To whom it may concern, Would it be possible to switch to the ubi9/OpenJDK-11 image instead of the one use at the moment. Security wise it receives more updates then the one already being used. I can do all the plumbing for making it work.
An example: ```Dockerfile # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. # ARG IMAGE_NAME=ubi9/openjdk-11 ARG IMAGE_TAG=latest ARG IMAGE_REGISTRY=registry.access.redhat.com FROM ${IMAGE_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} ARG MAINTAINER="Apache NiFi <dev@nifi.apache.org>" LABEL maintainer="${MAINTAINER}" LABEL site="https://nifi.apache.org"; ARG UID=1001 ARG GID=1001 ARG NIFI_VERSION=1.21.0 ARG BASE_URL=https://archive.apache.org/dist ARG MIRROR_BASE_URL=${MIRROR_BASE_URL:-${BASE_URL}} ARG DISTRO_PATH=${DISTRO_PATH:-${NIFI_VERSION}} ARG NIFI_BINARY_PATH=${NIFI_BINARY_PATH:-/nifi/${DISTRO_PATH}/nifi-${NIFI_VERSION}-bin.zip} ARG NIFI_TOOLKIT_BINARY_PATH=${NIFI_TOOLKIT_BINARY_PATH:-/nifi/${DISTRO_PATH}/nifi-toolkit-${NIFI_VERSION}-bin.zip} ENV NIFI_BASE_DIR=/opt/nifi ENV NIFI_HOME ${NIFI_BASE_DIR}/nifi-current ENV NIFI_TOOLKIT_HOME ${NIFI_BASE_DIR}/nifi-toolkit-current ENV NIFI_PID_DIR=${NIFI_HOME}/run ENV NIFI_LOG_DIR=${NIFI_HOME}/logs ADD sh/ ${NIFI_BASE_DIR}/scripts/ USER root RUN chmod -R +x ${NIFI_BASE_DIR}/scripts/*.sh # Setup NiFi user and create necessary directories # xmlstarlet could be installed by the official way by having a subscribed RHEL9 host that runs the build (you get free dev licenses) # or we could install the CentOS Stream 9 Appstream version (more hacky) # See http://fr2.rpmfind.net/linux/RPM/centos-stream/9/appstream/aarch64/xmlstarlet-1.6.1-20.el9.aarch64.html RUN groupadd -g ${GID} nifi || groupmod -n nifi `getent group ${GID} | cut -d: -f1` \ && useradd --shell /bin/bash -u ${UID} -g ${GID} -m nifi \ && mkdir -p ${NIFI_BASE_DIR} \ && chown -R nifi:nifi ${NIFI_BASE_DIR} \ && microdnf install -y jq procps unzip \ && microdnf clean all RUN chown -R :0 ${NIFI_BASE_DIR} \ && chmod -R g+rwX ${NIFI_BASE_DIR} USER 1001 # Download, validate, and expand Apache NiFi Toolkit binary. RUN curl -fSL ${MIRROR_BASE_URL}/${NIFI_TOOLKIT_BINARY_PATH} -o ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip \ && echo "$(curl ${BASE_URL}/${NIFI_TOOLKIT_BINARY_PATH}.sha256) *${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip" | sha256sum -c - \ && unzip ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip -d ${NIFI_BASE_DIR} \ && rm ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION}-bin.zip \ && mv ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION} ${NIFI_TOOLKIT_HOME} \ && ln -s ${NIFI_TOOLKIT_HOME} ${NIFI_BASE_DIR}/nifi-toolkit-${NIFI_VERSION} # Download, validate, and expand Apache NiFi binary. RUN curl -fSL ${MIRROR_BASE_URL}/${NIFI_BINARY_PATH} -o ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip \ && echo "$(curl ${BASE_URL}/${NIFI_BINARY_PATH}.sha256) *${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip" | sha256sum -c - \ && unzip ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip -d ${NIFI_BASE_DIR} \ && rm ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION}-bin.zip \ && mv ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION} ${NIFI_HOME} \ && mkdir -p ${NIFI_HOME}/conf \ && mkdir -p ${NIFI_HOME}/database_repository \ && mkdir -p ${NIFI_HOME}/flowfile_repository \ && mkdir -p ${NIFI_HOME}/content_repository \ && mkdir -p ${NIFI_HOME}/provenance_repository \ && mkdir -p ${NIFI_HOME}/state \ && mkdir -p ${NIFI_LOG_DIR} \ && ln -s ${NIFI_HOME} ${NIFI_BASE_DIR}/nifi-${NIFI_VERSION} VOLUME ${NIFI_LOG_DIR} \ ${NIFI_HOME}/conf \ ${NIFI_HOME}/database_repository \ ${NIFI_HOME}/flowfile_repository \ ${NIFI_HOME}/content_repository \ ${NIFI_HOME}/provenance_repository \ ${NIFI_HOME}/state # Clear nifi-env.sh in favour of configuring all environment variables in the Dockerfile RUN echo "#!/bin/sh\n" > $NIFI_HOME/bin/nifi-env.sh # Web HTTP(s) & Socket Site-to-Site Ports EXPOSE 8080 8443 10000 8000 WORKDIR ${NIFI_HOME} # Apply configuration and start NiFi # # We need to use the exec form to avoid running our command in a subshell and omitting signals, # thus being unable to shut down gracefully: # https://docs.docker.com/engine/reference/builder/#entrypoint # # Also we need to use relative path, because the exec form does not invoke a command shell, # thus normal shell processing does not happen: # https://docs.docker.com/engine/reference/builder/#exec-form-entrypoint-example ENTRYPOINT ["../scripts/start.sh"] ``` Cheers Christian
