From 33210686217b43fa53b3c4b17d76617f458c41d3 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 10 Jul 2019 10:18:37 -0500 Subject: [PATCH] Update Dockerfile --- Dockerfile | 59 +++++++++++++++++++++++++++--------------------------- 1 file changed, 30 insertions(+), 29 deletions(-) diff --git a/Dockerfile b/Dockerfile index 18be466..5dc82bd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,35 +1,42 @@ FROM mcr.microsoft.com/windows/servercore:ltsc2016 + #settings -#ENV JAVA_VERSION=8u171 -#ENV JAVA_BUNDLE_ID=233172_512cd62ec5174c3487ac17c61aaa89e8 -#ENV JAVA_INSTALL_FOLDER=jre1.8.0_171 ENV JAVA_OPTS='-Xmx3000m' ENV TOMCAT_MAJOR_VERSION=9 - -ENV TOMCAT_VERSION=9.0.19 - +ENV TOMCAT_VERSION=9.0.21 ENV CATALINA_HOME=c:\\Tomcat -ENV IDP_VERSION=3.4.3 -ENV TIERVERSION=20190401 -### -#ENV JAVA_INSTALL_CLI_STRING=INSTALLDIR=c:\\Java\\$JAVA_INSTALL_FOLDER -#below is for Zulu Java -ENV JAVA_HOME='c:\zulujava\zulu-8\' +ENV IDP_VERSION=3.4.4 +ENV TIERVERSION=20190701 + ### -ENV JAVA_INSTALL_FILENAME='zulu8.38.0.13-ca-jdk8.0.212-win_x64.msi' -#below is for Oracle Java +##below is for Corretto Java +ENV JAVA_HOME='C:\Program Files\Amazon Corretto\jdk1.8.0_212' +ENV CORRETTO_VERSION='8.212.04.2' +##below is for Zulu Java +#ENV JAVA_HOME='c:\zulujava\zulu-8\' +#ENV JAVA_INSTALL_FILENAME=zulu8.36.0.1-ca-jdk8.0.202-win_x64.msi +##below is for Oracle Java +#ENV JAVA_VERSION=8u171 +#ENV JAVA_BUNDLE_ID=233172_512cd62ec5174c3487ac17c61aaa89e8 +#ENV JAVA_INSTALL_FOLDER=jre1.8.0_171 #ENV JAVA_HOME=c:\\Java\\$JAVA_INSTALL_FOLDER + RUN powershell [Environment]::SetEnvironmentVariable('JAVA_HOME', '%JAVA_HOME%', [System.EnvironmentVariableTarget]::Machine ) ENV SHIB_INSTALL_FILE=C:\\shibboleth-identity-provider-$IDP_VERSION-x64.msi -ENV ENABLE_SEALER_KEY_ROTATION=True -###install Zulu Java -RUN powershell (new-object System.Net.WebClient).Downloadfile('https://cdn.azul.com/zulu/bin/%JAVA_INSTALL_FILENAME%', 'C:\%JAVA_INSTALL_FILENAME%') -RUN powershell If ((Get-FileHash C:\%JAVA_INSTALL_FILENAME% -Algorithm MD5).Hash.ToLower() -eq 'f586f922b8b707026272fa7566fbcce1') { ` \ - start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\%JAVA_INSTALL_FILENAME%','APPLICATIONROOTDIRECTORY=c:\zulujava','/qn' ` \ +###install Corretto Java +RUN powershell (new-object System.Net.WebClient).Downloadfile('https://d3pxv6yz143wms.cloudfront.net/%CORRETTO_VERSION%/amazon-corretto-%CORRETTO_VERSION%-1-windows-x64.msi', 'C:\corretto-java-%CORRETTO_VERSION%') +RUN powershell If ((Get-FileHash C:\corretto-java-%CORRETTO_VERSION% -Algorithm MD5).Hash.ToLower() -eq 'a030757f394ffdd73018e24e2ec1991f') { ` \ + start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\corretto-java-%CORRETTO_VERSION%','/qn' ` \ } Else { throw 'bad hash comparison on Zulu Java download' } -RUN del C:\%JAVA_INSTALL_FILENAME% +RUN del C:\corretto-java-%CORRETTO_VERSION% +###install Zulu Java +#RUN powershell (new-object System.Net.WebClient).Downloadfile('https://cdn.azul.com/zulu/bin/%JAVA_INSTALL_FILENAME%', 'C:\%JAVA_INSTALL_FILENAME%') +#RUN powershell If ((Get-FileHash C:\%JAVA_INSTALL_FILENAME% -Algorithm MD5).Hash.ToLower() -eq 'cf7825107dd71cd9a6455c2855838966') { ` \ +# start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\%JAVA_INSTALL_FILENAME%','APPLICATIONROOTDIRECTORY=c:\zulujava','/qn' ` \ +# } Else { throw 'bad hash comparison on Zulu Java download' } +#RUN del C:\%JAVA_INSTALL_FILENAME% ##install Oracle Java #RUN powershell (new-object System.Net.WebClient).Downloadfile('http://javadl.oracle.com/webapps/download/AutoDL?BundleId=%JAVA_BUNDLE_ID%', 'C:\jre-%JAVA_VERSION%-windows-x64.exe') @@ -58,7 +65,7 @@ RUN del C:\%JAVA_INSTALL_FILENAME% COPY container_files/config.ini c:\\config.ini RUN powershell (new-object System.Net.WebClient).Downloadfile('http://www.apache.org/dist/tomcat/tomcat-%TOMCAT_MAJOR_VERSION%/v%TOMCAT_VERSION%/bin/apache-tomcat-%TOMCAT_VERSION%.exe', 'C:\apache-tomcat-%TOMCAT_VERSION%.exe') RUN powershell If ((Get-FileHash C:\apache-tomcat-%TOMCAT_VERSION%.exe -Algorithm SHA512).Hash.ToLower() -eq ` \ - 'e4c9c0b1c9100d43373620e5ba3399663de7a96d8ceb53a3f697c00c1f5663bd381d4ae0bb45847dd0a72ea2eda40be3418e8d2a2fa9e272a3f76cfebe34ef2b') ` \ + '18bb722854b434d11e03e75c04254c095e92716a70d4159331685d4f472640bdb2662f1c013e99fd600112519d2a4ca76f9cf278a59e49ae37b1c76db6995d0d') ` \ { ` \ start-process -filepath C:\apache-tomcat-%TOMCAT_VERSION%.exe -passthru -wait -argumentlist '/S','/C=c:\config.ini','/D=c:\Tomcat' ` \ } Else { throw 'bad hash comparison on Tomcat download' } @@ -73,7 +80,7 @@ RUN rmdir /S /Q c:\Tomcat\webapps\docs && rmdir /S /Q c:\Tomcat\webapps\manager ##install Shibb RUN powershell (new-object System.Net.WebClient).Downloadfile('https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-%IDP_VERSION%-x64.msi', 'C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi') -RUN powershell If ((Get-FileHash C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi -Algorithm SHA1).Hash.ToLower() -eq '68b85b7d301a34e68b45724d978f71d0093e48ca') { ` \ +RUN powershell If ((Get-FileHash C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi -Algorithm SHA1).Hash.ToLower() -eq '821fdb7c178a247059142f8fbd6d7a895057e2fe') { ` \ start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi','/qn','INSTALLDIR=c:\opt\shibboleth-idp','NO_FIREWALL_EXCEPTION=true','DNSNAME=shibboleth.example.org','IDP_SCOPE=example.org' ` \ } Else { throw 'bad hash comparison on IdP download' } RUN del C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi @@ -85,9 +92,6 @@ RUN C:/opt/shibboleth-idp/bin/build.bat -noinput -S -q -Didp.target.dir=c:/opt/s #link IdP's war file to Tomcat RUN mklink c:\Tomcat\webapps\idp.war c:\opt\shibboleth-idp\war\idp.war -#copy sealer key rotation script -COPY container_files/rotateSealerKey.ps1 c:\\opt\\shibboleth-idp\\bin\\rotateSealerKey.ps1 - #copy TIER beacon script RUN mkdir c:\util RUN mkdir c:\opt\certs @@ -96,11 +100,9 @@ COPY container_files/sendtierbeacon.ps1 c:\\util #RUN powershell ($tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]) + ":" + ((Get-Random -Minimum 0 -Maximum 60) -as [string]) ; start-process -filepath schtasks -passthru -wait -argumentlist '/create','/tn','\"Send TIER Beacon\"','/tr','c:\util\sendtierbeacon.ps1','/sc','DAILY','/st',"$tm" #The line above is triggering an apprent bug in docker or windows core (essentially invalid XML), the 2 lines below are the workaround COPY container_files/TIER_Beacon_Task.xml c:\\TIER_Beacon_Task.xml -COPY container_files/Sealer_Key_Rotation_Task.xml c:\\Sealer_Key_Rotation_Task.xml RUN powershell schtasks /Create /XML c:\TIER_Beacon_Task.xml /TN 'TIER Beacon' ; $tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]).padleft(2,'0') + ':' + ((Get-Random -Minimum 0 -Maximum 60) -as [string]).padleft(2,'0') ; schtasks /Change /TN 'TIER Beacon' /ST $tm -RUN powershell schtasks /Create /XML c:\Sealer_Key_Rotation_Task.xml /TN 'Rotate IdP Sealer Key' ; $tm=(1 -as [string]).padleft(2,'0') + ':' + (0 -as [string]).padleft(2,'0') ; schtasks /Change /TN 'Rotate IdP Sealer Key' /ST $tm RUN del c:\TIER_Beacon_Task.xml -RUN del c:\Sealer_Key_Rotation_Task.xml + ################################################# ### Settings for a burned-in config (default) ### @@ -161,4 +163,3 @@ HEALTHCHECK --interval=2m --timeout=30s \ EXPOSE 443 CMD [ "cmd /c c:\\Tomcat\\bin\\catalina.bat run" ] -