From af86b7e587a0f7b1e16e5c466ea57824d8b70ac4 Mon Sep 17 00:00:00 2001 From: Will Mooreston Date: Wed, 26 Nov 2025 15:30:43 -0800 Subject: [PATCH 1/3] testing java 25 updates --- Dockerfile | 18 ++++++++---------- Makefile | 2 +- README.md | 6 +++--- quickstart_envs.sh | 2 +- 4 files changed, 13 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index ec7b56a..8400625 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ # main eclipse-temurin jre, which is debian-based ARG FROM_REPO_IMAGE=eclipse-temurin -ARG FROM_TAG=17-jre-noble +ARG FROM_TAG=25-jre-noble # uncomment for alpine-based eclipse-temurin jre -# ARG FROM_TAG=17-jre-alpine +# ARG FROM_TAG=25-jre-alpine FROM ${FROM_REPO_IMAGE}:${FROM_TAG} AS base @@ -151,20 +151,18 @@ RUN [ -n "${DEBUG}" ] && set -x; \ openssl \ gettext-base=0.21-14ubuntu2 \ unzip=6.0-28ubuntu4.1 \ + wget=1.21.4-1ubuntu4.1 \ ; \ if [ -n "${DEBUG}" ]; then \ - # next 2 lines are to get postgres15 to install on ubuntu 22.04 - echo "deb http://apt.postgresql.org/pub/repos/apt $(grep VERSION_CODENAME /etc/os-release | cut -d "=" -f2)-pgdg main" > /etc/apt/sources.list.d/pgdg.list; \ - wget -qO- https://www.postgresql.org/media/keys/ACCC4CF8.asc | tee /etc/apt/trusted.gpg.d/pgdg.asc > /dev/null 2>&1; \ apt-get update; \ apt-get -yq --no-install-recommends install \ - iputils-ping=3:20240117-1build1 \ + iputils-ping=3:20240117-1ubuntu0.1 \ less=590-2ubuntu2.1 \ netcat-traditional=1.10-48 \ - postgresql-client-16=16.6-0ubuntu0.24.04.1 \ - sudo=1.9.15p5-3ubuntu5 \ - tree=2.1.1-2ubuntu3 \ - vim=2:9.1.0016-1ubuntu7.5 \ + postgresql-client-16=16.10-0ubuntu0.24.04.1 \ + sudo=1.9.15p5-3ubuntu5.24.04.1 \ + tree=2.1.1-2ubuntu3.24.04.2 \ + vim=2:9.1.0016-1ubuntu7.9 \ ; \ fi; \ apt-get -yq upgrade; \ diff --git a/Makefile b/Makefile index 85a85cf..e920b21 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ endif DEBUG ?= -FROM_TAG ?= 17-jre-noble +FROM_TAG ?= 25-jre-noble CACHE_FLAG ?= --no-cache diff --git a/README.md b/README.md index ba30874..fa37c92 100644 --- a/README.md +++ b/README.md @@ -147,14 +147,14 @@ Setting `DEBUG` to any value will suffice: `docker build ... --build-arg DEBUG=1 The `Dockerfile` currently supports 2 base-container operating systems, Alpine Linux and Debian-based Linux, both of which originate from `eclipse-temurin`. Debian-based Linux deployments are much more thoroughly tested. Toggling between the two or overriding them can be achieved by changing the `FROM_TAG` Docker build arg. The `Dockerfile` provides 2 examples: - debian-based - - FROM_TAG=17-jre + - FROM_TAG=25-jre - alpine-based - - FROM_TAG=17-jre-alpine + - FROM_TAG=25-jre-alpine | name | purpose | default | | --------------- | ------------------------------------------------------ | ------------------------ | | FROM_REPO_IMAGE | Docker repository & image to use as basis of container | `eclipse-temurin` | -| FROM_TAG | repository tag to use as basis of container | `17-jre` | +| FROM_TAG | repository tag to use as basis of container | `25-jre` | | LABKEY_HOME | The Docker WORKDIR and top level under which all LabKey-related files are nested | `/labkey` | | BUILD_REMOTE_TAG | allows for alternate remote tags during `make tag` and `make push` | [BUILD_REPO_URI]/labkey/community:[LABKEY_VERSION] | diff --git a/quickstart_envs.sh b/quickstart_envs.sh index 86494ce..a61bc59 100644 --- a/quickstart_envs.sh +++ b/quickstart_envs.sh @@ -3,7 +3,7 @@ # example minimal set of environment variables to get started - see readme for additional envs you may wish to set # embedded tomcat LabKey .jar version to build container with -export LABKEY_VERSION="25.11" +export LABKEY_VERSION="25.12" # minimal SMTP settings export SMTP_HOST="localhost" From c6ab801e4ebdc5f3bee7ae376c809aa1ebe99121 Mon Sep 17 00:00:00 2001 From: Will Mooreston Date: Fri, 5 Dec 2025 12:54:47 -0800 Subject: [PATCH 2/3] remove cipher settings that are included in jar with 26.1 --- Dockerfile | 4 ---- README.md | 3 --- application.properties | 5 ----- docker-compose.yml | 4 ---- quickstart_envs.sh | 2 +- 5 files changed, 1 insertion(+), 17 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8400625..8f10ece 100644 --- a/Dockerfile +++ b/Dockerfile @@ -77,10 +77,6 @@ ENV DEBUG="${DEBUG}" \ TOMCAT_KEYSTORE_FORMAT="PKCS12" \ TOMCAT_KEYSTORE_ALIAS="tomcat" \ \ - TOMCAT_SSL_CIPHERS="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!EDH:!DHE:!DH:!CAMELLIA:!ARIA:!AESCCM:!SHA:!CHACHA20" \ - TOMCAT_SSL_ENABLED_PROTOCOLS="TLSv1.3,TLSv1.2" \ - TOMCAT_SSL_PROTOCOL="TLS" \ - \ TOMCAT_ENABLE_ACCESS_LOG="" ENV CERT_C="US" \ diff --git a/README.md b/README.md index fa37c92..b6f9b7a 100644 --- a/README.md +++ b/README.md @@ -248,9 +248,6 @@ The `CERT_*` ENVs should look familiar to anyone that has used the `openssl` com | TOMCAT_KEYSTORE_ALIAS | self-signed cert/keystore "alias" | `tomcat` | | TOMCAT_KEYSTORE_FILENAME | self-signed cert/keystore filename | `labkey.p12` | | TOMCAT_KEYSTORE_FORMAT | self-signed cert/keystore format | `PKCS12` | -| TOMCAT_SSL_CIPHERS | allowable SSL ciphers for use by tomcat | `HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!EDH:!DHE:!DH:!CAMELLIA:!ARIA:!AESCCM:!SHA:!CHACHA20` | -| TOMCAT_SSL_ENABLED_PROTOCOLS | allowable SSL protocols and versions | `TLSv1.3,TLSv1.2` | -| TOMCAT_SSL_PROTOCOL | basic SSL protocol to use | `TLS` | | CERT_C | "Country" value for the generated self-signed cert | `US` | | CERT_CN | "Common Name" value for the generated self-signed cert | `localhost` | | CERT_L | "Location" value for the generated self-signed cert | `Seattle` | diff --git a/application.properties b/application.properties index 95160d5..6e9108d 100644 --- a/application.properties +++ b/application.properties @@ -113,11 +113,6 @@ server.http2.enabled=true server.ssl.enabled=true -server.ssl.ciphers=${TOMCAT_SSL_CIPHERS} -server.ssl.enabled-protocols=${TOMCAT_SSL_ENABLED_PROTOCOLS} -server.ssl.protocol=${TOMCAT_SSL_PROTOCOL} - - # must match values in entrypoint.sh server.ssl.key-alias=${TOMCAT_KEYSTORE_ALIAS} server.ssl.key-store=${LABKEY_HOME}/${TOMCAT_KEYSTORE_FILENAME} diff --git a/docker-compose.yml b/docker-compose.yml index f56b76a..dadad2d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -27,7 +27,6 @@ services: # - LABKEY_SYSTEM_DESCRIPTION=Sirius Cybernetics Corporation # - TOMCAT_ENABLE_ACCESS_LOG=1 - - TOMCAT_SSL_CIPHERS=${TOMCAT_SSL_CIPHERS:-HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!EDH:!DHE:!DH:!CAMELLIA:!ARIA:!AESCCM:!SHA:!CHACHA20} - LOG_LEVEL_SPRING_WEB=INFO - LOG_LEVEL_TOMCAT=DEBUG - LOG_LEVEL_DEFAULT=DEBUG @@ -140,7 +139,6 @@ services: # - LABKEY_SYSTEM_DESCRIPTION=Sirius Cybernetics Corporation # - TOMCAT_ENABLE_ACCESS_LOG=1 - - TOMCAT_SSL_CIPHERS=${TOMCAT_SSL_CIPHERS:-HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!EDH:!DHE:!DH:!CAMELLIA:!ARIA:!AESCCM:!SHA:!CHACHA20} - LOG_LEVEL_SPRING_WEB=INFO - LOG_LEVEL_TOMCAT=DEBUG - LOG_LEVEL_DEFAULT=DEBUG @@ -251,7 +249,6 @@ services: # - LABKEY_SYSTEM_DESCRIPTION=Sirius Cybernetics Corporation # - TOMCAT_ENABLE_ACCESS_LOG=1 - - TOMCAT_SSL_CIPHERS=${TOMCAT_SSL_CIPHERS:-HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!EDH:!DHE:!DH:!CAMELLIA:!ARIA:!AESCCM:!SHA:!CHACHA20} - LOG_LEVEL_SPRING_WEB=INFO - LOG_LEVEL_TOMCAT=DEBUG - LOG_LEVEL_DEFAULT=DEBUG @@ -363,7 +360,6 @@ services: # - LABKEY_SYSTEM_DESCRIPTION=Sirius Cybernetics Corporation # - TOMCAT_ENABLE_ACCESS_LOG=1 - - TOMCAT_SSL_CIPHERS=${TOMCAT_SSL_CIPHERS:-HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!EDH:!DHE:!DH:!CAMELLIA:!ARIA:!AESCCM:!SHA:!CHACHA20} - LOG_LEVEL_SPRING_WEB=INFO - LOG_LEVEL_TOMCAT=DEBUG - LOG_LEVEL_DEFAULT=DEBUG diff --git a/quickstart_envs.sh b/quickstart_envs.sh index a61bc59..0f3f197 100644 --- a/quickstart_envs.sh +++ b/quickstart_envs.sh @@ -3,7 +3,7 @@ # example minimal set of environment variables to get started - see readme for additional envs you may wish to set # embedded tomcat LabKey .jar version to build container with -export LABKEY_VERSION="25.12" +export LABKEY_VERSION="26.1" # minimal SMTP settings export SMTP_HOST="localhost" From 72964d7bd44e376bd8064dc91bc0859730a66a7d Mon Sep 17 00:00:00 2001 From: Will Mooreston Date: Fri, 5 Dec 2025 16:43:51 -0800 Subject: [PATCH 3/3] add check for env var AWS_ACCESS_KEY_ID before running aws commands --- Makefile | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index e920b21..108ac17 100644 --- a/Makefile +++ b/Makefile @@ -18,8 +18,13 @@ IDENT ?= labkey PULL_TAG ?= latest -AWS_ACCOUNT_ID ?= $(shell aws sts get-caller-identity | jq -r '.Account' | grep -E '[0-9]{12}' || exit 1) -AWS_REGION ?= $(shell aws configure get region || exit 1) +ifeq ($(AWS_ACCESS_KEY_ID),) + AWS_ACCOUNT_ID=123456789 + AWS_REGION=us-west-2 +else + AWS_ACCOUNT_ID ?= $(shell aws sts get-caller-identity | jq -r '.Account' | grep -E '[0-9]{12}' || exit 1) + AWS_REGION ?= $(shell aws configure get region || exit 1) +endif LABKEY_VERSION ?= 21.5-SNAPSHOT LABKEY_DISTRIBUTION ?= community