@@ -25,15 +25,15 @@ FROM cgr.dev/chainguard/wolfi-base AS builder
2525RUN apk update && apk upgrade
2626# Install dependencies needed for JRE
2727RUN apk add zlib libjpeg-turbo libpng lcms2 freetype ttf-dejavu fontconfig-config libfontconfig1 expat libuuid libbrotlicommon1 libbrotlidec1 libbrotlienc1 libcrypt1
28+ # Install latest CA certificates
29+ RUN apk add ca-certificates java-cacerts
2830# Install latest JRE
2931RUN apk add openjdk-8-jre
3032
3133# Use Chainguard distroless glibc base for dynamically linked libraries
3234FROM cgr.dev/chainguard/glibc-dynamic:latest
3335
3436# Copy over dependencies for updated JRE from Wolfi
35- COPY --from=builder /etc/ca-certificates /etc/ca-certificates
36- COPY --from=builder /etc/ca-certificates.conf /etc/ca-certificates.conf
3737COPY --from=builder /lib/libz.so.1 /lib/libz.so.1
3838COPY --from=builder /usr/lib/libjpeg.so.8 /usr/lib/libjpeg.so.8
3939COPY --from=builder /usr/lib/libturbojpeg.so.0 /usr/lib/libturbojpeg.so.0
@@ -52,6 +52,14 @@ COPY --from=builder /usr/lib/libbrotlicommon.so.1 /usr/lib/libbrotlicommon.so.1
5252COPY --from=builder /usr/lib/libbrotlidec.so.1 /usr/lib/libbrotlidec.so.1
5353COPY --from=builder /usr/lib/libbrotlienc.so.1 /usr/lib/libbrotlienc.so.1
5454
55+ # Copy over certificates for updated JRE from Wolfi
56+ COPY --from=builder /etc/ca-certificates /etc/ca-certificates
57+ COPY --from=builder /etc/ca-certificates.conf /etc/ca-certificates.conf
58+ COPY --from=builder /etc/apk/protected_paths.d/ca-certificates.list /etc/apk/protected_paths.d/ca-certificates.list
59+ COPY --from=builder /etc/ssl /etc/ssl
60+ COPY --from=builder /etc/pki /etc/pki
61+ COPY --from=builder /usr/share/ca-certificates /usr/share/ca-certificates
62+
5563# Copy over updated JRE from Wolfi
5664COPY --from=builder /usr/lib/jvm/java-1.8-openjdk /usr/lib/jvm/java-1.8-openjdk
5765
0 commit comments