create mode 100644 9.0/jre17/temurin-alpine3.21/Dockerfile create mode 100644 9.0/jre17/temurin-alpine3.22/Dockerfile create mode 100644 9.0/jre17/temurin-alpine3.23/Dockerfile create mode 100644 9.0/jre17/temurin-ubi10-minimal/Dockerfile create mode 100644 9.0/jre17/temurin-ubi9-minimal/Dockerfile create mode 100644 9.0/jre21/semeru-jammy/Dockerfile create mode 100644 9.0/jre21/semeru-noble/Dockerfile create mode 100644 9.0/jre21/temurin-alpine3.20/Dockerfile create mode 100644 9.0/jre21/temurin-alpine3.21/Dockerfile create mode 100644 9.0/jre21/temurin-alpine3.22/Dockerfile create mode 100644 9.0/jre21/temurin-alpine3.23/Dockerfile create mode 100644 9.0/jre21/temurin-ubi10-minimal/Dockerfile create mode 100644 9.0/jre21/temurin-ubi9-minimal/Dockerfile create mode 100644 9.0/jre25/semeru-jammy/Dockerfile create mode 100644 9.0/jre25/semeru-noble/Dockerfile create mode 100644 9.0/jre25/temurin-alpine3.21/Dockerfile create mode 100644 9.0/jre25/temurin-alpine3.22/Dockerfile create mode 100644 9.0/jre25/temurin-alpine3.23/Dockerfile create mode 100644 9.0/jre25/temurin-ubi10-minimal/Dockerfile create mode 100644 9.0/jre8/corretto-al2023/Dockerfile create mode 100644 9.0/jre8/corretto-alpine3.20/Dockerfile create mode 100644 9.0/jre8/corretto-alpine3.21/Dockerfile create mode 100644 9.0/jre8/corretto-alpine3.22/Dockerfile create mode 100644 9.0/jre8/corretto-alpine3.23/Dockerfile create mode 100644 9.0/jre8/semeru-jammy/Dockerfile create mode 100644 9.0/jre8/semeru-noble/Dockerfile create mode 100644 9.0/jre8/temurin-alpine3.20/Dockerfile create mode 100644 9.0/jre8/temurin-alpine3.21/Dockerfile create mode 100644 9.0/jre8/temurin-alpine3.22/Dockerfile create mode 100644 9.0/jre8/temurin-alpine3.23/Dockerfile create mode 100644 9.0/jre8/temurin-ubi10-minimal/Dockerfile create mode 100644 9.0/jre8/temurin-ubi9-minimal/Dockerfile diff --git a/10.1/jdk11/corretto-al2023/Dockerfile b/10.1/jdk11/corretto-al2023/Dockerfile new file mode 100644 index 000000000..82d568665 --- /dev/null +++ b/10.1/jdk11/corretto-al2023/Dockerfile @@ -0,0 +1,160 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/corretto-alpine3.20/Dockerfile b/10.1/jdk11/corretto-alpine3.20/Dockerfile new file mode 100644 index 000000000..c213c7419 --- /dev/null +++ b/10.1/jdk11/corretto-alpine3.20/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/corretto-alpine3.21/Dockerfile b/10.1/jdk11/corretto-alpine3.21/Dockerfile new file mode 100644 index 000000000..129254045 --- /dev/null +++ b/10.1/jdk11/corretto-alpine3.21/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/corretto-alpine3.22/Dockerfile b/10.1/jdk11/corretto-alpine3.22/Dockerfile new file mode 100644 index 000000000..14a124d81 --- /dev/null +++ b/10.1/jdk11/corretto-alpine3.22/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/corretto-alpine3.23/Dockerfile b/10.1/jdk11/corretto-alpine3.23/Dockerfile new file mode 100644 index 000000000..822d411c7 --- /dev/null +++ b/10.1/jdk11/corretto-alpine3.23/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-alpine3.23-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/sapmachine-jammy/Dockerfile b/10.1/jdk11/sapmachine-jammy/Dockerfile new file mode 100644 index 000000000..f0298edc9 --- /dev/null +++ b/10.1/jdk11/sapmachine-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:11-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/sapmachine-noble/Dockerfile b/10.1/jdk11/sapmachine-noble/Dockerfile new file mode 100644 index 000000000..ce40aa893 --- /dev/null +++ b/10.1/jdk11/sapmachine-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:11-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/semeru-jammy/Dockerfile b/10.1/jdk11/semeru-jammy/Dockerfile new file mode 100644 index 000000000..58468088d --- /dev/null +++ b/10.1/jdk11/semeru-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-11-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/semeru-noble/Dockerfile b/10.1/jdk11/semeru-noble/Dockerfile new file mode 100644 index 000000000..130de19d1 --- /dev/null +++ b/10.1/jdk11/semeru-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-11-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/temurin-alpine3.20/Dockerfile b/10.1/jdk11/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..4372d6d10 --- /dev/null +++ b/10.1/jdk11/temurin-alpine3.20/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/temurin-alpine3.21/Dockerfile b/10.1/jdk11/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..ddfc3bb25 --- /dev/null +++ b/10.1/jdk11/temurin-alpine3.21/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/temurin-alpine3.22/Dockerfile b/10.1/jdk11/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..66a4e3b2e --- /dev/null +++ b/10.1/jdk11/temurin-alpine3.22/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/temurin-alpine3.23/Dockerfile b/10.1/jdk11/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..67eb48f0d --- /dev/null +++ b/10.1/jdk11/temurin-alpine3.23/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/temurin-jammy/Dockerfile b/10.1/jdk11/temurin-jammy/Dockerfile index d28822f1f..55b7f570f 100644 --- a/10.1/jdk11/temurin-jammy/Dockerfile +++ b/10.1/jdk11/temurin-jammy/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/10.1/jdk11/temurin-noble/Dockerfile b/10.1/jdk11/temurin-noble/Dockerfile index 577803e8b..bdcb340d2 100644 --- a/10.1/jdk11/temurin-noble/Dockerfile +++ b/10.1/jdk11/temurin-noble/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/10.1/jdk11/temurin-ubi10-minimal/Dockerfile b/10.1/jdk11/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..fd2c21e65 --- /dev/null +++ b/10.1/jdk11/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/temurin-ubi9-minimal/Dockerfile b/10.1/jdk11/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..24899e955 --- /dev/null +++ b/10.1/jdk11/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/corretto-al2023/Dockerfile b/10.1/jdk17/corretto-al2023/Dockerfile new file mode 100644 index 000000000..29b20430e --- /dev/null +++ b/10.1/jdk17/corretto-al2023/Dockerfile @@ -0,0 +1,160 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/corretto-alpine3.20/Dockerfile b/10.1/jdk17/corretto-alpine3.20/Dockerfile new file mode 100644 index 000000000..b30896402 --- /dev/null +++ b/10.1/jdk17/corretto-alpine3.20/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/corretto-alpine3.21/Dockerfile b/10.1/jdk17/corretto-alpine3.21/Dockerfile new file mode 100644 index 000000000..027c0e636 --- /dev/null +++ b/10.1/jdk17/corretto-alpine3.21/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/corretto-alpine3.22/Dockerfile b/10.1/jdk17/corretto-alpine3.22/Dockerfile new file mode 100644 index 000000000..8941348b2 --- /dev/null +++ b/10.1/jdk17/corretto-alpine3.22/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/corretto-alpine3.23/Dockerfile b/10.1/jdk17/corretto-alpine3.23/Dockerfile new file mode 100644 index 000000000..5c9a40ccb --- /dev/null +++ b/10.1/jdk17/corretto-alpine3.23/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.23-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/sapmachine-jammy/Dockerfile b/10.1/jdk17/sapmachine-jammy/Dockerfile new file mode 100644 index 000000000..fefbce0d6 --- /dev/null +++ b/10.1/jdk17/sapmachine-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:17-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/sapmachine-noble/Dockerfile b/10.1/jdk17/sapmachine-noble/Dockerfile new file mode 100644 index 000000000..5c5b46f1d --- /dev/null +++ b/10.1/jdk17/sapmachine-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:17-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/semeru-jammy/Dockerfile b/10.1/jdk17/semeru-jammy/Dockerfile new file mode 100644 index 000000000..bda808add --- /dev/null +++ b/10.1/jdk17/semeru-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/semeru-noble/Dockerfile b/10.1/jdk17/semeru-noble/Dockerfile new file mode 100644 index 000000000..d0567cff1 --- /dev/null +++ b/10.1/jdk17/semeru-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/temurin-alpine3.20/Dockerfile b/10.1/jdk17/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..f758d5192 --- /dev/null +++ b/10.1/jdk17/temurin-alpine3.20/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/temurin-alpine3.21/Dockerfile b/10.1/jdk17/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..78cc4b9fd --- /dev/null +++ b/10.1/jdk17/temurin-alpine3.21/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/temurin-alpine3.22/Dockerfile b/10.1/jdk17/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..86bd792cc --- /dev/null +++ b/10.1/jdk17/temurin-alpine3.22/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/temurin-alpine3.23/Dockerfile b/10.1/jdk17/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..3d72c6de0 --- /dev/null +++ b/10.1/jdk17/temurin-alpine3.23/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/temurin-jammy/Dockerfile b/10.1/jdk17/temurin-jammy/Dockerfile index 58f21cc16..504a48405 100644 --- a/10.1/jdk17/temurin-jammy/Dockerfile +++ b/10.1/jdk17/temurin-jammy/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/10.1/jdk17/temurin-noble/Dockerfile b/10.1/jdk17/temurin-noble/Dockerfile index 6671391e2..850d59762 100644 --- a/10.1/jdk17/temurin-noble/Dockerfile +++ b/10.1/jdk17/temurin-noble/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/10.1/jdk17/temurin-ubi10-minimal/Dockerfile b/10.1/jdk17/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..90bb9504b --- /dev/null +++ b/10.1/jdk17/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/temurin-ubi9-minimal/Dockerfile b/10.1/jdk17/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..cf93a60ec --- /dev/null +++ b/10.1/jdk17/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/corretto-al2023/Dockerfile b/10.1/jdk21/corretto-al2023/Dockerfile new file mode 100644 index 000000000..bab0b2a24 --- /dev/null +++ b/10.1/jdk21/corretto-al2023/Dockerfile @@ -0,0 +1,160 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/corretto-alpine3.20/Dockerfile b/10.1/jdk21/corretto-alpine3.20/Dockerfile new file mode 100644 index 000000000..bf6c4dd9a --- /dev/null +++ b/10.1/jdk21/corretto-alpine3.20/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/corretto-alpine3.21/Dockerfile b/10.1/jdk21/corretto-alpine3.21/Dockerfile new file mode 100644 index 000000000..99b4cc2a5 --- /dev/null +++ b/10.1/jdk21/corretto-alpine3.21/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/corretto-alpine3.22/Dockerfile b/10.1/jdk21/corretto-alpine3.22/Dockerfile new file mode 100644 index 000000000..92371bd18 --- /dev/null +++ b/10.1/jdk21/corretto-alpine3.22/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/corretto-alpine3.23/Dockerfile b/10.1/jdk21/corretto-alpine3.23/Dockerfile new file mode 100644 index 000000000..7d972d80b --- /dev/null +++ b/10.1/jdk21/corretto-alpine3.23/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.23-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/sapmachine-jammy/Dockerfile b/10.1/jdk21/sapmachine-jammy/Dockerfile new file mode 100644 index 000000000..72dc0d7ba --- /dev/null +++ b/10.1/jdk21/sapmachine-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:21-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/sapmachine-noble/Dockerfile b/10.1/jdk21/sapmachine-noble/Dockerfile new file mode 100644 index 000000000..4fe0c115b --- /dev/null +++ b/10.1/jdk21/sapmachine-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:21-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/semeru-jammy/Dockerfile b/10.1/jdk21/semeru-jammy/Dockerfile new file mode 100644 index 000000000..532392621 --- /dev/null +++ b/10.1/jdk21/semeru-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/semeru-noble/Dockerfile b/10.1/jdk21/semeru-noble/Dockerfile new file mode 100644 index 000000000..272ee47a3 --- /dev/null +++ b/10.1/jdk21/semeru-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/temurin-alpine3.20/Dockerfile b/10.1/jdk21/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..afaf63f09 --- /dev/null +++ b/10.1/jdk21/temurin-alpine3.20/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/temurin-alpine3.21/Dockerfile b/10.1/jdk21/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..99b2a5f01 --- /dev/null +++ b/10.1/jdk21/temurin-alpine3.21/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/temurin-alpine3.22/Dockerfile b/10.1/jdk21/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..93e089a0e --- /dev/null +++ b/10.1/jdk21/temurin-alpine3.22/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/temurin-alpine3.23/Dockerfile b/10.1/jdk21/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..4813081a3 --- /dev/null +++ b/10.1/jdk21/temurin-alpine3.23/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/temurin-jammy/Dockerfile b/10.1/jdk21/temurin-jammy/Dockerfile index b5412e6bb..12cae5274 100644 --- a/10.1/jdk21/temurin-jammy/Dockerfile +++ b/10.1/jdk21/temurin-jammy/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/10.1/jdk21/temurin-noble/Dockerfile b/10.1/jdk21/temurin-noble/Dockerfile index 18cad76b5..75a44599a 100644 --- a/10.1/jdk21/temurin-noble/Dockerfile +++ b/10.1/jdk21/temurin-noble/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/10.1/jdk21/temurin-ubi10-minimal/Dockerfile b/10.1/jdk21/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..de7931a43 --- /dev/null +++ b/10.1/jdk21/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/temurin-ubi9-minimal/Dockerfile b/10.1/jdk21/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..650a84298 --- /dev/null +++ b/10.1/jdk21/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/corretto-al2023/Dockerfile b/10.1/jdk25/corretto-al2023/Dockerfile new file mode 100644 index 000000000..cee0e153e --- /dev/null +++ b/10.1/jdk25/corretto-al2023/Dockerfile @@ -0,0 +1,160 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/corretto-alpine3.20/Dockerfile b/10.1/jdk25/corretto-alpine3.20/Dockerfile new file mode 100644 index 000000000..15ef03194 --- /dev/null +++ b/10.1/jdk25/corretto-alpine3.20/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/corretto-alpine3.21/Dockerfile b/10.1/jdk25/corretto-alpine3.21/Dockerfile new file mode 100644 index 000000000..75bdd2b4b --- /dev/null +++ b/10.1/jdk25/corretto-alpine3.21/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/corretto-alpine3.22/Dockerfile b/10.1/jdk25/corretto-alpine3.22/Dockerfile new file mode 100644 index 000000000..de5c7e404 --- /dev/null +++ b/10.1/jdk25/corretto-alpine3.22/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/corretto-alpine3.23/Dockerfile b/10.1/jdk25/corretto-alpine3.23/Dockerfile new file mode 100644 index 000000000..d803d6053 --- /dev/null +++ b/10.1/jdk25/corretto-alpine3.23/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.23-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/sapmachine-jammy/Dockerfile b/10.1/jdk25/sapmachine-jammy/Dockerfile new file mode 100644 index 000000000..3ad6581a9 --- /dev/null +++ b/10.1/jdk25/sapmachine-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:25-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/sapmachine-noble/Dockerfile b/10.1/jdk25/sapmachine-noble/Dockerfile new file mode 100644 index 000000000..5c52b6e3c --- /dev/null +++ b/10.1/jdk25/sapmachine-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:25-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/semeru-jammy/Dockerfile b/10.1/jdk25/semeru-jammy/Dockerfile new file mode 100644 index 000000000..caac4407d --- /dev/null +++ b/10.1/jdk25/semeru-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/semeru-noble/Dockerfile b/10.1/jdk25/semeru-noble/Dockerfile new file mode 100644 index 000000000..7f763317e --- /dev/null +++ b/10.1/jdk25/semeru-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/temurin-alpine3.21/Dockerfile b/10.1/jdk25/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..36e66cda2 --- /dev/null +++ b/10.1/jdk25/temurin-alpine3.21/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/temurin-alpine3.22/Dockerfile b/10.1/jdk25/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..819ae2978 --- /dev/null +++ b/10.1/jdk25/temurin-alpine3.22/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/temurin-alpine3.23/Dockerfile b/10.1/jdk25/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..2f5e3af66 --- /dev/null +++ b/10.1/jdk25/temurin-alpine3.23/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/temurin-jammy/Dockerfile b/10.1/jdk25/temurin-jammy/Dockerfile index 67101baf9..8b4b3e8a8 100644 --- a/10.1/jdk25/temurin-jammy/Dockerfile +++ b/10.1/jdk25/temurin-jammy/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/10.1/jdk25/temurin-noble/Dockerfile b/10.1/jdk25/temurin-noble/Dockerfile index 9ec8ca98a..4dc3df459 100644 --- a/10.1/jdk25/temurin-noble/Dockerfile +++ b/10.1/jdk25/temurin-noble/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/10.1/jdk25/temurin-ubi10-minimal/Dockerfile b/10.1/jdk25/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..701a9caac --- /dev/null +++ b/10.1/jdk25/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk27/openjdk-bookworm/Dockerfile b/10.1/jdk27/openjdk-bookworm/Dockerfile new file mode 100644 index 000000000..84015818b --- /dev/null +++ b/10.1/jdk27/openjdk-bookworm/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:27-ea-jdk-bookworm + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk27/openjdk-oraclelinux9/Dockerfile b/10.1/jdk27/openjdk-oraclelinux9/Dockerfile new file mode 100644 index 000000000..6362dd288 --- /dev/null +++ b/10.1/jdk27/openjdk-oraclelinux9/Dockerfile @@ -0,0 +1,163 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:27-ea-jdk-oraclelinux9 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk27/openjdk-slim-bookworm/Dockerfile b/10.1/jdk27/openjdk-slim-bookworm/Dockerfile new file mode 100644 index 000000000..7512fa702 --- /dev/null +++ b/10.1/jdk27/openjdk-slim-bookworm/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:27-ea-jdk-slim-bookworm + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk27/openjdk-slim-trixie/Dockerfile b/10.1/jdk27/openjdk-slim-trixie/Dockerfile new file mode 100644 index 000000000..97aa1eacc --- /dev/null +++ b/10.1/jdk27/openjdk-slim-trixie/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:27-ea-jdk-slim-trixie + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk27/openjdk-trixie/Dockerfile b/10.1/jdk27/openjdk-trixie/Dockerfile new file mode 100644 index 000000000..75e31707c --- /dev/null +++ b/10.1/jdk27/openjdk-trixie/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:27-ea-jdk-trixie + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre11/semeru-jammy/Dockerfile b/10.1/jre11/semeru-jammy/Dockerfile new file mode 100644 index 000000000..51475b231 --- /dev/null +++ b/10.1/jre11/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-11-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk11-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre11/semeru-noble/Dockerfile b/10.1/jre11/semeru-noble/Dockerfile new file mode 100644 index 000000000..edecb8040 --- /dev/null +++ b/10.1/jre11/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-11-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk11-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre11/temurin-alpine3.20/Dockerfile b/10.1/jre11/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..a9aa0ebd7 --- /dev/null +++ b/10.1/jre11/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk11-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre11/temurin-alpine3.21/Dockerfile b/10.1/jre11/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..d6b6713e0 --- /dev/null +++ b/10.1/jre11/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk11-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre11/temurin-alpine3.22/Dockerfile b/10.1/jre11/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..68a9567e7 --- /dev/null +++ b/10.1/jre11/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk11-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre11/temurin-alpine3.23/Dockerfile b/10.1/jre11/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..fcec4fe7c --- /dev/null +++ b/10.1/jre11/temurin-alpine3.23/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk11-temurin-alpine3.23 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre11/temurin-ubi10-minimal/Dockerfile b/10.1/jre11/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..f71c8567c --- /dev/null +++ b/10.1/jre11/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk11-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre11/temurin-ubi9-minimal/Dockerfile b/10.1/jre11/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..ff9cf3c92 --- /dev/null +++ b/10.1/jre11/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk11-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre17/semeru-jammy/Dockerfile b/10.1/jre17/semeru-jammy/Dockerfile new file mode 100644 index 000000000..a774439d8 --- /dev/null +++ b/10.1/jre17/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk17-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre17/semeru-noble/Dockerfile b/10.1/jre17/semeru-noble/Dockerfile new file mode 100644 index 000000000..4a026dbeb --- /dev/null +++ b/10.1/jre17/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk17-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre17/temurin-alpine3.20/Dockerfile b/10.1/jre17/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..545c5843d --- /dev/null +++ b/10.1/jre17/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk17-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre17/temurin-alpine3.21/Dockerfile b/10.1/jre17/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..294f8cb3d --- /dev/null +++ b/10.1/jre17/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk17-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre17/temurin-alpine3.22/Dockerfile b/10.1/jre17/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..150ad1e8a --- /dev/null +++ b/10.1/jre17/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk17-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre17/temurin-alpine3.23/Dockerfile b/10.1/jre17/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..6b4ca3190 --- /dev/null +++ b/10.1/jre17/temurin-alpine3.23/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk17-temurin-alpine3.23 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre17/temurin-ubi10-minimal/Dockerfile b/10.1/jre17/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..7ecd011f3 --- /dev/null +++ b/10.1/jre17/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk17-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre17/temurin-ubi9-minimal/Dockerfile b/10.1/jre17/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..c3320b9c3 --- /dev/null +++ b/10.1/jre17/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk17-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre21/semeru-jammy/Dockerfile b/10.1/jre21/semeru-jammy/Dockerfile new file mode 100644 index 000000000..6bf2401ae --- /dev/null +++ b/10.1/jre21/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk21-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre21/semeru-noble/Dockerfile b/10.1/jre21/semeru-noble/Dockerfile new file mode 100644 index 000000000..256ae95e8 --- /dev/null +++ b/10.1/jre21/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk21-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre21/temurin-alpine3.20/Dockerfile b/10.1/jre21/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..46a298a9c --- /dev/null +++ b/10.1/jre21/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk21-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre21/temurin-alpine3.21/Dockerfile b/10.1/jre21/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..0be0b3222 --- /dev/null +++ b/10.1/jre21/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk21-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre21/temurin-alpine3.22/Dockerfile b/10.1/jre21/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..f4a6765dd --- /dev/null +++ b/10.1/jre21/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk21-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre21/temurin-alpine3.23/Dockerfile b/10.1/jre21/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..6af18dc0f --- /dev/null +++ b/10.1/jre21/temurin-alpine3.23/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk21-temurin-alpine3.23 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre21/temurin-ubi10-minimal/Dockerfile b/10.1/jre21/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..489060bb0 --- /dev/null +++ b/10.1/jre21/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk21-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre21/temurin-ubi9-minimal/Dockerfile b/10.1/jre21/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..683dbb346 --- /dev/null +++ b/10.1/jre21/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk21-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre25/semeru-jammy/Dockerfile b/10.1/jre25/semeru-jammy/Dockerfile new file mode 100644 index 000000000..d4316af87 --- /dev/null +++ b/10.1/jre25/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk25-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre25/semeru-noble/Dockerfile b/10.1/jre25/semeru-noble/Dockerfile new file mode 100644 index 000000000..d1c1d1010 --- /dev/null +++ b/10.1/jre25/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk25-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre25/temurin-alpine3.21/Dockerfile b/10.1/jre25/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..f821dc9f6 --- /dev/null +++ b/10.1/jre25/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk25-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre25/temurin-alpine3.22/Dockerfile b/10.1/jre25/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..143785a07 --- /dev/null +++ b/10.1/jre25/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk25-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre25/temurin-alpine3.23/Dockerfile b/10.1/jre25/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..b4ec4920e --- /dev/null +++ b/10.1/jre25/temurin-alpine3.23/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk25-temurin-alpine3.23 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre25/temurin-ubi10-minimal/Dockerfile b/10.1/jre25/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..531b44f2f --- /dev/null +++ b/10.1/jre25/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.52 +ENV TOMCAT_SHA512 241183fe5dec15936205ec495b65e04218117affc10e90c5fbc56bce0b4f031ee944d468c128f0ae484fd1d5bd9bec22b65a95a8cfd94cb7fc1f12c7ef434d99 + +COPY --from=tomcat:10.1.52-jdk25-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/corretto-al2023/Dockerfile b/11.0/jdk17/corretto-al2023/Dockerfile new file mode 100644 index 000000000..19a71bb70 --- /dev/null +++ b/11.0/jdk17/corretto-al2023/Dockerfile @@ -0,0 +1,160 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/corretto-alpine3.20/Dockerfile b/11.0/jdk17/corretto-alpine3.20/Dockerfile new file mode 100644 index 000000000..faf124048 --- /dev/null +++ b/11.0/jdk17/corretto-alpine3.20/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/corretto-alpine3.21/Dockerfile b/11.0/jdk17/corretto-alpine3.21/Dockerfile new file mode 100644 index 000000000..ac2a64810 --- /dev/null +++ b/11.0/jdk17/corretto-alpine3.21/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/corretto-alpine3.22/Dockerfile b/11.0/jdk17/corretto-alpine3.22/Dockerfile new file mode 100644 index 000000000..6be02bad0 --- /dev/null +++ b/11.0/jdk17/corretto-alpine3.22/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/corretto-alpine3.23/Dockerfile b/11.0/jdk17/corretto-alpine3.23/Dockerfile new file mode 100644 index 000000000..fbf943747 --- /dev/null +++ b/11.0/jdk17/corretto-alpine3.23/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.23-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/sapmachine-jammy/Dockerfile b/11.0/jdk17/sapmachine-jammy/Dockerfile new file mode 100644 index 000000000..b7d772fcf --- /dev/null +++ b/11.0/jdk17/sapmachine-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:17-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/sapmachine-noble/Dockerfile b/11.0/jdk17/sapmachine-noble/Dockerfile new file mode 100644 index 000000000..79ee6666d --- /dev/null +++ b/11.0/jdk17/sapmachine-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:17-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/semeru-jammy/Dockerfile b/11.0/jdk17/semeru-jammy/Dockerfile new file mode 100644 index 000000000..975b73b9d --- /dev/null +++ b/11.0/jdk17/semeru-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/semeru-noble/Dockerfile b/11.0/jdk17/semeru-noble/Dockerfile new file mode 100644 index 000000000..53e11c8ac --- /dev/null +++ b/11.0/jdk17/semeru-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/temurin-alpine3.20/Dockerfile b/11.0/jdk17/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..b04448f69 --- /dev/null +++ b/11.0/jdk17/temurin-alpine3.20/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/temurin-alpine3.21/Dockerfile b/11.0/jdk17/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..e87db6134 --- /dev/null +++ b/11.0/jdk17/temurin-alpine3.21/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/temurin-alpine3.22/Dockerfile b/11.0/jdk17/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..4285ccd88 --- /dev/null +++ b/11.0/jdk17/temurin-alpine3.22/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/temurin-alpine3.23/Dockerfile b/11.0/jdk17/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..48118d691 --- /dev/null +++ b/11.0/jdk17/temurin-alpine3.23/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/temurin-jammy/Dockerfile b/11.0/jdk17/temurin-jammy/Dockerfile index e40a0f5ee..f9987893a 100644 --- a/11.0/jdk17/temurin-jammy/Dockerfile +++ b/11.0/jdk17/temurin-jammy/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/11.0/jdk17/temurin-noble/Dockerfile b/11.0/jdk17/temurin-noble/Dockerfile index 0ccbe978f..b29181e7c 100644 --- a/11.0/jdk17/temurin-noble/Dockerfile +++ b/11.0/jdk17/temurin-noble/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/11.0/jdk17/temurin-ubi10-minimal/Dockerfile b/11.0/jdk17/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..2a332fa55 --- /dev/null +++ b/11.0/jdk17/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/temurin-ubi9-minimal/Dockerfile b/11.0/jdk17/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..c13d06e32 --- /dev/null +++ b/11.0/jdk17/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/corretto-al2023/Dockerfile b/11.0/jdk21/corretto-al2023/Dockerfile new file mode 100644 index 000000000..4012a2dfc --- /dev/null +++ b/11.0/jdk21/corretto-al2023/Dockerfile @@ -0,0 +1,160 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/corretto-alpine3.20/Dockerfile b/11.0/jdk21/corretto-alpine3.20/Dockerfile new file mode 100644 index 000000000..3f4508033 --- /dev/null +++ b/11.0/jdk21/corretto-alpine3.20/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/corretto-alpine3.21/Dockerfile b/11.0/jdk21/corretto-alpine3.21/Dockerfile new file mode 100644 index 000000000..84c942669 --- /dev/null +++ b/11.0/jdk21/corretto-alpine3.21/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/corretto-alpine3.22/Dockerfile b/11.0/jdk21/corretto-alpine3.22/Dockerfile new file mode 100644 index 000000000..bc7d45f71 --- /dev/null +++ b/11.0/jdk21/corretto-alpine3.22/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/corretto-alpine3.23/Dockerfile b/11.0/jdk21/corretto-alpine3.23/Dockerfile new file mode 100644 index 000000000..fa817e9ab --- /dev/null +++ b/11.0/jdk21/corretto-alpine3.23/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.23-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/sapmachine-jammy/Dockerfile b/11.0/jdk21/sapmachine-jammy/Dockerfile new file mode 100644 index 000000000..428aa35f1 --- /dev/null +++ b/11.0/jdk21/sapmachine-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:21-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/sapmachine-noble/Dockerfile b/11.0/jdk21/sapmachine-noble/Dockerfile new file mode 100644 index 000000000..3c0612fa8 --- /dev/null +++ b/11.0/jdk21/sapmachine-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:21-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/semeru-jammy/Dockerfile b/11.0/jdk21/semeru-jammy/Dockerfile new file mode 100644 index 000000000..0a0ced004 --- /dev/null +++ b/11.0/jdk21/semeru-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/semeru-noble/Dockerfile b/11.0/jdk21/semeru-noble/Dockerfile new file mode 100644 index 000000000..87a3672ca --- /dev/null +++ b/11.0/jdk21/semeru-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/temurin-alpine3.20/Dockerfile b/11.0/jdk21/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..f3f86e559 --- /dev/null +++ b/11.0/jdk21/temurin-alpine3.20/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/temurin-alpine3.21/Dockerfile b/11.0/jdk21/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..d4cc6e5d2 --- /dev/null +++ b/11.0/jdk21/temurin-alpine3.21/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/temurin-alpine3.22/Dockerfile b/11.0/jdk21/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..32e380ae2 --- /dev/null +++ b/11.0/jdk21/temurin-alpine3.22/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/temurin-alpine3.23/Dockerfile b/11.0/jdk21/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..5e03b0ced --- /dev/null +++ b/11.0/jdk21/temurin-alpine3.23/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/temurin-jammy/Dockerfile b/11.0/jdk21/temurin-jammy/Dockerfile index 8af1d4f06..dac5932d4 100644 --- a/11.0/jdk21/temurin-jammy/Dockerfile +++ b/11.0/jdk21/temurin-jammy/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/11.0/jdk21/temurin-noble/Dockerfile b/11.0/jdk21/temurin-noble/Dockerfile index f8864e6b4..aa78fe871 100644 --- a/11.0/jdk21/temurin-noble/Dockerfile +++ b/11.0/jdk21/temurin-noble/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/11.0/jdk21/temurin-ubi10-minimal/Dockerfile b/11.0/jdk21/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..40ea41b11 --- /dev/null +++ b/11.0/jdk21/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/temurin-ubi9-minimal/Dockerfile b/11.0/jdk21/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..7caec7566 --- /dev/null +++ b/11.0/jdk21/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/corretto-al2023/Dockerfile b/11.0/jdk25/corretto-al2023/Dockerfile new file mode 100644 index 000000000..e7b81c24f --- /dev/null +++ b/11.0/jdk25/corretto-al2023/Dockerfile @@ -0,0 +1,160 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/corretto-alpine3.20/Dockerfile b/11.0/jdk25/corretto-alpine3.20/Dockerfile new file mode 100644 index 000000000..38678f9c8 --- /dev/null +++ b/11.0/jdk25/corretto-alpine3.20/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/corretto-alpine3.21/Dockerfile b/11.0/jdk25/corretto-alpine3.21/Dockerfile new file mode 100644 index 000000000..a10b489cc --- /dev/null +++ b/11.0/jdk25/corretto-alpine3.21/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/corretto-alpine3.22/Dockerfile b/11.0/jdk25/corretto-alpine3.22/Dockerfile new file mode 100644 index 000000000..2170ab0d4 --- /dev/null +++ b/11.0/jdk25/corretto-alpine3.22/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/corretto-alpine3.23/Dockerfile b/11.0/jdk25/corretto-alpine3.23/Dockerfile new file mode 100644 index 000000000..298448b80 --- /dev/null +++ b/11.0/jdk25/corretto-alpine3.23/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.23-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/sapmachine-jammy/Dockerfile b/11.0/jdk25/sapmachine-jammy/Dockerfile new file mode 100644 index 000000000..aeb4c8d50 --- /dev/null +++ b/11.0/jdk25/sapmachine-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:25-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/sapmachine-noble/Dockerfile b/11.0/jdk25/sapmachine-noble/Dockerfile new file mode 100644 index 000000000..0f9ce3480 --- /dev/null +++ b/11.0/jdk25/sapmachine-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:25-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/semeru-jammy/Dockerfile b/11.0/jdk25/semeru-jammy/Dockerfile new file mode 100644 index 000000000..5a92b800a --- /dev/null +++ b/11.0/jdk25/semeru-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/semeru-noble/Dockerfile b/11.0/jdk25/semeru-noble/Dockerfile new file mode 100644 index 000000000..112fe6439 --- /dev/null +++ b/11.0/jdk25/semeru-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/temurin-alpine3.21/Dockerfile b/11.0/jdk25/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..94770f2a5 --- /dev/null +++ b/11.0/jdk25/temurin-alpine3.21/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/temurin-alpine3.22/Dockerfile b/11.0/jdk25/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..d3d20618d --- /dev/null +++ b/11.0/jdk25/temurin-alpine3.22/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/temurin-alpine3.23/Dockerfile b/11.0/jdk25/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..cea6acb95 --- /dev/null +++ b/11.0/jdk25/temurin-alpine3.23/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/temurin-jammy/Dockerfile b/11.0/jdk25/temurin-jammy/Dockerfile index ba746bdf7..a2f179750 100644 --- a/11.0/jdk25/temurin-jammy/Dockerfile +++ b/11.0/jdk25/temurin-jammy/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/11.0/jdk25/temurin-noble/Dockerfile b/11.0/jdk25/temurin-noble/Dockerfile index 03fdb16f1..d510ac4cd 100644 --- a/11.0/jdk25/temurin-noble/Dockerfile +++ b/11.0/jdk25/temurin-noble/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/11.0/jdk25/temurin-ubi10-minimal/Dockerfile b/11.0/jdk25/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..0d7c9f0a0 --- /dev/null +++ b/11.0/jdk25/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk27/openjdk-bookworm/Dockerfile b/11.0/jdk27/openjdk-bookworm/Dockerfile new file mode 100644 index 000000000..5e5b3ced9 --- /dev/null +++ b/11.0/jdk27/openjdk-bookworm/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:27-ea-jdk-bookworm + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk27/openjdk-oraclelinux9/Dockerfile b/11.0/jdk27/openjdk-oraclelinux9/Dockerfile new file mode 100644 index 000000000..3a947bb9e --- /dev/null +++ b/11.0/jdk27/openjdk-oraclelinux9/Dockerfile @@ -0,0 +1,163 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:27-ea-jdk-oraclelinux9 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk27/openjdk-slim-bookworm/Dockerfile b/11.0/jdk27/openjdk-slim-bookworm/Dockerfile new file mode 100644 index 000000000..4dd94748b --- /dev/null +++ b/11.0/jdk27/openjdk-slim-bookworm/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:27-ea-jdk-slim-bookworm + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk27/openjdk-slim-trixie/Dockerfile b/11.0/jdk27/openjdk-slim-trixie/Dockerfile new file mode 100644 index 000000000..21c39ca88 --- /dev/null +++ b/11.0/jdk27/openjdk-slim-trixie/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:27-ea-jdk-slim-trixie + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk27/openjdk-trixie/Dockerfile b/11.0/jdk27/openjdk-trixie/Dockerfile new file mode 100644 index 000000000..40680409b --- /dev/null +++ b/11.0/jdk27/openjdk-trixie/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:27-ea-jdk-trixie + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jre17/semeru-jammy/Dockerfile b/11.0/jre17/semeru-jammy/Dockerfile new file mode 100644 index 000000000..2e1020043 --- /dev/null +++ b/11.0/jre17/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk17-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jre17/semeru-noble/Dockerfile b/11.0/jre17/semeru-noble/Dockerfile new file mode 100644 index 000000000..9a9bda627 --- /dev/null +++ b/11.0/jre17/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk17-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jre17/temurin-alpine3.20/Dockerfile b/11.0/jre17/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..2e2082349 --- /dev/null +++ b/11.0/jre17/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk17-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre17/temurin-alpine3.21/Dockerfile b/11.0/jre17/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..5511fa352 --- /dev/null +++ b/11.0/jre17/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk17-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre17/temurin-alpine3.22/Dockerfile b/11.0/jre17/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..496faf7b8 --- /dev/null +++ b/11.0/jre17/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk17-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre17/temurin-alpine3.23/Dockerfile b/11.0/jre17/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..8a8dcd735 --- /dev/null +++ b/11.0/jre17/temurin-alpine3.23/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk17-temurin-alpine3.23 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre17/temurin-ubi10-minimal/Dockerfile b/11.0/jre17/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..0a75b81f5 --- /dev/null +++ b/11.0/jre17/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk17-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre17/temurin-ubi9-minimal/Dockerfile b/11.0/jre17/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..9e0998240 --- /dev/null +++ b/11.0/jre17/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk17-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre21/semeru-jammy/Dockerfile b/11.0/jre21/semeru-jammy/Dockerfile new file mode 100644 index 000000000..fb8e8721e --- /dev/null +++ b/11.0/jre21/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk21-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jre21/semeru-noble/Dockerfile b/11.0/jre21/semeru-noble/Dockerfile new file mode 100644 index 000000000..19bce4f78 --- /dev/null +++ b/11.0/jre21/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk21-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jre21/temurin-alpine3.20/Dockerfile b/11.0/jre21/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..064660440 --- /dev/null +++ b/11.0/jre21/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk21-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre21/temurin-alpine3.21/Dockerfile b/11.0/jre21/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..474fdf45d --- /dev/null +++ b/11.0/jre21/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk21-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre21/temurin-alpine3.22/Dockerfile b/11.0/jre21/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..bd6dcff48 --- /dev/null +++ b/11.0/jre21/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk21-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre21/temurin-alpine3.23/Dockerfile b/11.0/jre21/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..647e3bf07 --- /dev/null +++ b/11.0/jre21/temurin-alpine3.23/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk21-temurin-alpine3.23 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre21/temurin-ubi10-minimal/Dockerfile b/11.0/jre21/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..b35849467 --- /dev/null +++ b/11.0/jre21/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk21-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre21/temurin-ubi9-minimal/Dockerfile b/11.0/jre21/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..a4cec2423 --- /dev/null +++ b/11.0/jre21/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk21-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre25/semeru-jammy/Dockerfile b/11.0/jre25/semeru-jammy/Dockerfile new file mode 100644 index 000000000..1ab919e51 --- /dev/null +++ b/11.0/jre25/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk25-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jre25/semeru-noble/Dockerfile b/11.0/jre25/semeru-noble/Dockerfile new file mode 100644 index 000000000..2532df2a0 --- /dev/null +++ b/11.0/jre25/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk25-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jre25/temurin-alpine3.21/Dockerfile b/11.0/jre25/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..36fd83fa1 --- /dev/null +++ b/11.0/jre25/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk25-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre25/temurin-alpine3.22/Dockerfile b/11.0/jre25/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..debf9835b --- /dev/null +++ b/11.0/jre25/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk25-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre25/temurin-alpine3.23/Dockerfile b/11.0/jre25/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..92ff9247f --- /dev/null +++ b/11.0/jre25/temurin-alpine3.23/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk25-temurin-alpine3.23 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre25/temurin-ubi10-minimal/Dockerfile b/11.0/jre25/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..c3e09e380 --- /dev/null +++ b/11.0/jre25/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.18 +ENV TOMCAT_SHA512 e428203454e57962296e6e95705e46a1406d15569f67ea0cbd417f38fcad85e81de6fa1be62cfa660ec746312aefb87c39127eef7348e6f78cb57e9afb862ed4 + +COPY --from=tomcat:11.0.18-jdk25-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/corretto-al2/Dockerfile b/9.0/jdk11/corretto-al2/Dockerfile index 9c8eed54f..88ec0ac78 100644 --- a/9.0/jdk11/corretto-al2/Dockerfile +++ b/9.0/jdk11/corretto-al2/Dockerfile @@ -26,8 +26,8 @@ RUN set -eux; \ yum install -y --setopt=skip_missing_names_on_install=False yum-utils; \ yumdb set reason dep yum-utils; \ fi; \ -# a helper function to "yum install" things, but only if they aren't installed (and to set their "reason" to "dep" so "yum autoremove" can purge them for us) - _yum_install_temporary() { ( set -eu +x; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ local pkg todo=''; \ for pkg; do \ if ! rpm --query "$pkg" > /dev/null 2>&1; then \ @@ -40,7 +40,7 @@ RUN set -eux; \ yumdb set reason dep $todo; \ fi; \ ) }; \ - _yum_install_temporary gzip tar; \ + _install_temporary gzip tar; \ \ ddist() { \ local f="$1"; shift; \ @@ -97,8 +97,9 @@ RUN set -eux; \ \ nativeBuildDir="$(mktemp -d)"; \ tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ - _yum_install_temporary \ + _install_temporary \ apr-devel \ + findutils \ gcc \ make \ openssl11-devel \ @@ -121,6 +122,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # mark any explicit dependencies as manually installed find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ @@ -137,15 +147,6 @@ RUN set -eux; \ yum clean all; \ rm -rf /var/cache/yum; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk11/corretto-al2023/Dockerfile b/9.0/jdk11/corretto-al2023/Dockerfile new file mode 100644 index 000000000..75263f770 --- /dev/null +++ b/9.0/jdk11/corretto-al2023/Dockerfile @@ -0,0 +1,162 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/corretto-alpine3.20/Dockerfile b/9.0/jdk11/corretto-alpine3.20/Dockerfile new file mode 100644 index 000000000..babf21e78 --- /dev/null +++ b/9.0/jdk11/corretto-alpine3.20/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/corretto-alpine3.21/Dockerfile b/9.0/jdk11/corretto-alpine3.21/Dockerfile new file mode 100644 index 000000000..47d4f8ab1 --- /dev/null +++ b/9.0/jdk11/corretto-alpine3.21/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/corretto-alpine3.22/Dockerfile b/9.0/jdk11/corretto-alpine3.22/Dockerfile new file mode 100644 index 000000000..d9de5ac4d --- /dev/null +++ b/9.0/jdk11/corretto-alpine3.22/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/corretto-alpine3.23/Dockerfile b/9.0/jdk11/corretto-alpine3.23/Dockerfile new file mode 100644 index 000000000..8e8dede62 --- /dev/null +++ b/9.0/jdk11/corretto-alpine3.23/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-alpine3.23-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/sapmachine-jammy/Dockerfile b/9.0/jdk11/sapmachine-jammy/Dockerfile new file mode 100644 index 000000000..92df3480c --- /dev/null +++ b/9.0/jdk11/sapmachine-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:11-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/sapmachine-noble/Dockerfile b/9.0/jdk11/sapmachine-noble/Dockerfile new file mode 100644 index 000000000..228cf8479 --- /dev/null +++ b/9.0/jdk11/sapmachine-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:11-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/semeru-jammy/Dockerfile b/9.0/jdk11/semeru-jammy/Dockerfile new file mode 100644 index 000000000..3d2f1ca9f --- /dev/null +++ b/9.0/jdk11/semeru-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-11-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/semeru-noble/Dockerfile b/9.0/jdk11/semeru-noble/Dockerfile new file mode 100644 index 000000000..6bbea0a90 --- /dev/null +++ b/9.0/jdk11/semeru-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-11-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/temurin-alpine3.20/Dockerfile b/9.0/jdk11/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..e45bc7a7e --- /dev/null +++ b/9.0/jdk11/temurin-alpine3.20/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/temurin-alpine3.21/Dockerfile b/9.0/jdk11/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..b98228511 --- /dev/null +++ b/9.0/jdk11/temurin-alpine3.21/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/temurin-alpine3.22/Dockerfile b/9.0/jdk11/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..4eb0e46fe --- /dev/null +++ b/9.0/jdk11/temurin-alpine3.22/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/temurin-alpine3.23/Dockerfile b/9.0/jdk11/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..c03a6a72a --- /dev/null +++ b/9.0/jdk11/temurin-alpine3.23/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/temurin-jammy/Dockerfile b/9.0/jdk11/temurin-jammy/Dockerfile index 2af9071d4..44ba51a1f 100644 --- a/9.0/jdk11/temurin-jammy/Dockerfile +++ b/9.0/jdk11/temurin-jammy/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk11/temurin-noble/Dockerfile b/9.0/jdk11/temurin-noble/Dockerfile index a558ddde2..07e950da4 100644 --- a/9.0/jdk11/temurin-noble/Dockerfile +++ b/9.0/jdk11/temurin-noble/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk11/temurin-ubi10-minimal/Dockerfile b/9.0/jdk11/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..a294d2d5d --- /dev/null +++ b/9.0/jdk11/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/temurin-ubi9-minimal/Dockerfile b/9.0/jdk11/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..2c1f48399 --- /dev/null +++ b/9.0/jdk11/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/corretto-al2/Dockerfile b/9.0/jdk17/corretto-al2/Dockerfile index 96bfe085c..a13e8277f 100644 --- a/9.0/jdk17/corretto-al2/Dockerfile +++ b/9.0/jdk17/corretto-al2/Dockerfile @@ -26,8 +26,8 @@ RUN set -eux; \ yum install -y --setopt=skip_missing_names_on_install=False yum-utils; \ yumdb set reason dep yum-utils; \ fi; \ -# a helper function to "yum install" things, but only if they aren't installed (and to set their "reason" to "dep" so "yum autoremove" can purge them for us) - _yum_install_temporary() { ( set -eu +x; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ local pkg todo=''; \ for pkg; do \ if ! rpm --query "$pkg" > /dev/null 2>&1; then \ @@ -40,7 +40,7 @@ RUN set -eux; \ yumdb set reason dep $todo; \ fi; \ ) }; \ - _yum_install_temporary gzip tar; \ + _install_temporary gzip tar; \ \ ddist() { \ local f="$1"; shift; \ @@ -97,8 +97,9 @@ RUN set -eux; \ \ nativeBuildDir="$(mktemp -d)"; \ tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ - _yum_install_temporary \ + _install_temporary \ apr-devel \ + findutils \ gcc \ make \ openssl11-devel \ @@ -121,6 +122,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # mark any explicit dependencies as manually installed find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ @@ -137,15 +147,6 @@ RUN set -eux; \ yum clean all; \ rm -rf /var/cache/yum; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk17/corretto-al2023/Dockerfile b/9.0/jdk17/corretto-al2023/Dockerfile new file mode 100644 index 000000000..9fc4f92e8 --- /dev/null +++ b/9.0/jdk17/corretto-al2023/Dockerfile @@ -0,0 +1,162 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/corretto-alpine3.20/Dockerfile b/9.0/jdk17/corretto-alpine3.20/Dockerfile new file mode 100644 index 000000000..b03a6e4b3 --- /dev/null +++ b/9.0/jdk17/corretto-alpine3.20/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/corretto-alpine3.21/Dockerfile b/9.0/jdk17/corretto-alpine3.21/Dockerfile new file mode 100644 index 000000000..48e570c5a --- /dev/null +++ b/9.0/jdk17/corretto-alpine3.21/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/corretto-alpine3.22/Dockerfile b/9.0/jdk17/corretto-alpine3.22/Dockerfile new file mode 100644 index 000000000..6f1bce181 --- /dev/null +++ b/9.0/jdk17/corretto-alpine3.22/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/corretto-alpine3.23/Dockerfile b/9.0/jdk17/corretto-alpine3.23/Dockerfile new file mode 100644 index 000000000..2b4f3b61c --- /dev/null +++ b/9.0/jdk17/corretto-alpine3.23/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.23-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/sapmachine-jammy/Dockerfile b/9.0/jdk17/sapmachine-jammy/Dockerfile new file mode 100644 index 000000000..a24c1513e --- /dev/null +++ b/9.0/jdk17/sapmachine-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:17-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/sapmachine-noble/Dockerfile b/9.0/jdk17/sapmachine-noble/Dockerfile new file mode 100644 index 000000000..37a06d4bf --- /dev/null +++ b/9.0/jdk17/sapmachine-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:17-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/semeru-jammy/Dockerfile b/9.0/jdk17/semeru-jammy/Dockerfile new file mode 100644 index 000000000..aeba0bb85 --- /dev/null +++ b/9.0/jdk17/semeru-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/semeru-noble/Dockerfile b/9.0/jdk17/semeru-noble/Dockerfile new file mode 100644 index 000000000..d37f111a2 --- /dev/null +++ b/9.0/jdk17/semeru-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/temurin-alpine3.20/Dockerfile b/9.0/jdk17/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..e2fde14e8 --- /dev/null +++ b/9.0/jdk17/temurin-alpine3.20/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/temurin-alpine3.21/Dockerfile b/9.0/jdk17/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..0ca7d4a45 --- /dev/null +++ b/9.0/jdk17/temurin-alpine3.21/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/temurin-alpine3.22/Dockerfile b/9.0/jdk17/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..006ea3ec0 --- /dev/null +++ b/9.0/jdk17/temurin-alpine3.22/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/temurin-alpine3.23/Dockerfile b/9.0/jdk17/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..07886eb28 --- /dev/null +++ b/9.0/jdk17/temurin-alpine3.23/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/temurin-jammy/Dockerfile b/9.0/jdk17/temurin-jammy/Dockerfile index 377d2ea0d..55811b897 100644 --- a/9.0/jdk17/temurin-jammy/Dockerfile +++ b/9.0/jdk17/temurin-jammy/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk17/temurin-noble/Dockerfile b/9.0/jdk17/temurin-noble/Dockerfile index 59c8860a3..aac635344 100644 --- a/9.0/jdk17/temurin-noble/Dockerfile +++ b/9.0/jdk17/temurin-noble/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk17/temurin-ubi10-minimal/Dockerfile b/9.0/jdk17/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..3ddc60033 --- /dev/null +++ b/9.0/jdk17/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/temurin-ubi9-minimal/Dockerfile b/9.0/jdk17/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..66157ec66 --- /dev/null +++ b/9.0/jdk17/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/corretto-al2/Dockerfile b/9.0/jdk21/corretto-al2/Dockerfile index 54b746c4f..c47c38930 100644 --- a/9.0/jdk21/corretto-al2/Dockerfile +++ b/9.0/jdk21/corretto-al2/Dockerfile @@ -26,8 +26,8 @@ RUN set -eux; \ yum install -y --setopt=skip_missing_names_on_install=False yum-utils; \ yumdb set reason dep yum-utils; \ fi; \ -# a helper function to "yum install" things, but only if they aren't installed (and to set their "reason" to "dep" so "yum autoremove" can purge them for us) - _yum_install_temporary() { ( set -eu +x; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ local pkg todo=''; \ for pkg; do \ if ! rpm --query "$pkg" > /dev/null 2>&1; then \ @@ -40,7 +40,7 @@ RUN set -eux; \ yumdb set reason dep $todo; \ fi; \ ) }; \ - _yum_install_temporary gzip tar; \ + _install_temporary gzip tar; \ \ ddist() { \ local f="$1"; shift; \ @@ -97,8 +97,9 @@ RUN set -eux; \ \ nativeBuildDir="$(mktemp -d)"; \ tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ - _yum_install_temporary \ + _install_temporary \ apr-devel \ + findutils \ gcc \ make \ openssl11-devel \ @@ -121,6 +122,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # mark any explicit dependencies as manually installed find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ @@ -137,15 +147,6 @@ RUN set -eux; \ yum clean all; \ rm -rf /var/cache/yum; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk21/corretto-al2023/Dockerfile b/9.0/jdk21/corretto-al2023/Dockerfile new file mode 100644 index 000000000..89a60ba6f --- /dev/null +++ b/9.0/jdk21/corretto-al2023/Dockerfile @@ -0,0 +1,162 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/corretto-alpine3.20/Dockerfile b/9.0/jdk21/corretto-alpine3.20/Dockerfile new file mode 100644 index 000000000..f4bbf1cc2 --- /dev/null +++ b/9.0/jdk21/corretto-alpine3.20/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/corretto-alpine3.21/Dockerfile b/9.0/jdk21/corretto-alpine3.21/Dockerfile new file mode 100644 index 000000000..bbfbc19c5 --- /dev/null +++ b/9.0/jdk21/corretto-alpine3.21/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/corretto-alpine3.22/Dockerfile b/9.0/jdk21/corretto-alpine3.22/Dockerfile new file mode 100644 index 000000000..590f7bf93 --- /dev/null +++ b/9.0/jdk21/corretto-alpine3.22/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/corretto-alpine3.23/Dockerfile b/9.0/jdk21/corretto-alpine3.23/Dockerfile new file mode 100644 index 000000000..c3ebf42ab --- /dev/null +++ b/9.0/jdk21/corretto-alpine3.23/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.23-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/sapmachine-jammy/Dockerfile b/9.0/jdk21/sapmachine-jammy/Dockerfile new file mode 100644 index 000000000..cbef959b9 --- /dev/null +++ b/9.0/jdk21/sapmachine-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:21-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/sapmachine-noble/Dockerfile b/9.0/jdk21/sapmachine-noble/Dockerfile new file mode 100644 index 000000000..7a676351f --- /dev/null +++ b/9.0/jdk21/sapmachine-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:21-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/semeru-jammy/Dockerfile b/9.0/jdk21/semeru-jammy/Dockerfile new file mode 100644 index 000000000..05f923f37 --- /dev/null +++ b/9.0/jdk21/semeru-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/semeru-noble/Dockerfile b/9.0/jdk21/semeru-noble/Dockerfile new file mode 100644 index 000000000..22b2e66c8 --- /dev/null +++ b/9.0/jdk21/semeru-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/temurin-alpine3.20/Dockerfile b/9.0/jdk21/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..79dbc574b --- /dev/null +++ b/9.0/jdk21/temurin-alpine3.20/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/temurin-alpine3.21/Dockerfile b/9.0/jdk21/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..cd287fc15 --- /dev/null +++ b/9.0/jdk21/temurin-alpine3.21/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/temurin-alpine3.22/Dockerfile b/9.0/jdk21/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..06bec3f3b --- /dev/null +++ b/9.0/jdk21/temurin-alpine3.22/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/temurin-alpine3.23/Dockerfile b/9.0/jdk21/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..de9af9078 --- /dev/null +++ b/9.0/jdk21/temurin-alpine3.23/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/temurin-jammy/Dockerfile b/9.0/jdk21/temurin-jammy/Dockerfile index 022594422..efc80cdc5 100644 --- a/9.0/jdk21/temurin-jammy/Dockerfile +++ b/9.0/jdk21/temurin-jammy/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk21/temurin-noble/Dockerfile b/9.0/jdk21/temurin-noble/Dockerfile index de657d55c..5227805fe 100644 --- a/9.0/jdk21/temurin-noble/Dockerfile +++ b/9.0/jdk21/temurin-noble/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk21/temurin-ubi10-minimal/Dockerfile b/9.0/jdk21/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..bfbb2d699 --- /dev/null +++ b/9.0/jdk21/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/temurin-ubi9-minimal/Dockerfile b/9.0/jdk21/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..fea78ea63 --- /dev/null +++ b/9.0/jdk21/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/corretto-al2023/Dockerfile b/9.0/jdk25/corretto-al2023/Dockerfile new file mode 100644 index 000000000..43d32a428 --- /dev/null +++ b/9.0/jdk25/corretto-al2023/Dockerfile @@ -0,0 +1,162 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/corretto-alpine3.20/Dockerfile b/9.0/jdk25/corretto-alpine3.20/Dockerfile new file mode 100644 index 000000000..1cc3ca4c3 --- /dev/null +++ b/9.0/jdk25/corretto-alpine3.20/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/corretto-alpine3.21/Dockerfile b/9.0/jdk25/corretto-alpine3.21/Dockerfile new file mode 100644 index 000000000..cbdd1a120 --- /dev/null +++ b/9.0/jdk25/corretto-alpine3.21/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/corretto-alpine3.22/Dockerfile b/9.0/jdk25/corretto-alpine3.22/Dockerfile new file mode 100644 index 000000000..56a156e44 --- /dev/null +++ b/9.0/jdk25/corretto-alpine3.22/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/corretto-alpine3.23/Dockerfile b/9.0/jdk25/corretto-alpine3.23/Dockerfile new file mode 100644 index 000000000..c7372baa3 --- /dev/null +++ b/9.0/jdk25/corretto-alpine3.23/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.23-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/sapmachine-jammy/Dockerfile b/9.0/jdk25/sapmachine-jammy/Dockerfile new file mode 100644 index 000000000..942271351 --- /dev/null +++ b/9.0/jdk25/sapmachine-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:25-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/sapmachine-noble/Dockerfile b/9.0/jdk25/sapmachine-noble/Dockerfile new file mode 100644 index 000000000..956c9a49a --- /dev/null +++ b/9.0/jdk25/sapmachine-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:25-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/semeru-jammy/Dockerfile b/9.0/jdk25/semeru-jammy/Dockerfile new file mode 100644 index 000000000..ec3686d65 --- /dev/null +++ b/9.0/jdk25/semeru-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/semeru-noble/Dockerfile b/9.0/jdk25/semeru-noble/Dockerfile new file mode 100644 index 000000000..7a83d54f4 --- /dev/null +++ b/9.0/jdk25/semeru-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/temurin-alpine3.21/Dockerfile b/9.0/jdk25/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..c4b8c1d18 --- /dev/null +++ b/9.0/jdk25/temurin-alpine3.21/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/temurin-alpine3.22/Dockerfile b/9.0/jdk25/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..c7019e9a4 --- /dev/null +++ b/9.0/jdk25/temurin-alpine3.22/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/temurin-alpine3.23/Dockerfile b/9.0/jdk25/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..645280508 --- /dev/null +++ b/9.0/jdk25/temurin-alpine3.23/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/temurin-jammy/Dockerfile b/9.0/jdk25/temurin-jammy/Dockerfile index 469f2834c..8490d910a 100644 --- a/9.0/jdk25/temurin-jammy/Dockerfile +++ b/9.0/jdk25/temurin-jammy/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk25/temurin-noble/Dockerfile b/9.0/jdk25/temurin-noble/Dockerfile index a8e2b57ce..661342247 100644 --- a/9.0/jdk25/temurin-noble/Dockerfile +++ b/9.0/jdk25/temurin-noble/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk25/temurin-ubi10-minimal/Dockerfile b/9.0/jdk25/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..a732a0a4a --- /dev/null +++ b/9.0/jdk25/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk27/openjdk-bookworm/Dockerfile b/9.0/jdk27/openjdk-bookworm/Dockerfile new file mode 100644 index 000000000..3e08669b0 --- /dev/null +++ b/9.0/jdk27/openjdk-bookworm/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:27-ea-jdk-bookworm + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk27/openjdk-oraclelinux8/Dockerfile b/9.0/jdk27/openjdk-oraclelinux8/Dockerfile new file mode 100644 index 000000000..19d541fed --- /dev/null +++ b/9.0/jdk27/openjdk-oraclelinux8/Dockerfile @@ -0,0 +1,165 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:27-ea-jdk-oraclelinux8 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk27/openjdk-oraclelinux9/Dockerfile b/9.0/jdk27/openjdk-oraclelinux9/Dockerfile new file mode 100644 index 000000000..b127e8a39 --- /dev/null +++ b/9.0/jdk27/openjdk-oraclelinux9/Dockerfile @@ -0,0 +1,165 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:27-ea-jdk-oraclelinux9 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk27/openjdk-slim-bookworm/Dockerfile b/9.0/jdk27/openjdk-slim-bookworm/Dockerfile new file mode 100644 index 000000000..7e72c7504 --- /dev/null +++ b/9.0/jdk27/openjdk-slim-bookworm/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:27-ea-jdk-slim-bookworm + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk27/openjdk-slim-trixie/Dockerfile b/9.0/jdk27/openjdk-slim-trixie/Dockerfile new file mode 100644 index 000000000..3bdf2f699 --- /dev/null +++ b/9.0/jdk27/openjdk-slim-trixie/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:27-ea-jdk-slim-trixie + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk27/openjdk-trixie/Dockerfile b/9.0/jdk27/openjdk-trixie/Dockerfile new file mode 100644 index 000000000..e1a1dba3d --- /dev/null +++ b/9.0/jdk27/openjdk-trixie/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:27-ea-jdk-trixie + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/corretto-al2/Dockerfile b/9.0/jdk8/corretto-al2/Dockerfile index d4ad0d1c1..09ee6b077 100644 --- a/9.0/jdk8/corretto-al2/Dockerfile +++ b/9.0/jdk8/corretto-al2/Dockerfile @@ -26,8 +26,8 @@ RUN set -eux; \ yum install -y --setopt=skip_missing_names_on_install=False yum-utils; \ yumdb set reason dep yum-utils; \ fi; \ -# a helper function to "yum install" things, but only if they aren't installed (and to set their "reason" to "dep" so "yum autoremove" can purge them for us) - _yum_install_temporary() { ( set -eu +x; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ local pkg todo=''; \ for pkg; do \ if ! rpm --query "$pkg" > /dev/null 2>&1; then \ @@ -40,7 +40,7 @@ RUN set -eux; \ yumdb set reason dep $todo; \ fi; \ ) }; \ - _yum_install_temporary gzip tar; \ + _install_temporary gzip tar; \ \ ddist() { \ local f="$1"; shift; \ @@ -97,8 +97,9 @@ RUN set -eux; \ \ nativeBuildDir="$(mktemp -d)"; \ tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ - _yum_install_temporary \ + _install_temporary \ apr-devel \ + findutils \ gcc \ make \ openssl11-devel \ @@ -121,6 +122,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # mark any explicit dependencies as manually installed find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ @@ -137,15 +147,6 @@ RUN set -eux; \ yum clean all; \ rm -rf /var/cache/yum; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk8/corretto-al2023/Dockerfile b/9.0/jdk8/corretto-al2023/Dockerfile new file mode 100644 index 000000000..33a4040d3 --- /dev/null +++ b/9.0/jdk8/corretto-al2023/Dockerfile @@ -0,0 +1,162 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/corretto-alpine3.20/Dockerfile b/9.0/jdk8/corretto-alpine3.20/Dockerfile new file mode 100644 index 000000000..4141bf274 --- /dev/null +++ b/9.0/jdk8/corretto-alpine3.20/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/corretto-alpine3.21/Dockerfile b/9.0/jdk8/corretto-alpine3.21/Dockerfile new file mode 100644 index 000000000..a2de4a2ca --- /dev/null +++ b/9.0/jdk8/corretto-alpine3.21/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/corretto-alpine3.22/Dockerfile b/9.0/jdk8/corretto-alpine3.22/Dockerfile new file mode 100644 index 000000000..057eec9bf --- /dev/null +++ b/9.0/jdk8/corretto-alpine3.22/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/corretto-alpine3.23/Dockerfile b/9.0/jdk8/corretto-alpine3.23/Dockerfile new file mode 100644 index 000000000..4bb210a76 --- /dev/null +++ b/9.0/jdk8/corretto-alpine3.23/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-alpine3.23-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/semeru-jammy/Dockerfile b/9.0/jdk8/semeru-jammy/Dockerfile new file mode 100644 index 000000000..21ca82163 --- /dev/null +++ b/9.0/jdk8/semeru-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-8-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/semeru-noble/Dockerfile b/9.0/jdk8/semeru-noble/Dockerfile new file mode 100644 index 000000000..bde2f3784 --- /dev/null +++ b/9.0/jdk8/semeru-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-8-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/temurin-alpine3.20/Dockerfile b/9.0/jdk8/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..19908a805 --- /dev/null +++ b/9.0/jdk8/temurin-alpine3.20/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/temurin-alpine3.21/Dockerfile b/9.0/jdk8/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..90b9c4e1e --- /dev/null +++ b/9.0/jdk8/temurin-alpine3.21/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/temurin-alpine3.22/Dockerfile b/9.0/jdk8/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..555bc427d --- /dev/null +++ b/9.0/jdk8/temurin-alpine3.22/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/temurin-alpine3.23/Dockerfile b/9.0/jdk8/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..ea4ddd873 --- /dev/null +++ b/9.0/jdk8/temurin-alpine3.23/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jdk-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/temurin-jammy/Dockerfile b/9.0/jdk8/temurin-jammy/Dockerfile index 5428b7f7a..be62b9c01 100644 --- a/9.0/jdk8/temurin-jammy/Dockerfile +++ b/9.0/jdk8/temurin-jammy/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk8/temurin-noble/Dockerfile b/9.0/jdk8/temurin-noble/Dockerfile index f0cfff798..557561115 100644 --- a/9.0/jdk8/temurin-noble/Dockerfile +++ b/9.0/jdk8/temurin-noble/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk8/temurin-ubi10-minimal/Dockerfile b/9.0/jdk8/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..4033841b9 --- /dev/null +++ b/9.0/jdk8/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/temurin-ubi9-minimal/Dockerfile b/9.0/jdk8/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..df9f4d766 --- /dev/null +++ b/9.0/jdk8/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre11/semeru-jammy/Dockerfile b/9.0/jre11/semeru-jammy/Dockerfile new file mode 100644 index 000000000..1b055b9b0 --- /dev/null +++ b/9.0/jre11/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-11-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk11-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre11/semeru-noble/Dockerfile b/9.0/jre11/semeru-noble/Dockerfile new file mode 100644 index 000000000..df01db910 --- /dev/null +++ b/9.0/jre11/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-11-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk11-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre11/temurin-alpine3.20/Dockerfile b/9.0/jre11/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..eb918c039 --- /dev/null +++ b/9.0/jre11/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk11-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre11/temurin-alpine3.21/Dockerfile b/9.0/jre11/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..4fde7f8cf --- /dev/null +++ b/9.0/jre11/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk11-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre11/temurin-alpine3.22/Dockerfile b/9.0/jre11/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..aa053306a --- /dev/null +++ b/9.0/jre11/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk11-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre11/temurin-alpine3.23/Dockerfile b/9.0/jre11/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..8cfbd3699 --- /dev/null +++ b/9.0/jre11/temurin-alpine3.23/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk11-temurin-alpine3.23 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre11/temurin-ubi10-minimal/Dockerfile b/9.0/jre11/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..1108bf221 --- /dev/null +++ b/9.0/jre11/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk11-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre11/temurin-ubi9-minimal/Dockerfile b/9.0/jre11/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..0570b4872 --- /dev/null +++ b/9.0/jre11/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk11-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre17/semeru-jammy/Dockerfile b/9.0/jre17/semeru-jammy/Dockerfile new file mode 100644 index 000000000..16a0c17c2 --- /dev/null +++ b/9.0/jre17/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk17-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre17/semeru-noble/Dockerfile b/9.0/jre17/semeru-noble/Dockerfile new file mode 100644 index 000000000..769c2cef5 --- /dev/null +++ b/9.0/jre17/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk17-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre17/temurin-alpine3.20/Dockerfile b/9.0/jre17/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..19fa61fc5 --- /dev/null +++ b/9.0/jre17/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk17-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre17/temurin-alpine3.21/Dockerfile b/9.0/jre17/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..638daf5e2 --- /dev/null +++ b/9.0/jre17/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk17-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre17/temurin-alpine3.22/Dockerfile b/9.0/jre17/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..2b07a2990 --- /dev/null +++ b/9.0/jre17/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk17-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre17/temurin-alpine3.23/Dockerfile b/9.0/jre17/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..d7c5c6d7b --- /dev/null +++ b/9.0/jre17/temurin-alpine3.23/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk17-temurin-alpine3.23 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre17/temurin-ubi10-minimal/Dockerfile b/9.0/jre17/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..714f54e10 --- /dev/null +++ b/9.0/jre17/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk17-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre17/temurin-ubi9-minimal/Dockerfile b/9.0/jre17/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..a781f92df --- /dev/null +++ b/9.0/jre17/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk17-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre21/semeru-jammy/Dockerfile b/9.0/jre21/semeru-jammy/Dockerfile new file mode 100644 index 000000000..c2f2736cd --- /dev/null +++ b/9.0/jre21/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk21-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre21/semeru-noble/Dockerfile b/9.0/jre21/semeru-noble/Dockerfile new file mode 100644 index 000000000..1cdd56ff8 --- /dev/null +++ b/9.0/jre21/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk21-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre21/temurin-alpine3.20/Dockerfile b/9.0/jre21/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..f4ae84bab --- /dev/null +++ b/9.0/jre21/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk21-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre21/temurin-alpine3.21/Dockerfile b/9.0/jre21/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..80632cd88 --- /dev/null +++ b/9.0/jre21/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk21-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre21/temurin-alpine3.22/Dockerfile b/9.0/jre21/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..a477ea04a --- /dev/null +++ b/9.0/jre21/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk21-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre21/temurin-alpine3.23/Dockerfile b/9.0/jre21/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..8f63adef5 --- /dev/null +++ b/9.0/jre21/temurin-alpine3.23/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk21-temurin-alpine3.23 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre21/temurin-ubi10-minimal/Dockerfile b/9.0/jre21/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..6fd6e4213 --- /dev/null +++ b/9.0/jre21/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk21-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre21/temurin-ubi9-minimal/Dockerfile b/9.0/jre21/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..0ef299ffc --- /dev/null +++ b/9.0/jre21/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk21-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre25/semeru-jammy/Dockerfile b/9.0/jre25/semeru-jammy/Dockerfile new file mode 100644 index 000000000..562e123a9 --- /dev/null +++ b/9.0/jre25/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk25-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre25/semeru-noble/Dockerfile b/9.0/jre25/semeru-noble/Dockerfile new file mode 100644 index 000000000..861fc7680 --- /dev/null +++ b/9.0/jre25/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk25-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre25/temurin-alpine3.21/Dockerfile b/9.0/jre25/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..f520ef11c --- /dev/null +++ b/9.0/jre25/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk25-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre25/temurin-alpine3.22/Dockerfile b/9.0/jre25/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..ee5bcb3dd --- /dev/null +++ b/9.0/jre25/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk25-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre25/temurin-alpine3.23/Dockerfile b/9.0/jre25/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..9fd5f4671 --- /dev/null +++ b/9.0/jre25/temurin-alpine3.23/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk25-temurin-alpine3.23 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre25/temurin-ubi10-minimal/Dockerfile b/9.0/jre25/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..00596d607 --- /dev/null +++ b/9.0/jre25/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk25-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/corretto-al2023/Dockerfile b/9.0/jre8/corretto-al2023/Dockerfile new file mode 100644 index 000000000..199f054f0 --- /dev/null +++ b/9.0/jre8/corretto-al2023/Dockerfile @@ -0,0 +1,41 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-al2023-jre + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk8-corretto-al2023 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + dnf install -y $deps; \ + dnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/corretto-alpine3.20/Dockerfile b/9.0/jre8/corretto-alpine3.20/Dockerfile new file mode 100644 index 000000000..05091f087 --- /dev/null +++ b/9.0/jre8/corretto-alpine3.20/Dockerfile @@ -0,0 +1,38 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-alpine3.20-jre + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk8-corretto-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/corretto-alpine3.21/Dockerfile b/9.0/jre8/corretto-alpine3.21/Dockerfile new file mode 100644 index 000000000..a159618d5 --- /dev/null +++ b/9.0/jre8/corretto-alpine3.21/Dockerfile @@ -0,0 +1,38 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-alpine3.21-jre + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk8-corretto-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/corretto-alpine3.22/Dockerfile b/9.0/jre8/corretto-alpine3.22/Dockerfile new file mode 100644 index 000000000..87ef3e2ee --- /dev/null +++ b/9.0/jre8/corretto-alpine3.22/Dockerfile @@ -0,0 +1,38 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-alpine3.22-jre + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk8-corretto-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/corretto-alpine3.23/Dockerfile b/9.0/jre8/corretto-alpine3.23/Dockerfile new file mode 100644 index 000000000..c2c4b3595 --- /dev/null +++ b/9.0/jre8/corretto-alpine3.23/Dockerfile @@ -0,0 +1,38 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-alpine3.23-jre + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk8-corretto-alpine3.23 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/semeru-jammy/Dockerfile b/9.0/jre8/semeru-jammy/Dockerfile new file mode 100644 index 000000000..5ca49bcae --- /dev/null +++ b/9.0/jre8/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-8-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk8-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/semeru-noble/Dockerfile b/9.0/jre8/semeru-noble/Dockerfile new file mode 100644 index 000000000..d06351998 --- /dev/null +++ b/9.0/jre8/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-8-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk8-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/temurin-alpine3.20/Dockerfile b/9.0/jre8/temurin-alpine3.20/Dockerfile new file mode 100644 index 000000000..851e0e75a --- /dev/null +++ b/9.0/jre8/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk8-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/temurin-alpine3.21/Dockerfile b/9.0/jre8/temurin-alpine3.21/Dockerfile new file mode 100644 index 000000000..b18d87343 --- /dev/null +++ b/9.0/jre8/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk8-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/temurin-alpine3.22/Dockerfile b/9.0/jre8/temurin-alpine3.22/Dockerfile new file mode 100644 index 000000000..2ef01d3ed --- /dev/null +++ b/9.0/jre8/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk8-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/temurin-alpine3.23/Dockerfile b/9.0/jre8/temurin-alpine3.23/Dockerfile new file mode 100644 index 000000000..cffaf5dbe --- /dev/null +++ b/9.0/jre8/temurin-alpine3.23/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jre-alpine-3.23 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk8-temurin-alpine3.23 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/temurin-ubi10-minimal/Dockerfile b/9.0/jre8/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 000000000..836be9415 --- /dev/null +++ b/9.0/jre8/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk8-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/temurin-ubi9-minimal/Dockerfile b/9.0/jre8/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 000000000..5020256da --- /dev/null +++ b/9.0/jre8/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.115 +ENV TOMCAT_SHA512 8e6fa92883c161523269560a7dc9e8d58fd1199b29c630f681aa3ec2975b59d94674d2881331076b55f5ee0439748931d87c099c79d7bcea909303739e612e4b + +COPY --from=tomcat:9.0.115-jdk8-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/Dockerfile.template b/Dockerfile.template index e94d41905..9e45f55e2 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -29,14 +29,25 @@ RUN set -eux; \ curl \ gnupg \ ; \ +{{ ) elif is_alpine then ( -}} + apk add --no-cache --virtual .fetch-deps gnupg; \ {{ ) else ( -}} +{{ if is_yum then ( -}} # http://yum.baseurl.org/wiki/YumDB.html if ! command -v yumdb > /dev/null; then \ yum install -y --setopt=skip_missing_names_on_install=False yum-utils; \ yumdb set reason dep yum-utils; \ fi; \ -# a helper function to "yum install" things, but only if they aren't installed (and to set their "reason" to "dep" so "yum autoremove" can purge them for us) - _yum_install_temporary() { ( set -eu +x; \ +{{ if vendor_variant | contains("oraclelinux7") then ( -}} +# TODO there's an odd bug on Oracle Linux where installing "cpp" (which gets pulled in as a dependency of "gcc") and then marking it as automatically-installed will result in the "filesystem" package being removed during "yum autoremove" (which then fails), so we set it as manually-installed to compensate + yumdb set reason user filesystem; \ +{{ ) else "" end -}} +{{ ) elif vendor_variant | variant_is_microdnf then ( -}} +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +{{ ) else "" end -}} +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ local pkg todo=''; \ for pkg; do \ if ! rpm --query "$pkg" > /dev/null 2>&1; then \ @@ -45,11 +56,20 @@ RUN set -eux; \ done; \ if [ -n "$todo" ]; then \ set -x; \ +{{ if is_yum then ( -}} yum install -y --setopt=skip_missing_names_on_install=False $todo; \ yumdb set reason dep $todo; \ +{{ ) else ( -}} + dnf install -y $todo; \ + dnf mark remove $todo; \ +{{ ) end -}} fi; \ ) }; \ - _yum_install_temporary gzip tar; \ + _install_temporary gzip tar; \ +{{ if vendor_variant | contains("al20") then ( -}} +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ +{{ ) else "" end -}} {{ ) end -}} \ ddist() { \ @@ -66,7 +86,7 @@ RUN set -eux; \ # if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ ; do \ - if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + if {{ if is_alpine then "wget -O" else "curl -fL -o" end }} "$f" "$distUrl" && [ -s "$f" ]; then \ success=1; \ break; \ fi; \ @@ -75,10 +95,10 @@ RUN set -eux; \ }; \ \ ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ - echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum {{ if is_alpine then "-c" else "--strict --check" end }} -; \ ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - curl -fL -o upstream-KEYS {{ "https://www.apache.org/dist/tomcat/tomcat-\(major)/KEYS" | @sh }}; \ + {{ if is_alpine then "wget -O" else "curl -fL -o" end }} upstream-KEYS {{ "https://www.apache.org/dist/tomcat/tomcat-\(major)/KEYS" | @sh }}; \ gpg --batch --import upstream-KEYS; \ # filter upstream KEYS file to *just* known/precomputed fingerprints printf '' > filtered-KEYS; \ @@ -132,7 +152,7 @@ RUN set -eux; \ tar -xf tomcat.tar.gz --strip-components=1; \ rm bin/*.bat; \ rm tomcat.tar.gz*; \ -{{ if vendor_variant | contains("al2") then "" else ( -}} +{{ if vendor_variant | variant_is_al2 or contains("oraclelinux7") then "" else ( -}} gpgconf --kill all; \ {{ ) end -}} rm -rf "$GNUPGHOME"; \ @@ -152,23 +172,45 @@ RUN set -eux; \ libssl-dev \ make \ ; \ +{{ ) elif is_alpine then ( -}} + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ +{{ if is_native_ge_2 then ( -}} + openssl3-dev \ +{{ ) else ( -}} + openssl-dev \ +{{ ) end -}} + ; \ {{ ) else ( -}} - _yum_install_temporary \ + _install_temporary \ apr-devel \ + findutils \ gcc \ make \ +{{ if vendor_variant | variant_is_al2 then ( -}} openssl11-devel \ +{{ ) else ( -}} + openssl-devel \ +{{ ) end -}} +{{ if vendor_variant | variant_is_microdnf then ( -}} +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ +{{ ) else "" end -}} ; \ {{ ) end -}} ( \ export CATALINA_HOME="$PWD"; \ cd "$nativeBuildDir/native"; \ -{{ if is_apt then ( -}} +{{ if is_apt or is_alpine then ( -}} gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ {{ ) else "" end -}} aprConfig="$(command -v apr-1-config)"; \ ./configure \ -{{ if is_apt then ( -}} +{{ if is_apt or is_alpine then ( -}} --build="$gnuArch" \ {{ ) else "" end -}} --libdir="$TOMCAT_NATIVE_LIBDIR" \ @@ -186,6 +228,17 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +{{ if is_alpine then "" else ( -}} +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +{{ ) end -}} +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ {{ if is_apt then ( -}} # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ @@ -203,6 +256,24 @@ RUN set -eux; \ \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ +{{ ) elif is_alpine then ( -}} +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ +{{ if is_native_ge_2 and (vendor_variant | contains("alpine3.15") or contains("alpine3.16")) then ( -}} +# https://git.alpinelinux.org/aports/tree/main/openssl3/APKBUILD?h=3.16-stable#n23 ("sonameprefix") +# see also "apk info --all libssl3" ("so:openssl3:so:libssl.so.3=3" under "provides:") + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { if ($1 ~ /libssl|libcrypto/) { print "so:openssl3:so:" $1 } else { print "so:" $1 } }' \ +{{ ) else ( -}} + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +{{ ) end -}} + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ {{ ) else ( -}} # mark any explicit dependencies as manually installed find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ @@ -212,24 +283,15 @@ RUN set -eux; \ | xargs -rt rpm --query --whatprovides \ | sort -u \ | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ - | xargs -r yumdb set reason user \ + | xargs -r {{ if is_yum then "yumdb set reason user" else "dnf mark install" end }} \ ; \ \ # clean up anything added temporarily and not later marked as necessary - yum autoremove -y; \ - yum clean all; \ - rm -rf /var/cache/yum; \ + {{ if is_yum then "yum" else "dnf" end }} autoremove -y; \ + {{ if is_yum then "yum" else "dnf" end }} clean all; \ + rm -rf /var/cache/{{ if is_yum then "yum" else "dnf" end }}; \ {{ ) end -}} \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version {{ ) else ( -}} @@ -239,10 +301,19 @@ RUN set -eux; \ apt-get update; \ xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ rm -rf /var/lib/apt/lists/* +{{ ) elif is_alpine then ( -}} + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps +{{ ) elif vendor_variant | contains("al20") or contains("ubi") then ( -}} +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + {{ if vendor_variant | variant_is_microdnf then "microdnf" else "dnf" end }} install -y $deps; \ + {{ if vendor_variant | variant_is_microdnf then "microdnf" else "dnf" end }} clean all; \ + rm -rf /var/cache/dnf {{ ) else ( -}} - xargs -rt yum install -y --setopt=skip_missing_names_on_install=False < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ - yum clean all; \ - rm -rf /var/cache/yum + xargs -rt {{ if is_yum then "yum" elif vendor_variant | variant_is_microdnf then "microdnf" else "dnf" end }} install -y{{ if is_yum then " --setopt=skip_missing_names_on_install=False" else "" end }} < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + {{ if is_yum then "yum" elif vendor_variant | variant_is_microdnf then "microdnf" else "dnf" end }} clean all; \ + rm -rf /var/cache/{{ if is_yum then "yum" else "dnf" end }} {{ ) end -}} {{ ) end -}} diff --git a/from.jq b/from.jq index 631ef8bd7..7094fa935 100644 --- a/from.jq +++ b/from.jq @@ -17,9 +17,17 @@ def from: | if test("^corretto-") then "amazoncorretto:" + java_version + ltrimstr("corretto") + "-" + java_variant elif test("^openjdk-") then - "openjdk:" + java_version + "-" + java_variant + ltrimstr("openjdk") + # TODO this "-ea" needs to be handled somewhere else / further out so we don't ever label "26-ea" as just "26", for example (https://github.com/docker-library/openjdk/pull/550) + "openjdk:" + java_version + "-ea-" + java_variant + ltrimstr("openjdk") + elif test("^sapmachine-") and java_variant == "jdk" then + "sapmachine:" + java_version + "-ubuntu" + ltrimstr("sapmachine") + elif test("^semeru-") then + "ibm-semeru-runtimes:open-" + java_version + "-" + java_variant + ltrimstr("semeru") elif test("^temurin-") then - "eclipse-temurin:" + java_version + "-" + java_variant + ltrimstr("temurin") + "eclipse-temurin:" + java_version + "-" + java_variant + ( + ltrimstr("temurin") + | sub("alpine(?=[0-9]+)"; "alpine-") # temurin does "-alpine-N.NN" style tags + ) else error("unknown vendor variant: " + .) end diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index fa1ac0dd4..f8f228794 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -90,9 +90,11 @@ for version; do declare -A vendorAliases=() defaultTemurinVariant= for aliasToRegex in \ - 'corretto:^corretto-' \ - 'openjdk:openjdk-(?!slim)' 'openjdk-slim:^openjdk-slim' \ - 'temurin:^temurin-' \ + 'corretto:^corretto-(?!alpine)' 'corretto-alpine:^corretto-alpine' \ + 'openjdk:openjdk-(?!slim|alpine)' 'openjdk-slim:^openjdk-slim' 'openjdk-alpine:^openjdk-alpine' \ + 'sapmachine:^sapmachine-' \ + 'semeru:^semeru-' \ + 'temurin:^temurin-(?!alpine)' 'temurin-alpine:^temurin-alpine' \ ; do alias="${aliasToRegex%%:*}" regex="${aliasToRegex#$alias:}" diff --git a/shared.jq b/shared.jq index b407b207e..52a5a793d 100644 --- a/shared.jq +++ b/shared.jq @@ -16,9 +16,26 @@ def is_supported_java_version(java): java >= 8 end ; +def is_alpine: + vendor_variant | contains("alpine") +; +def variant_is_al2: # NOT al20XX + contains("al2") and (contains("al20") | not) +; +def is_yum: + vendor_variant | ( + variant_is_al2 + or contains("oraclelinux7") + ) +; +def variant_is_microdnf: + contains("oraclelinux") or contains("ubi") +; def is_apt: vendor_variant | ( - contains("al2") + variant_is_microdnf + or contains("al2") + or contains("alpine") ) | not ; def is_native_ge_2: @@ -31,6 +48,9 @@ def has_openssl_ge_3(variant): # https://github.com/apache/tomcat-native/commit/f7930fa16f095717cfc641a8d24e60c343765adc variant | ( # amazonlinux - contains("al2") # corretto + variant_is_al2 # corretto + # oraclelinux + or contains("oraclelinux7") # openjdk + or contains("oraclelinux8") # openjdk ) | not ; diff --git a/versions.json b/versions.json index 67a83e1fe..8cf18fb6c 100644 --- a/versions.json +++ b/versions.json @@ -6,18 +6,111 @@ "jre25/temurin-noble", "jdk25/temurin-jammy", "jre25/temurin-jammy", + "jdk25/temurin-alpine3.23", + "jre25/temurin-alpine3.23", + "jdk25/temurin-alpine3.22", + "jre25/temurin-alpine3.22", + "jdk25/temurin-alpine3.21", + "jre25/temurin-alpine3.21", + "jdk25/temurin-ubi10-minimal", + "jre25/temurin-ubi10-minimal", + "jdk25/corretto-al2023", + "jdk25/corretto-alpine3.23", + "jdk25/corretto-alpine3.22", + "jdk25/corretto-alpine3.21", + "jdk25/corretto-alpine3.20", + "jdk25/sapmachine-noble", + "jdk25/sapmachine-jammy", + "jdk25/semeru-noble", + "jre25/semeru-noble", + "jdk25/semeru-jammy", + "jre25/semeru-jammy", "jdk21/temurin-noble", "jre21/temurin-noble", "jdk21/temurin-jammy", "jre21/temurin-jammy", + "jdk21/temurin-alpine3.23", + "jre21/temurin-alpine3.23", + "jdk21/temurin-alpine3.22", + "jre21/temurin-alpine3.22", + "jdk21/temurin-alpine3.21", + "jre21/temurin-alpine3.21", + "jdk21/temurin-alpine3.20", + "jre21/temurin-alpine3.20", + "jdk21/temurin-ubi10-minimal", + "jre21/temurin-ubi10-minimal", + "jdk21/temurin-ubi9-minimal", + "jre21/temurin-ubi9-minimal", + "jdk21/corretto-al2023", + "jdk21/corretto-alpine3.23", + "jdk21/corretto-alpine3.22", + "jdk21/corretto-alpine3.21", + "jdk21/corretto-alpine3.20", + "jdk21/sapmachine-noble", + "jdk21/sapmachine-jammy", + "jdk21/semeru-noble", + "jre21/semeru-noble", + "jdk21/semeru-jammy", + "jre21/semeru-jammy", "jdk17/temurin-noble", "jre17/temurin-noble", "jdk17/temurin-jammy", "jre17/temurin-jammy", + "jdk17/temurin-alpine3.23", + "jre17/temurin-alpine3.23", + "jdk17/temurin-alpine3.22", + "jre17/temurin-alpine3.22", + "jdk17/temurin-alpine3.21", + "jre17/temurin-alpine3.21", + "jdk17/temurin-alpine3.20", + "jre17/temurin-alpine3.20", + "jdk17/temurin-ubi10-minimal", + "jre17/temurin-ubi10-minimal", + "jdk17/temurin-ubi9-minimal", + "jre17/temurin-ubi9-minimal", + "jdk17/corretto-al2023", + "jdk17/corretto-alpine3.23", + "jdk17/corretto-alpine3.22", + "jdk17/corretto-alpine3.21", + "jdk17/corretto-alpine3.20", + "jdk17/sapmachine-noble", + "jdk17/sapmachine-jammy", + "jdk17/semeru-noble", + "jre17/semeru-noble", + "jdk17/semeru-jammy", + "jre17/semeru-jammy", "jdk11/temurin-noble", "jre11/temurin-noble", "jdk11/temurin-jammy", - "jre11/temurin-jammy" + "jre11/temurin-jammy", + "jdk11/temurin-alpine3.23", + "jre11/temurin-alpine3.23", + "jdk11/temurin-alpine3.22", + "jre11/temurin-alpine3.22", + "jdk11/temurin-alpine3.21", + "jre11/temurin-alpine3.21", + "jdk11/temurin-alpine3.20", + "jre11/temurin-alpine3.20", + "jdk11/temurin-ubi10-minimal", + "jre11/temurin-ubi10-minimal", + "jdk11/temurin-ubi9-minimal", + "jre11/temurin-ubi9-minimal", + "jdk11/corretto-al2023", + "jdk11/corretto-alpine3.23", + "jdk11/corretto-alpine3.22", + "jdk11/corretto-alpine3.21", + "jdk11/corretto-alpine3.20", + "jdk11/sapmachine-noble", + "jdk11/sapmachine-jammy", + "jdk11/semeru-noble", + "jre11/semeru-noble", + "jdk11/semeru-jammy", + "jre11/semeru-jammy", + "jdk27/openjdk-trixie", + "jdk27/openjdk-bookworm", + "jdk27/openjdk-slim-trixie", + "jdk27/openjdk-slim-bookworm", + "jdk27/openjdk-oraclelinux9" ], "version": "10.1.52" }, @@ -28,14 +121,84 @@ "jre25/temurin-noble", "jdk25/temurin-jammy", "jre25/temurin-jammy", + "jdk25/temurin-alpine3.23", + "jre25/temurin-alpine3.23", + "jdk25/temurin-alpine3.22", + "jre25/temurin-alpine3.22", + "jdk25/temurin-alpine3.21", + "jre25/temurin-alpine3.21", + "jdk25/temurin-ubi10-minimal", + "jre25/temurin-ubi10-minimal", + "jdk25/corretto-al2023", + "jdk25/corretto-alpine3.23", + "jdk25/corretto-alpine3.22", + "jdk25/corretto-alpine3.21", + "jdk25/corretto-alpine3.20", + "jdk25/sapmachine-noble", + "jdk25/sapmachine-jammy", + "jdk25/semeru-noble", + "jre25/semeru-noble", + "jdk25/semeru-jammy", + "jre25/semeru-jammy", "jdk21/temurin-noble", "jre21/temurin-noble", "jdk21/temurin-jammy", "jre21/temurin-jammy", + "jdk21/temurin-alpine3.23", + "jre21/temurin-alpine3.23", + "jdk21/temurin-alpine3.22", + "jre21/temurin-alpine3.22", + "jdk21/temurin-alpine3.21", + "jre21/temurin-alpine3.21", + "jdk21/temurin-alpine3.20", + "jre21/temurin-alpine3.20", + "jdk21/temurin-ubi10-minimal", + "jre21/temurin-ubi10-minimal", + "jdk21/temurin-ubi9-minimal", + "jre21/temurin-ubi9-minimal", + "jdk21/corretto-al2023", + "jdk21/corretto-alpine3.23", + "jdk21/corretto-alpine3.22", + "jdk21/corretto-alpine3.21", + "jdk21/corretto-alpine3.20", + "jdk21/sapmachine-noble", + "jdk21/sapmachine-jammy", + "jdk21/semeru-noble", + "jre21/semeru-noble", + "jdk21/semeru-jammy", + "jre21/semeru-jammy", "jdk17/temurin-noble", "jre17/temurin-noble", "jdk17/temurin-jammy", - "jre17/temurin-jammy" + "jre17/temurin-jammy", + "jdk17/temurin-alpine3.23", + "jre17/temurin-alpine3.23", + "jdk17/temurin-alpine3.22", + "jre17/temurin-alpine3.22", + "jdk17/temurin-alpine3.21", + "jre17/temurin-alpine3.21", + "jdk17/temurin-alpine3.20", + "jre17/temurin-alpine3.20", + "jdk17/temurin-ubi10-minimal", + "jre17/temurin-ubi10-minimal", + "jdk17/temurin-ubi9-minimal", + "jre17/temurin-ubi9-minimal", + "jdk17/corretto-al2023", + "jdk17/corretto-alpine3.23", + "jdk17/corretto-alpine3.22", + "jdk17/corretto-alpine3.21", + "jdk17/corretto-alpine3.20", + "jdk17/sapmachine-noble", + "jdk17/sapmachine-jammy", + "jdk17/semeru-noble", + "jre17/semeru-noble", + "jdk17/semeru-jammy", + "jre17/semeru-jammy", + "jdk27/openjdk-trixie", + "jdk27/openjdk-bookworm", + "jdk27/openjdk-slim-trixie", + "jdk27/openjdk-slim-bookworm", + "jdk27/openjdk-oraclelinux9" ], "version": "11.0.18" }, @@ -46,26 +209,146 @@ "jre25/temurin-noble", "jdk25/temurin-jammy", "jre25/temurin-jammy", + "jdk25/temurin-alpine3.23", + "jre25/temurin-alpine3.23", + "jdk25/temurin-alpine3.22", + "jre25/temurin-alpine3.22", + "jdk25/temurin-alpine3.21", + "jre25/temurin-alpine3.21", + "jdk25/temurin-ubi10-minimal", + "jre25/temurin-ubi10-minimal", + "jdk25/corretto-al2023", + "jdk25/corretto-alpine3.23", + "jdk25/corretto-alpine3.22", + "jdk25/corretto-alpine3.21", + "jdk25/corretto-alpine3.20", + "jdk25/sapmachine-noble", + "jdk25/sapmachine-jammy", + "jdk25/semeru-noble", + "jre25/semeru-noble", + "jdk25/semeru-jammy", + "jre25/semeru-jammy", "jdk21/temurin-noble", "jre21/temurin-noble", "jdk21/temurin-jammy", "jre21/temurin-jammy", + "jdk21/temurin-alpine3.23", + "jre21/temurin-alpine3.23", + "jdk21/temurin-alpine3.22", + "jre21/temurin-alpine3.22", + "jdk21/temurin-alpine3.21", + "jre21/temurin-alpine3.21", + "jdk21/temurin-alpine3.20", + "jre21/temurin-alpine3.20", + "jdk21/temurin-ubi10-minimal", + "jre21/temurin-ubi10-minimal", + "jdk21/temurin-ubi9-minimal", + "jre21/temurin-ubi9-minimal", + "jdk21/corretto-al2023", "jdk21/corretto-al2", + "jdk21/corretto-alpine3.23", + "jdk21/corretto-alpine3.22", + "jdk21/corretto-alpine3.21", + "jdk21/corretto-alpine3.20", + "jdk21/sapmachine-noble", + "jdk21/sapmachine-jammy", + "jdk21/semeru-noble", + "jre21/semeru-noble", + "jdk21/semeru-jammy", + "jre21/semeru-jammy", "jdk17/temurin-noble", "jre17/temurin-noble", "jdk17/temurin-jammy", "jre17/temurin-jammy", + "jdk17/temurin-alpine3.23", + "jre17/temurin-alpine3.23", + "jdk17/temurin-alpine3.22", + "jre17/temurin-alpine3.22", + "jdk17/temurin-alpine3.21", + "jre17/temurin-alpine3.21", + "jdk17/temurin-alpine3.20", + "jre17/temurin-alpine3.20", + "jdk17/temurin-ubi10-minimal", + "jre17/temurin-ubi10-minimal", + "jdk17/temurin-ubi9-minimal", + "jre17/temurin-ubi9-minimal", + "jdk17/corretto-al2023", "jdk17/corretto-al2", + "jdk17/corretto-alpine3.23", + "jdk17/corretto-alpine3.22", + "jdk17/corretto-alpine3.21", + "jdk17/corretto-alpine3.20", + "jdk17/sapmachine-noble", + "jdk17/sapmachine-jammy", + "jdk17/semeru-noble", + "jre17/semeru-noble", + "jdk17/semeru-jammy", + "jre17/semeru-jammy", "jdk11/temurin-noble", "jre11/temurin-noble", "jdk11/temurin-jammy", "jre11/temurin-jammy", + "jdk11/temurin-alpine3.23", + "jre11/temurin-alpine3.23", + "jdk11/temurin-alpine3.22", + "jre11/temurin-alpine3.22", + "jdk11/temurin-alpine3.21", + "jre11/temurin-alpine3.21", + "jdk11/temurin-alpine3.20", + "jre11/temurin-alpine3.20", + "jdk11/temurin-ubi10-minimal", + "jre11/temurin-ubi10-minimal", + "jdk11/temurin-ubi9-minimal", + "jre11/temurin-ubi9-minimal", + "jdk11/corretto-al2023", "jdk11/corretto-al2", + "jdk11/corretto-alpine3.23", + "jdk11/corretto-alpine3.22", + "jdk11/corretto-alpine3.21", + "jdk11/corretto-alpine3.20", + "jdk11/sapmachine-noble", + "jdk11/sapmachine-jammy", + "jdk11/semeru-noble", + "jre11/semeru-noble", + "jdk11/semeru-jammy", + "jre11/semeru-jammy", "jdk8/temurin-noble", "jre8/temurin-noble", "jdk8/temurin-jammy", "jre8/temurin-jammy", - "jdk8/corretto-al2" + "jdk8/temurin-alpine3.23", + "jre8/temurin-alpine3.23", + "jdk8/temurin-alpine3.22", + "jre8/temurin-alpine3.22", + "jdk8/temurin-alpine3.21", + "jre8/temurin-alpine3.21", + "jdk8/temurin-alpine3.20", + "jre8/temurin-alpine3.20", + "jdk8/temurin-ubi10-minimal", + "jre8/temurin-ubi10-minimal", + "jdk8/temurin-ubi9-minimal", + "jre8/temurin-ubi9-minimal", + "jdk8/corretto-al2023", + "jre8/corretto-al2023", + "jdk8/corretto-al2", + "jdk8/corretto-alpine3.23", + "jre8/corretto-alpine3.23", + "jdk8/corretto-alpine3.22", + "jre8/corretto-alpine3.22", + "jdk8/corretto-alpine3.21", + "jre8/corretto-alpine3.21", + "jdk8/corretto-alpine3.20", + "jre8/corretto-alpine3.20", + "jdk8/semeru-noble", + "jre8/semeru-noble", + "jdk8/semeru-jammy", + "jre8/semeru-jammy", + "jdk27/openjdk-trixie", + "jdk27/openjdk-bookworm", + "jdk27/openjdk-slim-trixie", + "jdk27/openjdk-slim-bookworm", + "jdk27/openjdk-oraclelinux9", + "jdk27/openjdk-oraclelinux8" ], "version": "9.0.115" } diff --git a/versions.sh b/versions.sh index 5cf3c8739..1e71f4e88 100755 --- a/versions.sh +++ b/versions.sh @@ -26,12 +26,24 @@ _bashbrew_list() { } allVariants='[]' -for javaVersion in 25 21 17 11 8; do +# LTS versions in descending order followed by all other versions (also in descending order) +for javaVersion in \ + 25 \ + 21 \ + 17 \ + 11 \ + 8 \ + 27 \ + 26 \ + 24 \ +; do # Eclipse Temurin, followed by OpenJDK, and then all other variants alphabetically for vendorVariant in \ - temurin-{noble,jammy} \ - openjdk{,-slim}-{trixie,bookworm} \ - corretto-al2 \ + temurin-{resolute,noble,jammy,alpine{3.23,3.22,3.21,3.20},ubi{10,9}-minimal} \ + openjdk-{{,slim-}{trixie,bookworm},alpine{3.23,3.22,3.21},oraclelinux{10,9,8}} \ + corretto-{al2023,al2,alpine{3.23,3.22,3.21,3.20,3.19}} \ + sapmachine-{resolute,noble,jammy} \ + semeru-{resolute,noble,jammy} \ ; do for javaVariant in {jdk,jre}"$javaVersion"; do export variant="$javaVariant/$vendorVariant"