| ARG SSL_VARIANT=letsencrypt |
| ARG GERRIT_TAG=3.8.1 |
| |
| |
| FROM gerritcodereview/gerrit:${GERRIT_TAG} as gerrit_letsencrypt |
| |
| # Nothing to do |
| |
| |
| FROM gerritcodereview/gerrit:${GERRIT_TAG} as gerrit_selfsigned |
| |
| ONBUILD COPY --from=sourcearcade-nginx /etc/ssl/certs/sa-selfsigned.crt /var/gerrit/etc/ |
| ONBUILD RUN \ |
| keytool -importcert -alias sa-selfsigned -file /var/gerrit/etc/sa-selfsigned.crt \ |
| -keystore /var/gerrit/truststore -storepass uiaeuiae -noprompt && \ |
| rm /var/gerrit/etc/sa-selfsigned.crt |
| ONBUILD RUN \ |
| echo | keytool -importkeystore \ |
| -srckeystore /usr/lib/jvm/java-*/lib/security/cacerts \ |
| -destkeystore /var/gerrit/truststore \ |
| -deststorepass uiaeuiae -noprompt |
| |
| ONBUILD USER root |
| ONBUILD RUN \ |
| printf 'JAVA_OPTIONS="%s %s"\n' \ |
| -Djavax.net.ssl.trustStore=/var/gerrit/truststore \ |
| -Djavax.net.ssl.trustStorePassword=uiaeuiae >>/etc/default/gerritcodereview |
| |
| |
| FROM gerrit_${SSL_VARIANT} |
| |
| USER root |
| COPY gerrit/Dockerfile.entrypoint /privileged.sh |
| RUN chmod 544 /privileged.sh |
| COPY gerrit/Dockerfile.entrypoint-unprivileged /unprivileged.sh |
| RUN chmod 555 /unprivileged.sh |
| |
| ENTRYPOINT ["/bin/sh", "/privileged.sh"] |