When executing the following command in a Dockerfile, the following SSL-related error is generated. This did not happen in the previous version of the image.
Working version of the image: sha256:c341377d25a63d3eaf3c6c896cda9d58d24f22be8707bca78dd67cc50199942a
Broken version of the image: sha256:44e7257d3763f801c5987d27b1a1ad3271c924771a56d9336e8c862362cacffc
Dockerfile:
FROM amazoncorretto:8-alpine as builder
RUN apk update && apk add maven
COPY ./pom.xml ./pom.xml
COPY ./settings.xml /root/settings.xml
RUN mvn dependency:go-offline -T1000 -Dmaven.wagon.http.ssl.insecure=true -Dmaven.test.skip=true -s ~/settings.xml --batch-mode
Error:
#10 21.24 [ERROR] Failed to execute goal on project PROJECT:
Could not resolve dependencies for project PROJECT:jar:0.0.1:
Failed to collect dependencies at DEPENDENCY_java-models:jar:1.7.27:
Failed to read artifact descriptor for DEPENDENCY_java-models:jar:1.7.27:
The following artifacts could not be resolved: DEPENDENCY_java-models:pom:1.7.27 (absent):
Could not transfer artifact DEPENDENCY_java-models:pom:1.7.27 from/to maven-public (https://INTERNAL_SONATYPE_INSTANCE/repository/maven-public/):
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]
The SSL Certificate for our internal sonatype instance is valid:
openssl s_client -connect INTERNAL_SONATYPE_INSTANCE:443 | openssl x509 -noout -text 2>/dev/null | rg -i "Not "
Not Before: Jan 16 23:05:22 2023 GMT
Not After : Feb 17 00:05:22 2024 GMT
To Reproduce
See docker image and digests above. A Maven project will be needed to install.
Expected behavior
SSL errors should not be generated, and if they are, the maven flags should lead to them being ignored.
Platform information
Repository: dockerhub
Image tag: 8-alpine (amd64 and arm64)
Describe the bug
When executing the following command in a Dockerfile, the following SSL-related error is generated. This did not happen in the previous version of the image.
Working version of the image:
sha256:c341377d25a63d3eaf3c6c896cda9d58d24f22be8707bca78dd67cc50199942aBroken version of the image:sha256:44e7257d3763f801c5987d27b1a1ad3271c924771a56d9336e8c862362cacffcDockerfile:
Error:
The SSL Certificate for our internal sonatype instance is valid:
To Reproduce
See docker image and digests above. A Maven project will be needed to install.
Expected behavior
SSL errors should not be generated, and if they are, the maven flags should lead to them being ignored.
Platform information
Repository:
dockerhubImage tag:8-alpine(amd64andarm64)Additional context
This issue appears to be related: https://github.com/corretto/corretto-8/issues/451 This commit appears to be the cause: https://github.com/corretto/corretto-docker/commit/f379e16590ae6a8c15df6982aecbb0bab6b6fe38