Closed myphsto closed 2 years ago
yosifkit
commented
2 years ago Yes, the source is still being updated but there are no "vanilla" binary builds available like there are for 8 and 11. We unfortunately cannot build from source here; it is very heavy and I think the standard is to also TCK test it, which we do not have access to.
eclipse-temurin does have multiple builds based on Ubuntu; which should be closest to a Debian base.
myphsto
commented
2 years ago Seems like Homebrew must be building it's pre-bottled binaries from source https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/openjdk@17.rb#L19 It's unfortunate this image can't support a LTS java version, somehow 8 and 11 are first class citizens still after all these years and we finally have a version that's going to be LTS for a while.
tianon
commented
2 years ago The builds for 8 and 11 are provided/sponsored by the Lead for the 8u and 11u projects directly -- we don't have anything similar for builds of 17, unfortunately, and building OpenJDK from source is just too much for us to consider providing, not to mention not having access to the TCK for validating our builds.
dlipofsky
commented
1 year ago @tianon Where did the current 17.0.2 come from? And is it possible to re-release 17.0.2 with updated underlying OS's to solve OS-level security issues?
tianon
commented
1 year ago It came from https://jdk.java.net/17/, as seen in https://github.com/docker-library/openjdk/commit/c2d5621a6e8b09611a2d2025c3f5226ae778e80a (if you expand the diffs).
You're welcome to try checking out 87352133c6e7e03310f992ca2827aa06df225f27 (the last commit to still contain the 17 directory) and try building it yourself, but with the caveat that we definitely don't support it (and neither Oracle or the OpenJDK project does either, hence us removing it), and it will not include 17.0.3 (which I understand included security fixes as well).
Something like the following might work, if you're willing to accept all those caveats:
docker build --pull https://github.com/docker-library/openjdk.git#87352133c6e7e03310f992ca2827aa06df225f27:17/jdk/oraclelinux8
dlipofsky
commented
1 year ago For anyone else looking for a solution, I was able to use eclipse-temurin:17.0.3_7-jre-focal which is based on ubuntu and therefore very similar to openjdk which uses debian. I used focal instead of jammy despite it being 2 years older because jammy has a weird issue with apt-get and I couldn't see an easy fix for it. Focal is still a LTS and has 3 years of support remaining and passed all my security scans (unlike openjdk).
Given 17 is the most recent LTS java version and the openjdk docker is the most widely used why was 17 removed while the other LTS releases remain?
Please add this back. I see the commit https://github.com/docker-library/openjdk/commit/c2d5621a6e8b09611a2d2025c3f5226ae778e80a mentions it was removed because there are no supported builds but 17 is still being updated here https://github.com/openjdk/jdk17u
While Corretto and others may seem like an option to replace this, they are not drop-in replacements for projects using openjdk docker images especially with Alpine where the cacerts are not linked to the standard location.