docker · pcaskey · Jun 25, 2019 · Jun 12, 2019 · Jun 12, 2019 · Jun 13, 2019
diff --git a/Dockerfile b/Dockerfile
@@ -6,11 +6,11 @@ FROM centos:centos7
 #
 ##tomcat \
 ENV TOMCAT_MAJOR=9 \
-    TOMCAT_VERSION=9.0.19 \
+    TOMCAT_VERSION=9.0.21 \
 ##shib-idp \
     VERSION=3.4.4 \
 ##TIER \
-    TIERVERSION=20190502 \
+    TIERVERSION=20190601 \
 ################## \
 ### OTHER VARS ### \
 ################## \
@@ -19,7 +19,6 @@ ENV TOMCAT_MAJOR=9 \
     IMAGENAME=shibboleth_idp \
     MAINTAINER=tier \
 #java \
-    JAVA_HOME=/usr \
     JAVA_OPTS='-Xmx3000m' \
 #tomcat \
     CATALINA_HOME=/usr/local/tomcat
@@ -53,7 +52,7 @@ RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \
 
 # Install base deps
 RUN rm -fr /var/cache/yum/* && yum clean all && yum -y update && yum -y install --setopt=tsflags=nodocs epel-release && \
-    yum -y install net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim wget rsyslog cronie krb5-workstation openssl-devel wget supervisor && \
+    yum -y install net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim wget rsyslog cronie krb5-workstation openssl-devel wget supervisor fontconfig && \
     yum -y clean all && \
     mkdir -p /opt/tier && \
 # Install Trusted Certificates
@@ -70,18 +69,28 @@ RUN update-ca-trust extract
 # To keep it commented, keep multiple comments on the following line (to prevent other scripts from processing it).
 #####     ENV TIER_BEACON_OPT_OUT True
 
-
-# Install Zulu Java
-RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems \
-	&& curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo \
-	&& yum -y install zulu-8 && alternatives --install /usr/bin/java java $JAVA_HOME/bin/java 200000
-
+# Install Corretto Java JDK
+#Corretto download page: https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html
+ARG CORRETTO_RPM=java-1.8.0-amazon-corretto-devel-1.8.0_212.b04-2.x86_64.rpm
+ARG CORRETTO_URL_BASE=https://d3pxv6yz143wms.cloudfront.net/8.212.04.2
+COPY container_files/java-corretto/corretto-signing-key.pub .
+RUN curl -O $CORRETTO_URL_BASE/$CORRETTO_RPM \
+    && rpm --import corretto-signing-key.pub \
+    && rpm -K $CORRETTO_RPM \
+    && rpm -i $CORRETTO_RPM \
+    && rm -r corretto-signing-key.pub $CORRETTO_RPM
+ENV JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto
+
+# To use Zulu Java:
+#RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems \
+#	&& curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo \
+#	&& yum -y install zulu-8 && alternatives --install /usr/bin/java java $JAVA_HOME/bin/java 200000
 #install Zulu JCE
-RUN curl -o /tmp/ZuluJCEPolicies.zip https://cdn.azul.com/zcek/bin/ZuluJCEPolicies.zip \
-	&& cd /tmp && unzip -oj ZuluJCEPolicies.zip ZuluJCEPolicies/local_policy.jar -d $JAVA_HOME/lib/jvm/zulu-8/jre/lib/security/ \
-	&& unzip -oj ZuluJCEPolicies.zip ZuluJCEPolicies/US_export_policy.jar -d $JAVA_HOME/lib/jvm/zulu-8/jre/lib/security/ \
-	&& rm -rf /tmp/ZuluJCEPolicies.zip
-
+#RUN curl -o /tmp/ZuluJCEPolicies.zip https://cdn.azul.com/zcek/bin/ZuluJCEPolicies.zip \
+#	&& cd /tmp && unzip -oj ZuluJCEPolicies.zip ZuluJCEPolicies/local_policy.jar -d $JAVA_HOME/lib/jvm/zulu-8/jre/lib/security/ \
+#	&& unzip -oj ZuluJCEPolicies.zip ZuluJCEPolicies/US_export_policy.jar -d $JAVA_HOME/lib/jvm/zulu-8/jre/lib/security/ \
+#	&& rm -rf /tmp/ZuluJCEPolicies.zip
+#ENV JAVA_HOME=/usr \
 
 # To use Oracle java/JCE:
 #

diff --git a/container_files/java-corretto/corretto-signing-key.pub b/container_files/java-corretto/corretto-signing-key.pub
@@ -0,0 +1,20 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+mQENBFy7d2UBCADO3YKtB7/le47DP4R+x69bzQoAr/o/RI0YS4LRpj012VwlWdu5
+ttr4VJiS5r0d4QcOYrdHKULhkLeljvISODh+alpAW3S48k3XfTR9Fa1YugmGinkx
+Xg1aCrT6ap3UAmSGQOWPczajfPjosEYr757G+UPtDyeLho3MMTavDhTBzRcxnJWP
+0EXvXjkqeUHiKx4pc+qA3AA6hezKqGqOZvmoZxEqYWBEA2nBES2+PzY20lrDDT6j
+WWjfXJZYFyfEKBlWV5z967QPi6v70WwF3FzE9CQAzy60ATDOCC2PuTC1b/s5BVLg
+tATO6NtrcvnmhixtWPGLMGyXRDlrXi6APX7XABEBAAG0UkFtYXpvbiBTZXJ2aWNl
+cyBMTEMgKEFtYXpvbiBDb3JyZXRvIDguMjEyLjA0LjIgcmVsZWFzZSkgPGNvcnJl
+dHRvLXRlYW1AYW1hem9uLmNvbT6JAT8EEwECACkFAly7d2UCGy8FCQlmAYAHCwkI
+BwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRCl5PZH0EPoO2hYB/40AeZ4z78BKcni
+jAv/3y2Zp+n7PH2XyrTHXaJQoKEeR3EC9YKGVkwh3vLJY495Wm1uWoLv6fnhngM3
+6O5bH1pCSy14ib4xAzweIY9fRcjvpgjyXwwe4EgRhzHy41I3g07ym+SkNEE5lST3
+Oie/NJJDDmunovoE/e0a0NJe2pTYPd/DAjJIfdA1QUwcBNXD2nFWFpnrq5T5BFZu
+Cy5ih456G/PayPSmsG0JfDqSyWRRlrOGamsYy6ZaxsIrS92XGOlL8O3Y4wz6ELhP
+1sGRfI0AVZiOdcxpfuB15mNzgZOHc2rZh3HMxTKCNa13O+xkJEYm51f8cqc1RGmP
+XFjxUMQd
+=WyaZ
+-----END PGP PUBLIC KEY BLOCK-----