Open vlk-charles opened 3 weeks ago
See https://github.com/docker-library/docs/pull/2338#issuecomment-1593765498 for my opinions about that entrypoint (also, we support more than just eclipse-temurin
here, so it would be inconsistent behavior). There's some more recent in https://github.com/docker-library/docs/pull/2445#issuecomment-2137979552 and an even better / more generic proposal in https://github.com/adoptium/containers/issues/573.
Just FYI, this is what I am doing in my Dockerfile
now:
FROM tomcat:9.0-jdk8
ENTRYPOINT ["/__cacert_entrypoint.sh"]
CMD ["catalina.sh", "run"]
ENV USE_SYSTEM_CA_CERTS=1
...
and then if I want custom certificates at container run
time, I mount a volume over /usr/local/share/ca-certificates
(or /certificates
).
303 disabled the upstream entrypoint, which is
__cacert_entrypoint.sh
(at least ineclipse-temurin:8-jdk-jammy
). This script can help set up the Java truststore. Can the functionality be reintroduced? It seems to me like setting up the truststore before Tomcat start-up would be a common use case. The script even acknowledges and deals with the issue for which it was bypassed:However, I just found a recent change that switches this to
sh
again.