diff --git a/README.md b/README.md index 48953c30..58a063a4 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ The openHAB Docker images are available in the [openhab/openhab](https://hub.doc **Distributions:** -* `debian` for Debian 12 "bookworm" (default when not specified in tag) ([Dockerfile](https://github.com/openhab/openhab-docker/blob/main/debian/Dockerfile)) +* `debian` for Debian 11 "bullseye" (default when not specified in tag) ([Dockerfile](https://github.com/openhab/openhab-docker/blob/main/debian/Dockerfile)) * `alpine` for Alpine 3.18 ([Dockerfile](https://github.com/openhab/openhab-docker/blob/main/alpine/Dockerfile)) The Alpine images are substantially smaller than the Debian images but may be less compatible because OpenJDK is used (see [Prerequisites](https://www.openhab.org/docs/installation/#prerequisites) for known disadvantages). diff --git a/debian/Dockerfile b/debian/Dockerfile index 07b0d609..0a10f5f2 100644 --- a/debian/Dockerfile +++ b/debian/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:12.0-slim +FROM debian:11.7-slim ARG BUILD_DATE ARG VCS_REF @@ -50,6 +50,7 @@ RUN apt-get update && \ locales \ locales-all \ netbase \ + openjdk-${JAVA_VERSION}-jre-headless \ procps \ tini \ unzip \ @@ -61,18 +62,9 @@ RUN apt-get update && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* -# Install java # Limit JDK crypto policy by default to comply with local laws which may prohibit use of unlimited strength cryptography -RUN wget -nv -O - https://packages.adoptium.net/artifactory/api/gpg/key/public | tee /usr/share/keyrings/adoptium.asc && \ - echo "deb [signed-by=/usr/share/keyrings/adoptium.asc] https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | tee /etc/apt/sources.list.d/adoptium.list && \ - apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y temurin-${JAVA_VERSION}-jdk && \ - JAVA_HOME=$(ls -d /usr/lib/jvm/*jdk*) && \ - sed -i 's/^crypto.policy=unlimited/crypto.policy=limited/' "${JAVA_HOME}/conf/security/java.security" && \ - rm "${JAVA_HOME}/src.zip" && \ - rm "${JAVA_HOME}/lib/src.zip" && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* +RUN JAVA_HOME=$(ls -d /usr/lib/jvm/*jdk* | tail -n 1) && \ + sed -i 's/^crypto.policy=unlimited/crypto.policy=limited/' "${JAVA_HOME}/conf/security/java.security" # Install openHAB # Set permissions for openHAB. Export TERM variable. See issue #30 for details! diff --git a/debian/entrypoint b/debian/entrypoint index 81732c75..5121046d 100755 --- a/debian/entrypoint +++ b/debian/entrypoint @@ -4,7 +4,7 @@ interactive=$(if test -t 0; then echo true; else echo false; fi) set -eux -o pipefail ${EXTRA_SHELL_OPTS-} IFS=$'\n\t' -export JAVA_HOME=$(ls -d /usr/lib/jvm/*jdk*) +export JAVA_HOME=$(ls -d /usr/lib/jvm/*jdk* | tail -n 1) # Configure Java unlimited strength cryptography if [ "${CRYPTO_POLICY}" = "unlimited" ]; then @@ -12,10 +12,6 @@ if [ "${CRYPTO_POLICY}" = "unlimited" ]; then sed -i 's/^crypto.policy=limited/crypto.policy=unlimited/' "${JAVA_HOME}/conf/security/java.security" fi -# Make sure the Adoptium cacerts are populated -# p11-kit cannot find any modules during the linux/arm/v7 build -/etc/ca-certificates/update.d/adoptium-cacerts - # Set capabilities when available for add-ons using Pcap4J if capsh --print | grep -E 'Current:.+,cap_net_admin,cap_net_raw,.+' >/dev/null; then setcap cap_net_raw,cap_net_admin=eip "${JAVA_HOME}/bin/java"