diff --git a/packaging/docker-alfresco/Dockerfile b/packaging/docker-alfresco/Dockerfile index ad6e7e8e2f..51538fc5a3 100644 --- a/packaging/docker-alfresco/Dockerfile +++ b/packaging/docker-alfresco/Dockerfile @@ -1,6 +1,5 @@ -# Fetch image based on Tomcat 9.0, Java 17 and Rocky Linux 8 # More infos about this image: https://github.com/Alfresco/alfresco-docker-base-tomcat -FROM alfresco/alfresco-base-tomcat:tomcat10-jre17-rockylinux8-202306291245 +FROM alfresco/alfresco-base-tomcat:tomcat10-jre17-rockylinux9@sha256:395664f9d9be0c9f73d3b722a58fd559ee7231609b263dfe19502617652740e3 # Set default docker_context. ARG resource_path=target @@ -14,6 +13,9 @@ ARG USERID=33000 # Set default environment args ARG TOMCAT_DIR=/usr/local/tomcat +# Needed for installation but make sure another USER directive is added after +# this with a non-root user +USER root # Create prerequisite to store tools and properties RUN mkdir -p ${TOMCAT_DIR}/shared/classes/alfresco/extension/mimetypes && \ @@ -61,13 +63,7 @@ RUN sed -i -e "s_appender.rolling.fileName\=alfresco.log_appender.rolling.fileNa sed -i -e "\$a\grant\ codeBase\ \"file:\$\{catalina.base\}\/webapps\/alfresco\/-\" \{\n\ permission\ java.security.AllPermission\;\n\};\ngrant\ codeBase\ \"file:\$\{catalina.base\}\/webapps\/_vti_bin\/-\" \{\n\ permission\ java.security.AllPermission\;\n\};\ngrant\ codeBase\ \"file:\$\{catalina.base\}\/webapps\/ROOT\/-\" \{\n\ permission org.apache.catalina.security.DeployXmlPermission \"ROOT\";\n\};" ${TOMCAT_DIR}/conf/catalina.policy # fontconfig is required by Activiti worflow diagram generator -# installing pinned dependencies as well -RUN yum install -y fontconfig-2.13.1-4.el8 \ - dejavu-fonts-common-2.35-7.el8 \ - fontpackages-filesystem-1.44-22.el8 \ - freetype-2.9.1-9.el8 \ - libpng-1.6.34-5.el8 \ - dejavu-sans-fonts-2.35-7.el8 && \ +RUN yum install -y fontconfig-2.14.0-2.el9_1 && \ yum clean all # The standard configuration is to have all Tomcat files owned by root with group GROUPNAME and whilst owner has read/write privileges,