Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update docker file for Oracle to import oracle-server.crt #2411

Open
wants to merge 1 commit into
base: panama-sdkv2-gdcv2
Choose a base branch
from

Conversation

Trianz-Akshay
Copy link
Contributor

Issue #, if available:
Oracle ssl issue : javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Description of changes:
Copied Java default cacerts to image location.
Installed oracle-server.crt in default truststore as it uses default truststore.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

COPY target/athena-oracle-2022.47.1.jar ${LAMBDA_TASK_ROOT}
# Unpack the jar
RUN jar xf athena-oracle-2022.47.1.jar
ENV JAVA_TOOL_OPTIONS="-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-11-openjdk/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't the truststorepassword be a variable that can be passed in?

@@ -1,9 +1,19 @@
FROM public.ecr.aws/lambda/java:11

# Copy function code and runtime dependencies from Maven layout
ENV JAVA_HOME=/usr/lib/jvm/java-11-openjdk
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should the JAVA_HOME be a variable to support additional JVMs?

@@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should not merge this PR with a cert like this. The user should provide the cert.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants