Having some difficult time to update the sonarqube from version 9.8 to 9.9.1, the cacerts are located on the correct location for the both versions but for some reason it says during the build (No such file or directory) when building the version 9.9.1.
The Docker file for version 9.8
FROM sonarqube:9.8-developer
SHELL ["/bin/bash", "-c"]
COPY ./cert/* /tmp/
# Import certs
RUN keytool -import -v -trustcacerts -alias my_ca -file /tmp/rootCert.pem \
-keystore /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts -noprompt -storepass changeit
RUN keytool -import -v -trustcacerts -alias my_ca_intermediate -file /tmp/rootca-intermediate.pem \
-keystore /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts -noprompt -storepass changeit
COPY ./sonar.properties /opt/sonarqube/conf/
Successfully built as shown on the logs below
$ docker build -t sonar98-troubleshooting:9.8-developer-troubleshooting --no-cache .
[+] Building 6.4s (10/10) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 561B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/sonarqube:9.8-developer 2.3s
=> CACHED [1/5] FROM docker.io/library/sonarqube:9.8-developer@sha256:a73ecba149df1ebb84f0dc483657ab6cdcf8ed5c6cb72964630fb12b043ccc9c 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 147B 0.0s
=> [2/5] COPY ./cert/* /tmp/ 0.1s
=> [3/5] RUN keytool -import -v -trustcacerts -alias my_ca -file /tmp/rootCert.pem -keystore /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts -noprompt -storepass changeit 1.9s
=> [4/5] RUN keytool -import -v -trustcacerts -alias my_ca_intermediate -file /tmp/rootca-intermediate.pem -keystore /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts -noprompt -storepass changei 1.6s
=> [5/5] COPY ./sonar.properties /opt/sonarqube/conf/ 0.1s
=> exporting to image 0.2s
=> => exporting layers 0.1s
=> => writing image sha256:7abe6db583cd18026362198924549c806c1ce36def7b46796c6e8f613c97bb1f 0.0s
=> => naming to docker.io/library/sonar98-troubleshooting:9.8-developer-troubleshooting
The Docker file for version 9.9.1
FROM sonarqube:9.9.1-developer
SHELL ["/bin/bash", "-c"]
COPY ./cert/* /tmp/
# Import certs
RUN keytool -import -v -trustcacerts -alias my_ca -file /tmp/rootCert.pem \
-keystore /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts -noprompt -storepass changeit
RUN keytool -import -v -trustcacerts -alias my_ca_intermediate -file /tmp/rootca-intermediate.pem \
-keystore /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts -noprompt -storepass changeit
COPY ./sonar.properties /opt/sonarqube/conf/
Showing error during build even the "/usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts" is a valid location/file. As shown on the logs below
$ docker build -t sonar991-troubleshooting:9.9.1-developer-troubleshooting --no-cache .
[+] Building 3.1s (7/9)
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 563B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/sonarqube:9.9.1-developer 1.0s
=> [internal] load build context 0.0s
=> => transferring context: 147B 0.0s
=> CACHED [1/5] FROM docker.io/library/sonarqube:9.9.1-developer@sha256:d231773f02bf99229353792408e96ad75c537d0f93ce66f67dcd61dc9e2e40d9 0.0s
=> [2/5] COPY ./cert/* /tmp/ 0.1s
=> ERROR [3/5] RUN keytool -import -v -trustcacerts -alias my_ca -file /tmp/rootCert.pem -keystore /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts -noprompt -storepass changeit 1.8s
------
> [3/5] RUN keytool -import -v -trustcacerts -alias my_ca -file /tmp/rootCert.pem -keystore /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts -noprompt -storepass changeit:
#7 1.451 Certificate was added to keystore
#7 1.451 [Storing /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts]
#7 1.777 keytool error: java.io.FileNotFoundException: /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts (No such file or directory)
#7 1.778 java.io.FileNotFoundException: /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts (No such file or directory)
#7 1.781 at java.base/java.io.FileOutputStream.open0(Native Method)
#7 1.781 at java.base/java.io.FileOutputStream.open(Unknown Source)
#7 1.782 at java.base/java.io.FileOutputStream.<init>(Unknown Source)
#7 1.783 at java.base/java.io.FileOutputStream.<init>(Unknown Source)
#7 1.783 at java.base/sun.security.tools.keytool.Main.doCommands(Unknown Source)
#7 1.783 at java.base/sun.security.tools.keytool.Main.run(Unknown Source)
#7 1.783 at java.base/sun.security.tools.keytool.Main.main(Unknown Source)
At first you should use environment variables for JAVA_HOME. In my installation the keystore is found at /opt/java/openjdk/lib/security/cacerts
I had another problem with that keystore. My problem was that I had no permissions to add certificates to the keystore file.
USER root
RUN keytool -import -v -trustcacerts -alias ipa -file /tmp/ca-cert.pem \
-keystore /${JAVA_HOME}/lib/security/cacerts -noprompt -storepass changeit