Nico Huber | f3c7125 | 2023-07-21 13:03:49 +0000 | [diff] [blame] | 1 | ARG SSL_VARIANT=letsencrypt |
Nico Huber | eb4c9d2 | 2023-07-21 13:44:38 +0000 | [diff] [blame^] | 2 | ARG GERRIT_TAG=3.8.1 |
Nico Huber | a1a296f | 2023-06-25 10:07:07 +0000 | [diff] [blame] | 3 | |
Nico Huber | f3c7125 | 2023-07-21 13:03:49 +0000 | [diff] [blame] | 4 | |
| 5 | FROM gerritcodereview/gerrit:${GERRIT_TAG} as gerrit_letsencrypt |
| 6 | |
| 7 | # Nothing to do |
| 8 | |
| 9 | |
| 10 | FROM gerritcodereview/gerrit:${GERRIT_TAG} as gerrit_selfsigned |
| 11 | |
| 12 | ONBUILD COPY --from=sourcearcade-nginx /etc/ssl/certs/sa-selfsigned.crt /var/gerrit/etc/ |
| 13 | ONBUILD RUN \ |
Nico Huber | a1a296f | 2023-06-25 10:07:07 +0000 | [diff] [blame] | 14 | keytool -importcert -alias sa-selfsigned -file /var/gerrit/etc/sa-selfsigned.crt \ |
| 15 | -keystore /var/gerrit/truststore -storepass uiaeuiae -noprompt && \ |
| 16 | rm /var/gerrit/etc/sa-selfsigned.crt |
Nico Huber | f3c7125 | 2023-07-21 13:03:49 +0000 | [diff] [blame] | 17 | ONBUILD RUN \ |
Nico Huber | a1a296f | 2023-06-25 10:07:07 +0000 | [diff] [blame] | 18 | echo | keytool -importkeystore \ |
| 19 | -srckeystore /usr/lib/jvm/java-*/lib/security/cacerts \ |
| 20 | -destkeystore /var/gerrit/truststore \ |
| 21 | -deststorepass uiaeuiae -noprompt |
| 22 | |
Nico Huber | f3c7125 | 2023-07-21 13:03:49 +0000 | [diff] [blame] | 23 | ONBUILD USER root |
| 24 | ONBUILD RUN \ |
Nico Huber | a1a296f | 2023-06-25 10:07:07 +0000 | [diff] [blame] | 25 | printf 'JAVA_OPTIONS="%s %s"\n' \ |
| 26 | -Djavax.net.ssl.trustStore=/var/gerrit/truststore \ |
| 27 | -Djavax.net.ssl.trustStorePassword=uiaeuiae >>/etc/default/gerritcodereview |
| 28 | |
Nico Huber | f3c7125 | 2023-07-21 13:03:49 +0000 | [diff] [blame] | 29 | |
| 30 | FROM gerrit_${SSL_VARIANT} |
| 31 | |
| 32 | USER root |
Nico Huber | a1a296f | 2023-06-25 10:07:07 +0000 | [diff] [blame] | 33 | COPY gerrit/Dockerfile.entrypoint /privileged.sh |
| 34 | RUN chmod 544 /privileged.sh |
| 35 | COPY gerrit/Dockerfile.entrypoint-unprivileged /unprivileged.sh |
| 36 | RUN chmod 555 /unprivileged.sh |
| 37 | |
| 38 | ENTRYPOINT ["/bin/sh", "/privileged.sh"] |