diff --git a/10.1/jdk11/corretto-al2023/Dockerfile b/10.1/jdk11/corretto-al2023/Dockerfile new file mode 100644 index 00000000..808e3234 --- /dev/null +++ b/10.1/jdk11/corretto-al2023/Dockerfile @@ -0,0 +1,160 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/corretto-alpine3.20/Dockerfile b/10.1/jdk11/corretto-alpine3.20/Dockerfile new file mode 100644 index 00000000..2f5c1629 --- /dev/null +++ b/10.1/jdk11/corretto-alpine3.20/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/corretto-alpine3.21/Dockerfile b/10.1/jdk11/corretto-alpine3.21/Dockerfile new file mode 100644 index 00000000..156a0220 --- /dev/null +++ b/10.1/jdk11/corretto-alpine3.21/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/corretto-alpine3.22/Dockerfile b/10.1/jdk11/corretto-alpine3.22/Dockerfile new file mode 100644 index 00000000..5fed2777 --- /dev/null +++ b/10.1/jdk11/corretto-alpine3.22/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/sapmachine-jammy/Dockerfile b/10.1/jdk11/sapmachine-jammy/Dockerfile new file mode 100644 index 00000000..4fcdd935 --- /dev/null +++ b/10.1/jdk11/sapmachine-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:11-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/sapmachine-noble/Dockerfile b/10.1/jdk11/sapmachine-noble/Dockerfile new file mode 100644 index 00000000..7e306eda --- /dev/null +++ b/10.1/jdk11/sapmachine-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:11-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/semeru-jammy/Dockerfile b/10.1/jdk11/semeru-jammy/Dockerfile new file mode 100644 index 00000000..e6abc8df --- /dev/null +++ b/10.1/jdk11/semeru-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-11-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/semeru-noble/Dockerfile b/10.1/jdk11/semeru-noble/Dockerfile new file mode 100644 index 00000000..9be37f1f --- /dev/null +++ b/10.1/jdk11/semeru-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-11-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/temurin-alpine3.20/Dockerfile b/10.1/jdk11/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..220f8e81 --- /dev/null +++ b/10.1/jdk11/temurin-alpine3.20/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/temurin-alpine3.21/Dockerfile b/10.1/jdk11/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..ddfef7eb --- /dev/null +++ b/10.1/jdk11/temurin-alpine3.21/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/temurin-alpine3.22/Dockerfile b/10.1/jdk11/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..e240dad3 --- /dev/null +++ b/10.1/jdk11/temurin-alpine3.22/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/temurin-jammy/Dockerfile b/10.1/jdk11/temurin-jammy/Dockerfile index 4c87fa1e..18cf3a60 100644 --- a/10.1/jdk11/temurin-jammy/Dockerfile +++ b/10.1/jdk11/temurin-jammy/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/10.1/jdk11/temurin-noble/Dockerfile b/10.1/jdk11/temurin-noble/Dockerfile index a40ce3b0..6dbac464 100644 --- a/10.1/jdk11/temurin-noble/Dockerfile +++ b/10.1/jdk11/temurin-noble/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/10.1/jdk11/temurin-ubi10-minimal/Dockerfile b/10.1/jdk11/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..04352834 --- /dev/null +++ b/10.1/jdk11/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk11/temurin-ubi9-minimal/Dockerfile b/10.1/jdk11/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..45419ce6 --- /dev/null +++ b/10.1/jdk11/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/corretto-al2023/Dockerfile b/10.1/jdk17/corretto-al2023/Dockerfile new file mode 100644 index 00000000..78267ae8 --- /dev/null +++ b/10.1/jdk17/corretto-al2023/Dockerfile @@ -0,0 +1,160 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/corretto-alpine3.20/Dockerfile b/10.1/jdk17/corretto-alpine3.20/Dockerfile new file mode 100644 index 00000000..fbbaf0b8 --- /dev/null +++ b/10.1/jdk17/corretto-alpine3.20/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/corretto-alpine3.21/Dockerfile b/10.1/jdk17/corretto-alpine3.21/Dockerfile new file mode 100644 index 00000000..8f2a30cd --- /dev/null +++ b/10.1/jdk17/corretto-alpine3.21/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/corretto-alpine3.22/Dockerfile b/10.1/jdk17/corretto-alpine3.22/Dockerfile new file mode 100644 index 00000000..b4f3d1c9 --- /dev/null +++ b/10.1/jdk17/corretto-alpine3.22/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/sapmachine-jammy/Dockerfile b/10.1/jdk17/sapmachine-jammy/Dockerfile new file mode 100644 index 00000000..219714e2 --- /dev/null +++ b/10.1/jdk17/sapmachine-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:17-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/sapmachine-noble/Dockerfile b/10.1/jdk17/sapmachine-noble/Dockerfile new file mode 100644 index 00000000..323fd3ed --- /dev/null +++ b/10.1/jdk17/sapmachine-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:17-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/semeru-jammy/Dockerfile b/10.1/jdk17/semeru-jammy/Dockerfile new file mode 100644 index 00000000..c0aa94cb --- /dev/null +++ b/10.1/jdk17/semeru-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/semeru-noble/Dockerfile b/10.1/jdk17/semeru-noble/Dockerfile new file mode 100644 index 00000000..e9b86eb5 --- /dev/null +++ b/10.1/jdk17/semeru-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/temurin-alpine3.20/Dockerfile b/10.1/jdk17/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..13690fe6 --- /dev/null +++ b/10.1/jdk17/temurin-alpine3.20/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/temurin-alpine3.21/Dockerfile b/10.1/jdk17/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..5380ef1e --- /dev/null +++ b/10.1/jdk17/temurin-alpine3.21/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/temurin-alpine3.22/Dockerfile b/10.1/jdk17/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..e00869de --- /dev/null +++ b/10.1/jdk17/temurin-alpine3.22/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/temurin-jammy/Dockerfile b/10.1/jdk17/temurin-jammy/Dockerfile index 738de259..4613b46c 100644 --- a/10.1/jdk17/temurin-jammy/Dockerfile +++ b/10.1/jdk17/temurin-jammy/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/10.1/jdk17/temurin-noble/Dockerfile b/10.1/jdk17/temurin-noble/Dockerfile index cb974e78..e49c40de 100644 --- a/10.1/jdk17/temurin-noble/Dockerfile +++ b/10.1/jdk17/temurin-noble/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/10.1/jdk17/temurin-ubi10-minimal/Dockerfile b/10.1/jdk17/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..95627cd5 --- /dev/null +++ b/10.1/jdk17/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk17/temurin-ubi9-minimal/Dockerfile b/10.1/jdk17/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..a9a33ba6 --- /dev/null +++ b/10.1/jdk17/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/corretto-al2023/Dockerfile b/10.1/jdk21/corretto-al2023/Dockerfile new file mode 100644 index 00000000..e764ffd4 --- /dev/null +++ b/10.1/jdk21/corretto-al2023/Dockerfile @@ -0,0 +1,160 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/corretto-alpine3.20/Dockerfile b/10.1/jdk21/corretto-alpine3.20/Dockerfile new file mode 100644 index 00000000..3a05698f --- /dev/null +++ b/10.1/jdk21/corretto-alpine3.20/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/corretto-alpine3.21/Dockerfile b/10.1/jdk21/corretto-alpine3.21/Dockerfile new file mode 100644 index 00000000..83fd5eeb --- /dev/null +++ b/10.1/jdk21/corretto-alpine3.21/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/corretto-alpine3.22/Dockerfile b/10.1/jdk21/corretto-alpine3.22/Dockerfile new file mode 100644 index 00000000..60a4356d --- /dev/null +++ b/10.1/jdk21/corretto-alpine3.22/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/sapmachine-jammy/Dockerfile b/10.1/jdk21/sapmachine-jammy/Dockerfile new file mode 100644 index 00000000..c0d3aa3e --- /dev/null +++ b/10.1/jdk21/sapmachine-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:21-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/sapmachine-noble/Dockerfile b/10.1/jdk21/sapmachine-noble/Dockerfile new file mode 100644 index 00000000..c06b18bf --- /dev/null +++ b/10.1/jdk21/sapmachine-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:21-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/semeru-jammy/Dockerfile b/10.1/jdk21/semeru-jammy/Dockerfile new file mode 100644 index 00000000..6c9d3f42 --- /dev/null +++ b/10.1/jdk21/semeru-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/semeru-noble/Dockerfile b/10.1/jdk21/semeru-noble/Dockerfile new file mode 100644 index 00000000..1aaff15b --- /dev/null +++ b/10.1/jdk21/semeru-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/temurin-alpine3.20/Dockerfile b/10.1/jdk21/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..dae4c3b8 --- /dev/null +++ b/10.1/jdk21/temurin-alpine3.20/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/temurin-alpine3.21/Dockerfile b/10.1/jdk21/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..afb7ad0a --- /dev/null +++ b/10.1/jdk21/temurin-alpine3.21/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/temurin-alpine3.22/Dockerfile b/10.1/jdk21/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..b0b93415 --- /dev/null +++ b/10.1/jdk21/temurin-alpine3.22/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/temurin-jammy/Dockerfile b/10.1/jdk21/temurin-jammy/Dockerfile index 55013b3d..ab07c97a 100644 --- a/10.1/jdk21/temurin-jammy/Dockerfile +++ b/10.1/jdk21/temurin-jammy/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/10.1/jdk21/temurin-noble/Dockerfile b/10.1/jdk21/temurin-noble/Dockerfile index 6f0b212e..879fe3e9 100644 --- a/10.1/jdk21/temurin-noble/Dockerfile +++ b/10.1/jdk21/temurin-noble/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/10.1/jdk21/temurin-ubi10-minimal/Dockerfile b/10.1/jdk21/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..a61f6f5f --- /dev/null +++ b/10.1/jdk21/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk21/temurin-ubi9-minimal/Dockerfile b/10.1/jdk21/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..27e83cd8 --- /dev/null +++ b/10.1/jdk21/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/corretto-al2023/Dockerfile b/10.1/jdk25/corretto-al2023/Dockerfile new file mode 100644 index 00000000..e284cc0d --- /dev/null +++ b/10.1/jdk25/corretto-al2023/Dockerfile @@ -0,0 +1,160 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/corretto-alpine3.20/Dockerfile b/10.1/jdk25/corretto-alpine3.20/Dockerfile new file mode 100644 index 00000000..0cf8f114 --- /dev/null +++ b/10.1/jdk25/corretto-alpine3.20/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/corretto-alpine3.21/Dockerfile b/10.1/jdk25/corretto-alpine3.21/Dockerfile new file mode 100644 index 00000000..ef1912ec --- /dev/null +++ b/10.1/jdk25/corretto-alpine3.21/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/corretto-alpine3.22/Dockerfile b/10.1/jdk25/corretto-alpine3.22/Dockerfile new file mode 100644 index 00000000..701714f7 --- /dev/null +++ b/10.1/jdk25/corretto-alpine3.22/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/sapmachine-jammy/Dockerfile b/10.1/jdk25/sapmachine-jammy/Dockerfile new file mode 100644 index 00000000..fc1bbc94 --- /dev/null +++ b/10.1/jdk25/sapmachine-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:25-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/sapmachine-noble/Dockerfile b/10.1/jdk25/sapmachine-noble/Dockerfile new file mode 100644 index 00000000..31ac6f57 --- /dev/null +++ b/10.1/jdk25/sapmachine-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:25-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/semeru-jammy/Dockerfile b/10.1/jdk25/semeru-jammy/Dockerfile new file mode 100644 index 00000000..9db7b5b8 --- /dev/null +++ b/10.1/jdk25/semeru-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/semeru-noble/Dockerfile b/10.1/jdk25/semeru-noble/Dockerfile new file mode 100644 index 00000000..36afadd4 --- /dev/null +++ b/10.1/jdk25/semeru-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/temurin-alpine3.21/Dockerfile b/10.1/jdk25/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..f601207c --- /dev/null +++ b/10.1/jdk25/temurin-alpine3.21/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/temurin-alpine3.22/Dockerfile b/10.1/jdk25/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..ccb217df --- /dev/null +++ b/10.1/jdk25/temurin-alpine3.22/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk25/temurin-jammy/Dockerfile b/10.1/jdk25/temurin-jammy/Dockerfile index b9f5d794..c56a28e5 100644 --- a/10.1/jdk25/temurin-jammy/Dockerfile +++ b/10.1/jdk25/temurin-jammy/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/10.1/jdk25/temurin-noble/Dockerfile b/10.1/jdk25/temurin-noble/Dockerfile index a64ce7bf..dc27f60c 100644 --- a/10.1/jdk25/temurin-noble/Dockerfile +++ b/10.1/jdk25/temurin-noble/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/10.1/jdk25/temurin-ubi10-minimal/Dockerfile b/10.1/jdk25/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..5dca2765 --- /dev/null +++ b/10.1/jdk25/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk26/openjdk-bookworm/Dockerfile b/10.1/jdk26/openjdk-bookworm/Dockerfile new file mode 100644 index 00000000..1d8e3817 --- /dev/null +++ b/10.1/jdk26/openjdk-bookworm/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:26-ea-jdk-bookworm + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk26/openjdk-oraclelinux9/Dockerfile b/10.1/jdk26/openjdk-oraclelinux9/Dockerfile new file mode 100644 index 00000000..6c112c2d --- /dev/null +++ b/10.1/jdk26/openjdk-oraclelinux9/Dockerfile @@ -0,0 +1,163 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:26-ea-jdk-oraclelinux9 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk26/openjdk-slim-bookworm/Dockerfile b/10.1/jdk26/openjdk-slim-bookworm/Dockerfile new file mode 100644 index 00000000..3431cf0c --- /dev/null +++ b/10.1/jdk26/openjdk-slim-bookworm/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:26-ea-jdk-slim-bookworm + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk26/openjdk-slim-trixie/Dockerfile b/10.1/jdk26/openjdk-slim-trixie/Dockerfile new file mode 100644 index 00000000..959ee969 --- /dev/null +++ b/10.1/jdk26/openjdk-slim-trixie/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:26-ea-jdk-slim-trixie + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jdk26/openjdk-trixie/Dockerfile b/10.1/jdk26/openjdk-trixie/Dockerfile new file mode 100644 index 00000000..973f48f0 --- /dev/null +++ b/10.1/jdk26/openjdk-trixie/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:26-ea-jdk-trixie + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-10/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-10/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '5C3C5F3E314C866292F359A8F3AD5C94A67F707E' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre11/semeru-jammy/Dockerfile b/10.1/jre11/semeru-jammy/Dockerfile new file mode 100644 index 00000000..746577f5 --- /dev/null +++ b/10.1/jre11/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-11-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk11-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre11/semeru-noble/Dockerfile b/10.1/jre11/semeru-noble/Dockerfile new file mode 100644 index 00000000..11239e91 --- /dev/null +++ b/10.1/jre11/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-11-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk11-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre11/temurin-alpine3.20/Dockerfile b/10.1/jre11/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..9f198c9f --- /dev/null +++ b/10.1/jre11/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk11-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre11/temurin-alpine3.21/Dockerfile b/10.1/jre11/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..1427464b --- /dev/null +++ b/10.1/jre11/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk11-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre11/temurin-alpine3.22/Dockerfile b/10.1/jre11/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..0eaad56d --- /dev/null +++ b/10.1/jre11/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk11-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre11/temurin-ubi10-minimal/Dockerfile b/10.1/jre11/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..9ecc456d --- /dev/null +++ b/10.1/jre11/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk11-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre11/temurin-ubi9-minimal/Dockerfile b/10.1/jre11/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..92f0d153 --- /dev/null +++ b/10.1/jre11/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk11-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre17/semeru-jammy/Dockerfile b/10.1/jre17/semeru-jammy/Dockerfile new file mode 100644 index 00000000..d013971f --- /dev/null +++ b/10.1/jre17/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk17-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre17/semeru-noble/Dockerfile b/10.1/jre17/semeru-noble/Dockerfile new file mode 100644 index 00000000..9e9d1fe3 --- /dev/null +++ b/10.1/jre17/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk17-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre17/temurin-alpine3.20/Dockerfile b/10.1/jre17/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..541fdb84 --- /dev/null +++ b/10.1/jre17/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk17-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre17/temurin-alpine3.21/Dockerfile b/10.1/jre17/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..515b8256 --- /dev/null +++ b/10.1/jre17/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk17-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre17/temurin-alpine3.22/Dockerfile b/10.1/jre17/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..855c4fb4 --- /dev/null +++ b/10.1/jre17/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk17-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre17/temurin-ubi10-minimal/Dockerfile b/10.1/jre17/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..28a30c40 --- /dev/null +++ b/10.1/jre17/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk17-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre17/temurin-ubi9-minimal/Dockerfile b/10.1/jre17/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..97b2e9b3 --- /dev/null +++ b/10.1/jre17/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk17-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre21/semeru-jammy/Dockerfile b/10.1/jre21/semeru-jammy/Dockerfile new file mode 100644 index 00000000..25eb98eb --- /dev/null +++ b/10.1/jre21/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk21-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre21/semeru-noble/Dockerfile b/10.1/jre21/semeru-noble/Dockerfile new file mode 100644 index 00000000..3e7aecf5 --- /dev/null +++ b/10.1/jre21/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk21-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre21/temurin-alpine3.20/Dockerfile b/10.1/jre21/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..ea458b99 --- /dev/null +++ b/10.1/jre21/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk21-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre21/temurin-alpine3.21/Dockerfile b/10.1/jre21/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..d5d07779 --- /dev/null +++ b/10.1/jre21/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk21-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre21/temurin-alpine3.22/Dockerfile b/10.1/jre21/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..f8627073 --- /dev/null +++ b/10.1/jre21/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk21-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre21/temurin-ubi10-minimal/Dockerfile b/10.1/jre21/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..5cdd5bcd --- /dev/null +++ b/10.1/jre21/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk21-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre21/temurin-ubi9-minimal/Dockerfile b/10.1/jre21/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..8b3e41e2 --- /dev/null +++ b/10.1/jre21/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk21-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre25/semeru-jammy/Dockerfile b/10.1/jre25/semeru-jammy/Dockerfile new file mode 100644 index 00000000..fbb8f7b7 --- /dev/null +++ b/10.1/jre25/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk25-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre25/semeru-noble/Dockerfile b/10.1/jre25/semeru-noble/Dockerfile new file mode 100644 index 00000000..947f5643 --- /dev/null +++ b/10.1/jre25/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk25-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/10.1/jre25/temurin-alpine3.21/Dockerfile b/10.1/jre25/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..b29920af --- /dev/null +++ b/10.1/jre25/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk25-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre25/temurin-alpine3.22/Dockerfile b/10.1/jre25/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..ac5f6a6f --- /dev/null +++ b/10.1/jre25/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk25-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/10.1/jre25/temurin-ubi10-minimal/Dockerfile b/10.1/jre25/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..665ffd8f --- /dev/null +++ b/10.1/jre25/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 10 +ENV TOMCAT_VERSION 10.1.49 +ENV TOMCAT_SHA512 a46c8e37d4767b56a16dbdd8e81b80f25ad2edd5fba68b5099b9165cfffbe32bc923a601db8bb5cba50e8b1047a7906eb8c30ca176e1c0b8dfd85fbb9c54c6c2 + +COPY --from=tomcat:10.1.49-jdk25-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/corretto-al2023/Dockerfile b/11.0/jdk17/corretto-al2023/Dockerfile new file mode 100644 index 00000000..fa1f3268 --- /dev/null +++ b/11.0/jdk17/corretto-al2023/Dockerfile @@ -0,0 +1,160 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/corretto-alpine3.20/Dockerfile b/11.0/jdk17/corretto-alpine3.20/Dockerfile new file mode 100644 index 00000000..486f773b --- /dev/null +++ b/11.0/jdk17/corretto-alpine3.20/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/corretto-alpine3.21/Dockerfile b/11.0/jdk17/corretto-alpine3.21/Dockerfile new file mode 100644 index 00000000..28d64d45 --- /dev/null +++ b/11.0/jdk17/corretto-alpine3.21/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/corretto-alpine3.22/Dockerfile b/11.0/jdk17/corretto-alpine3.22/Dockerfile new file mode 100644 index 00000000..b85e3606 --- /dev/null +++ b/11.0/jdk17/corretto-alpine3.22/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/sapmachine-jammy/Dockerfile b/11.0/jdk17/sapmachine-jammy/Dockerfile new file mode 100644 index 00000000..79b5250e --- /dev/null +++ b/11.0/jdk17/sapmachine-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:17-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/sapmachine-noble/Dockerfile b/11.0/jdk17/sapmachine-noble/Dockerfile new file mode 100644 index 00000000..09aea232 --- /dev/null +++ b/11.0/jdk17/sapmachine-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:17-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/semeru-jammy/Dockerfile b/11.0/jdk17/semeru-jammy/Dockerfile new file mode 100644 index 00000000..7c367ac2 --- /dev/null +++ b/11.0/jdk17/semeru-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/semeru-noble/Dockerfile b/11.0/jdk17/semeru-noble/Dockerfile new file mode 100644 index 00000000..2eba5365 --- /dev/null +++ b/11.0/jdk17/semeru-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/temurin-alpine3.20/Dockerfile b/11.0/jdk17/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..8eb40bf2 --- /dev/null +++ b/11.0/jdk17/temurin-alpine3.20/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/temurin-alpine3.21/Dockerfile b/11.0/jdk17/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..53630c4f --- /dev/null +++ b/11.0/jdk17/temurin-alpine3.21/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/temurin-alpine3.22/Dockerfile b/11.0/jdk17/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..67aae277 --- /dev/null +++ b/11.0/jdk17/temurin-alpine3.22/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/temurin-jammy/Dockerfile b/11.0/jdk17/temurin-jammy/Dockerfile index 6ff7ade1..a8b4d760 100644 --- a/11.0/jdk17/temurin-jammy/Dockerfile +++ b/11.0/jdk17/temurin-jammy/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/11.0/jdk17/temurin-noble/Dockerfile b/11.0/jdk17/temurin-noble/Dockerfile index bf7fca24..5040e2c3 100644 --- a/11.0/jdk17/temurin-noble/Dockerfile +++ b/11.0/jdk17/temurin-noble/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/11.0/jdk17/temurin-ubi10-minimal/Dockerfile b/11.0/jdk17/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..0995dcf6 --- /dev/null +++ b/11.0/jdk17/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk17/temurin-ubi9-minimal/Dockerfile b/11.0/jdk17/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..23520d1d --- /dev/null +++ b/11.0/jdk17/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/corretto-al2023/Dockerfile b/11.0/jdk21/corretto-al2023/Dockerfile new file mode 100644 index 00000000..ec2c68a9 --- /dev/null +++ b/11.0/jdk21/corretto-al2023/Dockerfile @@ -0,0 +1,160 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/corretto-alpine3.20/Dockerfile b/11.0/jdk21/corretto-alpine3.20/Dockerfile new file mode 100644 index 00000000..1561b9b8 --- /dev/null +++ b/11.0/jdk21/corretto-alpine3.20/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/corretto-alpine3.21/Dockerfile b/11.0/jdk21/corretto-alpine3.21/Dockerfile new file mode 100644 index 00000000..4ee85936 --- /dev/null +++ b/11.0/jdk21/corretto-alpine3.21/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/corretto-alpine3.22/Dockerfile b/11.0/jdk21/corretto-alpine3.22/Dockerfile new file mode 100644 index 00000000..f63f4aed --- /dev/null +++ b/11.0/jdk21/corretto-alpine3.22/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/sapmachine-jammy/Dockerfile b/11.0/jdk21/sapmachine-jammy/Dockerfile new file mode 100644 index 00000000..95775ea6 --- /dev/null +++ b/11.0/jdk21/sapmachine-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:21-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/sapmachine-noble/Dockerfile b/11.0/jdk21/sapmachine-noble/Dockerfile new file mode 100644 index 00000000..eb4d1925 --- /dev/null +++ b/11.0/jdk21/sapmachine-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:21-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/semeru-jammy/Dockerfile b/11.0/jdk21/semeru-jammy/Dockerfile new file mode 100644 index 00000000..5b91c0b3 --- /dev/null +++ b/11.0/jdk21/semeru-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/semeru-noble/Dockerfile b/11.0/jdk21/semeru-noble/Dockerfile new file mode 100644 index 00000000..8709afb3 --- /dev/null +++ b/11.0/jdk21/semeru-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/temurin-alpine3.20/Dockerfile b/11.0/jdk21/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..a629fd30 --- /dev/null +++ b/11.0/jdk21/temurin-alpine3.20/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/temurin-alpine3.21/Dockerfile b/11.0/jdk21/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..a10c5792 --- /dev/null +++ b/11.0/jdk21/temurin-alpine3.21/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/temurin-alpine3.22/Dockerfile b/11.0/jdk21/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..41a18593 --- /dev/null +++ b/11.0/jdk21/temurin-alpine3.22/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/temurin-jammy/Dockerfile b/11.0/jdk21/temurin-jammy/Dockerfile index 87d0edc0..ef92206f 100644 --- a/11.0/jdk21/temurin-jammy/Dockerfile +++ b/11.0/jdk21/temurin-jammy/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/11.0/jdk21/temurin-noble/Dockerfile b/11.0/jdk21/temurin-noble/Dockerfile index 16c3471b..0c0d2a97 100644 --- a/11.0/jdk21/temurin-noble/Dockerfile +++ b/11.0/jdk21/temurin-noble/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/11.0/jdk21/temurin-ubi10-minimal/Dockerfile b/11.0/jdk21/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..c81d2c88 --- /dev/null +++ b/11.0/jdk21/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk21/temurin-ubi9-minimal/Dockerfile b/11.0/jdk21/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..44e4cf15 --- /dev/null +++ b/11.0/jdk21/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/corretto-al2023/Dockerfile b/11.0/jdk25/corretto-al2023/Dockerfile new file mode 100644 index 00000000..8a3311b9 --- /dev/null +++ b/11.0/jdk25/corretto-al2023/Dockerfile @@ -0,0 +1,160 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/corretto-alpine3.20/Dockerfile b/11.0/jdk25/corretto-alpine3.20/Dockerfile new file mode 100644 index 00000000..b8e488ff --- /dev/null +++ b/11.0/jdk25/corretto-alpine3.20/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/corretto-alpine3.21/Dockerfile b/11.0/jdk25/corretto-alpine3.21/Dockerfile new file mode 100644 index 00000000..2082c67a --- /dev/null +++ b/11.0/jdk25/corretto-alpine3.21/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/corretto-alpine3.22/Dockerfile b/11.0/jdk25/corretto-alpine3.22/Dockerfile new file mode 100644 index 00000000..2e6e5c80 --- /dev/null +++ b/11.0/jdk25/corretto-alpine3.22/Dockerfile @@ -0,0 +1,140 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/sapmachine-jammy/Dockerfile b/11.0/jdk25/sapmachine-jammy/Dockerfile new file mode 100644 index 00000000..95367c42 --- /dev/null +++ b/11.0/jdk25/sapmachine-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:25-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/sapmachine-noble/Dockerfile b/11.0/jdk25/sapmachine-noble/Dockerfile new file mode 100644 index 00000000..4c7b3fe2 --- /dev/null +++ b/11.0/jdk25/sapmachine-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:25-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/semeru-jammy/Dockerfile b/11.0/jdk25/semeru-jammy/Dockerfile new file mode 100644 index 00000000..587b0690 --- /dev/null +++ b/11.0/jdk25/semeru-jammy/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/semeru-noble/Dockerfile b/11.0/jdk25/semeru-noble/Dockerfile new file mode 100644 index 00000000..05fb7a96 --- /dev/null +++ b/11.0/jdk25/semeru-noble/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/temurin-alpine3.21/Dockerfile b/11.0/jdk25/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..be9f61aa --- /dev/null +++ b/11.0/jdk25/temurin-alpine3.21/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/temurin-alpine3.22/Dockerfile b/11.0/jdk25/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..2210501f --- /dev/null +++ b/11.0/jdk25/temurin-alpine3.22/Dockerfile @@ -0,0 +1,144 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl3-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk25/temurin-jammy/Dockerfile b/11.0/jdk25/temurin-jammy/Dockerfile index dc98fdc0..79446e67 100644 --- a/11.0/jdk25/temurin-jammy/Dockerfile +++ b/11.0/jdk25/temurin-jammy/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/11.0/jdk25/temurin-noble/Dockerfile b/11.0/jdk25/temurin-noble/Dockerfile index 7b3b47c8..20a30fa4 100644 --- a/11.0/jdk25/temurin-noble/Dockerfile +++ b/11.0/jdk25/temurin-noble/Dockerfile @@ -111,6 +111,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -128,15 +137,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/11.0/jdk25/temurin-ubi10-minimal/Dockerfile b/11.0/jdk25/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..3337b501 --- /dev/null +++ b/11.0/jdk25/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk26/openjdk-bookworm/Dockerfile b/11.0/jdk26/openjdk-bookworm/Dockerfile new file mode 100644 index 00000000..9ff7f35a --- /dev/null +++ b/11.0/jdk26/openjdk-bookworm/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:26-ea-jdk-bookworm + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk26/openjdk-oraclelinux9/Dockerfile b/11.0/jdk26/openjdk-oraclelinux9/Dockerfile new file mode 100644 index 00000000..1bf4f7c6 --- /dev/null +++ b/11.0/jdk26/openjdk-oraclelinux9/Dockerfile @@ -0,0 +1,163 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:26-ea-jdk-oraclelinux9 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk26/openjdk-slim-bookworm/Dockerfile b/11.0/jdk26/openjdk-slim-bookworm/Dockerfile new file mode 100644 index 00000000..17a527f7 --- /dev/null +++ b/11.0/jdk26/openjdk-slim-bookworm/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:26-ea-jdk-slim-bookworm + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk26/openjdk-slim-trixie/Dockerfile b/11.0/jdk26/openjdk-slim-trixie/Dockerfile new file mode 100644 index 00000000..f47bf202 --- /dev/null +++ b/11.0/jdk26/openjdk-slim-trixie/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:26-ea-jdk-slim-trixie + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jdk26/openjdk-trixie/Dockerfile b/11.0/jdk26/openjdk-trixie/Dockerfile new file mode 100644 index 00000000..84814f0f --- /dev/null +++ b/11.0/jdk26/openjdk-trixie/Dockerfile @@ -0,0 +1,154 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:26-ea-jdk-trixie + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-11/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-11/KEYS + for key in \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jre17/semeru-jammy/Dockerfile b/11.0/jre17/semeru-jammy/Dockerfile new file mode 100644 index 00000000..5e64b712 --- /dev/null +++ b/11.0/jre17/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk17-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jre17/semeru-noble/Dockerfile b/11.0/jre17/semeru-noble/Dockerfile new file mode 100644 index 00000000..8362704d --- /dev/null +++ b/11.0/jre17/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk17-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jre17/temurin-alpine3.20/Dockerfile b/11.0/jre17/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..bc86925a --- /dev/null +++ b/11.0/jre17/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk17-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre17/temurin-alpine3.21/Dockerfile b/11.0/jre17/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..57e73d84 --- /dev/null +++ b/11.0/jre17/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk17-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre17/temurin-alpine3.22/Dockerfile b/11.0/jre17/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..05f58a8e --- /dev/null +++ b/11.0/jre17/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk17-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre17/temurin-ubi10-minimal/Dockerfile b/11.0/jre17/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..d685cc2a --- /dev/null +++ b/11.0/jre17/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk17-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre17/temurin-ubi9-minimal/Dockerfile b/11.0/jre17/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..c3553788 --- /dev/null +++ b/11.0/jre17/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk17-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre21/semeru-jammy/Dockerfile b/11.0/jre21/semeru-jammy/Dockerfile new file mode 100644 index 00000000..b3bd0bdf --- /dev/null +++ b/11.0/jre21/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk21-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jre21/semeru-noble/Dockerfile b/11.0/jre21/semeru-noble/Dockerfile new file mode 100644 index 00000000..376ba49e --- /dev/null +++ b/11.0/jre21/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk21-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jre21/temurin-alpine3.20/Dockerfile b/11.0/jre21/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..c8762375 --- /dev/null +++ b/11.0/jre21/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk21-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre21/temurin-alpine3.21/Dockerfile b/11.0/jre21/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..0cb62829 --- /dev/null +++ b/11.0/jre21/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk21-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre21/temurin-alpine3.22/Dockerfile b/11.0/jre21/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..e926597f --- /dev/null +++ b/11.0/jre21/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk21-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre21/temurin-ubi10-minimal/Dockerfile b/11.0/jre21/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..a2035183 --- /dev/null +++ b/11.0/jre21/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk21-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre21/temurin-ubi9-minimal/Dockerfile b/11.0/jre21/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..c19ffeca --- /dev/null +++ b/11.0/jre21/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk21-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre25/semeru-jammy/Dockerfile b/11.0/jre25/semeru-jammy/Dockerfile new file mode 100644 index 00000000..f947ce5d --- /dev/null +++ b/11.0/jre25/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk25-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jre25/semeru-noble/Dockerfile b/11.0/jre25/semeru-noble/Dockerfile new file mode 100644 index 00000000..30864bd4 --- /dev/null +++ b/11.0/jre25/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk25-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/11.0/jre25/temurin-alpine3.21/Dockerfile b/11.0/jre25/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..85188986 --- /dev/null +++ b/11.0/jre25/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk25-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre25/temurin-alpine3.22/Dockerfile b/11.0/jre25/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..33b25a54 --- /dev/null +++ b/11.0/jre25/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk25-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/11.0/jre25/temurin-ubi10-minimal/Dockerfile b/11.0/jre25/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..010cf104 --- /dev/null +++ b/11.0/jre25/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 11 +ENV TOMCAT_VERSION 11.0.14 +ENV TOMCAT_SHA512 832a02e6b8979192b428f41f2586181d14134877d7703a13bec9760ac4722b14e604a914239437657d552dc01e3f9422e2f69b8ab94ad3d85dc03dff2eb8df8c + +COPY --from=tomcat:11.0.14-jdk25-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/corretto-al2/Dockerfile b/9.0/jdk11/corretto-al2/Dockerfile index 67c8a2ea..21fb7d97 100644 --- a/9.0/jdk11/corretto-al2/Dockerfile +++ b/9.0/jdk11/corretto-al2/Dockerfile @@ -26,8 +26,8 @@ RUN set -eux; \ yum install -y --setopt=skip_missing_names_on_install=False yum-utils; \ yumdb set reason dep yum-utils; \ fi; \ -# a helper function to "yum install" things, but only if they aren't installed (and to set their "reason" to "dep" so "yum autoremove" can purge them for us) - _yum_install_temporary() { ( set -eu +x; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ local pkg todo=''; \ for pkg; do \ if ! rpm --query "$pkg" > /dev/null 2>&1; then \ @@ -40,7 +40,7 @@ RUN set -eux; \ yumdb set reason dep $todo; \ fi; \ ) }; \ - _yum_install_temporary gzip tar; \ + _install_temporary gzip tar; \ \ ddist() { \ local f="$1"; shift; \ @@ -97,8 +97,9 @@ RUN set -eux; \ \ nativeBuildDir="$(mktemp -d)"; \ tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ - _yum_install_temporary \ + _install_temporary \ apr-devel \ + findutils \ gcc \ make \ openssl11-devel \ @@ -121,6 +122,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # mark any explicit dependencies as manually installed find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ @@ -137,15 +147,6 @@ RUN set -eux; \ yum clean all; \ rm -rf /var/cache/yum; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk11/corretto-al2023/Dockerfile b/9.0/jdk11/corretto-al2023/Dockerfile new file mode 100644 index 00000000..8badce3a --- /dev/null +++ b/9.0/jdk11/corretto-al2023/Dockerfile @@ -0,0 +1,162 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/corretto-alpine3.20/Dockerfile b/9.0/jdk11/corretto-alpine3.20/Dockerfile new file mode 100644 index 00000000..7c934f96 --- /dev/null +++ b/9.0/jdk11/corretto-alpine3.20/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/corretto-alpine3.21/Dockerfile b/9.0/jdk11/corretto-alpine3.21/Dockerfile new file mode 100644 index 00000000..e72d8aad --- /dev/null +++ b/9.0/jdk11/corretto-alpine3.21/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/corretto-alpine3.22/Dockerfile b/9.0/jdk11/corretto-alpine3.22/Dockerfile new file mode 100644 index 00000000..7f5b96b8 --- /dev/null +++ b/9.0/jdk11/corretto-alpine3.22/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:11-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/sapmachine-jammy/Dockerfile b/9.0/jdk11/sapmachine-jammy/Dockerfile new file mode 100644 index 00000000..da2b1cce --- /dev/null +++ b/9.0/jdk11/sapmachine-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:11-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/sapmachine-noble/Dockerfile b/9.0/jdk11/sapmachine-noble/Dockerfile new file mode 100644 index 00000000..167f7950 --- /dev/null +++ b/9.0/jdk11/sapmachine-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:11-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/semeru-jammy/Dockerfile b/9.0/jdk11/semeru-jammy/Dockerfile new file mode 100644 index 00000000..381db854 --- /dev/null +++ b/9.0/jdk11/semeru-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-11-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/semeru-noble/Dockerfile b/9.0/jdk11/semeru-noble/Dockerfile new file mode 100644 index 00000000..ab3cf41a --- /dev/null +++ b/9.0/jdk11/semeru-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-11-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/temurin-alpine3.20/Dockerfile b/9.0/jdk11/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..e3d9402d --- /dev/null +++ b/9.0/jdk11/temurin-alpine3.20/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/temurin-alpine3.21/Dockerfile b/9.0/jdk11/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..3126f01c --- /dev/null +++ b/9.0/jdk11/temurin-alpine3.21/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/temurin-alpine3.22/Dockerfile b/9.0/jdk11/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..ac4c448d --- /dev/null +++ b/9.0/jdk11/temurin-alpine3.22/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/temurin-jammy/Dockerfile b/9.0/jdk11/temurin-jammy/Dockerfile index 76ef2667..3f5340b7 100644 --- a/9.0/jdk11/temurin-jammy/Dockerfile +++ b/9.0/jdk11/temurin-jammy/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk11/temurin-noble/Dockerfile b/9.0/jdk11/temurin-noble/Dockerfile index 8a1a7a5a..d312b37a 100644 --- a/9.0/jdk11/temurin-noble/Dockerfile +++ b/9.0/jdk11/temurin-noble/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk11/temurin-ubi10-minimal/Dockerfile b/9.0/jdk11/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..8248554a --- /dev/null +++ b/9.0/jdk11/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk11/temurin-ubi9-minimal/Dockerfile b/9.0/jdk11/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..472e3d74 --- /dev/null +++ b/9.0/jdk11/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/corretto-al2/Dockerfile b/9.0/jdk17/corretto-al2/Dockerfile index 74d03dcd..7cc1a3c1 100644 --- a/9.0/jdk17/corretto-al2/Dockerfile +++ b/9.0/jdk17/corretto-al2/Dockerfile @@ -26,8 +26,8 @@ RUN set -eux; \ yum install -y --setopt=skip_missing_names_on_install=False yum-utils; \ yumdb set reason dep yum-utils; \ fi; \ -# a helper function to "yum install" things, but only if they aren't installed (and to set their "reason" to "dep" so "yum autoremove" can purge them for us) - _yum_install_temporary() { ( set -eu +x; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ local pkg todo=''; \ for pkg; do \ if ! rpm --query "$pkg" > /dev/null 2>&1; then \ @@ -40,7 +40,7 @@ RUN set -eux; \ yumdb set reason dep $todo; \ fi; \ ) }; \ - _yum_install_temporary gzip tar; \ + _install_temporary gzip tar; \ \ ddist() { \ local f="$1"; shift; \ @@ -97,8 +97,9 @@ RUN set -eux; \ \ nativeBuildDir="$(mktemp -d)"; \ tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ - _yum_install_temporary \ + _install_temporary \ apr-devel \ + findutils \ gcc \ make \ openssl11-devel \ @@ -121,6 +122,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # mark any explicit dependencies as manually installed find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ @@ -137,15 +147,6 @@ RUN set -eux; \ yum clean all; \ rm -rf /var/cache/yum; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk17/corretto-al2023/Dockerfile b/9.0/jdk17/corretto-al2023/Dockerfile new file mode 100644 index 00000000..ff9ae241 --- /dev/null +++ b/9.0/jdk17/corretto-al2023/Dockerfile @@ -0,0 +1,162 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/corretto-alpine3.20/Dockerfile b/9.0/jdk17/corretto-alpine3.20/Dockerfile new file mode 100644 index 00000000..4ffe4d68 --- /dev/null +++ b/9.0/jdk17/corretto-alpine3.20/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/corretto-alpine3.21/Dockerfile b/9.0/jdk17/corretto-alpine3.21/Dockerfile new file mode 100644 index 00000000..08e4f855 --- /dev/null +++ b/9.0/jdk17/corretto-alpine3.21/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/corretto-alpine3.22/Dockerfile b/9.0/jdk17/corretto-alpine3.22/Dockerfile new file mode 100644 index 00000000..6372b886 --- /dev/null +++ b/9.0/jdk17/corretto-alpine3.22/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:17-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/sapmachine-jammy/Dockerfile b/9.0/jdk17/sapmachine-jammy/Dockerfile new file mode 100644 index 00000000..a1b51b0e --- /dev/null +++ b/9.0/jdk17/sapmachine-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:17-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/sapmachine-noble/Dockerfile b/9.0/jdk17/sapmachine-noble/Dockerfile new file mode 100644 index 00000000..9a4af084 --- /dev/null +++ b/9.0/jdk17/sapmachine-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:17-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/semeru-jammy/Dockerfile b/9.0/jdk17/semeru-jammy/Dockerfile new file mode 100644 index 00000000..8dd1e5ef --- /dev/null +++ b/9.0/jdk17/semeru-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/semeru-noble/Dockerfile b/9.0/jdk17/semeru-noble/Dockerfile new file mode 100644 index 00000000..c6b7df88 --- /dev/null +++ b/9.0/jdk17/semeru-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/temurin-alpine3.20/Dockerfile b/9.0/jdk17/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..003854d2 --- /dev/null +++ b/9.0/jdk17/temurin-alpine3.20/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/temurin-alpine3.21/Dockerfile b/9.0/jdk17/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..34040202 --- /dev/null +++ b/9.0/jdk17/temurin-alpine3.21/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/temurin-alpine3.22/Dockerfile b/9.0/jdk17/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..50e14822 --- /dev/null +++ b/9.0/jdk17/temurin-alpine3.22/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/temurin-jammy/Dockerfile b/9.0/jdk17/temurin-jammy/Dockerfile index f059a6c4..89d19f98 100644 --- a/9.0/jdk17/temurin-jammy/Dockerfile +++ b/9.0/jdk17/temurin-jammy/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk17/temurin-noble/Dockerfile b/9.0/jdk17/temurin-noble/Dockerfile index 458ce9fd..4655538a 100644 --- a/9.0/jdk17/temurin-noble/Dockerfile +++ b/9.0/jdk17/temurin-noble/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk17/temurin-ubi10-minimal/Dockerfile b/9.0/jdk17/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..97e2750a --- /dev/null +++ b/9.0/jdk17/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk17/temurin-ubi9-minimal/Dockerfile b/9.0/jdk17/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..682634e9 --- /dev/null +++ b/9.0/jdk17/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/corretto-al2/Dockerfile b/9.0/jdk21/corretto-al2/Dockerfile index 1bc3f479..b832d904 100644 --- a/9.0/jdk21/corretto-al2/Dockerfile +++ b/9.0/jdk21/corretto-al2/Dockerfile @@ -26,8 +26,8 @@ RUN set -eux; \ yum install -y --setopt=skip_missing_names_on_install=False yum-utils; \ yumdb set reason dep yum-utils; \ fi; \ -# a helper function to "yum install" things, but only if they aren't installed (and to set their "reason" to "dep" so "yum autoremove" can purge them for us) - _yum_install_temporary() { ( set -eu +x; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ local pkg todo=''; \ for pkg; do \ if ! rpm --query "$pkg" > /dev/null 2>&1; then \ @@ -40,7 +40,7 @@ RUN set -eux; \ yumdb set reason dep $todo; \ fi; \ ) }; \ - _yum_install_temporary gzip tar; \ + _install_temporary gzip tar; \ \ ddist() { \ local f="$1"; shift; \ @@ -97,8 +97,9 @@ RUN set -eux; \ \ nativeBuildDir="$(mktemp -d)"; \ tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ - _yum_install_temporary \ + _install_temporary \ apr-devel \ + findutils \ gcc \ make \ openssl11-devel \ @@ -121,6 +122,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # mark any explicit dependencies as manually installed find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ @@ -137,15 +147,6 @@ RUN set -eux; \ yum clean all; \ rm -rf /var/cache/yum; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk21/corretto-al2023/Dockerfile b/9.0/jdk21/corretto-al2023/Dockerfile new file mode 100644 index 00000000..4efadaba --- /dev/null +++ b/9.0/jdk21/corretto-al2023/Dockerfile @@ -0,0 +1,162 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/corretto-alpine3.20/Dockerfile b/9.0/jdk21/corretto-alpine3.20/Dockerfile new file mode 100644 index 00000000..493aa44b --- /dev/null +++ b/9.0/jdk21/corretto-alpine3.20/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/corretto-alpine3.21/Dockerfile b/9.0/jdk21/corretto-alpine3.21/Dockerfile new file mode 100644 index 00000000..72780edc --- /dev/null +++ b/9.0/jdk21/corretto-alpine3.21/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/corretto-alpine3.22/Dockerfile b/9.0/jdk21/corretto-alpine3.22/Dockerfile new file mode 100644 index 00000000..f7289d00 --- /dev/null +++ b/9.0/jdk21/corretto-alpine3.22/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:21-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/sapmachine-jammy/Dockerfile b/9.0/jdk21/sapmachine-jammy/Dockerfile new file mode 100644 index 00000000..d8c8736d --- /dev/null +++ b/9.0/jdk21/sapmachine-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:21-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/sapmachine-noble/Dockerfile b/9.0/jdk21/sapmachine-noble/Dockerfile new file mode 100644 index 00000000..d0c5d920 --- /dev/null +++ b/9.0/jdk21/sapmachine-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:21-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/semeru-jammy/Dockerfile b/9.0/jdk21/semeru-jammy/Dockerfile new file mode 100644 index 00000000..d3f8bd09 --- /dev/null +++ b/9.0/jdk21/semeru-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/semeru-noble/Dockerfile b/9.0/jdk21/semeru-noble/Dockerfile new file mode 100644 index 00000000..1ab5aace --- /dev/null +++ b/9.0/jdk21/semeru-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/temurin-alpine3.20/Dockerfile b/9.0/jdk21/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..2a780409 --- /dev/null +++ b/9.0/jdk21/temurin-alpine3.20/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/temurin-alpine3.21/Dockerfile b/9.0/jdk21/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..3de1adea --- /dev/null +++ b/9.0/jdk21/temurin-alpine3.21/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/temurin-alpine3.22/Dockerfile b/9.0/jdk21/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..71c938d2 --- /dev/null +++ b/9.0/jdk21/temurin-alpine3.22/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/temurin-jammy/Dockerfile b/9.0/jdk21/temurin-jammy/Dockerfile index 5139a76b..beb72688 100644 --- a/9.0/jdk21/temurin-jammy/Dockerfile +++ b/9.0/jdk21/temurin-jammy/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk21/temurin-noble/Dockerfile b/9.0/jdk21/temurin-noble/Dockerfile index ad49fe46..fdc68170 100644 --- a/9.0/jdk21/temurin-noble/Dockerfile +++ b/9.0/jdk21/temurin-noble/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk21/temurin-ubi10-minimal/Dockerfile b/9.0/jdk21/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..4a0c7bcd --- /dev/null +++ b/9.0/jdk21/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk21/temurin-ubi9-minimal/Dockerfile b/9.0/jdk21/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..8b212ea7 --- /dev/null +++ b/9.0/jdk21/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/corretto-al2023/Dockerfile b/9.0/jdk25/corretto-al2023/Dockerfile new file mode 100644 index 00000000..9429d87e --- /dev/null +++ b/9.0/jdk25/corretto-al2023/Dockerfile @@ -0,0 +1,162 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/corretto-alpine3.20/Dockerfile b/9.0/jdk25/corretto-alpine3.20/Dockerfile new file mode 100644 index 00000000..ac86f53f --- /dev/null +++ b/9.0/jdk25/corretto-alpine3.20/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/corretto-alpine3.21/Dockerfile b/9.0/jdk25/corretto-alpine3.21/Dockerfile new file mode 100644 index 00000000..5ac95a1c --- /dev/null +++ b/9.0/jdk25/corretto-alpine3.21/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/corretto-alpine3.22/Dockerfile b/9.0/jdk25/corretto-alpine3.22/Dockerfile new file mode 100644 index 00000000..5a8167e4 --- /dev/null +++ b/9.0/jdk25/corretto-alpine3.22/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:25-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/sapmachine-jammy/Dockerfile b/9.0/jdk25/sapmachine-jammy/Dockerfile new file mode 100644 index 00000000..296d9cf8 --- /dev/null +++ b/9.0/jdk25/sapmachine-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:25-ubuntu-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/sapmachine-noble/Dockerfile b/9.0/jdk25/sapmachine-noble/Dockerfile new file mode 100644 index 00000000..c14b6468 --- /dev/null +++ b/9.0/jdk25/sapmachine-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM sapmachine:25-ubuntu-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/semeru-jammy/Dockerfile b/9.0/jdk25/semeru-jammy/Dockerfile new file mode 100644 index 00000000..7fe1af6c --- /dev/null +++ b/9.0/jdk25/semeru-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/semeru-noble/Dockerfile b/9.0/jdk25/semeru-noble/Dockerfile new file mode 100644 index 00000000..ec5f6879 --- /dev/null +++ b/9.0/jdk25/semeru-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/temurin-alpine3.21/Dockerfile b/9.0/jdk25/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..90a6b4d2 --- /dev/null +++ b/9.0/jdk25/temurin-alpine3.21/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/temurin-alpine3.22/Dockerfile b/9.0/jdk25/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..725efd4b --- /dev/null +++ b/9.0/jdk25/temurin-alpine3.22/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk25/temurin-jammy/Dockerfile b/9.0/jdk25/temurin-jammy/Dockerfile index 13ccbfdb..7bb6f210 100644 --- a/9.0/jdk25/temurin-jammy/Dockerfile +++ b/9.0/jdk25/temurin-jammy/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk25/temurin-noble/Dockerfile b/9.0/jdk25/temurin-noble/Dockerfile index 080950e5..e9ccb6c3 100644 --- a/9.0/jdk25/temurin-noble/Dockerfile +++ b/9.0/jdk25/temurin-noble/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk25/temurin-ubi10-minimal/Dockerfile b/9.0/jdk25/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..c5f0df1a --- /dev/null +++ b/9.0/jdk25/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk26/openjdk-bookworm/Dockerfile b/9.0/jdk26/openjdk-bookworm/Dockerfile new file mode 100644 index 00000000..5bf38434 --- /dev/null +++ b/9.0/jdk26/openjdk-bookworm/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:26-ea-jdk-bookworm + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk26/openjdk-oraclelinux8/Dockerfile b/9.0/jdk26/openjdk-oraclelinux8/Dockerfile new file mode 100644 index 00000000..3050de02 --- /dev/null +++ b/9.0/jdk26/openjdk-oraclelinux8/Dockerfile @@ -0,0 +1,165 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:26-ea-jdk-oraclelinux8 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk26/openjdk-oraclelinux9/Dockerfile b/9.0/jdk26/openjdk-oraclelinux9/Dockerfile new file mode 100644 index 00000000..3fa77ebf --- /dev/null +++ b/9.0/jdk26/openjdk-oraclelinux9/Dockerfile @@ -0,0 +1,165 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:26-ea-jdk-oraclelinux9 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk26/openjdk-slim-bookworm/Dockerfile b/9.0/jdk26/openjdk-slim-bookworm/Dockerfile new file mode 100644 index 00000000..5b4fd7af --- /dev/null +++ b/9.0/jdk26/openjdk-slim-bookworm/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:26-ea-jdk-slim-bookworm + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk26/openjdk-slim-trixie/Dockerfile b/9.0/jdk26/openjdk-slim-trixie/Dockerfile new file mode 100644 index 00000000..248e0ef0 --- /dev/null +++ b/9.0/jdk26/openjdk-slim-trixie/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:26-ea-jdk-slim-trixie + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk26/openjdk-trixie/Dockerfile b/9.0/jdk26/openjdk-trixie/Dockerfile new file mode 100644 index 00000000..018a5fef --- /dev/null +++ b/9.0/jdk26/openjdk-trixie/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM openjdk:26-ea-jdk-trixie + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/corretto-al2/Dockerfile b/9.0/jdk8/corretto-al2/Dockerfile index 430def9c..18658372 100644 --- a/9.0/jdk8/corretto-al2/Dockerfile +++ b/9.0/jdk8/corretto-al2/Dockerfile @@ -26,8 +26,8 @@ RUN set -eux; \ yum install -y --setopt=skip_missing_names_on_install=False yum-utils; \ yumdb set reason dep yum-utils; \ fi; \ -# a helper function to "yum install" things, but only if they aren't installed (and to set their "reason" to "dep" so "yum autoremove" can purge them for us) - _yum_install_temporary() { ( set -eu +x; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ local pkg todo=''; \ for pkg; do \ if ! rpm --query "$pkg" > /dev/null 2>&1; then \ @@ -40,7 +40,7 @@ RUN set -eux; \ yumdb set reason dep $todo; \ fi; \ ) }; \ - _yum_install_temporary gzip tar; \ + _install_temporary gzip tar; \ \ ddist() { \ local f="$1"; shift; \ @@ -97,8 +97,9 @@ RUN set -eux; \ \ nativeBuildDir="$(mktemp -d)"; \ tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ - _yum_install_temporary \ + _install_temporary \ apr-devel \ + findutils \ gcc \ make \ openssl11-devel \ @@ -121,6 +122,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # mark any explicit dependencies as manually installed find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ @@ -137,15 +147,6 @@ RUN set -eux; \ yum clean all; \ rm -rf /var/cache/yum; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk8/corretto-al2023/Dockerfile b/9.0/jdk8/corretto-al2023/Dockerfile new file mode 100644 index 00000000..1b141294 --- /dev/null +++ b/9.0/jdk8/corretto-al2023/Dockerfile @@ -0,0 +1,162 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-al2023-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/corretto-alpine3.20/Dockerfile b/9.0/jdk8/corretto-alpine3.20/Dockerfile new file mode 100644 index 00000000..a2ec8497 --- /dev/null +++ b/9.0/jdk8/corretto-alpine3.20/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-alpine3.20-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/corretto-alpine3.21/Dockerfile b/9.0/jdk8/corretto-alpine3.21/Dockerfile new file mode 100644 index 00000000..8061a6dd --- /dev/null +++ b/9.0/jdk8/corretto-alpine3.21/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-alpine3.21-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/corretto-alpine3.22/Dockerfile b/9.0/jdk8/corretto-alpine3.22/Dockerfile new file mode 100644 index 00000000..687a9a0f --- /dev/null +++ b/9.0/jdk8/corretto-alpine3.22/Dockerfile @@ -0,0 +1,142 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-alpine3.22-jdk + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/semeru-jammy/Dockerfile b/9.0/jdk8/semeru-jammy/Dockerfile new file mode 100644 index 00000000..91d3f11b --- /dev/null +++ b/9.0/jdk8/semeru-jammy/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-8-jdk-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/semeru-noble/Dockerfile b/9.0/jdk8/semeru-noble/Dockerfile new file mode 100644 index 00000000..7a0313b3 --- /dev/null +++ b/9.0/jdk8/semeru-noble/Dockerfile @@ -0,0 +1,156 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-8-jdk-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + gnupg \ + ; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + libapr1-dev \ + libssl-dev \ + make \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r apt-mark manual \ + ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/temurin-alpine3.20/Dockerfile b/9.0/jdk8/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..1fda237a --- /dev/null +++ b/9.0/jdk8/temurin-alpine3.20/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jdk-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/temurin-alpine3.21/Dockerfile b/9.0/jdk8/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..eaa4fb70 --- /dev/null +++ b/9.0/jdk8/temurin-alpine3.21/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jdk-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/temurin-alpine3.22/Dockerfile b/9.0/jdk8/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..c66af5ce --- /dev/null +++ b/9.0/jdk8/temurin-alpine3.22/Dockerfile @@ -0,0 +1,146 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jdk-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ + apk add --no-cache --virtual .fetch-deps gnupg; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if wget -O "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum -c -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + wget -O upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --build="$gnuArch" \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/temurin-jammy/Dockerfile b/9.0/jdk8/temurin-jammy/Dockerfile index 891e93ba..921652d1 100644 --- a/9.0/jdk8/temurin-jammy/Dockerfile +++ b/9.0/jdk8/temurin-jammy/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk8/temurin-noble/Dockerfile b/9.0/jdk8/temurin-noble/Dockerfile index eda06380..b509017c 100644 --- a/9.0/jdk8/temurin-noble/Dockerfile +++ b/9.0/jdk8/temurin-noble/Dockerfile @@ -113,6 +113,15 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ @@ -130,15 +139,6 @@ RUN set -eux; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version diff --git a/9.0/jdk8/temurin-ubi10-minimal/Dockerfile b/9.0/jdk8/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..538ff86a --- /dev/null +++ b/9.0/jdk8/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jdk-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jdk8/temurin-ubi9-minimal/Dockerfile b/9.0/jdk8/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..42e4d0fe --- /dev/null +++ b/9.0/jdk8/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,169 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jdk-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +RUN set -eux; \ + \ +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ + local pkg todo=''; \ + for pkg; do \ + if ! rpm --query "$pkg" > /dev/null 2>&1; then \ + todo="$todo $pkg"; \ + fi; \ + done; \ + if [ -n "$todo" ]; then \ + set -x; \ + dnf install -y $todo; \ + dnf mark remove $todo; \ + fi; \ + ) }; \ + _install_temporary gzip tar; \ + \ + ddist() { \ + local f="$1"; shift; \ + local distFile="$1"; shift; \ + local mvnFile="${1:-}"; \ + local success=; \ + local distUrl=; \ + for distUrl in \ +# https://apache.org/history/mirror-history.html + "https://dlcdn.apache.org/$distFile" \ +# if the version is outdated, we have to pull from the archive + "https://archive.apache.org/dist/$distFile" \ +# if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) + ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ + ; do \ + if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + success=1; \ + break; \ + fi; \ + done; \ + [ -n "$success" ]; \ + }; \ + \ + ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -fL -o upstream-KEYS 'https://www.apache.org/dist/tomcat/tomcat-9/KEYS'; \ + gpg --batch --import upstream-KEYS; \ +# filter upstream KEYS file to *just* known/precomputed fingerprints + printf '' > filtered-KEYS; \ +# see https://www.apache.org/dist/tomcat/tomcat-9/KEYS + for key in \ + 'DCFD35E0BF8CA7344752DE8B6FB21E8933C60243' \ + 'A9C5DF4D22E99998D9875A5110C01C5A2F6059E7' \ + '48F8E69F6390C9F25CFEDCD268248959359E722B' \ + ; do \ + gpg --batch --fingerprint "$key"; \ + gpg --batch --export --armor "$key" >> filtered-KEYS; \ + done; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --import filtered-KEYS; \ + gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ + tar -xf tomcat.tar.gz --strip-components=1; \ + rm bin/*.bat; \ + rm tomcat.tar.gz*; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + \ +# https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications + mv webapps webapps.dist; \ + mkdir webapps; \ +# we don't delete them completely because they're frankly a pain to get back for users who do want them, and they're generally tiny (~7MB) + \ + nativeBuildDir="$(mktemp -d)"; \ + tar -xf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1; \ + _install_temporary \ + apr-devel \ + findutils \ + gcc \ + make \ + openssl-devel \ +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ + ; \ + ( \ + export CATALINA_HOME="$PWD"; \ + cd "$nativeBuildDir/native"; \ + aprConfig="$(command -v apr-1-config)"; \ + ./configure \ + --libdir="$TOMCAT_NATIVE_LIBDIR" \ + --prefix="$CATALINA_HOME" \ + --with-apr="$aprConfig" \ + --with-java-home="$JAVA_HOME" \ + --with-ssl \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc"; \ + make install; \ + ); \ + rm -rf "$nativeBuildDir"; \ + rm bin/tomcat-native.tar.gz; \ + \ +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ +# mark any explicit dependencies as manually installed + find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ && $(NF-1) != "=>" { print $(NF-1) }' \ + | xargs -rt readlink -e \ + | sort -u \ + | xargs -rt rpm --query --whatprovides \ + | sort -u \ + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + | xargs -r dnf mark install \ + ; \ + \ +# clean up anything added temporarily and not later marked as necessary + dnf autoremove -y; \ + dnf clean all; \ + rm -rf /var/cache/dnf; \ + \ +# smoke test + catalina.sh version + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre11/semeru-jammy/Dockerfile b/9.0/jre11/semeru-jammy/Dockerfile new file mode 100644 index 00000000..3e9bd23b --- /dev/null +++ b/9.0/jre11/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-11-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk11-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre11/semeru-noble/Dockerfile b/9.0/jre11/semeru-noble/Dockerfile new file mode 100644 index 00000000..5936da8f --- /dev/null +++ b/9.0/jre11/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-11-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk11-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre11/temurin-alpine3.20/Dockerfile b/9.0/jre11/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..68828ca2 --- /dev/null +++ b/9.0/jre11/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk11-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre11/temurin-alpine3.21/Dockerfile b/9.0/jre11/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..20e91e31 --- /dev/null +++ b/9.0/jre11/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk11-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre11/temurin-alpine3.22/Dockerfile b/9.0/jre11/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..13fe6d13 --- /dev/null +++ b/9.0/jre11/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk11-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre11/temurin-ubi10-minimal/Dockerfile b/9.0/jre11/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..2a9c4b66 --- /dev/null +++ b/9.0/jre11/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk11-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre11/temurin-ubi9-minimal/Dockerfile b/9.0/jre11/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..258ec312 --- /dev/null +++ b/9.0/jre11/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:11-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk11-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre17/semeru-jammy/Dockerfile b/9.0/jre17/semeru-jammy/Dockerfile new file mode 100644 index 00000000..da48c379 --- /dev/null +++ b/9.0/jre17/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk17-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre17/semeru-noble/Dockerfile b/9.0/jre17/semeru-noble/Dockerfile new file mode 100644 index 00000000..35372f78 --- /dev/null +++ b/9.0/jre17/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-17-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk17-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre17/temurin-alpine3.20/Dockerfile b/9.0/jre17/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..d58203bf --- /dev/null +++ b/9.0/jre17/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk17-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre17/temurin-alpine3.21/Dockerfile b/9.0/jre17/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..d111c178 --- /dev/null +++ b/9.0/jre17/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk17-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre17/temurin-alpine3.22/Dockerfile b/9.0/jre17/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..69c5ce19 --- /dev/null +++ b/9.0/jre17/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk17-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre17/temurin-ubi10-minimal/Dockerfile b/9.0/jre17/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..b3d98e63 --- /dev/null +++ b/9.0/jre17/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk17-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre17/temurin-ubi9-minimal/Dockerfile b/9.0/jre17/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..217b5eb8 --- /dev/null +++ b/9.0/jre17/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:17-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk17-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre21/semeru-jammy/Dockerfile b/9.0/jre21/semeru-jammy/Dockerfile new file mode 100644 index 00000000..8ff326c4 --- /dev/null +++ b/9.0/jre21/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk21-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre21/semeru-noble/Dockerfile b/9.0/jre21/semeru-noble/Dockerfile new file mode 100644 index 00000000..87d6e85b --- /dev/null +++ b/9.0/jre21/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-21-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk21-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre21/temurin-alpine3.20/Dockerfile b/9.0/jre21/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..ea2e3fde --- /dev/null +++ b/9.0/jre21/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk21-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre21/temurin-alpine3.21/Dockerfile b/9.0/jre21/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..cbed6b8b --- /dev/null +++ b/9.0/jre21/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk21-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre21/temurin-alpine3.22/Dockerfile b/9.0/jre21/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..967d8f29 --- /dev/null +++ b/9.0/jre21/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk21-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre21/temurin-ubi10-minimal/Dockerfile b/9.0/jre21/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..8e6b5a1a --- /dev/null +++ b/9.0/jre21/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk21-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre21/temurin-ubi9-minimal/Dockerfile b/9.0/jre21/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..1d080f1b --- /dev/null +++ b/9.0/jre21/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:21-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk21-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre25/semeru-jammy/Dockerfile b/9.0/jre25/semeru-jammy/Dockerfile new file mode 100644 index 00000000..988220cc --- /dev/null +++ b/9.0/jre25/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk25-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre25/semeru-noble/Dockerfile b/9.0/jre25/semeru-noble/Dockerfile new file mode 100644 index 00000000..23942bfa --- /dev/null +++ b/9.0/jre25/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-25-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk25-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre25/temurin-alpine3.21/Dockerfile b/9.0/jre25/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..94c02a1f --- /dev/null +++ b/9.0/jre25/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk25-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre25/temurin-alpine3.22/Dockerfile b/9.0/jre25/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..ccd45c09 --- /dev/null +++ b/9.0/jre25/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk25-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre25/temurin-ubi10-minimal/Dockerfile b/9.0/jre25/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..68415206 --- /dev/null +++ b/9.0/jre25/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:25-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk25-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/corretto-al2023/Dockerfile b/9.0/jre8/corretto-al2023/Dockerfile new file mode 100644 index 00000000..ff06fd95 --- /dev/null +++ b/9.0/jre8/corretto-al2023/Dockerfile @@ -0,0 +1,41 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-al2023-jre + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk8-corretto-al2023 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + dnf install -y $deps; \ + dnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/corretto-alpine3.20/Dockerfile b/9.0/jre8/corretto-alpine3.20/Dockerfile new file mode 100644 index 00000000..06de4438 --- /dev/null +++ b/9.0/jre8/corretto-alpine3.20/Dockerfile @@ -0,0 +1,38 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-alpine3.20-jre + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk8-corretto-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/corretto-alpine3.21/Dockerfile b/9.0/jre8/corretto-alpine3.21/Dockerfile new file mode 100644 index 00000000..27411256 --- /dev/null +++ b/9.0/jre8/corretto-alpine3.21/Dockerfile @@ -0,0 +1,38 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-alpine3.21-jre + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk8-corretto-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/corretto-alpine3.22/Dockerfile b/9.0/jre8/corretto-alpine3.22/Dockerfile new file mode 100644 index 00000000..3cedae55 --- /dev/null +++ b/9.0/jre8/corretto-alpine3.22/Dockerfile @@ -0,0 +1,38 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM amazoncorretto:8-alpine3.22-jre + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk8-corretto-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/semeru-jammy/Dockerfile b/9.0/jre8/semeru-jammy/Dockerfile new file mode 100644 index 00000000..aff6b82a --- /dev/null +++ b/9.0/jre8/semeru-jammy/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-8-jre-jammy + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk8-semeru-jammy $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/semeru-noble/Dockerfile b/9.0/jre8/semeru-noble/Dockerfile new file mode 100644 index 00000000..f6f0ba4a --- /dev/null +++ b/9.0/jre8/semeru-noble/Dockerfile @@ -0,0 +1,39 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM ibm-semeru-runtimes:open-8-jre-noble + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk8-semeru-noble $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + apt-get update; \ + xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + rm -rf /var/lib/apt/lists/* + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/temurin-alpine3.20/Dockerfile b/9.0/jre8/temurin-alpine3.20/Dockerfile new file mode 100644 index 00000000..c1a6f508 --- /dev/null +++ b/9.0/jre8/temurin-alpine3.20/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jre-alpine-3.20 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk8-temurin-alpine3.20 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/temurin-alpine3.21/Dockerfile b/9.0/jre8/temurin-alpine3.21/Dockerfile new file mode 100644 index 00000000..df25b031 --- /dev/null +++ b/9.0/jre8/temurin-alpine3.21/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jre-alpine-3.21 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk8-temurin-alpine3.21 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/temurin-alpine3.22/Dockerfile b/9.0/jre8/temurin-alpine3.22/Dockerfile new file mode 100644 index 00000000..7cf381de --- /dev/null +++ b/9.0/jre8/temurin-alpine3.22/Dockerfile @@ -0,0 +1,42 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jre-alpine-3.22 + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk8-temurin-alpine3.22 $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/temurin-ubi10-minimal/Dockerfile b/9.0/jre8/temurin-ubi10-minimal/Dockerfile new file mode 100644 index 00000000..3b8db8c1 --- /dev/null +++ b/9.0/jre8/temurin-ubi10-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jre-ubi10-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk8-temurin-ubi10-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/9.0/jre8/temurin-ubi9-minimal/Dockerfile b/9.0/jre8/temurin-ubi9-minimal/Dockerfile new file mode 100644 index 00000000..8ca4f13c --- /dev/null +++ b/9.0/jre8/temurin-ubi9-minimal/Dockerfile @@ -0,0 +1,45 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM eclipse-temurin:8-jre-ubi9-minimal + +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.112 +ENV TOMCAT_SHA512 fc55589f28bf6659928167461c741649b6005b64285dd81df05bb5ee40f4c6de59b8ee3af84ff756ae1513fc47f5f73070e29313b555e27f096f25881c69841d + +COPY --from=tomcat:9.0.112-jdk8-temurin-ubi9-minimal $CATALINA_HOME $CATALINA_HOME +RUN set -eux; \ +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + microdnf install -y $deps; \ + microdnf clean all; \ + rm -rf /var/cache/dnf + +# verify Tomcat Native is working properly +RUN set -eux; \ + nativeLines="$(catalina.sh configtest 2>&1)"; \ + nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')"; \ + nativeLines="$(echo "$nativeLines" | sort -u)"; \ + if ! echo "$nativeLines" | grep -E 'INFO: Loaded( APR based)? Apache Tomcat Native library' >&2; then \ + echo >&2 "$nativeLines"; \ + exit 1; \ + fi + +EXPOSE 8080 + +# upstream eclipse-temurin-provided entrypoint script caused https://github.com/docker-library/tomcat/issues/77 to come back as https://github.com/docker-library/tomcat/issues/302; use "/entrypoint.sh" at your own risk +ENTRYPOINT [] + +CMD ["catalina.sh", "run"] diff --git a/Dockerfile.template b/Dockerfile.template index e94d4190..9e45f55e 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -29,14 +29,25 @@ RUN set -eux; \ curl \ gnupg \ ; \ +{{ ) elif is_alpine then ( -}} + apk add --no-cache --virtual .fetch-deps gnupg; \ {{ ) else ( -}} +{{ if is_yum then ( -}} # http://yum.baseurl.org/wiki/YumDB.html if ! command -v yumdb > /dev/null; then \ yum install -y --setopt=skip_missing_names_on_install=False yum-utils; \ yumdb set reason dep yum-utils; \ fi; \ -# a helper function to "yum install" things, but only if they aren't installed (and to set their "reason" to "dep" so "yum autoremove" can purge them for us) - _yum_install_temporary() { ( set -eu +x; \ +{{ if vendor_variant | contains("oraclelinux7") then ( -}} +# TODO there's an odd bug on Oracle Linux where installing "cpp" (which gets pulled in as a dependency of "gcc") and then marking it as automatically-installed will result in the "filesystem" package being removed during "yum autoremove" (which then fails), so we set it as manually-installed to compensate + yumdb set reason user filesystem; \ +{{ ) else "" end -}} +{{ ) elif vendor_variant | variant_is_microdnf then ( -}} +# removing dnf after it is installed gets really hairy, so we'll just live with it (since we need it for "dnf mark") + microdnf install -y dnf; \ +{{ ) else "" end -}} +# a helper function to install things, but only if they aren't installed (and to mark them so "autoremove" can purge them for us) + _install_temporary() { ( set -eu +x; \ local pkg todo=''; \ for pkg; do \ if ! rpm --query "$pkg" > /dev/null 2>&1; then \ @@ -45,11 +56,20 @@ RUN set -eux; \ done; \ if [ -n "$todo" ]; then \ set -x; \ +{{ if is_yum then ( -}} yum install -y --setopt=skip_missing_names_on_install=False $todo; \ yumdb set reason dep $todo; \ +{{ ) else ( -}} + dnf install -y $todo; \ + dnf mark remove $todo; \ +{{ ) end -}} fi; \ ) }; \ - _yum_install_temporary gzip tar; \ + _install_temporary gzip tar; \ +{{ if vendor_variant | contains("al20") then ( -}} +# gnupg2-minimal (installed by default) conflicts with gnupg2 and does not include dirmngr so cannot fetch keys + dnf install -y --allowerasing gnupg2; \ +{{ ) else "" end -}} {{ ) end -}} \ ddist() { \ @@ -66,7 +86,7 @@ RUN set -eux; \ # if all else fails, let's try Maven (https://www.mail-archive.com/users@tomcat.apache.org/msg134940.html; https://mvnrepository.com/artifact/org.apache.tomcat/tomcat; https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/) ${mvnFile:+"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat/$mvnFile"} \ ; do \ - if curl -fL -o "$f" "$distUrl" && [ -s "$f" ]; then \ + if {{ if is_alpine then "wget -O" else "curl -fL -o" end }} "$f" "$distUrl" && [ -s "$f" ]; then \ success=1; \ break; \ fi; \ @@ -75,10 +95,10 @@ RUN set -eux; \ }; \ \ ddist 'tomcat.tar.gz' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz"; \ - echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum --strict --check -; \ + echo "$TOMCAT_SHA512 *tomcat.tar.gz" | sha512sum {{ if is_alpine then "-c" else "--strict --check" end }} -; \ ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \ GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ - curl -fL -o upstream-KEYS {{ "https://www.apache.org/dist/tomcat/tomcat-\(major)/KEYS" | @sh }}; \ + {{ if is_alpine then "wget -O" else "curl -fL -o" end }} upstream-KEYS {{ "https://www.apache.org/dist/tomcat/tomcat-\(major)/KEYS" | @sh }}; \ gpg --batch --import upstream-KEYS; \ # filter upstream KEYS file to *just* known/precomputed fingerprints printf '' > filtered-KEYS; \ @@ -132,7 +152,7 @@ RUN set -eux; \ tar -xf tomcat.tar.gz --strip-components=1; \ rm bin/*.bat; \ rm tomcat.tar.gz*; \ -{{ if vendor_variant | contains("al2") then "" else ( -}} +{{ if vendor_variant | variant_is_al2 or contains("oraclelinux7") then "" else ( -}} gpgconf --kill all; \ {{ ) end -}} rm -rf "$GNUPGHOME"; \ @@ -152,23 +172,45 @@ RUN set -eux; \ libssl-dev \ make \ ; \ +{{ ) elif is_alpine then ( -}} + apk add --no-cache --virtual .build-deps \ + apr-dev \ + dpkg-dev dpkg \ + gcc \ + libc-dev \ + make \ +{{ if is_native_ge_2 then ( -}} + openssl3-dev \ +{{ ) else ( -}} + openssl-dev \ +{{ ) end -}} + ; \ {{ ) else ( -}} - _yum_install_temporary \ + _install_temporary \ apr-devel \ + findutils \ gcc \ make \ +{{ if vendor_variant | variant_is_al2 then ( -}} openssl11-devel \ +{{ ) else ( -}} + openssl-devel \ +{{ ) end -}} +{{ if vendor_variant | variant_is_microdnf then ( -}} +# "gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory" + redhat-rpm-config \ +{{ ) else "" end -}} ; \ {{ ) end -}} ( \ export CATALINA_HOME="$PWD"; \ cd "$nativeBuildDir/native"; \ -{{ if is_apt then ( -}} +{{ if is_apt or is_alpine then ( -}} gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ {{ ) else "" end -}} aprConfig="$(command -v apr-1-config)"; \ ./configure \ -{{ if is_apt then ( -}} +{{ if is_apt or is_alpine then ( -}} --build="$gnuArch" \ {{ ) else "" end -}} --libdir="$TOMCAT_NATIVE_LIBDIR" \ @@ -186,6 +228,17 @@ RUN set -eux; \ rm -rf "$nativeBuildDir"; \ rm bin/tomcat-native.tar.gz; \ \ +{{ if is_alpine then "" else ( -}} +# sh removes env vars it doesn't support (ones with periods) +# https://github.com/docker-library/tomcat/issues/77 + find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ + \ +{{ ) end -}} +# fix permissions (especially for running as non-root) +# https://github.com/docker-library/tomcat/issues/35 + chmod -R +rX .; \ + chmod 1777 logs temp work; \ + \ {{ if is_apt then ( -}} # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ @@ -203,6 +256,24 @@ RUN set -eux; \ \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ +{{ ) elif is_alpine then ( -}} +# mark any explicit dependencies as manually installed + deps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \ + | tr ',' '\n' \ + | sort -u \ +{{ if is_native_ge_2 and (vendor_variant | contains("alpine3.15") or contains("alpine3.16")) then ( -}} +# https://git.alpinelinux.org/aports/tree/main/openssl3/APKBUILD?h=3.16-stable#n23 ("sonameprefix") +# see also "apk info --all libssl3" ("so:openssl3:so:libssl.so.3=3" under "provides:") + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { if ($1 ~ /libssl|libcrypto/) { print "so:openssl3:so:" $1 } else { print "so:" $1 } }' \ +{{ ) else ( -}} + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ +{{ ) end -}} + | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ + )"; \ + apk add --no-network --virtual .tomcat-native-deps $deps; \ + \ + apk del --no-network .fetch-deps .build-deps; \ {{ ) else ( -}} # mark any explicit dependencies as manually installed find "$TOMCAT_NATIVE_LIBDIR" -type f -executable -exec ldd '{}' ';' \ @@ -212,24 +283,15 @@ RUN set -eux; \ | xargs -rt rpm --query --whatprovides \ | sort -u \ | tee "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt" \ - | xargs -r yumdb set reason user \ + | xargs -r {{ if is_yum then "yumdb set reason user" else "dnf mark install" end }} \ ; \ \ # clean up anything added temporarily and not later marked as necessary - yum autoremove -y; \ - yum clean all; \ - rm -rf /var/cache/yum; \ + {{ if is_yum then "yum" else "dnf" end }} autoremove -y; \ + {{ if is_yum then "yum" else "dnf" end }} clean all; \ + rm -rf /var/cache/{{ if is_yum then "yum" else "dnf" end }}; \ {{ ) end -}} \ -# sh removes env vars it doesn't support (ones with periods) -# https://github.com/docker-library/tomcat/issues/77 - find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \ - \ -# fix permissions (especially for running as non-root) -# https://github.com/docker-library/tomcat/issues/35 - chmod -R +rX .; \ - chmod 1777 logs temp work; \ - \ # smoke test catalina.sh version {{ ) else ( -}} @@ -239,10 +301,19 @@ RUN set -eux; \ apt-get update; \ xargs -rt apt-get install -y --no-install-recommends < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ rm -rf /var/lib/apt/lists/* +{{ ) elif is_alpine then ( -}} + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + apk add --no-cache --virtual .tomcat-native-deps $deps +{{ ) elif vendor_variant | contains("al20") or contains("ubi") then ( -}} +# no xargs in al20XX and ubiX-minimal /o\ + deps="$(cat "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt")"; \ + {{ if vendor_variant | variant_is_microdnf then "microdnf" else "dnf" end }} install -y $deps; \ + {{ if vendor_variant | variant_is_microdnf then "microdnf" else "dnf" end }} clean all; \ + rm -rf /var/cache/dnf {{ ) else ( -}} - xargs -rt yum install -y --setopt=skip_missing_names_on_install=False < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ - yum clean all; \ - rm -rf /var/cache/yum + xargs -rt {{ if is_yum then "yum" elif vendor_variant | variant_is_microdnf then "microdnf" else "dnf" end }} install -y{{ if is_yum then " --setopt=skip_missing_names_on_install=False" else "" end }} < "$TOMCAT_NATIVE_LIBDIR/.dependencies.txt"; \ + {{ if is_yum then "yum" elif vendor_variant | variant_is_microdnf then "microdnf" else "dnf" end }} clean all; \ + rm -rf /var/cache/{{ if is_yum then "yum" else "dnf" end }} {{ ) end -}} {{ ) end -}} diff --git a/from.jq b/from.jq index 631ef8bd..7094fa93 100644 --- a/from.jq +++ b/from.jq @@ -17,9 +17,17 @@ def from: | if test("^corretto-") then "amazoncorretto:" + java_version + ltrimstr("corretto") + "-" + java_variant elif test("^openjdk-") then - "openjdk:" + java_version + "-" + java_variant + ltrimstr("openjdk") + # TODO this "-ea" needs to be handled somewhere else / further out so we don't ever label "26-ea" as just "26", for example (https://github.com/docker-library/openjdk/pull/550) + "openjdk:" + java_version + "-ea-" + java_variant + ltrimstr("openjdk") + elif test("^sapmachine-") and java_variant == "jdk" then + "sapmachine:" + java_version + "-ubuntu" + ltrimstr("sapmachine") + elif test("^semeru-") then + "ibm-semeru-runtimes:open-" + java_version + "-" + java_variant + ltrimstr("semeru") elif test("^temurin-") then - "eclipse-temurin:" + java_version + "-" + java_variant + ltrimstr("temurin") + "eclipse-temurin:" + java_version + "-" + java_variant + ( + ltrimstr("temurin") + | sub("alpine(?=[0-9]+)"; "alpine-") # temurin does "-alpine-N.NN" style tags + ) else error("unknown vendor variant: " + .) end diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index fa1ac0dd..f8f22879 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -90,9 +90,11 @@ for version; do declare -A vendorAliases=() defaultTemurinVariant= for aliasToRegex in \ - 'corretto:^corretto-' \ - 'openjdk:openjdk-(?!slim)' 'openjdk-slim:^openjdk-slim' \ - 'temurin:^temurin-' \ + 'corretto:^corretto-(?!alpine)' 'corretto-alpine:^corretto-alpine' \ + 'openjdk:openjdk-(?!slim|alpine)' 'openjdk-slim:^openjdk-slim' 'openjdk-alpine:^openjdk-alpine' \ + 'sapmachine:^sapmachine-' \ + 'semeru:^semeru-' \ + 'temurin:^temurin-(?!alpine)' 'temurin-alpine:^temurin-alpine' \ ; do alias="${aliasToRegex%%:*}" regex="${aliasToRegex#$alias:}" diff --git a/shared.jq b/shared.jq index b407b207..52a5a793 100644 --- a/shared.jq +++ b/shared.jq @@ -16,9 +16,26 @@ def is_supported_java_version(java): java >= 8 end ; +def is_alpine: + vendor_variant | contains("alpine") +; +def variant_is_al2: # NOT al20XX + contains("al2") and (contains("al20") | not) +; +def is_yum: + vendor_variant | ( + variant_is_al2 + or contains("oraclelinux7") + ) +; +def variant_is_microdnf: + contains("oraclelinux") or contains("ubi") +; def is_apt: vendor_variant | ( - contains("al2") + variant_is_microdnf + or contains("al2") + or contains("alpine") ) | not ; def is_native_ge_2: @@ -31,6 +48,9 @@ def has_openssl_ge_3(variant): # https://github.com/apache/tomcat-native/commit/f7930fa16f095717cfc641a8d24e60c343765adc variant | ( # amazonlinux - contains("al2") # corretto + variant_is_al2 # corretto + # oraclelinux + or contains("oraclelinux7") # openjdk + or contains("oraclelinux8") # openjdk ) | not ; diff --git a/versions.json b/versions.json index beb80d40..13e75091 100644 --- a/versions.json +++ b/versions.json @@ -6,18 +6,99 @@ "jre25/temurin-noble", "jdk25/temurin-jammy", "jre25/temurin-jammy", + "jdk25/temurin-alpine3.22", + "jre25/temurin-alpine3.22", + "jdk25/temurin-alpine3.21", + "jre25/temurin-alpine3.21", + "jdk25/temurin-ubi10-minimal", + "jre25/temurin-ubi10-minimal", + "jdk25/corretto-al2023", + "jdk25/corretto-alpine3.22", + "jdk25/corretto-alpine3.21", + "jdk25/corretto-alpine3.20", + "jdk25/sapmachine-noble", + "jdk25/sapmachine-jammy", + "jdk25/semeru-noble", + "jre25/semeru-noble", + "jdk25/semeru-jammy", + "jre25/semeru-jammy", "jdk21/temurin-noble", "jre21/temurin-noble", "jdk21/temurin-jammy", "jre21/temurin-jammy", + "jdk21/temurin-alpine3.22", + "jre21/temurin-alpine3.22", + "jdk21/temurin-alpine3.21", + "jre21/temurin-alpine3.21", + "jdk21/temurin-alpine3.20", + "jre21/temurin-alpine3.20", + "jdk21/temurin-ubi10-minimal", + "jre21/temurin-ubi10-minimal", + "jdk21/temurin-ubi9-minimal", + "jre21/temurin-ubi9-minimal", + "jdk21/corretto-al2023", + "jdk21/corretto-alpine3.22", + "jdk21/corretto-alpine3.21", + "jdk21/corretto-alpine3.20", + "jdk21/sapmachine-noble", + "jdk21/sapmachine-jammy", + "jdk21/semeru-noble", + "jre21/semeru-noble", + "jdk21/semeru-jammy", + "jre21/semeru-jammy", "jdk17/temurin-noble", "jre17/temurin-noble", "jdk17/temurin-jammy", "jre17/temurin-jammy", + "jdk17/temurin-alpine3.22", + "jre17/temurin-alpine3.22", + "jdk17/temurin-alpine3.21", + "jre17/temurin-alpine3.21", + "jdk17/temurin-alpine3.20", + "jre17/temurin-alpine3.20", + "jdk17/temurin-ubi10-minimal", + "jre17/temurin-ubi10-minimal", + "jdk17/temurin-ubi9-minimal", + "jre17/temurin-ubi9-minimal", + "jdk17/corretto-al2023", + "jdk17/corretto-alpine3.22", + "jdk17/corretto-alpine3.21", + "jdk17/corretto-alpine3.20", + "jdk17/sapmachine-noble", + "jdk17/sapmachine-jammy", + "jdk17/semeru-noble", + "jre17/semeru-noble", + "jdk17/semeru-jammy", + "jre17/semeru-jammy", "jdk11/temurin-noble", "jre11/temurin-noble", "jdk11/temurin-jammy", - "jre11/temurin-jammy" + "jre11/temurin-jammy", + "jdk11/temurin-alpine3.22", + "jre11/temurin-alpine3.22", + "jdk11/temurin-alpine3.21", + "jre11/temurin-alpine3.21", + "jdk11/temurin-alpine3.20", + "jre11/temurin-alpine3.20", + "jdk11/temurin-ubi10-minimal", + "jre11/temurin-ubi10-minimal", + "jdk11/temurin-ubi9-minimal", + "jre11/temurin-ubi9-minimal", + "jdk11/corretto-al2023", + "jdk11/corretto-alpine3.22", + "jdk11/corretto-alpine3.21", + "jdk11/corretto-alpine3.20", + "jdk11/sapmachine-noble", + "jdk11/sapmachine-jammy", + "jdk11/semeru-noble", + "jre11/semeru-noble", + "jdk11/semeru-jammy", + "jre11/semeru-jammy", + "jdk26/openjdk-trixie", + "jdk26/openjdk-bookworm", + "jdk26/openjdk-slim-trixie", + "jdk26/openjdk-slim-bookworm", + "jdk26/openjdk-oraclelinux9" ], "version": "10.1.49" }, @@ -28,14 +109,75 @@ "jre25/temurin-noble", "jdk25/temurin-jammy", "jre25/temurin-jammy", + "jdk25/temurin-alpine3.22", + "jre25/temurin-alpine3.22", + "jdk25/temurin-alpine3.21", + "jre25/temurin-alpine3.21", + "jdk25/temurin-ubi10-minimal", + "jre25/temurin-ubi10-minimal", + "jdk25/corretto-al2023", + "jdk25/corretto-alpine3.22", + "jdk25/corretto-alpine3.21", + "jdk25/corretto-alpine3.20", + "jdk25/sapmachine-noble", + "jdk25/sapmachine-jammy", + "jdk25/semeru-noble", + "jre25/semeru-noble", + "jdk25/semeru-jammy", + "jre25/semeru-jammy", "jdk21/temurin-noble", "jre21/temurin-noble", "jdk21/temurin-jammy", "jre21/temurin-jammy", + "jdk21/temurin-alpine3.22", + "jre21/temurin-alpine3.22", + "jdk21/temurin-alpine3.21", + "jre21/temurin-alpine3.21", + "jdk21/temurin-alpine3.20", + "jre21/temurin-alpine3.20", + "jdk21/temurin-ubi10-minimal", + "jre21/temurin-ubi10-minimal", + "jdk21/temurin-ubi9-minimal", + "jre21/temurin-ubi9-minimal", + "jdk21/corretto-al2023", + "jdk21/corretto-alpine3.22", + "jdk21/corretto-alpine3.21", + "jdk21/corretto-alpine3.20", + "jdk21/sapmachine-noble", + "jdk21/sapmachine-jammy", + "jdk21/semeru-noble", + "jre21/semeru-noble", + "jdk21/semeru-jammy", + "jre21/semeru-jammy", "jdk17/temurin-noble", "jre17/temurin-noble", "jdk17/temurin-jammy", - "jre17/temurin-jammy" + "jre17/temurin-jammy", + "jdk17/temurin-alpine3.22", + "jre17/temurin-alpine3.22", + "jdk17/temurin-alpine3.21", + "jre17/temurin-alpine3.21", + "jdk17/temurin-alpine3.20", + "jre17/temurin-alpine3.20", + "jdk17/temurin-ubi10-minimal", + "jre17/temurin-ubi10-minimal", + "jdk17/temurin-ubi9-minimal", + "jre17/temurin-ubi9-minimal", + "jdk17/corretto-al2023", + "jdk17/corretto-alpine3.22", + "jdk17/corretto-alpine3.21", + "jdk17/corretto-alpine3.20", + "jdk17/sapmachine-noble", + "jdk17/sapmachine-jammy", + "jdk17/semeru-noble", + "jre17/semeru-noble", + "jdk17/semeru-jammy", + "jre17/semeru-jammy", + "jdk26/openjdk-trixie", + "jdk26/openjdk-bookworm", + "jdk26/openjdk-slim-trixie", + "jdk26/openjdk-slim-bookworm", + "jdk26/openjdk-oraclelinux9" ], "version": "11.0.14" }, @@ -46,26 +188,130 @@ "jre25/temurin-noble", "jdk25/temurin-jammy", "jre25/temurin-jammy", + "jdk25/temurin-alpine3.22", + "jre25/temurin-alpine3.22", + "jdk25/temurin-alpine3.21", + "jre25/temurin-alpine3.21", + "jdk25/temurin-ubi10-minimal", + "jre25/temurin-ubi10-minimal", + "jdk25/corretto-al2023", + "jdk25/corretto-alpine3.22", + "jdk25/corretto-alpine3.21", + "jdk25/corretto-alpine3.20", + "jdk25/sapmachine-noble", + "jdk25/sapmachine-jammy", + "jdk25/semeru-noble", + "jre25/semeru-noble", + "jdk25/semeru-jammy", + "jre25/semeru-jammy", "jdk21/temurin-noble", "jre21/temurin-noble", "jdk21/temurin-jammy", "jre21/temurin-jammy", + "jdk21/temurin-alpine3.22", + "jre21/temurin-alpine3.22", + "jdk21/temurin-alpine3.21", + "jre21/temurin-alpine3.21", + "jdk21/temurin-alpine3.20", + "jre21/temurin-alpine3.20", + "jdk21/temurin-ubi10-minimal", + "jre21/temurin-ubi10-minimal", + "jdk21/temurin-ubi9-minimal", + "jre21/temurin-ubi9-minimal", + "jdk21/corretto-al2023", "jdk21/corretto-al2", + "jdk21/corretto-alpine3.22", + "jdk21/corretto-alpine3.21", + "jdk21/corretto-alpine3.20", + "jdk21/sapmachine-noble", + "jdk21/sapmachine-jammy", + "jdk21/semeru-noble", + "jre21/semeru-noble", + "jdk21/semeru-jammy", + "jre21/semeru-jammy", "jdk17/temurin-noble", "jre17/temurin-noble", "jdk17/temurin-jammy", "jre17/temurin-jammy", + "jdk17/temurin-alpine3.22", + "jre17/temurin-alpine3.22", + "jdk17/temurin-alpine3.21", + "jre17/temurin-alpine3.21", + "jdk17/temurin-alpine3.20", + "jre17/temurin-alpine3.20", + "jdk17/temurin-ubi10-minimal", + "jre17/temurin-ubi10-minimal", + "jdk17/temurin-ubi9-minimal", + "jre17/temurin-ubi9-minimal", + "jdk17/corretto-al2023", "jdk17/corretto-al2", + "jdk17/corretto-alpine3.22", + "jdk17/corretto-alpine3.21", + "jdk17/corretto-alpine3.20", + "jdk17/sapmachine-noble", + "jdk17/sapmachine-jammy", + "jdk17/semeru-noble", + "jre17/semeru-noble", + "jdk17/semeru-jammy", + "jre17/semeru-jammy", "jdk11/temurin-noble", "jre11/temurin-noble", "jdk11/temurin-jammy", "jre11/temurin-jammy", + "jdk11/temurin-alpine3.22", + "jre11/temurin-alpine3.22", + "jdk11/temurin-alpine3.21", + "jre11/temurin-alpine3.21", + "jdk11/temurin-alpine3.20", + "jre11/temurin-alpine3.20", + "jdk11/temurin-ubi10-minimal", + "jre11/temurin-ubi10-minimal", + "jdk11/temurin-ubi9-minimal", + "jre11/temurin-ubi9-minimal", + "jdk11/corretto-al2023", "jdk11/corretto-al2", + "jdk11/corretto-alpine3.22", + "jdk11/corretto-alpine3.21", + "jdk11/corretto-alpine3.20", + "jdk11/sapmachine-noble", + "jdk11/sapmachine-jammy", + "jdk11/semeru-noble", + "jre11/semeru-noble", + "jdk11/semeru-jammy", + "jre11/semeru-jammy", "jdk8/temurin-noble", "jre8/temurin-noble", "jdk8/temurin-jammy", "jre8/temurin-jammy", - "jdk8/corretto-al2" + "jdk8/temurin-alpine3.22", + "jre8/temurin-alpine3.22", + "jdk8/temurin-alpine3.21", + "jre8/temurin-alpine3.21", + "jdk8/temurin-alpine3.20", + "jre8/temurin-alpine3.20", + "jdk8/temurin-ubi10-minimal", + "jre8/temurin-ubi10-minimal", + "jdk8/temurin-ubi9-minimal", + "jre8/temurin-ubi9-minimal", + "jdk8/corretto-al2023", + "jre8/corretto-al2023", + "jdk8/corretto-al2", + "jdk8/corretto-alpine3.22", + "jre8/corretto-alpine3.22", + "jdk8/corretto-alpine3.21", + "jre8/corretto-alpine3.21", + "jdk8/corretto-alpine3.20", + "jre8/corretto-alpine3.20", + "jdk8/semeru-noble", + "jre8/semeru-noble", + "jdk8/semeru-jammy", + "jre8/semeru-jammy", + "jdk26/openjdk-trixie", + "jdk26/openjdk-bookworm", + "jdk26/openjdk-slim-trixie", + "jdk26/openjdk-slim-bookworm", + "jdk26/openjdk-oraclelinux9", + "jdk26/openjdk-oraclelinux8" ], "version": "9.0.112" } diff --git a/versions.sh b/versions.sh index 5cf3c873..3f62c46d 100755 --- a/versions.sh +++ b/versions.sh @@ -26,12 +26,23 @@ _bashbrew_list() { } allVariants='[]' -for javaVersion in 25 21 17 11 8; do +# LTS versions in descending order followed by all other versions (also in descending order) +for javaVersion in \ + 25 \ + 21 \ + 17 \ + 11 \ + 8 \ + 26 \ + 24 \ +; do # Eclipse Temurin, followed by OpenJDK, and then all other variants alphabetically for vendorVariant in \ - temurin-{noble,jammy} \ - openjdk{,-slim}-{trixie,bookworm} \ - corretto-al2 \ + temurin-{noble,jammy,alpine{3.22,3.21,3.20},ubi{10,9}-minimal} \ + openjdk-{{,slim-}{trixie,bookworm},alpine{3.22,3.21},oraclelinux{9,8}} \ + corretto-{al2023,al2,alpine{3.22,3.21,3.20,3.19}} \ + sapmachine-{noble,jammy} \ + semeru-{noble,jammy} \ ; do for javaVariant in {jdk,jre}"$javaVersion"; do export variant="$javaVariant/$vendorVariant"