forked from docker-library/openjdk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile-windows.template
113 lines (105 loc) · 5.15 KB
/
Dockerfile-windows.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
FROM mcr.microsoft.com/windows/{{ env.windowsVariant }}:{{ env.windowsRelease }}
{{ if env.windowsVariant == "servercore" then ( -}}
# $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
# enable TLS 1.2
# https://docs.microsoft.com/en-us/system-center/vmm/install-tls?view=sc-vmm-1801
# https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enable-tls-12
RUN Write-Host 'Enabling TLS 1.2 (https://githubengineering.com/crypto-removal-notice/) ...'; \
$tls12RegBase = 'HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2'; \
if (Test-Path $tls12RegBase) { throw ('"{0}" already exists!' -f $tls12RegBase) }; \
New-Item -Path ('{0}/Client' -f $tls12RegBase) -Force; \
New-Item -Path ('{0}/Server' -f $tls12RegBase) -Force; \
New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \
New-ItemProperty -Path ('{0}/Client' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \
New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'DisabledByDefault' -PropertyType DWORD -Value 0 -Force; \
New-ItemProperty -Path ('{0}/Server' -f $tls12RegBase) -Name 'Enabled' -PropertyType DWORD -Value 1 -Force; \
Write-Host 'Complete.'
ENV JAVA_HOME C:\\openjdk-{{ env.version }}
RUN $newPath = ('{0}\bin;{1}' -f $env:JAVA_HOME, $env:PATH); \
Write-Host ('Updating PATH: {0}' -f $newPath); \
setx /M PATH $newPath; \
Write-Host 'Complete.'
{{ ) else ( -}}
SHELL ["cmd", "/s", "/c"]
ENV JAVA_HOME C:\\openjdk-{{ env.version }}
# "ERROR: Access to the registry path is denied."
USER ContainerAdministrator
RUN echo Updating PATH: %JAVA_HOME%\bin;%PATH% \
&& setx /M PATH %JAVA_HOME%\bin;%PATH% \
&& echo Complete.
USER ContainerUser
{{ ) end -}}
{{ if .source == "oracle" then ( -}}
# https://jdk.java.net/
# >
# > Java Development Kit builds, from Oracle
# >
{{ ) else ( -}}
# https://adoptopenjdk.net/upstream.html
# >
# > What are these binaries?
# >
# > These binaries are built by Red Hat on their infrastructure on behalf of the OpenJDK jdk8u and jdk11u projects. The binaries are created from the unmodified source code at OpenJDK. Although no formal support agreement is provided, please report any bugs you may find to https://bugs.java.com/.
# >
{{ ) end -}}
ENV JAVA_VERSION {{ .version }}
{{ if env.windowsVariant == "servercore" then ( -}}
{{ # TODO $env:PROCESSOR_ARCHITECTURE for arm64v8 someday (https://superuser.com/a/1441469/101945) -}}
ENV JAVA_URL {{ .[env.javaType].arches["windows-amd64"].url }}
{{ if .[env.javaType].arches["windows-amd64"] | has("sha256") then ( -}}
ENV JAVA_SHA256 {{ .[env.javaType].arches["windows-amd64"].sha256 }}
{{ ) else "" end -}}
{{ ) else "" end -}}
{{ if .source == "adopt" then ( -}}
# https://github.com/docker-library/openjdk/issues/320#issuecomment-494050246
# >
# > I am the OpenJDK 8 and 11 Updates OpenJDK project lead.
# > ...
# > While it is true that the OpenJDK Governing Board has not sanctioned those releases, they (or rather we, since I am a member) didn't sanction Oracle's OpenJDK releases either. As far as I am aware, the lead of an OpenJDK project is entitled to release binary builds, and there is clearly a need for them.
# >
{{ ) else "" end -}}
{{ if env.windowsVariant == "servercore" then ( -}}
RUN Write-Host ('Downloading {0} ...' -f $env:JAVA_URL); \
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \
Invoke-WebRequest -Uri $env:JAVA_URL -OutFile 'openjdk.zip'; \
{{ if .[env.javaType].arches["windows-amd64"] | has("sha256") then ( -}}
Write-Host ('Verifying sha256 ({0}) ...' -f $env:JAVA_SHA256); \
if ((Get-FileHash openjdk.zip -Algorithm sha256).Hash -ne $env:JAVA_SHA256) { \
Write-Host 'FAILED!'; \
exit 1; \
}; \
{{ ) else ( -}}
# TODO signature? checksum?
{{ ) end -}}
\
Write-Host 'Expanding ...'; \
New-Item -ItemType Directory -Path C:\temp | Out-Null; \
Expand-Archive openjdk.zip -DestinationPath C:\temp; \
Move-Item -Path C:\temp\* -Destination $env:JAVA_HOME; \
Remove-Item C:\temp; \
\
Write-Host 'Removing ...'; \
Remove-Item openjdk.zip -Force; \
\
Write-Host 'Verifying install ...'; \
{{ def version_flag: if env.version == "8" then "-version" else "--version" end -}}
{{ if env.javaType == "jdk" then ( -}}
Write-Host ' javac {{ version_flag }}'; javac {{ version_flag }}; \
{{ ) else "" end -}}
Write-Host ' java {{ version_flag }}'; java {{ version_flag }}; \
\
Write-Host 'Complete.'
{{ ) else ( -}}
COPY --from=openjdk:{{ .version | gsub("[+]"; "-") }}-{{ env.javaType }}-windowsservercore-{{ env.windowsRelease }} $JAVA_HOME $JAVA_HOME
RUN echo Verifying install ... \
{{ if env.javaType == "jdk" then ( -}}
&& echo javac {{ version_flag }} && javac {{ version_flag }} \
{{ ) else "" end -}}
&& echo java {{ version_flag }} && java {{ version_flag }} \
&& echo Complete.
{{ ) end -}}
{{ if env.version != "8" and env.javaType == "jdk" then ( -}}
# "jshell" is an interactive REPL for Java (see https://en.wikipedia.org/wiki/JShell)
CMD ["jshell"]
{{ ) else "" end -}}