I wonder why the Debian images are not being released even though the Dockerfile is here on the repo. I looked on public.ecr.aws but found nothing.

Unable to pull 8u292-alpine-jre from dockerhub

$ docker pull amazoncorretto:8u292-alpine-jre
Error response from daemon: manifest for amazoncorretto:8u292-alpine-jre not found: manifest unknown: manifest unknown

8u282-alpine-jre is pointing to 8u292

$ docker run -it --rm amazoncorretto:8u282-alpine-jre sh
/ # java -version
openjdk version "1.8.0_292"
OpenJDK Runtime Environment Corretto-8.292.10.1 (build 1.8.0_292-b10)
OpenJDK 64-Bit Server VM Corretto-8.292.10.1 (build 25.292-b10, mixed mode)

8-alpine, 8-alpine-full, 8-alpine-jdk, 8-alpine-jre are not referring the latest 8-alpine3.14* images.

Same for 11-alpine, 11-alpine-full, 11-alpine-jdk, 11-alpine-jre.

i have a docker file and i am using version 8 as below

FROM amazoncorretto:8.

as part of creating docker image , command to install tar "yum -y install tar" is failing with below errors.

Step 10/17 : RUN yum -y install tar
---> Running in edcc7dad035e
Loaded plugins: ovl, priorities
https://yum.corretto.aws/x86_64/repodata/repomd.xml: [Errno 12] Timeout on
Trying other mirror.
https://yum.corretto.aws/x86_64/repodata/repomd.xml: [Errno 12] Timeout on
Trying other mirror.
https://yum.corretto.aws/x86_64/repodata/repomd.xml: [Errno 12] Timeout on
Trying other mirror.
https://yum.corretto.aws/x86_64/repodata/repomd.xml: [Errno 12] Timeout on
Trying other mirror.
https://yum.corretto.aws/x86_64/repodata/repomd.xml: [Errno 12] Timeout on
Trying other mirror.
https://yum.corretto.aws/x86_64/repodata/repomd.xml: [Errno 12] Timeout on
Trying other mirror.
https://yum.corretto.aws/x86_64/repodata/repomd.xml: [Errno 12] Timeout on
Trying other mirror.

can you please fix

Alpine Linux is meant to be a minimalist distribution so the Corretto image currently distributed does not include all the dependencies needed by the JDK (generally, UI related libraries like fontconfig and others). However, it would be nice to have an additional image which does include all the JDK dependencies. This could be distributed as a second Alpine image so that the original image remains minimalist.

See #108 for more discussion and context.

Currently, there are small runtime images of corretto using Alpine Linux. Is there any appetite for images based on distroless? I've been playing with a Dockerfile for it here

Distroless includes glibc so will work with boringssl (for example when used with gRPC / other Netty frameworks) while being about as small if not smaller than the Alpine-based linux. It doesn't include a package manager either so has a bit less of a security surface.

Hello,

Do you have any maintained changelog or document hisotry for corretto updates ?

I found this one, but i doesn't look up to date since January https://docs.aws.amazon.com/corretto/latest/corretto-11-ug/doc-history.html

Thank you

Thank you for taking the time to help improve Corretto.

If your request concerns a security vulnerability then please report it by email to [email protected] instead of here.
(You can find more information regarding security issues at https://aws.amazon.com/security/vulnerability-reporting/.)

If your issue is specific to the Amazon Linux image these containers are built upon, please, consider opening an issue on the Amazon Linux Docker github repository

If your issue is specific to Corretto docker images,
then you are in the right place.
Please proceed with the following.

Describe the bug

Docker image fails to build for alpine https://raw.githubusercontent.com/corretto/corretto-docker/main/8/jdk/al2/Dockerfile

To Reproduce

Steps and (source) code to reproduce the behavior. Run the following:

docker build -t amazon-corretto-8 https://raw.githubusercontent.com/corretto/corretto-docker/main/8/jdk/al2/Dockerfile

Produces the following errro:

[+] Building 9.2s (4/4) FINISHED                                                                                                                                                                         
 => [internal] load remote build context                                                                                                                                                            0.0s
 => [internal] load metadata for docker.io/library/alpine:3.16                                                                                                                                      3.2s
 => [1/2] FROM docker.io/library/alpine:3.16@sha256:b95359c2505145f16c6aa384f9cc74eeff78eb36d308ca4fd902eeeb0a0b161b                                                                                1.0s
 => => resolve docker.io/library/alpine:3.16@sha256:b95359c2505145f16c6aa384f9cc74eeff78eb36d308ca4fd902eeeb0a0b161b                                                                                0.0s
 => => sha256:b95359c2505145f16c6aa384f9cc74eeff78eb36d308ca4fd902eeeb0a0b161b 1.64kB / 1.64kB                                                                                                      0.0s
 => => sha256:559254f7ee68d88649077bd0cc6dfb94c337aadb8411d0fe5eae3b037578ec13 528B / 528B                                                                                                          0.0s
 => => sha256:2b4661558fb8cf1ec295ccd9c6d1cd42067ef517b0e538c9de65f733a8e3dd7e 1.49kB / 1.49kB                                                                                                      0.0s
 => => sha256:6875df1f535433e5affe18ecfde9acb7950ab5f76887980ff06c5cdd48cf98f4 2.71MB / 2.71MB                                                                                                      0.9s
 => => extracting sha256:6875df1f535433e5affe18ecfde9acb7950ab5f76887980ff06c5cdd48cf98f4                                                                                                           0.1s
 => ERROR [2/2] RUN wget -O /THIRD-PARTY-LICENSES-20200824.tar.gz https://corretto.aws/downloads/resources/licenses/alpine/THIRD-PARTY-LICENSES-20200824.tar.gz &&     echo "82f3e50e71b2aee21321b  4.9s
------                                                                                                                                                                                                   
 > [2/2] RUN wget -O /THIRD-PARTY-LICENSES-20200824.tar.gz https://corretto.aws/downloads/resources/licenses/alpine/THIRD-PARTY-LICENSES-20200824.tar.gz &&     echo "82f3e50e71b2aee21321b2b33de372feed5befad6ef2196ddec92311bc09becb  /THIRD-PARTY-LICENSES-20200824.tar.gz" | sha256sum -c - &&     tar x -ovzf THIRD-PARTY-LICENSES-20200824.tar.gz &&     rm -rf THIRD-PARTY-LICENSES-20200824.tar.gz &&     wget -O /etc/apk/keys/amazoncorretto.rsa.pub https://apk.corretto.aws/amazoncorretto.rsa.pub &&     SHA_SUM="6cfdf08be09f32ca298e2d5bd4a359ee2b275765c09b56d514624bf831eafb91" &&     echo "${SHA_SUM}  /etc/apk/keys/amazoncorretto.rsa.pub" | sha256sum -c - &&     echo "https://apk.corretto.aws" >> /etc/apk/repositories &&     apk add --no-cache amazon-corretto-8=8.352.08.1-r0:                         
#4 0.177 Connecting to corretto.aws (65.8.134.86:443)                                                                                                                                                    
#4 0.252 saving to '/THIRD-PARTY-LICENSES-20200824.tar.gz'
#4 0.256 THIRD-PARTY-LICENSES 100% |********************************| 25807  0:00:00 ETA
#4 0.256 '/THIRD-PARTY-LICENSES-20200824.tar.gz' saved
#4 0.257 /THIRD-PARTY-LICENSES-20200824.tar.gz: OK
#4 0.259 licenses/THIRD-PARTY-LICENSES
#4 0.377 Connecting to apk.corretto.aws (65.8.33.107:443)
#4 0.460 saving to '/etc/apk/keys/amazoncorretto.rsa.pub'
#4 0.460 amazoncorretto.rsa.p 100% |********************************|   451  0:00:00 ETA
#4 0.461 '/etc/apk/keys/amazoncorretto.rsa.pub' saved
#4 0.463 /etc/apk/keys/amazoncorretto.rsa.pub: OK
#4 0.471 fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/main/aarch64/APKINDEX.tar.gz
#4 2.555 fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/community/aarch64/APKINDEX.tar.gz
#4 3.853 fetch https://apk.corretto.aws/aarch64/APKINDEX.tar.gz
#4 4.786 WARNING: Ignoring https://apk.corretto.aws: Permission denied
#4 4.866 ERROR: unable to select packages:
#4 4.881   amazon-corretto-8 (no such package):
#4 4.881     required by: world[amazon-corretto-8=8.352.08.1-r0]
------
executor failed running [/bin/sh -c wget -O /THIRD-PARTY-LICENSES-20200824.tar.gz https://corretto.aws/downloads/resources/licenses/alpine/THIRD-PARTY-LICENSES-20200824.tar.gz &&     echo "82f3e50e71b2aee21321b2b33de372feed5befad6ef2196ddec92311bc09becb  /THIRD-PARTY-LICENSES-20200824.tar.gz" | sha256sum -c - &&     tar x -ovzf THIRD-PARTY-LICENSES-20200824.tar.gz &&     rm -rf THIRD-PARTY-LICENSES-20200824.tar.gz &&     wget -O /etc/apk/keys/amazoncorretto.rsa.pub https://apk.corretto.aws/amazoncorretto.rsa.pub &&     SHA_SUM="6cfdf08be09f32ca298e2d5bd4a359ee2b275765c09b56d514624bf831eafb91" &&     echo "${SHA_SUM}  /etc/apk/keys/amazoncorretto.rsa.pub" | sha256sum -c - &&     echo "https://apk.corretto.aws" >> /etc/apk/repositories &&     apk add --no-cache amazon-corretto-8=$version-r0]: exit code: 1

Expected behavior

The image should get built successfully.

Screenshots

If applicable, add screenshots to help explain your problem.

Platform information

Repository: [e.g. dockerhub, ECR]
Image tag: corretto 8 alpine 3.16. But it was failing for 3.17 too

Additional context

Add any other context about the problem here.

Some docker images are currently updated by substituting the version the dockerfile.

Instead, create dockerfiles from templates. As currently being done for Alpine Images.

See PR #80.

When using amazoncorretto:11.0.8-alpine base image and building a new image using Bitbuckets pipelines the build fails with the message "failed to register layer: Error processing tar file(exit status 1): Container ID 3175151 cannot be mapped to a host ID".

I've tracked the problem to the file:
-rw-r--r-- 1 3175151 users 87235 Jul 29 21:53 /licenses/THIRD-PARTY-LICENSES

The file owner should be modified after its installation.

As per Atlassian doc about this issue: https://community.atlassian.com/t5/Bitbucket-articles/Changes-to-make-your-containers-more-secure-on-Bitbucket/ba-p/998464

To Reproduce

Use a Bitbucket pipeline to build a Docker image using a Dockerfile that uses the Amazon Corretto image as the base.

Expected behavior

The image should be built.

Screenshots

Platform information

Repository: docker hub
Image tag: amazoncorretto:11.0.8-alpine

I am working with amazoncorretto:18-al2-jdk currently but was seeing the same issue on amazoncorretto:latest which I believe is Amazon Corretto 8. When running through a security scan seeing a high vulnerability on jetty-io

It looks like all images are using 9.4.44

jar | org.eclipse.jetty_jetty-io |   | /jetty-io-9.4.44.v20210927.jar | 9.4.44 | 22

which falls under CVE-2022-2048 if its below version <9.4.47

Honestly, not familiar with jetty-io and not sure of the best way to update version...but also wanted to bring attention to it and see if it was worth addressing in the base images since it seems like it has been around for awhile. It's not a newly discovered security vulnerability, so I wasn't sure where exactly to put this.

Also, if there is an easy way to update this, would appreciate any pointers ;)

Hey guys.
Sorry if that is not the right place for this but as the maintainers of amazoncorretto I thought you might be able to help.
For some reason, images builds for 8/11/17 on ARM is not working with the following (no error for amd64)

ERROR: https://apk.corretto.aws: Permission denied
WARNING: Ignoring https://apk.corretto.aws: No such file or directory

Tried this from home, from codebuild etc. and it has been this way for the weekend. Any ideas ?

I can't find the command 'ps' in the image

There are alpine JRE tags for 8/11, but not for 15.

Can a 15 JRE image be added?

https://hub.docker.com/r/amazoncorretto/amazoncorretto/tags?page=1&name=jre

Could you please extend the docs?

what is difference between 11-alpine and 11-alpine-full and 11-alpine-jdk?

Cheers

I am seeing different image size than what I am seeing in dockerhub

docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
amazoncorretto latest 52ca599541e8 6 hours ago 344MB
amazoncorretto/alpine-preview 11-alpine-jre 82cfcce06d61 34 hours ago 134MB
amazoncorretto/alpine-preview 11.0.8-alpine-jre 82cfcce06d61 34 hours ago 134MB
amazoncorretto/alpine-preview 11.0.8-alpine 7347a8c33c1f 34 hours ago 322MB

In dockerhub I am seeing different sizes any issue with my docker version or I am testing this too early?

Hey,

Noticed the latest commit updates the images to 11.0.8.10 (62ad57b) but currently unable to see it in the official dockerhub.

Any rough timelines on when they will be available?

How to use Chinese in the image?

Change the default branch from master to main ? 👍

With the Amazon ECR public registry live, it would be nice to have the images published there: https://aws.amazon.com/about-aws/whats-new/2020/12/announcing-amazon-ecr-public-and-amazon-ecr-public-gallery/

Any plans yet to build and provide also Docker images for architectures other than x86? :)

8-alpine-jre: Pulling from library/amazoncorretto
no matching manifest for linux/arm64/v8 in the manifest list entries

Building manually will also fail as the custom repo apk.corretto.aws does not contain any aarch64 directory:

fetch https://apk.corretto.aws/aarch64/APKINDEX.tar.gz
ERROR: https://apk.corretto.aws: Permission denied

Thanks guys!

In the corretto Dockerfiles, JAVA_HOME appears to be set wrong. For example here:

https://github.com/corretto/corretto-docker/blob/main/17/headful/al2022/Dockerfile#L24

Here we see that JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto. However, when building an image from this image, I get the error:

ERROR: JAVA_HOME is set to an invalid directory: /usr/lib/jvm/java-17-amazon-corretto

Please set the JAVA_HOME variable in your environment to match the
location of your Java installation.

I believe that JAVA_HOME should be set to /usr/lib/jvm/java-17-amazon-corretto.$(uname -m). Which fixes this issue.

Describe the bug

The docker images for 17 were updated for AL and Alpine JDK, but weren't for Debian and Slim. Also the images in docker hub are still only 17.0.0, there are no tags there for 17.0.1

sudo docker pull amazoncoretto:11 fails:

steffen@smotzer-ip5:~$ sudo docker pull amazoncoretto:11
Error response from daemon: pull access denied for amazoncoretto, repository does not exist or may require 'docker login': denied: requested access to the resource is denied

this still works:

steffen@smotzer-ip5:~$ sudo docker pull amazoncorretto@sha256:6645c8855a5760e2f1e0dcaf3d2f400d16dad4e7a010f834f7e69a27c1b21f00
docker.io/library/amazoncorretto@sha256:6645c8855a5760e2f1e0dcaf3d2f400d16dad4e7a010f834f7e69a27c1b21f00: Pulling from library/amazoncorretto
Digest: sha256:6645c8855a5760e2f1e0dcaf3d2f400d16dad4e7a010f834f7e69a27c1b21f00
Status: Image is up to date for amazoncorretto@sha256:6645c8855a5760e2f1e0dcaf3d2f400d16dad4e7a010f834f7e69a27c1b21f00
docker.io/library/amazoncorretto@sha256:6645c8855a5760e2f1e0dcaf3d2f400d16dad4e7a010f834f7e69a27c1b21f00

other images can be pulled successfully:

steffen@smotzer-ip5:$ sudo docker pull amazonlinux
Using default tag: latest
latest: Pulling from library/amazonlinux
Digest: sha256:3f9411b3b7a1d113d0900ab73a6640a4296441fe10a438b1a84a78295f5ca7a6
Status: Image is up to date for amazonlinux:latest
docker.io/library/amazonlinux:latest
steffen@smotzer-ip5:$

steffen@smotzer-ip5:$ sudo docker pull alpine:edge
edge: Pulling from library/alpine
Digest: sha256:dce2df614040891138b396a13a608dfe09c9c1113c5f19aae494460917a68661
Status: Image is up to date for alpine:edge
docker.io/library/alpine:edge
steffen@smotzer-ip5:$

Guys, I am not able to find JRE images for 11.x and 15.x.

Does it related to end-user dependent jlink minification or what?

Do you have any plans to maintain generic JRE image?

Thanks.

Describe the bug

If you run yum update in the Corretto 17 docker image it will move it to a different folder and you wont be able to use the JAVA_HOME env variable, this broke a lot of our systems.

To Reproduce

$ docker pull docker.io/amazoncorretto:17

$ docker run -it docker.io/library/amazoncorretto:17 /bin/bash

bash-4.2# yum update

bash-4.2# cd $JAVA_HOME

bash: cd: /usr/lib/jvm/java-17-amazon-corretto: No such file or directory

bash-4.2# cd /usr/lib/jvm
bash-4.2# ls
java-17-amazon-corretto.x86_64	jre  jre-17  jre-17-openjdk  jre-openjdk

Expected behavior

It should work as expected

Please provide a Java 18 Version of Corretto.

Using AmazonCorretto:11 along with Amazon ECR Vulnerability Scanning produces an output that suggests the nghttp2 library has updates available.

Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2020-11080: In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection. 1844929: CVE-2020-11080 nghttp2: overly large SETTINGS frames can lead to DoS

% date
Fri Jul 31 17:01:36 EDT 2020
% docker run -it amazoncorretto:11  rpm -qa | grep nghttp
libnghttp2-1.39.2-1.amzn2.x86_64

https://alas.aws.amazon.com/AL2/ALAS-2020-1445.html

Alpine 3.12 reached end of life on 5/01/2022 [source]. Corretto team will deprecate all Alpine 3.12 images. We are aiming to have these images removed by around 6/01, so that users have time to remove their dependencies on these images.

updated -- thanks

Alpine Linux 3.13 was released back in january 2021 with significant updates to kernel and other packages. There has already been 4 minor release (3.13.4 latest). It would be good to have corretto docker image based on alpine linux 3.13.

When building the following Dockerfile:

FROM amazoncorretto:8
RUN cat /etc/yum.conf | sed "s/timeout=.*/timeout=60/g" > /etc/yum.conf
RUN yum update -y

I get the following output:

$> docker build .
Sending build context to Docker daemon  14.85kB
Step 1/3 : FROM amazoncorretto:8
 ---> 5693ce88e075
Step 2/3 : RUN cat /etc/yum.conf | sed "s/timeout=.*/timeout=60/g" > /etc/yum.conf
 ---> Running in 878c2953e3f9
Removing intermediate container 878c2953e3f9
 ---> 985b6698ce19
Step 3/3 : RUN yum update -y
 ---> Running in 6aff94bfcc81
Resolving Dependencies
--> Running transaction check
---> Package libnghttp2.x86_64 0:1.39.2-1.amzn2 will be updated
---> Package libnghttp2.x86_64 0:1.41.0-1.amzn2 will be an update
---> Package p11-kit.x86_64 0:0.23.5-3.amzn2.0.2 will be updated
---> Package p11-kit.x86_64 0:0.23.19-1.amzn2 will be an update
---> Package p11-kit-trust.x86_64 0:0.23.5-3.amzn2.0.2 will be updated
---> Package p11-kit-trust.x86_64 0:0.23.19-1.amzn2 will be an update
---> Package system-release.x86_64 1:2-11.amzn2 will be updated
---> Package system-release.x86_64 1:2-12.amzn2 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package              Arch         Version               Repository        Size
================================================================================
Updating:
 libnghttp2           x86_64       1.41.0-1.amzn2        amzn2-core        72 k
 p11-kit              x86_64       0.23.19-1.amzn2       amzn2-core       268 k
 p11-kit-trust        x86_64       0.23.19-1.amzn2       amzn2-core       131 k
 system-release       x86_64       1:2-12.amzn2          amzn2-core        17 k

Transaction Summary
================================================================================
Upgrade  4 Packages

Total download size: 489 k
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
--------------------------------------------------------------------------------
Total                                               92 kB/s | 489 kB  00:05
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : p11-kit-0.23.19-1.amzn2.x86_64                               1/8
  Updating   : p11-kit-trust-0.23.19-1.amzn2.x86_64                         2/8
  Updating   : 1:system-release-2-12.amzn2.x86_64                           3/8
  Updating   : libnghttp2-1.41.0-1.amzn2.x86_64                             4/8
  Cleanup    : p11-kit-trust-0.23.5-3.amzn2.0.2.x86_64                      5/8
  Cleanup    : 1:system-release-2-11.amzn2.x86_64                           6/8
  Cleanup    : p11-kit-0.23.5-3.amzn2.0.2.x86_64                            7/8
  Cleanup    : libnghttp2-1.39.2-1.amzn2.x86_64                             8/8

Rpmdb checksum is invalid: dCDPT(pkg checksums): p11-kit-trust.x86_64 0:0.23.19-1.amzn2 - u

The command '/bin/sh -c yum update -y' returned a non-zero code: 1

This is a new issue. Last week yum was updating and installing packages just fine. The host machine is running Ubuntu Server 18.04 LTS.

Note on the second line: I've also been experiencing longer than usual fetch times from inside the container, which is also new for today. Increasing the timeout in /etc/yum.conf is my workaround.

This is impairing us from running our EMR workloads with docker. Any workarounds or remedies would be greatly appreciated.

update-ca-certificates does not print logs after the certificates are added

After we add the ca-certificates package in amazoncorretto:11-alpine3.17, add certificates to /usr/local/share/ca-certificates/ and execute update-ca-certificates, we don't see any output. No matter we use -h ,-v or -h option, none of these options works
docker run -it amazoncorretto:11-alpine3.17-full sh
apk update
apk add ca-certificates
vi /usr/local/share/ca-certificates/test.crt #add your certificate in this file
update-ca-certificates
update-ca-certificates -v
update-ca-certificates -h
update-ca-certificates -f

This does not print logs about the addition of certificate.

update-ca-certificates should print logs after the certificates are added

User should be notified by the logs about the addition of certificates

We tried to get this working with a shell script

vi test.sh

update-ca-certificates
recently_added_certificate="test.crt"
if openssl verify -CAfile /etc/ssl/certs/ca-certificates.crt /usr/local/share/ca-certificates/$recently_added_certificate > /dev/null; then
echo "Recently added certificate '$recently_added_certificate' was found in the certificate store"
else
echo "Recently added certificate '$recently_added_certificate' was not found in the certificate store"
fi

This works with 18.04.6 LTS Ubuntu EC2 Instance

The Debian docker images are currently using older corretto builds (11.0.5.10.1 and dk_8.242.08-1 to be precise). I think that they should be upgraded to the latest builds

Image scan on ECR reported ALAS2-2020-1466 on my image built from amazoncorretto 11.0.8 and 8u265.

It seems that there is libxml2 2.9.1 in the amazoncorretto images.

Hi,

The latest al2 corretto 17 images use corretto version 1:17.0.3.6-1 from https://yum.corretto.aws/corretto.repo
ECR image scan now reports that the container contains the following HIGH vulnerability ALAS2-2022-1791 for package java-17-amazon-corretto-devel:1:17.0.3.6-1

According to ALAS-2022-1791 the impacted java 17 version is 17.0.2
and a fix is contained in package java-17-amazon-corretto-devel-17.0.3+6-1.amzn2.1.x86_64

So to me this seems like a false positive? The package version matches the safe package version and there is no newer java 17.0.3 available to upgrade to.
If I should report this somewhere else please feel free to direct me to the correct place.

Describe the bug

The latest tag is currently the same as tags 8, 8u362, 8u362-al2, 8-al2-full, 8-al2-jdk. The current LTS version is 17.

To Reproduce

Visit https://hub.docker.com/_/amazoncorretto

Expected behavior

latest should point to the latest LTS version.

Additional context

I'm getting started with Corretto, the above issue confuses me as to which version I should take.

I'm trying to use the amazoncorretto:17-al2022-RC-headful image from DockerHub, which currently seems to be deployed from here: https://github.com/corretto/corretto-docker/blob/7996710c56ef95dba20bb0d5784b0e941dfdaa5b/17/headful/al2022/Dockerfile

However, I noticed a bug where the headless RPM is used instead of the headful one:

I see you've fixed this in your main branch 2 weeks ago: https://github.com/corretto/corretto-docker/blob/main/17/headful/al2022/Dockerfile#L11

However, the change still isn't reflected in DockerHub, even though it was pushed 9 days ago:

This may not be a bug, and just part of your normal DevOps workflow, but I'm curious when these changes will be deployed?

ENV JAVA_VERSION_MAJOR=8
JAVA_VERSION_MINOR=272
JAVA_VERSION_BUILD=10.3
JAVA_HOME=/opt/amazon-corretto-${JAVA_VERSION_MAJOR}.${JAVA_VERSION_MINOR}.${JAVA_VERSION_BUILD}-linux-${JAVA_PLATFORM}
PATH=${PATH}:/opt/amazon-corretto-${JAVA_VERSION_MAJOR}.${JAVA_VERSION_MINOR}.${JAVA_VERSION_BUILD}-linux-${JAVA_PLATFORM}/bin

Here is my content from Dockerfile, can someone please help me why I am not able to set JAVA_HOME variable using variables? Does it need to be hard-coded?

my env output looks like:

[dashboard@ip-10-10-0-1 logs]$ env|grep -i java JAVA_VERSION_BUILD=10.3 JAVA_VERSION_MAJOR=8 JAVA_PLATFORM=x64 JAVA_HOME=/opt/amazon-corretto-..-linux- JAVA_VERSION_MINOR=272 [dashboard@ip-10-10-0-1 logs]$

Thank you for taking the time to help improve Corretto.

If your request concerns a security vulnerability then please report it by email to [email protected] instead of here.
(You can find more information regarding security issues at https://aws.amazon.com/security/vulnerability-reporting/.)

If your issue is specific to the Amazon Linux image these containers are built upon, please, consider opening an issue on the Amazon Linux Docker github repository

If your issue is specific to Corretto docker images,
then you are in the right place.
Please proceed with the following.

Describe the bug

the containter java symlink is orphan

To Reproduce

docker run --rm -it --name thekindkeptn amazoncorretto:8-alpine-jre /usr/bin/java
docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "/usr/bin/java": stat /usr/bin/java: no such file or directory: unknown.

~ at ☸️ mssdev-ingest-usw2 (mss-worker)
➜ docker run --rm -it --name thekindkeptn amazoncorretto:8-alpine-jre ls -l /usr/bin/java
lrwxrwxrwx 1 root root 31 Mar 23 15:46 /usr/bin/java -> ../lib/jvm/default-jvm/bin/java

~ at ☸️ mssdev-ingest-usw2 (mss-worker)
➜ docker run --rm -it --name thekindkeptn amazoncorretto:8-alpine-jre ls -l ls -l /usr/lib/default-jvm/
bin/java
ls: ls: No such file or directory
ls: /usr/lib/default-jvm/bin/java: No such file or directory

Expected behavior

/usr/bin/java should be available on the container

Screenshots

If applicable, add screenshots to help explain your problem.

Platform information

Repository: dockerhun
Image tag: 8-alpine-jre

Additional context

Add any other context about the problem here.

Is your feature request related to a problem?

There's no "Problem" per se. This is just a question, but this seemed like the most applicable label.

Describe a solution you would like

Please provide a clear and concise description of what you want to happen.
I noticed that there are debian-based Dockerfiles in this repo, but the images are referenced in the Readme's "Supported Tags" section, and they don't seem to be available for public consumption. I saw #100 was closed by the reporter without a response from the maintainers. Is there a plan to release debian-based images?

Describe alternatives you have considered

Please provide a clear and concise description
of any alternative solutions or features you have considered.
I've considered the following:

• using alpine linux
• using eclipse images
• building my own

Additional context

Add any other context or screenshots about the feature request here.

I would like to have the debian images to be hosted on Docker Hub as well. Currently, only Amazon Linux 2 versions are available. Also Dockerfile for debian is not being updated.

Hey all, I scoured the docs but couldn't find reference to how often the Corretto images are updated to the most recent alpine. Is there a schedule?

Also, if this is the wrong forum for this type of question, my apologies, happy to re-post elsewhere.

Cheers,

--Tadgh

I would like to have the alpine images to be hosted on Docker Hub as well. Currently, only Amazon Linux 2 versions are available.

Hi there.
I did follow the Security report guidelines, but for the sake of community observability, although corretto is not mentionned in the https://aws.amazon.com/security/security-bulletins/AWS-2022-008/ bulletin, given base images are using Amazon Linux, which is on it, might be worth to clarify / publish images with all the latest security patches.

Thank you,

PS: The AmazonLinux team did publish 17h a patched version: https://gallery.ecr.aws/amazonlinux/amazonlinux
So worth aligning to that 🙏

Describe the bug

The docker image corretto:8-alpine-jdk is being used to build a Maven Application and during the build process I am encountering an error that libfreetype.so.6 is missing. This library is being called by the Apache POI.

To Reproduce

Environment: Alpine / Java 8 / Spring boot 2.1.x
Jib a spring boot 2.1.x app that uses the autoSizeColumn feature of apache-poi and attempt to run the container on your local docker.

OR

Run the following Java Code Snippet:

public class TestApachePOI {
    public static void main(String[] args) {

        XSSFWorkbook xssFWorkbook = new XSSFWorkbook();
        Workbook workBook = new SXSSFWorkbook(xssFWorkbook);
        System.out.println("workBook" + workBook.toString());
    }
}

Following dependencies would be required too:

org.apache.poi:poi-ooxml-schemas:jar:4.1.2:compile
org.apache.poi:poi:jar:5.2.2:compile
org.apache.commons:commons-collections4:jar:4.4:compile
org.apache.commons:commons-math3:jar:3.6.1:compile
com.zaxxer:SparseBitSet:jar:1.2:compile
org.apache.poi:poi-ooxml:jar:5.2.2:compile
org.apache.poi:poi-ooxml-lite:jar:5.2.2:compile
org.apache.commons:commons-compress:jar:1.21:compile
com.github.virtuald:curvesapi:jar:1.07:compile

Screenshots

Error Message

Lib Directory

Platform information

Repository: dockerhub
Image tag: 8-alpine-jdk

Additional context

Log output

Caused by: java.lang.UnsatisfiedLinkError: /usr/lib/jvm/java-8-amazon-corretto/lib/amd64/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory
        at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1860)
        at java.lang.Runtime.loadLibrary0(Runtime.java:871)
        at java.lang.System.loadLibrary(System.java:1124)
        at sun.font.FontManagerNativeLibrary$1.run(FontManagerNativeLibrary.java:59)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.font.FontManagerNativeLibrary.<clinit>(FontManagerNativeLibrary.java:32)
        at sun.font.SunFontManager$1.run(SunFontManager.java:346)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.font.SunFontManager.<clinit>(SunFontManager.java:342)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Class.java:348)
        at sun.font.FontManagerFactory$1.run(FontManagerFactory.java:82)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.font.FontManagerFactory.getInstance(FontManagerFactory.java:74)
        at java.awt.Font.getFont2D(Font.java:491)
        at java.awt.Font.canDisplayUpTo(Font.java:2064)
        at java.awt.font.TextLayout.singleFont(TextLayout.java:470)
        at java.awt.font.TextLayout.<init>(TextLayout.java:531)
        at org.apache.poi.ss.util.SheetUtil.getDefaultCharWidth(SheetUtil.java:273)
        at org.apache.poi.xssf.streaming.AutoSizeColumnTracker.<init>(AutoSizeColumnTracker.java:117)
        at org.apache.poi.xssf.streaming.SXSSFSheet.<init>(SXSSFSheet.java:82)
        at org.apache.poi.xssf.streaming.SXSSFWorkbook.createAndRegisterSXSSFSheet(SXSSFWorkbook.java:684)
        at org.apache.poi.xssf.streaming.SXSSFWorkbook.<init>(SXSSFWorkbook.java:247)
        at org.apache.poi.xssf.streaming.SXSSFWorkbook.<init>(SXSSFWorkbook.java:211)
        at org.apache.poi.xssf.streaming.SXSSFWorkbook.<init>(SXSSFWorkbook.java:186)
        at org.apache.poi.xssf.streaming.SXSSFWorkbook.<init>(SXSSFWorkbook.java:161)

Hi,

The al2 images currently use corretto version 17.0.1.12-1 from https://yum.corretto.aws/corretto.repo
This version has a critical security issue https://alas.aws.amazon.com/AL2/ALAS-2021-1731.html

Core al2 repo contains a fixed version 1:17.0.1+12-3.amzn2.1

Our ECR repo scan reports the ALAS2-2021-1731 resulting in deploy failures (our quality gates disallows deploying images with critical issues).

Would it be possible to use the "-3" version of the package so the security issue is no longer present?
It will be necessary to first get the updated package in the dedicated corretto repo https://yum.corretto.aws/corretto.repo

Is your feature request related to a problem?

amazoncorretto:18 docker container missing script command. It’s also important to notice that the amazoncorretto:18 container image requires script (part of util-linux) to be installed in order to have command logs uploaded correctly to S3 and/or CloudWatch.

Describe a solution you would like

we have to add the following line to the amazon linux Docker file.

&& yum install -y util-linux \

Additional context

trying to enable the ecs-exec on aws Fargate task.
https://aws.amazon.com/blogs/containers/new-using-amazon-ecs-exec-access-your-containers-fargate-ec2/

after enabling the ExecuteCommand got the following errors.
sh-4.2# cat /var/log/amazon/ssm/errors.log 2022-06-17 23:02:40 ERROR [finishLogging @ shell.go.644] [ssm-session-worker] [ecs-execute-command-0a6fde80a0b8fa6ea] [DataBackend] [pluginName=InteractiveCommands] unable to generate log data: Failed to generate transcript with the following errors: exec: "script": executable file not found in $PATH: exec: "script": executable file not found in $PATH:

We recently merged pull request #38 into the corretto-docker repository. This adds a 'slim' variant of the JDK with significant size savings using jlink to omit debugging symbols and docs. The term slim indicates the differentiator that at this stage there is no official JRE distribution, and this is simply a slimmed down version of the full JDK.

This was a great experience (thanks @cliveverghese!) and I was excited to start using the new images; however It appears the new image variants are not yet being published either to Dockerhub or to the AWS ECR.

Could you provide some information as to when and how these new images will be published in Dockerhub or in the AWS ECR, or perhaps in the new Amazon ECR Public registry?

I'm happy to help with further contributions to the project if needed to progress these images on to a published state. Let me know if there is anything further I can do in that regard.

The ideal outcome would be to see these slim variants of the Corretto docker image published in the official repositories managed by AWS so that it would be easy to pull a verified and trusted image as a lean base for application deployments.
e.g.
Amazon Elastic Container Registry:
docker pull public.ecr.aws/amazoncorretto/amazoncorretto:17.0.4-alpine-slim
AWS ECR:
docker pull 489478819445.dkr.ecr.us-west-2.amazonaws.com/amazoncorretto:17.0.4-alpine-slim
and
DockerHub:
docker pull amazoncorretto:17.0.4-alpine-slim

Issue

Whilst the README states that the tags for Corretto 15 are supported, they are not available to pull from either the Docker Hub or ECR registries.

To Reproduce

docker pull amazoncorretto:15

Expected behavior

The supported tags should be published to Docker Hub and ECR.