Issue appropriate#113 and appropriate#103

Cleaned up jetty-home usage
Tested the approach for slim JDKs by adding another multi stage to do the validation, since
gpg is not available in slim builds

Signed-off-by: Greg Wilkins <gregw@webtide.com>

9.2-jre8/Dockerfile

@@ -26,7 +26,7 @@ RUN set -xe \
 
 # Start a new image and import keys
 FROM openjdk:8-jre
-COPY --from=keys /jetty-keys/ /jetty-keys/
+COPY --from=Keys /jetty-keys/ /jetty-keys/
 
 ENV JETTY_VERSION 9.2.28.v20190418
 ENV JETTY_HOME /usr/local/jetty

9.3-jre8/Dockerfile

@@ -26,7 +26,7 @@ RUN set -xe \
 
 # Start a new image and import keys
 FROM openjdk:8-jre
-COPY --from=keys /jetty-keys/ /jetty-keys/
+COPY --from=Keys /jetty-keys/ /jetty-keys/
 
 ENV JETTY_VERSION 9.3.27.v20190418
 ENV JETTY_HOME /usr/local/jetty

9.4-jdk13-slim/Dockerfile

@@ -0,0 +1,73 @@
+FROM openjdk:13 AS Keys
+
+# GPG Keys are personal keys of Jetty committers (see https://github.com/eclipse/jetty.project/blob/0607c0e66e44b9c12a62b85551da3a0edce0281e/KEYS.txt)
+ENV JETTY_GPG_KEYS \
+	# Jan Bartel      <janb@mortbay.com>
+	AED5EE6C45D0FE8D5D1B164F27DED4BF6216DB8F \
+	# Jesse McConnell <jesse.mcconnell@gmail.com>
+	2A684B57436A81FA8706B53C61C3351A438A3B7D \
+	# Joakim Erdfelt  <joakim.erdfelt@gmail.com>
+	5989BAF76217B843D66BE55B2D0E1FB8FE4B68B4 \
+	# Joakim Erdfelt  <joakim@apache.org>
+	B59B67FD7904984367F931800818D9D68FB67BAC \
+	# Joakim Erdfelt  <joakim@erdfelt.com>
+	BFBB21C246D7776836287A48A04E0C74ABB35FEA \
+	# Simone Bordet   <simone.bordet@gmail.com>
+	8B096546B1A8F02656B15D3B1677D141BCF3584D \
+	# Greg Wilkins    <gregw@webtide.com>
+	FBA2B18D238AB852DF95745C76157BDF03D0DCD6 \
+	# Greg Wilkins    <gregw@webtide.com>
+	5C9579B3DB2E506429319AAEF33B071B29559E1E
+
+RUN set -xe \
+	&& mkdir /jetty-keys \
+	&& for key in $JETTY_GPG_KEYS; do \
+		GNUPGHOME=/jetty-keys gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; done 
+
+# Start a new image to import jetty and validate keys
+FROM openjdk:13 AS Jetty
+COPY --from=Keys /jetty-keys/ /jetty-keys/
+
+ENV JETTY_VERSION 9.4.24.v20191120
+ENV JETTY_HOME /usr/local/jetty
+ENV JETTY_TGZ_URL https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/$JETTY_VERSION/jetty-home-$JETTY_VERSION.tar.gz
+
+RUN set -xe \
+	&& mkdir -p "$JETTY_HOME" \
+	&& cd $JETTY_HOME \
+	&& curl -SL "$JETTY_TGZ_URL" -o jetty.tar.gz \
+	&& curl -SL "$JETTY_TGZ_URL.asc" -o jetty.tar.gz.asc \
+	&& GNUPGHOME=/jetty-keys gpg --batch --verify jetty.tar.gz.asc jetty.tar.gz \
+	&& tar -xvf jetty.tar.gz --strip-components=1 \
+	&& sed -i '/jetty-logging/d' etc/jetty.conf \
+	&& rm -fr jetty.tar.gz*
+
+# Start a new slim image and import jetty
+FROM openjdk:13-slim
+COPY --from=Jetty /usr/local/jetty/ /usr/local/jetty/
+
+ENV JETTY_HOME /usr/local/jetty
+ENV JETTY_BASE /var/lib/jetty
+ENV TMPDIR /tmp/jetty
+ENV PATH $JETTY_HOME/bin:$PATH
+
+RUN set -xe \
+	&& groupadd -r jetty && useradd -r -g jetty jetty \
+	&& mkdir -p "$JETTY_BASE" "$TMPDIR" \
+	&& cd $JETTY_BASE \
+	&& java -jar "$JETTY_HOME/start.jar" --create-startd --add-to-start="server,http,deploy,jsp,jstl,ext,resources,websocket" \
+	&& chown -R jetty:jetty "$JETTY_HOME" "$JETTY_BASE" "$TMPDIR" \
+	&& rm -rf /tmp/hsperfdata_root
+
+WORKDIR $JETTY_BASE
+COPY docker-entrypoint.sh generate-jetty-start.sh /
+
+USER jetty
+EXPOSE 8080
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["java","-jar","/usr/local/jetty/start.jar"]
+
+RUN set -xe \
+	&& chown -R jetty:jetty "$JETTY_BASE" \
+	&& rm -rf /tmp/hsperfdata_root
+

9.4-jdk13-slim/arches

@@ -0,0 +1 @@
+amd64, arm64v8

9.4-jdk13-slim/docker-entrypoint.sh

@@ -0,0 +1,113 @@
+#!/bin/sh
+
+set -e
+
+if [ "$1" = jetty.sh ]; then
+	if ! command -v bash >/dev/null 2>&1 ; then
+		cat >&2 <<- 'EOWARN'
+			********************************************************************
+			ERROR: bash not found. Use of jetty.sh requires bash.
+			********************************************************************
+		EOWARN
+		exit 1
+	fi
+	cat >&2 <<- 'EOWARN'
+		********************************************************************
+		WARNING: Use of jetty.sh from this image is deprecated and may
+			 be removed at some point in the future.
+
+			 See the documentation for guidance on extending this image:
+			 https://github.com/docker-library/docs/tree/master/jetty
+		********************************************************************
+	EOWARN
+fi
+
+if ! command -v -- "$1" >/dev/null 2>&1 ; then
+	set -- java -jar "$JETTY_HOME/start.jar" "$@"
+fi
+
+: ${TMPDIR:=/tmp/jetty}
+[ -d "$TMPDIR" ] || mkdir -p $TMPDIR 2>/dev/null
+
+: ${JETTY_START:=$JETTY_BASE/jetty.start}
+
+case "$JAVA_OPTIONS" in
+	*-Djava.io.tmpdir=*) ;;
+	*) JAVA_OPTIONS="-Djava.io.tmpdir=$TMPDIR $JAVA_OPTIONS" ;;
+esac
+
+if expr "$*" : 'java .*/start\.jar.*$' >/dev/null ; then
+	# this is a command to run jetty
+
+	# check if it is a terminating command
+	for A in "$@" ; do
+		case $A in
+			--add-to-start* |\
+			--create-files |\
+			--create-startd |\
+			--download |\
+			--dry-run |\
+			--exec-print |\
+			--help |\
+			--info |\
+			--list-all-modules |\
+			--list-classpath |\
+			--list-config |\
+			--list-modules* |\
+			--stop |\
+			--update-ini |\
+			--version |\
+			-v )\
+			# It is a terminating command, so exec directly
+			JAVA="$1"
+			shift
+			exec $JAVA $JAVA_OPTIONS "$@"
+		esac
+	done
+
+	if [ $(whoami) != "jetty" ]; then
+		cat >&2 <<- EOWARN
+			********************************************************************
+			WARNING: User is $(whoami)
+			         The user should be (re)set to 'jetty' in the Dockerfile
+			********************************************************************
+		EOWARN
+	fi
+
+	if [ -f $JETTY_START ] ; then
+		if [ $JETTY_BASE/start.d -nt $JETTY_START ] ; then
+			cat >&2 <<- EOWARN
+			********************************************************************
+			WARNING: The $JETTY_BASE/start.d directory has been modified since
+			         the $JETTY_START files was generated. Either delete 
+			         the $JETTY_START file or re-run 
+			             /generate-jetty.start.sh 
+			         from a Dockerfile
+			********************************************************************
+			EOWARN
+		fi
+		echo $(date +'%Y-%m-%d %H:%M:%S.000'):INFO:docker-entrypoint:jetty start from $JETTY_START
+		set -- $(cat $JETTY_START)
+	else
+		# Do a jetty dry run to set the final command
+		JAVA="$1"
+		shift
+		$JAVA $JAVA_OPTIONS "$@" --dry-run > $JETTY_START
+		if [ $(egrep -v '\\$' $JETTY_START | wc -l ) -gt 1 ] ; then
+			# command was more than a dry-run
+			cat $JETTY_START \
+			| awk '/\\$/ { printf "%s", substr($0, 1, length($0)-1); next } 1' \
+			| egrep -v '[^ ]*java .* org\.eclipse\.jetty\.xml\.XmlConfiguration '
+			exit
+		fi
+		set -- $(sed -e 's/ -Djava.io.tmpdir=[^ ]*//g' -e 's/\\$//' $JETTY_START)
+	fi
+fi
+
+if [ "${1##*/}" = java -a -n "$JAVA_OPTIONS" ] ; then
+	JAVA="$1"
+	shift
+	set -- "$JAVA" $JAVA_OPTIONS "$@"
+fi
+
+exec "$@"

9.4-jdk13-slim/generate-jetty-start.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ -z "$JETTY_START" ] ; then
+	JETTY_START=$JETTY_BASE/jetty.start
+fi
+rm -f $JETTY_START
+/docker-entrypoint.sh --dry-run | sed -e 's/ -Djava.io.tmpdir=[^ ]*//g' -e 's/\\$//' > $JETTY_START

9.4-jdk13/Dockerfile

@@ -0,0 +1,73 @@
+FROM openjdk:13 AS Keys
+
+# GPG Keys are personal keys of Jetty committers (see https://github.com/eclipse/jetty.project/blob/0607c0e66e44b9c12a62b85551da3a0edce0281e/KEYS.txt)
+ENV JETTY_GPG_KEYS \
+	# Jan Bartel      <janb@mortbay.com>
+	AED5EE6C45D0FE8D5D1B164F27DED4BF6216DB8F \
+	# Jesse McConnell <jesse.mcconnell@gmail.com>
+	2A684B57436A81FA8706B53C61C3351A438A3B7D \
+	# Joakim Erdfelt  <joakim.erdfelt@gmail.com>
+	5989BAF76217B843D66BE55B2D0E1FB8FE4B68B4 \
+	# Joakim Erdfelt  <joakim@apache.org>
+	B59B67FD7904984367F931800818D9D68FB67BAC \
+	# Joakim Erdfelt  <joakim@erdfelt.com>
+	BFBB21C246D7776836287A48A04E0C74ABB35FEA \
+	# Simone Bordet   <simone.bordet@gmail.com>
+	8B096546B1A8F02656B15D3B1677D141BCF3584D \
+	# Greg Wilkins    <gregw@webtide.com>
+	FBA2B18D238AB852DF95745C76157BDF03D0DCD6 \
+	# Greg Wilkins    <gregw@webtide.com>
+	5C9579B3DB2E506429319AAEF33B071B29559E1E
+
+RUN set -xe \
+	&& mkdir /jetty-keys \
+	&& for key in $JETTY_GPG_KEYS; do \
+		GNUPGHOME=/jetty-keys gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; done 
+
+# Start a new image to import jetty and validate keys
+FROM openjdk:13 AS Jetty
+COPY --from=Keys /jetty-keys/ /jetty-keys/
+
+ENV JETTY_VERSION 9.4.24.v20191120
+ENV JETTY_HOME /usr/local/jetty
+ENV JETTY_TGZ_URL https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/$JETTY_VERSION/jetty-home-$JETTY_VERSION.tar.gz
+
+RUN set -xe \
+	&& mkdir -p "$JETTY_HOME" \
+	&& cd $JETTY_HOME \
+	&& curl -SL "$JETTY_TGZ_URL" -o jetty.tar.gz \
+	&& curl -SL "$JETTY_TGZ_URL.asc" -o jetty.tar.gz.asc \
+	&& GNUPGHOME=/jetty-keys gpg --batch --verify jetty.tar.gz.asc jetty.tar.gz \
+	&& tar -xvf jetty.tar.gz --strip-components=1 \
+	&& sed -i '/jetty-logging/d' etc/jetty.conf \
+	&& rm -fr jetty.tar.gz*
+
+# Start a new image and import jetty
+FROM openjdk:13
+COPY --from=Jetty /usr/local/jetty/ /usr/local/jetty/
+
+ENV JETTY_HOME /usr/local/jetty
+ENV JETTY_BASE /var/lib/jetty
+ENV TMPDIR /tmp/jetty
+ENV PATH $JETTY_HOME/bin:$PATH
+
+RUN set -xe \
+	&& groupadd -r jetty && useradd -r -g jetty jetty \
+	&& mkdir -p "$JETTY_BASE" "$TMPDIR" \
+	&& cd $JETTY_BASE \
+	&& java -jar "$JETTY_HOME/start.jar" --create-startd --add-to-start="server,http,deploy,jsp,jstl,ext,resources,websocket" \
+	&& chown -R jetty:jetty "$JETTY_HOME" "$JETTY_BASE" "$TMPDIR" \
+	&& rm -rf /tmp/hsperfdata_root
+
+WORKDIR $JETTY_BASE
+COPY docker-entrypoint.sh generate-jetty-start.sh /
+
+USER jetty
+EXPOSE 8080
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["java","-jar","/usr/local/jetty/start.jar"]
+
+RUN set -xe \
+	&& chown -R jetty:jetty "$JETTY_BASE" \
+	&& rm -rf /tmp/hsperfdata_root
+

9.4-jdk13/arches

@@ -0,0 +1 @@
+amd64, arm64v8