SonarQube 6.3 #2756
Merged
SonarQube 6.3 #2756
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/_bashbrew-list b/_bashbrew-list
index 1653680..5319bc2 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -1,7 +1,7 @@
sonarqube:5.6.6
sonarqube:5.6.6-alpine
-sonarqube:6.2
-sonarqube:6.2-alpine
+sonarqube:6.3
+sonarqube:6.3-alpine
sonarqube:alpine
sonarqube:latest
sonarqube:lts
diff --git a/sonarqube_5.6.6-alpine/Dockerfile b/sonarqube_5.6.6-alpine/Dockerfile
index 4e6aeab..6f07a9d 100644
--- a/sonarqube_5.6.6-alpine/Dockerfile
+++ b/sonarqube_5.6.6-alpine/Dockerfile
@@ -1,4 +1,5 @@
-FROM openjdk:8-alpine
+FROM openjdk:8u111-jdk-alpine
+# note that something in later base image versions causes failure of certificate verification when downloading SonarQube
MAINTAINER David Gageot <david.gageot@sonarsource.com>
diff --git a/sonarqube_6.2-alpine/Dockerfile b/sonarqube_6.3-alpine/Dockerfile
similarity index 88%
rename from sonarqube_6.2-alpine/Dockerfile
rename to sonarqube_6.3-alpine/Dockerfile
index 1225411..c5f2b27 100644
--- a/sonarqube_6.2-alpine/Dockerfile
+++ b/sonarqube_6.3-alpine/Dockerfile
@@ -1,8 +1,9 @@
-FROM openjdk:8-alpine
+FROM openjdk:8u111-jdk-alpine
+# note that something in later base image versions causes failure of certificate verification when downloading SonarQube
MAINTAINER David Gageot <david.gageot@sonarsource.com>
-ENV SONAR_VERSION=6.2 \
+ENV SONAR_VERSION=6.3 \
SONARQUBE_HOME=/opt/sonarqube \
# Database configuration
# Defaults to using H2
diff --git a/sonarqube_6.2-alpine/run.sh b/sonarqube_6.3-alpine/run.sh
similarity index 100%
rename from sonarqube_6.2-alpine/run.sh
rename to sonarqube_6.3-alpine/run.sh
diff --git a/sonarqube_6.2/Dockerfile b/sonarqube_6.3/Dockerfile
similarity index 98%
rename from sonarqube_6.2/Dockerfile
rename to sonarqube_6.3/Dockerfile
index 0698288..7dec26b 100644
--- a/sonarqube_6.2/Dockerfile
+++ b/sonarqube_6.3/Dockerfile
@@ -2,7 +2,7 @@ FROM openjdk:8
MAINTAINER David Gageot <david.gageot@sonarsource.com>
-ENV SONAR_VERSION=6.2 \
+ENV SONAR_VERSION=6.3 \
SONARQUBE_HOME=/opt/sonarqube \
# Database configuration
# Defaults to using H2
diff --git a/sonarqube_6.2/run.sh b/sonarqube_6.3/run.sh
similarity index 100%
rename from sonarqube_6.2/run.sh
rename to sonarqube_6.3/run.sh |
|
@Godin, the version of I did find that I could get
(downloading this url: https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-6.3.zip) cc @ncopa, have you heard of any similar problems with curl/wget and *ssl in alpine 3.5? (I can file an issue if you like.) edit add the test output of busybox $ docker run -it --rm alpine:3.5 sh
/ # apk add --no-cache curl openssl
fetch http://dl-cdn.alpinelinux.org/alpine/v3.5/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.5/community/x86_64/APKINDEX.tar.gz
(1/7) Installing ca-certificates (20161130-r0)
(2/7) Installing libssh2 (1.7.0-r2)
(3/7) Installing libcurl (7.52.1-r2)
(4/7) Installing curl (7.52.1-r2)
(5/7) Installing libcrypto1.0 (1.0.2k-r0)
(6/7) Installing libssl1.0 (1.0.2k-r0)
(7/7) Installing openssl (1.0.2k-r0)
Executing busybox-1.25.1-r0.trigger
Executing ca-certificates-20161130-r0.trigger
OK: 9 MiB in 18 packages
/ # wget https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-6.3.zip
Connecting to sonarsource.bintray.com (108.168.243.150:443)
Connecting to akamai.bintray.com (23.206.199.89:443)
sonarqube-6.3.zip 100% |**********************************************************| 111M 0:00:00 ETA
/ # apk add --no-cache wget
fetch http://dl-cdn.alpinelinux.org/alpine/v3.5/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.5/community/x86_64/APKINDEX.tar.gz
(1/1) Installing wget (1.18-r1)
Executing busybox-1.25.1-r0.trigger
OK: 9 MiB in 19 packages
/ # wget https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-6.3.zip
--2017-03-21 21:47:45-- https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-6.3.zip
Resolving sonarsource.bintray.com... 108.168.243.150
Connecting to sonarsource.bintray.com|108.168.243.150|:443... connected.
HTTP request sent, awaiting response... 302
Location: https://akamai.bintray.com/fd/fdb4ba71e684bb02d86e84e191c2b82d0d669e2665a350c50bcd21e197a18459?__gda__=exp=1490133586~hmac=665182b4142055bcdfe7a794f63274c3c0de1c9eb0fc5a674fa75a9456518173&response-content-disposition=attachment%3Bfilename%3D%22sonarqube-6.3.zip%22&response-content-type=application%2Fzip&requestInfo=U2FsdGVkX1_GmrBiqWqDTYzLxzld6_Xt6OCvh3lcV6b_YIaHvEXI6cOm0luHZgFPJr2VCJLsPImy1ifkE2DnEYp33wIrHcyImPfebIL_8Z6kQnagxQw4BWSrJh32P8KabEZBcqpEnPKIYXpD5uiTYA [following]
--2017-03-21 21:47:46-- https://akamai.bintray.com/fd/fdb4ba71e684bb02d86e84e191c2b82d0d669e2665a350c50bcd21e197a18459?__gda__=exp=1490133586~hmac=665182b4142055bcdfe7a794f63274c3c0de1c9eb0fc5a674fa75a9456518173&response-content-disposition=attachment%3Bfilename%3D%22sonarqube-6.3.zip%22&response-content-type=application%2Fzip&requestInfo=U2FsdGVkX1_GmrBiqWqDTYzLxzld6_Xt6OCvh3lcV6b_YIaHvEXI6cOm0luHZgFPJr2VCJLsPImy1ifkE2DnEYp33wIrHcyImPfebIL_8Z6kQnagxQw4BWSrJh32P8KabEZBcqpEnPKIYXpD5uiTYA
Resolving akamai.bintray.com... 23.206.199.89
Connecting to akamai.bintray.com|23.206.199.89|:443... connected.
ERROR: cannot verify akamai.bintray.com's certificate, issued by 'CN=Verizon Akamai SureServer CA G14-SHA2,OU=Cybertrust,O=Verizon Enterprise Solutions,L=Amsterdam,C=NL':
Unable to locally verify the issuer's authority.
To connect to akamai.bintray.com insecurely, use `--no-check-certificate'.
/ # curl -o sonar.zip -fSL https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-6.3.zip
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option. |
|
@yosifkit if my memory doesn't lie to me, then I also tried Wondering if it is possible to merge this one with usage of java 8u111? So that to decouple publication of new SonarQube version from the issue with downloading. |
|
I did have to specifically install libressl or openssl since neither came automatically with curl or wget. I would probably use libressl since it works with both versions of wget. I'd rather not move the image to be based upon |
Godin
added a commit
to SonarSource/docker-sonarqube
that referenced
this pull request
Mar 22, 2017
Use wget instead of curl to workaround certificate verification problem (see docker-library/official-images#2756).
|
@yosifkit okay, updated to use |
diff --git a/_bashbrew-list b/_bashbrew-list
index 1653680..5319bc2 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -1,7 +1,7 @@
sonarqube:5.6.6
sonarqube:5.6.6-alpine
-sonarqube:6.2
-sonarqube:6.2-alpine
+sonarqube:6.3
+sonarqube:6.3-alpine
sonarqube:alpine
sonarqube:latest
sonarqube:lts
diff --git a/sonarqube_5.6.6-alpine/Dockerfile b/sonarqube_5.6.6-alpine/Dockerfile
index 4e6aeab..0f07a4a 100644
--- a/sonarqube_5.6.6-alpine/Dockerfile
+++ b/sonarqube_5.6.6-alpine/Dockerfile
@@ -14,7 +14,8 @@ ENV SONAR_VERSION=5.6.6 \
EXPOSE 9000
RUN set -x \
- && apk add --no-cache gnupg unzip curl \
+ && apk add --no-cache gnupg unzip \
+ && apk add --no-cache libressl wget \
# pub 2048R/D26468DE 2015-05-25
# Key fingerprint = F118 2E81 C792 9289 21DB CAB4 CFCA 4A29 D264 68DE
@@ -24,8 +25,8 @@ RUN set -x \
&& mkdir /opt \
&& cd /opt \
- && curl -o sonarqube.zip -fSL https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-$SONAR_VERSION.zip \
- && curl -o sonarqube.zip.asc -fSL https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-$SONAR_VERSION.zip.asc \
+ && wget -O sonarqube.zip --no-verbose https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-$SONAR_VERSION.zip \
+ && wget -O sonarqube.zip.asc --no-verbose https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-$SONAR_VERSION.zip.asc \
&& gpg --batch --verify sonarqube.zip.asc sonarqube.zip \
&& unzip sonarqube.zip \
&& mv sonarqube-$SONAR_VERSION sonarqube \
diff --git a/sonarqube_6.2-alpine/Dockerfile b/sonarqube_6.3-alpine/Dockerfile
similarity index 73%
rename from sonarqube_6.2-alpine/Dockerfile
rename to sonarqube_6.3-alpine/Dockerfile
index 1225411..2e22fea 100644
--- a/sonarqube_6.2-alpine/Dockerfile
+++ b/sonarqube_6.3-alpine/Dockerfile
@@ -2,7 +2,7 @@ FROM openjdk:8-alpine
MAINTAINER David Gageot <david.gageot@sonarsource.com>
-ENV SONAR_VERSION=6.2 \
+ENV SONAR_VERSION=6.3 \
SONARQUBE_HOME=/opt/sonarqube \
# Database configuration
# Defaults to using H2
@@ -14,7 +14,8 @@ ENV SONAR_VERSION=6.2 \
EXPOSE 9000
RUN set -x \
- && apk add --no-cache gnupg unzip curl \
+ && apk add --no-cache gnupg unzip \
+ && apk add --no-cache libressl wget \
# pub 2048R/D26468DE 2015-05-25
# Key fingerprint = F118 2E81 C792 9289 21DB CAB4 CFCA 4A29 D264 68DE
@@ -24,8 +25,8 @@ RUN set -x \
&& mkdir /opt \
&& cd /opt \
- && curl -o sonarqube.zip -fSL https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-$SONAR_VERSION.zip \
- && curl -o sonarqube.zip.asc -fSL https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-$SONAR_VERSION.zip.asc \
+ && wget -O sonarqube.zip --no-verbose https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-$SONAR_VERSION.zip \
+ && wget -O sonarqube.zip.asc --no-verbose https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-$SONAR_VERSION.zip.asc \
&& gpg --batch --verify sonarqube.zip.asc sonarqube.zip \
&& unzip sonarqube.zip \
&& mv sonarqube-$SONAR_VERSION sonarqube \
diff --git a/sonarqube_6.2-alpine/run.sh b/sonarqube_6.3-alpine/run.sh
similarity index 100%
rename from sonarqube_6.2-alpine/run.sh
rename to sonarqube_6.3-alpine/run.sh
diff --git a/sonarqube_6.2/Dockerfile b/sonarqube_6.3/Dockerfile
similarity index 98%
rename from sonarqube_6.2/Dockerfile
rename to sonarqube_6.3/Dockerfile
index 0698288..7dec26b 100644
--- a/sonarqube_6.2/Dockerfile
+++ b/sonarqube_6.3/Dockerfile
@@ -2,7 +2,7 @@ FROM openjdk:8
MAINTAINER David Gageot <david.gageot@sonarsource.com>
-ENV SONAR_VERSION=6.2 \
+ENV SONAR_VERSION=6.3 \
SONARQUBE_HOME=/opt/sonarqube \
# Database configuration
# Defaults to using H2
diff --git a/sonarqube_6.2/run.sh b/sonarqube_6.3/run.sh
similarity index 100%
rename from sonarqube_6.2/run.sh
rename to sonarqube_6.3/run.shBuild test of #2756; e6b4ece ( $ bashbrew build sonarqube:latest
Building bashbrew/cache:b2cb63312e0ac19d0155fecfe7ced1f42687e114907c3ed1309ac9c009d1517c (sonarqube:latest)
Tagging sonarqube:latest
Tagging sonarqube:6.3
$ test/run.sh sonarqube:latest
testing sonarqube:latest
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build sonarqube:lts
Building bashbrew/cache:142970a1605dee5d515e29f5de4e2cc9a6a88b8a0c8d3790737409ab0ce3f634 (sonarqube:lts)
Tagging sonarqube:lts
Tagging sonarqube:5.6.6
$ test/run.sh sonarqube:lts
testing sonarqube:lts
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build sonarqube:alpine
Building bashbrew/cache:ad3826b5d83a64999fa7463a49f1c22ceba92ed177e384c2467612797087b1c2 (sonarqube:alpine)
Tagging sonarqube:alpine
Tagging sonarqube:6.3-alpine
$ test/run.sh sonarqube:alpine
testing sonarqube:alpine
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build sonarqube:lts-alpine
Building bashbrew/cache:3032e1b77803184232f3d0f271f46b6d385605797c9d8b1d50e2f4523e202bf3 (sonarqube:lts-alpine)
Tagging sonarqube:lts-alpine
Tagging sonarqube:5.6.6-alpine
$ test/run.sh sonarqube:lts-alpine
testing sonarqube:lts-alpine
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
|
|
Merging this; I will create an issue to track the problems with libressl and curl. |
|
Tracking issue created: #2773 |
|
@yosifkit thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.