Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

template Dockerfile: breaking changes in Debian Sid #575

Closed
sycured opened this issue Aug 30, 2021 · 10 comments
Closed

template Dockerfile: breaking changes in Debian Sid #575

sycured opened this issue Aug 30, 2021 · 10 comments
Assignees
@thresheek

Comments

@sycured
Copy link

sycured commented Aug 30, 2021
edited
Loading

How I discovered this issue

Trying to build 2 docker images:

  • unit-jsc8
  • unit-jsc10

Fix GPG key

Before each apt-get update, I needed to add the following line

&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138 \

Fixing perl

Due to the split between libc6 and libcrypt, I need to install libcrypt1 in separate step just after apt-get update

&& apt-get install --no-install-recommends --no-install-suggests -y libcrypt1 \
@ghost ghost assigned thresheek Aug 31, 2021
@ghost
Copy link

ghost commented Aug 31, 2021

Hi!
We'll take a look soon.

@thresheek
Copy link
Member

Hi @sycured , can you please provide step by step instructions on how to reproduce the issues?

Thanks,

@sycured
Copy link
Author

sycured commented Sep 1, 2021

It's the way that it's written in Unit documentation: Customizing Language Versions in Docker Images

git clone --single-branch -b 1.25.0 https://github.com/nginx/unit
cd unit/pkg/docker
make build-jsc10 VERSION_jsc=10

@thresheek
Copy link
Member

Thanks.

It looks like openjdk 10 image is a really, really old one from 2018, based on Sid indeed. It's unsupported by Docker Library and not maintained for a really long time, which means security issues are not fixed there.

I suggest not using this image at all, and I don't think we'll accept patches fixing the problems for it.

@thresheek
Copy link
Member

That being said, I don't see any issues with jdk 8/11.

On the other hand, with 16-17-18, the default images are now based on Oracle, so we might want to change the FROM to bullseye/buster images too.

@sycured
Copy link
Author

sycured commented Sep 1, 2021

Maybe you need to use other image as base like alpine or other more maintained

I've not modified your template and makefile

@thresheek
Copy link
Member

The base images used are taken from Docker Library. So if OpenJDK drops version 10 support, Docker Library will also drop them and leave older images untouched - exactly what we see here.

Unfortunately, there isnt much we can do about those older versions, especially since OpenJDK is not supported on Alpine: https://pkgs.alpinelinux.org/packages?name=openjdk&branch=v3.14

Would modifying the documentation to point out that we could only support currently maintained versions by Docker Library help?

@sycured
Copy link
Author

sycured commented Sep 2, 2021

Yes but it can be better to have the possibility to choose between:

@thresheek
Copy link
Member

The option to choose between those images effectively means that we would need to build and support another image for Eclipse Temurin aside of OpenJDK-based one. I'm leaving this open in the case of additional users exhibit their interest in this variant so we can adjust our priorities based on that input.

@thresheek
Copy link
Member

JFYI OpenJDK builds are retired in Docker Official images, so we're now using Eclipse Temurin as a base.

docker-library/openjdk#505

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thresheek thresheek

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thresheek @sycured