corretto / corretto-docker Goto Github PK
View Code? Open in Web Editor NEWDockerfiles for Amazon Corretto Official images.
Home Page: https://hub.docker.com/_/amazoncorretto
License: MIT No Attribution
Dockerfiles for Amazon Corretto Official images.
Home Page: https://hub.docker.com/_/amazoncorretto
License: MIT No Attribution
amazoncorretto:18 docker container missing script
command. It’s also important to notice that the amazoncorretto:18 container image requires script (part of util-linux) to be installed in order to have command logs uploaded correctly to S3 and/or CloudWatch.
we have to add the following line to the amazon linux Docker file.
&& yum install -y util-linux \
trying to enable the ecs-exec on aws Fargate task.
https://aws.amazon.com/blogs/containers/new-using-amazon-ecs-exec-access-your-containers-fargate-ec2/
after enabling the ExecuteCommand got the following errors.
sh-4.2# cat /var/log/amazon/ssm/errors.log 2022-06-17 23:02:40 ERROR [finishLogging @ shell.go.644] [ssm-session-worker] [ecs-execute-command-0a6fde80a0b8fa6ea] [DataBackend] [pluginName=InteractiveCommands] unable to generate log data: Failed to generate transcript with the following errors: exec: "script": executable file not found in $PATH: exec: "script": executable file not found in $PATH:
I'm trying to use the amazoncorretto:17-al2022-RC-headful
image from DockerHub, which currently seems to be deployed from here: https://github.com/corretto/corretto-docker/blob/7996710c56ef95dba20bb0d5784b0e941dfdaa5b/17/headful/al2022/Dockerfile
However, I noticed a bug where the headless RPM is used instead of the headful one:
I see you've fixed this in your main branch 2 weeks ago: https://github.com/corretto/corretto-docker/blob/main/17/headful/al2022/Dockerfile#L11
However, the change still isn't reflected in DockerHub, even though it was pushed 9 days ago:
This may not be a bug, and just part of your normal DevOps workflow, but I'm curious when these changes will be deployed?
There's no "Problem" per se. This is just a question, but this seemed like the most applicable label.
Please provide a clear and concise description of what you want to happen.
I noticed that there are debian-based Dockerfiles in this repo, but the images are referenced in the Readme's "Supported Tags" section, and they don't seem to be available for public consumption. I saw #100 was closed by the reporter without a response from the maintainers. Is there a plan to release debian-based images?
Please provide a clear and concise description
of any alternative solutions or features you have considered.
I've considered the following:
Add any other context or screenshots about the feature request here.
The Debian docker images are currently using older corretto builds (11.0.5.10.1
and dk_8.242.08-1
to be precise). I think that they should be upgraded to the latest builds
Hello,
Do you have any maintained changelog or document hisotry for corretto updates ?
I found this one, but i doesn't look up to date since January https://docs.aws.amazon.com/corretto/latest/corretto-11-ug/doc-history.html
Thank you
If you run yum update
in the Corretto 17 docker image it will move it to a different folder and you wont be able to use the JAVA_HOME env variable, this broke a lot of our systems.
$ docker pull docker.io/amazoncorretto:17
$ docker run -it docker.io/library/amazoncorretto:17 /bin/bash
bash-4.2# yum update
bash-4.2# cd $JAVA_HOME
bash: cd: /usr/lib/jvm/java-17-amazon-corretto: No such file or directory
bash-4.2# cd /usr/lib/jvm
bash-4.2# ls
java-17-amazon-corretto.x86_64 jre jre-17 jre-17-openjdk jre-openjdk
It should work as expected
We recently merged pull request #38 into the corretto-docker repository. This adds a 'slim' variant of the JDK with significant size savings using jlink to omit debugging symbols and docs. The term slim indicates the differentiator that at this stage there is no official JRE distribution, and this is simply a slimmed down version of the full JDK.
This was a great experience (thanks @cliveverghese!) and I was excited to start using the new images; however It appears the new image variants are not yet being published either to Dockerhub or to the AWS ECR.
Could you provide some information as to when and how these new images will be published in Dockerhub or in the AWS ECR, or perhaps in the new Amazon ECR Public registry?
I'm happy to help with further contributions to the project if needed to progress these images on to a published state. Let me know if there is anything further I can do in that regard.
The ideal outcome would be to see these slim variants of the Corretto docker image published in the official repositories managed by AWS so that it would be easy to pull a verified and trusted image as a lean base for application deployments.
e.g.
Amazon Elastic Container Registry:
docker pull public.ecr.aws/amazoncorretto/amazoncorretto:17.0.4-alpine-slim
AWS ECR:
docker pull 489478819445.dkr.ecr.us-west-2.amazonaws.com/amazoncorretto:17.0.4-alpine-slim
and
DockerHub:
docker pull amazoncorretto:17.0.4-alpine-slim
Unable to pull 8u292-alpine-jre from dockerhub
$ docker pull amazoncorretto:8u292-alpine-jre
Error response from daemon: manifest for amazoncorretto:8u292-alpine-jre not found: manifest unknown: manifest unknown
8u282-alpine-jre is pointing to 8u292
$ docker run -it --rm amazoncorretto:8u282-alpine-jre sh
/ # java -version
openjdk version "1.8.0_292"
OpenJDK Runtime Environment Corretto-8.292.10.1 (build 1.8.0_292-b10)
OpenJDK 64-Bit Server VM Corretto-8.292.10.1 (build 25.292-b10, mixed mode)
I would like to have the debian images to be hosted on Docker Hub as well. Currently, only Amazon Linux 2 versions are available. Also Dockerfile for debian is not being updated.
I am working with amazoncorretto:18-al2-jdk
currently but was seeing the same issue on amazoncorretto:latest
which I believe is Amazon Corretto 8. When running through a security scan seeing a high
vulnerability on jetty-io
It looks like all images are using 9.4.44
jar | org.eclipse.jetty_jetty-io | | /jetty-io-9.4.44.v20210927.jar | 9.4.44 | 22
which falls under CVE-2022-2048 if its below version <9.4.47
Honestly, not familiar with jetty-io
and not sure of the best way to update version...but also wanted to bring attention to it and see if it was worth addressing in the base images since it seems like it has been around for awhile. It's not a newly discovered security vulnerability, so I wasn't sure where exactly to put this.
Also, if there is an easy way to update this, would appreciate any pointers ;)
Currently, there are small runtime images of corretto using Alpine Linux. Is there any appetite for images based on distroless? I've been playing with a Dockerfile for it here
Distroless includes glibc so will work with boringssl (for example when used with gRPC / other Netty frameworks) while being about as small if not smaller than the Alpine-based linux. It doesn't include a package manager either so has a bit less of a security surface.
The docker images for 17 were updated for AL and Alpine JDK, but weren't for Debian and Slim. Also the images in docker hub are still only 17.0.0, there are no tags there for 17.0.1
Thank you for taking the time to help improve Corretto.
If your request concerns a security vulnerability then please report it by email to [email protected] instead of here.
(You can find more information regarding security issues at https://aws.amazon.com/security/vulnerability-reporting/.)
If your issue is specific to the Amazon Linux image these containers are built upon, please, consider opening an issue on the Amazon Linux Docker github repository
If your issue is specific to Corretto docker images,
then you are in the right place.
Please proceed with the following.
Docker image fails to build for alpine https://raw.githubusercontent.com/corretto/corretto-docker/main/8/jdk/al2/Dockerfile
Steps and (source) code to reproduce the behavior. Run the following:
docker build -t amazon-corretto-8 https://raw.githubusercontent.com/corretto/corretto-docker/main/8/jdk/al2/Dockerfile
Produces the following errro:
[+] Building 9.2s (4/4) FINISHED
=> [internal] load remote build context 0.0s
=> [internal] load metadata for docker.io/library/alpine:3.16 3.2s
=> [1/2] FROM docker.io/library/alpine:3.16@sha256:b95359c2505145f16c6aa384f9cc74eeff78eb36d308ca4fd902eeeb0a0b161b 1.0s
=> => resolve docker.io/library/alpine:3.16@sha256:b95359c2505145f16c6aa384f9cc74eeff78eb36d308ca4fd902eeeb0a0b161b 0.0s
=> => sha256:b95359c2505145f16c6aa384f9cc74eeff78eb36d308ca4fd902eeeb0a0b161b 1.64kB / 1.64kB 0.0s
=> => sha256:559254f7ee68d88649077bd0cc6dfb94c337aadb8411d0fe5eae3b037578ec13 528B / 528B 0.0s
=> => sha256:2b4661558fb8cf1ec295ccd9c6d1cd42067ef517b0e538c9de65f733a8e3dd7e 1.49kB / 1.49kB 0.0s
=> => sha256:6875df1f535433e5affe18ecfde9acb7950ab5f76887980ff06c5cdd48cf98f4 2.71MB / 2.71MB 0.9s
=> => extracting sha256:6875df1f535433e5affe18ecfde9acb7950ab5f76887980ff06c5cdd48cf98f4 0.1s
=> ERROR [2/2] RUN wget -O /THIRD-PARTY-LICENSES-20200824.tar.gz https://corretto.aws/downloads/resources/licenses/alpine/THIRD-PARTY-LICENSES-20200824.tar.gz && echo "82f3e50e71b2aee21321b 4.9s
------
> [2/2] RUN wget -O /THIRD-PARTY-LICENSES-20200824.tar.gz https://corretto.aws/downloads/resources/licenses/alpine/THIRD-PARTY-LICENSES-20200824.tar.gz && echo "82f3e50e71b2aee21321b2b33de372feed5befad6ef2196ddec92311bc09becb /THIRD-PARTY-LICENSES-20200824.tar.gz" | sha256sum -c - && tar x -ovzf THIRD-PARTY-LICENSES-20200824.tar.gz && rm -rf THIRD-PARTY-LICENSES-20200824.tar.gz && wget -O /etc/apk/keys/amazoncorretto.rsa.pub https://apk.corretto.aws/amazoncorretto.rsa.pub && SHA_SUM="6cfdf08be09f32ca298e2d5bd4a359ee2b275765c09b56d514624bf831eafb91" && echo "${SHA_SUM} /etc/apk/keys/amazoncorretto.rsa.pub" | sha256sum -c - && echo "https://apk.corretto.aws" >> /etc/apk/repositories && apk add --no-cache amazon-corretto-8=8.352.08.1-r0:
#4 0.177 Connecting to corretto.aws (65.8.134.86:443)
#4 0.252 saving to '/THIRD-PARTY-LICENSES-20200824.tar.gz'
#4 0.256 THIRD-PARTY-LICENSES 100% |********************************| 25807 0:00:00 ETA
#4 0.256 '/THIRD-PARTY-LICENSES-20200824.tar.gz' saved
#4 0.257 /THIRD-PARTY-LICENSES-20200824.tar.gz: OK
#4 0.259 licenses/THIRD-PARTY-LICENSES
#4 0.377 Connecting to apk.corretto.aws (65.8.33.107:443)
#4 0.460 saving to '/etc/apk/keys/amazoncorretto.rsa.pub'
#4 0.460 amazoncorretto.rsa.p 100% |********************************| 451 0:00:00 ETA
#4 0.461 '/etc/apk/keys/amazoncorretto.rsa.pub' saved
#4 0.463 /etc/apk/keys/amazoncorretto.rsa.pub: OK
#4 0.471 fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/main/aarch64/APKINDEX.tar.gz
#4 2.555 fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/community/aarch64/APKINDEX.tar.gz
#4 3.853 fetch https://apk.corretto.aws/aarch64/APKINDEX.tar.gz
#4 4.786 WARNING: Ignoring https://apk.corretto.aws: Permission denied
#4 4.866 ERROR: unable to select packages:
#4 4.881 amazon-corretto-8 (no such package):
#4 4.881 required by: world[amazon-corretto-8=8.352.08.1-r0]
------
executor failed running [/bin/sh -c wget -O /THIRD-PARTY-LICENSES-20200824.tar.gz https://corretto.aws/downloads/resources/licenses/alpine/THIRD-PARTY-LICENSES-20200824.tar.gz && echo "82f3e50e71b2aee21321b2b33de372feed5befad6ef2196ddec92311bc09becb /THIRD-PARTY-LICENSES-20200824.tar.gz" | sha256sum -c - && tar x -ovzf THIRD-PARTY-LICENSES-20200824.tar.gz && rm -rf THIRD-PARTY-LICENSES-20200824.tar.gz && wget -O /etc/apk/keys/amazoncorretto.rsa.pub https://apk.corretto.aws/amazoncorretto.rsa.pub && SHA_SUM="6cfdf08be09f32ca298e2d5bd4a359ee2b275765c09b56d514624bf831eafb91" && echo "${SHA_SUM} /etc/apk/keys/amazoncorretto.rsa.pub" | sha256sum -c - && echo "https://apk.corretto.aws" >> /etc/apk/repositories && apk add --no-cache amazon-corretto-8=$version-r0]: exit code: 1
The image should get built successfully.
If applicable, add screenshots to help explain your problem.
Repository: [e.g. dockerhub, ECR]
Image tag: corretto 8 alpine 3.16. But it was failing for 3.17 too
Add any other context about the problem here.
Hi,
The al2 images currently use corretto version 17.0.1.12-1 from https://yum.corretto.aws/corretto.repo
This version has a critical security issue https://alas.aws.amazon.com/AL2/ALAS-2021-1731.html
Core al2 repo contains a fixed version 1:17.0.1+12-3.amzn2.1
Our ECR repo scan reports the ALAS2-2021-1731 resulting in deploy failures (our quality gates disallows deploying images with critical issues).
Would it be possible to use the "-3" version of the package so the security issue is no longer present?
It will be necessary to first get the updated package in the dedicated corretto repo https://yum.corretto.aws/corretto.repo
When building the following Dockerfile:
FROM amazoncorretto:8
RUN cat /etc/yum.conf | sed "s/timeout=.*/timeout=60/g" > /etc/yum.conf
RUN yum update -y
I get the following output:
$> docker build .
Sending build context to Docker daemon 14.85kB
Step 1/3 : FROM amazoncorretto:8
---> 5693ce88e075
Step 2/3 : RUN cat /etc/yum.conf | sed "s/timeout=.*/timeout=60/g" > /etc/yum.conf
---> Running in 878c2953e3f9
Removing intermediate container 878c2953e3f9
---> 985b6698ce19
Step 3/3 : RUN yum update -y
---> Running in 6aff94bfcc81
Resolving Dependencies
--> Running transaction check
---> Package libnghttp2.x86_64 0:1.39.2-1.amzn2 will be updated
---> Package libnghttp2.x86_64 0:1.41.0-1.amzn2 will be an update
---> Package p11-kit.x86_64 0:0.23.5-3.amzn2.0.2 will be updated
---> Package p11-kit.x86_64 0:0.23.19-1.amzn2 will be an update
---> Package p11-kit-trust.x86_64 0:0.23.5-3.amzn2.0.2 will be updated
---> Package p11-kit-trust.x86_64 0:0.23.19-1.amzn2 will be an update
---> Package system-release.x86_64 1:2-11.amzn2 will be updated
---> Package system-release.x86_64 1:2-12.amzn2 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Updating:
libnghttp2 x86_64 1.41.0-1.amzn2 amzn2-core 72 k
p11-kit x86_64 0.23.19-1.amzn2 amzn2-core 268 k
p11-kit-trust x86_64 0.23.19-1.amzn2 amzn2-core 131 k
system-release x86_64 1:2-12.amzn2 amzn2-core 17 k
Transaction Summary
================================================================================
Upgrade 4 Packages
Total download size: 489 k
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
--------------------------------------------------------------------------------
Total 92 kB/s | 489 kB 00:05
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : p11-kit-0.23.19-1.amzn2.x86_64 1/8
Updating : p11-kit-trust-0.23.19-1.amzn2.x86_64 2/8
Updating : 1:system-release-2-12.amzn2.x86_64 3/8
Updating : libnghttp2-1.41.0-1.amzn2.x86_64 4/8
Cleanup : p11-kit-trust-0.23.5-3.amzn2.0.2.x86_64 5/8
Cleanup : 1:system-release-2-11.amzn2.x86_64 6/8
Cleanup : p11-kit-0.23.5-3.amzn2.0.2.x86_64 7/8
Cleanup : libnghttp2-1.39.2-1.amzn2.x86_64 8/8
Rpmdb checksum is invalid: dCDPT(pkg checksums): p11-kit-trust.x86_64 0:0.23.19-1.amzn2 - u
The command '/bin/sh -c yum update -y' returned a non-zero code: 1
This is a new issue. Last week yum was updating and installing packages just fine. The host machine is running Ubuntu Server 18.04 LTS.
Note on the second line: I've also been experiencing longer than usual fetch times from inside the container, which is also new for today. Increasing the timeout in /etc/yum.conf is my workaround.
This is impairing us from running our EMR workloads with docker. Any workarounds or remedies would be greatly appreciated.
Hi there.
I did follow the Security report guidelines, but for the sake of community observability, although corretto is not mentionned in the https://aws.amazon.com/security/security-bulletins/AWS-2022-008/ bulletin, given base images are using Amazon Linux, which is on it, might be worth to clarify / publish images with all the latest security patches.
Thank you,
PS: The AmazonLinux team did publish 17h a patched version: https://gallery.ecr.aws/amazonlinux/amazonlinux
So worth aligning to that 🙏
The docker image corretto:8-alpine-jdk is being used to build a Maven Application and during the build process I am encountering an error that libfreetype.so.6 is missing. This library is being called by the Apache POI.
Environment: Alpine / Java 8 / Spring boot 2.1.x
Jib a spring boot 2.1.x app that uses the autoSizeColumn feature of apache-poi and attempt to run the container on your local docker.
OR
Run the following Java Code Snippet:
public class TestApachePOI {
public static void main(String[] args) {
XSSFWorkbook xssFWorkbook = new XSSFWorkbook();
Workbook workBook = new SXSSFWorkbook(xssFWorkbook);
System.out.println("workBook" + workBook.toString());
}
}
Following dependencies would be required too:
org.apache.poi:poi-ooxml-schemas:jar:4.1.2:compile
org.apache.poi:poi:jar:5.2.2:compile
org.apache.commons:commons-collections4:jar:4.4:compile
org.apache.commons:commons-math3:jar:3.6.1:compile
com.zaxxer:SparseBitSet:jar:1.2:compile
org.apache.poi:poi-ooxml:jar:5.2.2:compile
org.apache.poi:poi-ooxml-lite:jar:5.2.2:compile
org.apache.commons:commons-compress:jar:1.21:compile
com.github.virtuald:curvesapi:jar:1.07:compile
Repository: dockerhub
Image tag: 8-alpine-jdk
Log output
Caused by: java.lang.UnsatisfiedLinkError: /usr/lib/jvm/java-8-amazon-corretto/lib/amd64/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1860)
at java.lang.Runtime.loadLibrary0(Runtime.java:871)
at java.lang.System.loadLibrary(System.java:1124)
at sun.font.FontManagerNativeLibrary$1.run(FontManagerNativeLibrary.java:59)
at java.security.AccessController.doPrivileged(Native Method)
at sun.font.FontManagerNativeLibrary.<clinit>(FontManagerNativeLibrary.java:32)
at sun.font.SunFontManager$1.run(SunFontManager.java:346)
at java.security.AccessController.doPrivileged(Native Method)
at sun.font.SunFontManager.<clinit>(SunFontManager.java:342)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at sun.font.FontManagerFactory$1.run(FontManagerFactory.java:82)
at java.security.AccessController.doPrivileged(Native Method)
at sun.font.FontManagerFactory.getInstance(FontManagerFactory.java:74)
at java.awt.Font.getFont2D(Font.java:491)
at java.awt.Font.canDisplayUpTo(Font.java:2064)
at java.awt.font.TextLayout.singleFont(TextLayout.java:470)
at java.awt.font.TextLayout.<init>(TextLayout.java:531)
at org.apache.poi.ss.util.SheetUtil.getDefaultCharWidth(SheetUtil.java:273)
at org.apache.poi.xssf.streaming.AutoSizeColumnTracker.<init>(AutoSizeColumnTracker.java:117)
at org.apache.poi.xssf.streaming.SXSSFSheet.<init>(SXSSFSheet.java:82)
at org.apache.poi.xssf.streaming.SXSSFWorkbook.createAndRegisterSXSSFSheet(SXSSFWorkbook.java:684)
at org.apache.poi.xssf.streaming.SXSSFWorkbook.<init>(SXSSFWorkbook.java:247)
at org.apache.poi.xssf.streaming.SXSSFWorkbook.<init>(SXSSFWorkbook.java:211)
at org.apache.poi.xssf.streaming.SXSSFWorkbook.<init>(SXSSFWorkbook.java:186)
at org.apache.poi.xssf.streaming.SXSSFWorkbook.<init>(SXSSFWorkbook.java:161)
After we add the ca-certificates package in amazoncorretto:11-alpine3.17, add certificates to /usr/local/share/ca-certificates/ and execute update-ca-certificates, we don't see any output. No matter we use -h ,-v or -h option, none of these options works
docker run -it amazoncorretto:11-alpine3.17-full sh
apk update
apk add ca-certificates
vi /usr/local/share/ca-certificates/test.crt #add your certificate in this file
update-ca-certificates
update-ca-certificates -v
update-ca-certificates -h
update-ca-certificates -f
This does not print logs about the addition of certificate.
User should be notified by the logs about the addition of certificates
vi test.sh
update-ca-certificates
recently_added_certificate="test.crt"
if openssl verify -CAfile /etc/ssl/certs/ca-certificates.crt /usr/local/share/ca-certificates/$recently_added_certificate > /dev/null; then
echo "Recently added certificate '$recently_added_certificate' was found in the certificate store"
else
echo "Recently added certificate '$recently_added_certificate' was not found in the certificate store"
fi
sudo docker pull amazoncoretto:11 fails:
steffen@smotzer-ip5:~$ sudo docker pull amazoncoretto:11
Error response from daemon: pull access denied for amazoncoretto, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
this still works:
steffen@smotzer-ip5:~$ sudo docker pull amazoncorretto@sha256:6645c8855a5760e2f1e0dcaf3d2f400d16dad4e7a010f834f7e69a27c1b21f00
docker.io/library/amazoncorretto@sha256:6645c8855a5760e2f1e0dcaf3d2f400d16dad4e7a010f834f7e69a27c1b21f00: Pulling from library/amazoncorretto
Digest: sha256:6645c8855a5760e2f1e0dcaf3d2f400d16dad4e7a010f834f7e69a27c1b21f00
Status: Image is up to date for amazoncorretto@sha256:6645c8855a5760e2f1e0dcaf3d2f400d16dad4e7a010f834f7e69a27c1b21f00
docker.io/library/amazoncorretto@sha256:6645c8855a5760e2f1e0dcaf3d2f400d16dad4e7a010f834f7e69a27c1b21f00
other images can be pulled successfully:
steffen@smotzer-ip5:$ sudo docker pull amazonlinux$
Using default tag: latest
latest: Pulling from library/amazonlinux
Digest: sha256:3f9411b3b7a1d113d0900ab73a6640a4296441fe10a438b1a84a78295f5ca7a6
Status: Image is up to date for amazonlinux:latest
docker.io/library/amazonlinux:latest
steffen@smotzer-ip5:
steffen@smotzer-ip5:$ sudo docker pull alpine:edge$
edge: Pulling from library/alpine
Digest: sha256:dce2df614040891138b396a13a608dfe09c9c1113c5f19aae494460917a68661
Status: Image is up to date for alpine:edge
docker.io/library/alpine:edge
steffen@smotzer-ip5:
Hey guys.
Sorry if that is not the right place for this but as the maintainers of amazoncorretto I thought you might be able to help.
For some reason, images builds for 8/11/17 on ARM is not working with the following (no error for amd64)
ERROR: https://apk.corretto.aws: Permission denied
WARNING: Ignoring https://apk.corretto.aws: No such file or directory
Tried this from home, from codebuild etc. and it has been this way for the weekend. Any ideas ?
ENV JAVA_VERSION_MAJOR=8
JAVA_VERSION_MINOR=272
JAVA_VERSION_BUILD=10.3
JAVA_HOME=/opt/amazon-corretto-${JAVA_VERSION_MAJOR}.${JAVA_VERSION_MINOR}.${JAVA_VERSION_BUILD}-linux-${JAVA_PLATFORM}
PATH=${PATH}:/opt/amazon-corretto-${JAVA_VERSION_MAJOR}.${JAVA_VERSION_MINOR}.${JAVA_VERSION_BUILD}-linux-${JAVA_PLATFORM}/bin
Here is my content from Dockerfile, can someone please help me why I am not able to set JAVA_HOME variable using variables? Does it need to be hard-coded?
my env output looks like:
[dashboard@ip-10-10-0-1 logs]$ env|grep -i java JAVA_VERSION_BUILD=10.3 JAVA_VERSION_MAJOR=8 JAVA_PLATFORM=x64 JAVA_HOME=/opt/amazon-corretto-..-linux- JAVA_VERSION_MINOR=272 [dashboard@ip-10-10-0-1 logs]$
Guys, I am not able to find JRE images for 11.x
and 15.x
.
Does it related to end-user dependent jlink
minification or what?
Do you have any plans to maintain generic JRE image?
Thanks.
I can't find the command 'ps' in the image
With the Amazon ECR public registry live, it would be nice to have the images published there: https://aws.amazon.com/about-aws/whats-new/2020/12/announcing-amazon-ecr-public-and-amazon-ecr-public-gallery/
Alpine 3.12 reached end of life on 5/01/2022 [source]. Corretto team will deprecate all Alpine 3.12 images. We are aiming to have these images removed by around 6/01, so that users have time to remove their dependencies on these images.
Image scan on ECR reported ALAS2-2020-1466 on my image built from amazoncorretto 11.0.8
and 8u265
.
It seems that there is libxml2
2.9.1
in the amazoncorretto
images.
I am seeing different image size than what I am seeing in dockerhub
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
amazoncorretto latest 52ca599541e8 6 hours ago 344MB
amazoncorretto/alpine-preview 11-alpine-jre 82cfcce06d61 34 hours ago 134MB
amazoncorretto/alpine-preview 11.0.8-alpine-jre 82cfcce06d61 34 hours ago 134MB
amazoncorretto/alpine-preview 11.0.8-alpine 7347a8c33c1f 34 hours ago 322MB
In dockerhub I am seeing different sizes any issue with my docker version or I am testing this too early?
Hey all, I scoured the docs but couldn't find reference to how often the Corretto images are updated to the most recent alpine. Is there a schedule?
Also, if this is the wrong forum for this type of question, my apologies, happy to re-post elsewhere.
Cheers,
--Tadgh
When using amazoncorretto:11.0.8-alpine base image and building a new image using Bitbuckets pipelines the build fails with the message "failed to register layer: Error processing tar file(exit status 1): Container ID 3175151 cannot be mapped to a host ID".
I've tracked the problem to the file:
-rw-r--r-- 1 3175151 users 87235 Jul 29 21:53 /licenses/THIRD-PARTY-LICENSES
The file owner should be modified after its installation.
As per Atlassian doc about this issue: https://community.atlassian.com/t5/Bitbucket-articles/Changes-to-make-your-containers-more-secure-on-Bitbucket/ba-p/998464
Use a Bitbucket pipeline to build a Docker image using a Dockerfile that uses the Amazon Corretto image as the base.
The image should be built.
Repository: docker hub
Image tag: amazoncorretto:11.0.8-alpine
Some docker images are currently updated by substituting the version the dockerfile.
Instead, create dockerfiles from templates. As currently being done for Alpine Images.
See PR #80.
The latest
tag is currently the same as tags 8
, 8u362
, 8u362-al2
, 8-al2-full
, 8-al2-jdk
. The current LTS version is 17.
Visit https://hub.docker.com/_/amazoncorretto
latest
should point to the latest LTS version.
I'm getting started with Corretto, the above issue confuses me as to which version I should take.
Using AmazonCorretto:11
along with Amazon ECR Vulnerability Scanning produces an output that suggests the nghttp2
library has updates available.
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2020-11080: In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection. 1844929: CVE-2020-11080 nghttp2: overly large SETTINGS frames can lead to DoS
% date
Fri Jul 31 17:01:36 EDT 2020
% docker run -it amazoncorretto:11 rpm -qa | grep nghttp
libnghttp2-1.39.2-1.amzn2.x86_64
Alpine Linux is meant to be a minimalist distribution so the Corretto image currently distributed does not include all the dependencies needed by the JDK (generally, UI related libraries like fontconfig
and others). However, it would be nice to have an additional image which does include all the JDK dependencies. This could be distributed as a second Alpine image so that the original image remains minimalist.
See #108 for more discussion and context.
Hi,
The latest al2 corretto 17 images use corretto version 1:17.0.3.6-1 from https://yum.corretto.aws/corretto.repo
ECR image scan now reports that the container contains the following HIGH vulnerability ALAS2-2022-1791 for package java-17-amazon-corretto-devel:1:17.0.3.6-1
According to ALAS-2022-1791 the impacted java 17 version is 17.0.2
and a fix is contained in package java-17-amazon-corretto-devel-17.0.3+6-1.amzn2.1.x86_64
So to me this seems like a false positive? The package version matches the safe package version and there is no newer java 17.0.3 available to upgrade to.
If I should report this somewhere else please feel free to direct me to the correct place.
How to use Chinese in the image?
Please provide a Java 18 Version of Corretto.
8-alpine
, 8-alpine-full
, 8-alpine-jdk
, 8-alpine-jre
are not referring the latest 8-alpine3.14*
images.
Same for 11-alpine
, 11-alpine-full
, 11-alpine-jdk
, 11-alpine-jre
.
There are alpine JRE tags for 8/11, but not for 15.
Can a 15 JRE image be added?
https://hub.docker.com/r/amazoncorretto/amazoncorretto/tags?page=1&name=jre
Could you please extend the docs?
what is difference between 11-alpine and 11-alpine-full and 11-alpine-jdk?
Cheers
Alpine Linux 3.13 was released back in january 2021 with significant updates to kernel and other packages. There has already been 4 minor release (3.13.4 latest). It would be good to have corretto docker image based on alpine linux 3.13.
I would like to have the alpine images to be hosted on Docker Hub as well. Currently, only Amazon Linux 2 versions are available.
Change the default branch from master
to main
? 👍
In the corretto Dockerfiles, JAVA_HOME
appears to be set wrong. For example here:
https://github.com/corretto/corretto-docker/blob/main/17/headful/al2022/Dockerfile#L24
Here we see that JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto
. However, when building an image from this image, I get the error:
ERROR: JAVA_HOME is set to an invalid directory: /usr/lib/jvm/java-17-amazon-corretto
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation.
I believe that JAVA_HOME should be set to /usr/lib/jvm/java-17-amazon-corretto.$(uname -m)
. Which fixes this issue.
Thank you for taking the time to help improve Corretto.
If your request concerns a security vulnerability then please report it by email to [email protected] instead of here.
(You can find more information regarding security issues at https://aws.amazon.com/security/vulnerability-reporting/.)
If your issue is specific to the Amazon Linux image these containers are built upon, please, consider opening an issue on the Amazon Linux Docker github repository
If your issue is specific to Corretto docker images,
then you are in the right place.
Please proceed with the following.
the containter java symlink is orphan
docker run --rm -it --name thekindkeptn amazoncorretto:8-alpine-jre /usr/bin/java
docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "/usr/bin/java": stat /usr/bin/java: no such file or directory: unknown.
~ at ☸️ mssdev-ingest-usw2 (mss-worker)
➜ docker run --rm -it --name thekindkeptn amazoncorretto:8-alpine-jre ls -l /usr/bin/java
lrwxrwxrwx 1 root root 31 Mar 23 15:46 /usr/bin/java -> ../lib/jvm/default-jvm/bin/java
~ at ☸️ mssdev-ingest-usw2 (mss-worker)
➜ docker run --rm -it --name thekindkeptn amazoncorretto:8-alpine-jre ls -l ls -l /usr/lib/default-jvm/
bin/java
ls: ls: No such file or directory
ls: /usr/lib/default-jvm/bin/java: No such file or directory
/usr/bin/java should be available on the container
If applicable, add screenshots to help explain your problem.
Repository: dockerhun
Image tag: 8-alpine-jre
Add any other context about the problem here.
i have a docker file and i am using version 8 as below
FROM amazoncorretto:8.
as part of creating docker image , command to install tar "yum -y install tar" is failing with below errors.
Step 10/17 : RUN yum -y install tar
---> Running in edcc7dad035e
Loaded plugins: ovl, priorities
https://yum.corretto.aws/x86_64/repodata/repomd.xml: [Errno 12] Timeout on
Trying other mirror.
https://yum.corretto.aws/x86_64/repodata/repomd.xml: [Errno 12] Timeout on
Trying other mirror.
https://yum.corretto.aws/x86_64/repodata/repomd.xml: [Errno 12] Timeout on
Trying other mirror.
https://yum.corretto.aws/x86_64/repodata/repomd.xml: [Errno 12] Timeout on
Trying other mirror.
https://yum.corretto.aws/x86_64/repodata/repomd.xml: [Errno 12] Timeout on
Trying other mirror.
https://yum.corretto.aws/x86_64/repodata/repomd.xml: [Errno 12] Timeout on
Trying other mirror.
https://yum.corretto.aws/x86_64/repodata/repomd.xml: [Errno 12] Timeout on
Trying other mirror.
can you please fix
Any plans yet to build and provide also Docker images for architectures other than x86? :)
8-alpine-jre: Pulling from library/amazoncorretto
no matching manifest for linux/arm64/v8 in the manifest list entries
Building manually will also fail as the custom repo apk.corretto.aws
does not contain any aarch64 directory:
fetch https://apk.corretto.aws/aarch64/APKINDEX.tar.gz
ERROR: https://apk.corretto.aws: Permission denied
Thanks guys!
updated -- thanks
I wonder why the Debian images are not being released even though the Dockerfile is here on the repo. I looked on public.ecr.aws but found nothing.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.