[CIAM-1757] On each arch remove JDK 1.8 rpms if present (since using JDK 11 already)

Thanks to Alex for suggestions on how to simplify the 'rpm -qa' statements

Signed-off-by: Jan Lieskovsky <[email protected]>

Author: Jan Lieskovsky

image.yaml

@@ -124,18 +124,17 @@ modules:
           - name: openshift-layer
           - name: keycloak-layer
 
-          # Various SSO image pre-launch checks to prevent regressions
-          - name: sso-pre-launch-checks
-
-          # This needs to be the very last, after all updates to standalone-openshift.xml have been done. See eg. https://access.redhat.com/solutions/3402171 for use
+          # The extensions module can be called only after all updates to standalone-openshift.xml have been done.
+          # See eg. https://access.redhat.com/solutions/3402171 for details how to use
           - name: sso-cli-extensions
 
-          # Actions performed by the 'sso-rm-openjdk' module shouldn't be needed for RHEL-8 UBI Minimal
-          # derived images already. But it's kept & called here for any case, so RPMs belonging to
-          # counterpart JVM aren't left in the image by an accident
+          # Ensure RPMs belonging to counterpart JVM are removed
           - name: sso-rm-openjdk
             version: *jdk_version
 
+          # Various SSO image pre-launch checks to prevent regressions
+          - name: sso-pre-launch-checks
+
 packages:
       manager: microdnf
       content_sets_file: content_sets.yaml

modules/sso/sso-pre-launch-checks/added/sso_image_pre_launch_checks.sh

@@ -9,6 +9,7 @@ source "${JBOSS_HOME}/bin/launch/logging.sh"
 function postConfigure() {
   verify_CVE_2020_10695_fix_present
   verify_KEYCLOAK_16736_fix_present
+  verify_CIAM_1757_fix_present
 }
 
 # KEYCLOAK-13585 / RH BZ#1817530 / CVE-2020-10695:
@@ -40,10 +41,10 @@ function verify_KEYCLOAK_16736_fix_present() {
   # regardless of the particular image release
   # shellcheck disable=SC2061
   # shellcheck disable=SC2086
-  local -r ssoImageDockerfile=$(find /root/buildinfo -maxdepth 1 -type f -name Dockerfile-${JBOSS_IMAGE_NAME/\//-}-${JBOSS_IMAGE_VERSION}-*)
+  local -r ssoImageDockerfile=$(find /root/buildinfo -maxdepth 1 -type f -name Dockerfile-${JBOSS_IMAGE_NAME/\//-}-${JBOSS_IMAGE_VERSION}-* 2>/dev/null)
   local -r errorExitCode="1"
   # Throw an error if the image doesn't contain a Dockerfile we could check
-  if [ "x${ssoImageDockerfile}x" == "xx" ]
+  if [ -z "${ssoImageDockerfile}" ]
   then
     log_error "The specified Dockerfile: '${ssoImageDockerfile}' does not exist!"
     exit "${errorExitCode}"
@@ -60,3 +61,17 @@ function verify_KEYCLOAK_16736_fix_present() {
     exit "${errorExitCode}"
   fi
 }
+
+# CIAM-1757:
+#
+# Confirm JDK 1.8 rpms aren't present in the image, since using JDK 11 already
+#
+function verify_CIAM_1757_fix_present() {
+  local -r errorExitCode="1"
+  if [ -n "$(rpm --query --all name=java* version=1.8.0*)" ]
+  then
+    log_error "JDK 1.8 rpms detected in the image. It is recommended to uninstall them."
+    log_error "Cannot start the '${JBOSS_IMAGE_NAME}', version '${JBOSS_IMAGE_VERSION}'!"
+    exit "${errorExitCode}"
+  fi
+}

modules/sso/sso-rm-openjdk/11/configure.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env bash
 set -eu
 
 # Import RH-SSO global variables & functions to image build-time
@@ -15,3 +15,6 @@ if rpm -q ibm-semeru-open-11-jdk || rpm -q java-11-openj9-devel; then
         fi
     done
 fi
+
+# CIAM-1757: On each arch remove JDK 1.8 rpms if present (since using JDK 11 already)
+rpm --query --all name=java* version=1.8.0* | xargs rpm -e --nodeps