diff --git a/bitnami/eclipse-temurin/25/debian-12/Dockerfile b/bitnami/eclipse-temurin/25/debian-12/Dockerfile index 3f84ab426ad4..9470c02dd872 100644 --- a/bitnami/eclipse-temurin/25/debian-12/Dockerfile +++ b/bitnami/eclipse-temurin/25/debian-12/Dockerfile @@ -4,11 +4,11 @@ FROM docker.io/bitnami/minideb:bookworm ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/eclipse-temurin/extra-security" +ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" ARG TARGETARCH LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2026-01-12T17:39:26Z" \ + org.opencontainers.image.created="2026-01-13T11:38:45Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/eclipse-temurin/README.md" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/eclipse-temurin" \ @@ -28,7 +28,7 @@ RUN --mount=type=secret,id=downloads_url,env=SECRET_DOWNLOADS_URL \ DOWNLOADS_URL=${SECRET_DOWNLOADS_URL:-${DOWNLOADS_URL}} ; \ mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ || exit 1 ; \ COMPONENTS=( \ - "eclipse-temurin-25.0.1-8-0-linux-${OS_ARCH}-debian-12" \ + "eclipse-temurin-25.0.1-8-1-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ @@ -51,15 +51,15 @@ RUN sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' /etc/login.defs && \ sed -i 's/sha512/sha512 minlen=8/' /etc/pam.d/common-password COPY rootfs / -RUN /opt/bitnami/scripts/eclipse-temurin/postunpack.sh +RUN /opt/bitnami/scripts/java/postunpack.sh ENV APP_VERSION="25.0.1-8" \ BITNAMI_APP_NAME="eclipse-temurin" \ - IMAGE_REVISION="0" \ - JAVA_HOME="/opt/bitnami/eclipse-temurin" \ + IMAGE_REVISION="1" \ + JAVA_HOME="/opt/bitnami/java" \ LANG="en_US.UTF-8" \ LANGUAGE="en_US:en" \ - PATH="/opt/bitnami/eclipse-temurin/bin:$PATH" + PATH="/opt/bitnami/java/bin:$PATH" WORKDIR /app -ENTRYPOINT [ "/opt/bitnami/scripts/eclipse-temurin/entrypoint.sh" ] +ENTRYPOINT [ "/opt/bitnami/scripts/java/entrypoint.sh" ] CMD [ "bash" ] diff --git a/bitnami/eclipse-temurin/25/debian-12/rootfs/opt/bitnami/scripts/eclipse-temurin/entrypoint.sh b/bitnami/eclipse-temurin/25/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh similarity index 100% rename from bitnami/eclipse-temurin/25/debian-12/rootfs/opt/bitnami/scripts/eclipse-temurin/entrypoint.sh rename to bitnami/eclipse-temurin/25/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh diff --git a/bitnami/eclipse-temurin/25/debian-12/rootfs/opt/bitnami/scripts/eclipse-temurin/postunpack.sh b/bitnami/eclipse-temurin/25/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh similarity index 50% rename from bitnami/eclipse-temurin/25/debian-12/rootfs/opt/bitnami/scripts/eclipse-temurin/postunpack.sh rename to bitnami/eclipse-temurin/25/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh index 27517632a406..c15af32e2f77 100755 --- a/bitnami/eclipse-temurin/25/debian-12/rootfs/opt/bitnami/scripts/eclipse-temurin/postunpack.sh +++ b/bitnami/eclipse-temurin/25/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh @@ -14,13 +14,13 @@ set -o pipefail . /opt/bitnami/scripts/liblog.sh # -# Eclipse Temurin post-unpack operations +# Java post-unpack operations # -# Override default files in the Eclipse Temurin security directory. This is used for +# Override default files in the Java security directory. This is used for # custom base images (with custom CA certificates or block lists is used) -if [[ -n "${ECLIPSE_TEMURIN_EXTRA_SECURITY_DIR:-}" ]] && ! is_dir_empty "$ECLIPSE_TEMURIN_EXTRA_SECURITY_DIR"; then - info "Adding custom CAs to the Eclipse Temurin security folder" - cp -Lr "${ECLIPSE_TEMURIN_SECURITY_DIR}/." /opt/bitnami/eclipse-temurin/lib/security +if [[ -n "${JAVA_EXTRA_SECURITY_DIR:-}" ]] && ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then + info "Adding custom CAs to the Java security folder" + cp -Lr "${JAVA_EXTRA_SECURITY_DIR}/." /opt/bitnami/java/lib/security fi diff --git a/bitnami/eclipse-temurin/README.md b/bitnami/eclipse-temurin/README.md index 10d780e92f5d..24314515b7c9 100644 --- a/bitnami/eclipse-temurin/README.md +++ b/bitnami/eclipse-temurin/README.md @@ -13,22 +13,54 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema docker run --name eclipse-temurin bitnami/eclipse-temurin:latest ``` -## Why use Bitnami Images? +## Why use Bitnami Secure Images? -* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. -* With Bitnami images the latest bug fixes and features are available as soon as possible. -* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. -* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. -* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. -* Bitnami container images are released on a regular basis with the latest distribution packages available. +Those are hardened, minimal CVE images built and maintained by Bitnami. Bitnami Secure Images are based on the cloud-optimized, security-hardened enterprise [OS Photon Linux](https://vmware.github.io/photon/). Why choose BSI images? -Looking to use Eclipse Temurin in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. +- Hardened secure images of popular open source software with Near-Zero Vulnerabilities +- Vulnerability Triage & Prioritization with VEX Statements, KEV and EPSS Scores +- Compliance focus with FIPS, STIG, and air-gap options, including secure bill of materials (SBOM) +- Software supply chain provenance attestation through in-toto +- First class support for the internet’s favorite Helm charts -## Only the latest stable branch maintained in the free Bitnami catalog +Each image comes with valuable security metadata. You can view the metadata in [our public catalog here](https://app-catalog.vmware.com/bitnami/apps). Note: Some data is only available with [commercial subscriptions to BSI](https://bitnami.com/). -Starting December 10th, 2024, only the latest stable branch of each container image will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches (e.g., LTS), consider upgrading to Bitnami Premium. Previously released versions will not be deleted and will remain available for pulling from DockerHub. +![Alt text](https://github.com/bitnami/containers/blob/main/BSI%20UI%201.png?raw=true "Application details") +![Alt text](https://github.com/bitnami/containers/blob/main/BSI%20UI%202.png?raw=true "Packaging report") -Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. +If you are looking for our previous generation of images based on Debian Linux, please see the [Bitnami Legacy registry](https://hub.docker.com/u/bitnamilegacy). + +## Choosing between the _Standard_ and _Minimal_ image + +This asset is available in two flavors: _Standard_ and _Minimal_; designed to address different use cases and operational needs. + +### Standard images + +The standard images are full-featured, production-ready containers built on top of secure base operating systems. They include: + +- The complete runtime and commonly used system tools. +- A familiar Linux environment (shell, package manager, debugging utilities). +- Full compatibility with most CI/CD pipelines and existing workloads. + +Recommended for: + +- Development and testing environments. +- Workloads requiring package installation or debugging tools. +- Applications that depend on system utilities or shared libraries. + +### Minimal images + +The minimal images are optimized, distroless-style containers derived from a stripped-down base. They only ship what’s strictly necessary to run the application; no shell, package manager, or extra libraries. They provide: + +- Smaller size: Faster pull and startup times. +- Reduced attack surface: Fewer components and potential vulnerabilities. +- Simpler maintenance: Fewer dependencies to patch or update. + +Recommended for: + +- Production environments prioritizing performance and security. +- Regulated or security-sensitive workloads +- Containers built via multi-stage builds (e.g., Golang static binaries). ## Supported tags and respective `Dockerfile` links @@ -60,10 +92,6 @@ cd bitnami/APP/VERSION/OPERATING-SYSTEM docker build -t bitnami/APP:latest . ``` -## Why use a non-root container? - -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). - ## Configuration ### Running commands @@ -76,6 +104,38 @@ docker run --rm --name eclipse-temurin bitnami/eclipse-temurin:latest -- --help Check the [official Eclipse Temurin documentation](https://adoptium.net/temurin for more information. +### Running your Eclipse Temurin jar or war + +The default work directory for the Eclipse Temurin image is `/app`. You can mount a folder from your host here that includes your Eclipse Temurin jar or war, and run it normally using the `java` command. + +```console +docker run -it --name eclipse-temurin -v /path/to/app:/app bitnami/eclipse-temurin:latest \ + java -jar package.jar +``` + +## Replace the default truststore using a custom base image + +In case you are replacing the default [minideb](https://github.com/bitnami/minideb) base image with a custom base image (based on Debian), it is possible to replace the default truststore located in the `/opt/bitnami/java/lib/security` folder. This is done by setting the `JAVA_EXTRA_SECURITY_DIR` docker build ARG variable, which needs to point to a location that contains a *cacerts* file that would substitute the originally bundled truststore. In the following example we will use a minideb fork that contains a custom *cacerts* file in the */bitnami/java/extra-security* folder: + +- In the Dockerfile, replace `FROM docker.io/bitnami/minideb:latest` to use a custom image, defined with the `MYJAVAFORK:TAG` placeholder: + +```diff +- FROM bitnami/minideb:latest ++ FROM MYFORK:TAG +``` + +- Run `docker build` setting the value of `JAVA_EXTRA_SECURITY_DIR`. Remember to replace the `MYJAVAFORK:TAG` placeholder. + +```console +docker build --build-arg JAVA_EXTRA_SECURITY_DIR=/bitnami/java/extra-security -t MYJAVAFORK:TAG . +``` + +### FIPS configuration in Bitnami Secure Images + +The Bitnami Eclipse Temurin Docker image from the [Bitnami Secure Images](https://go-vmware.broadcom.com/contact-us) catalog includes extra features and settings to configure the container with FIPS capabilities. You can configure the next environment variables: + +- `OPENSSL_FIPS`: whether OpenSSL runs in FIPS mode or not. `yes` (default), `no`. + ## Contributing We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution.