├── documentation ├── .gitkeep └── resources │ ├── alternatives.md │ ├── certificate.md │ ├── jce.md │ ├── openjdk_pkg_install.md │ ├── openjdk_source_install.md │ ├── openjdk_install.md │ ├── corretto_install.md │ └── temurin_package_install.md ├── .tool-versions ├── .gitattributes ├── .rubocop.yml ├── test ├── integration │ ├── temurin_mirror │ │ └── inspec.yml │ ├── custom-package │ │ ├── inputs │ │ │ ├── openj9-11.yml │ │ │ ├── hotspot-11.yml │ │ │ ├── hotspot-8.yml │ │ │ └── openj9-large-heap-11.yml │ │ ├── inspec.yml │ │ └── controls │ │ │ └── verify_home.rb │ ├── temurin │ │ ├── inspec.yml │ │ └── controls │ │ │ └── verify_temurin.rb │ ├── openjdk │ │ ├── inspec.yml │ │ └── controls │ │ │ └── verify_openjdk.rb │ ├── corretto │ │ ├── inspec.yml │ │ └── controls │ │ │ └── verify_openjdk.rb │ └── openjdk_pkg │ │ ├── inspec.yml │ │ └── controls │ │ └── verify_openjdk.rb └── fixtures │ └── cookbooks │ └── test │ ├── recipes │ ├── corretto.rb │ ├── openjdk_pkg.rb │ ├── base.rb │ ├── temurin_pkg.rb │ ├── openjdk.rb │ └── java_cert.rb │ ├── files │ ├── UnlimitedSupportJCETest.jar │ ├── java_certificate_test.pem │ └── UnlimitedSupportJCETest.java │ └── metadata.rb ├── .github ├── CODEOWNERS ├── lock.yml ├── workflows │ ├── stale.yml │ └── ci.yml └── copilot-instructions.md ├── .mdlrc ├── templates ├── jdk.sh.erb └── jinfo.erb ├── .envrc ├── CODE_OF_CONDUCT.md ├── kitchen.exec.yml ├── Berksfile ├── resources ├── partial │ ├── _openjdk.rb │ ├── _common.rb │ ├── _java_home.rb │ ├── _linux.rb │ └── _macos.rb ├── openjdk_pkg_install.rb ├── openjdk_source_install.rb ├── corretto_install.rb ├── openjdk_install.rb ├── jce.rb ├── temurin_package_install.rb ├── alternatives.rb └── certificate.rb ├── TESTING.md ├── lefthook.yml ├── .vscode └── extensions.json ├── .markdownlint-cli2.yaml ├── CONTRIBUTING.md ├── .yamllint ├── .editorconfig ├── kitchen.windows.yml ├── bin ├── check_temurin_versions.sh └── check_java_versions.rb ├── renovate.json ├── libraries ├── certificate_helpers.rb ├── corretto_helpers.rb ├── temurin_helpers.rb ├── bin_cmd_helpers.rb └── openjdk_helpers.rb ├── .overcommit.yml ├── kitchen.macos.local.yml ├── .gitignore ├── spec ├── spec_helper.rb └── libraries │ ├── certificate_helpers_spec.rb │ ├── corretto_helpers_spec.rb │ └── openjdk_helpers_spec.rb ├── metadata.rb ├── kitchen.macos.yml ├── kitchen.global.yml ├── Dangerfile ├── chefignore ├── kitchen.dokken.yml ├── kitchen.yml ├── README.md ├── LICENSE └── CHANGELOG.md /documentation/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.tool-versions: -------------------------------------------------------------------------------- 1 | ruby system 2 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf 2 | -------------------------------------------------------------------------------- /.rubocop.yml: -------------------------------------------------------------------------------- 1 | require: 2 | - cookstyle 3 | -------------------------------------------------------------------------------- /test/integration/temurin_mirror/inspec.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @sous-chefs/maintainers 2 | -------------------------------------------------------------------------------- /.mdlrc: -------------------------------------------------------------------------------- 1 | rules "~MD036", "~MD013", "~MD024" 2 | -------------------------------------------------------------------------------- /templates/jdk.sh.erb: -------------------------------------------------------------------------------- 1 | export JAVA_HOME=<%= node['java']['java_home']%> 2 | -------------------------------------------------------------------------------- /.envrc: -------------------------------------------------------------------------------- 1 | use chefworkstation 2 | export KITCHEN_GLOBAL_YAML=kitchen.global.yml 3 | -------------------------------------------------------------------------------- /test/fixtures/cookbooks/test/recipes/corretto.rb: -------------------------------------------------------------------------------- 1 | corretto_install node['version'] 2 | 3 | include_recipe 'test::java_cert' 4 | -------------------------------------------------------------------------------- /test/integration/custom-package/inputs/openj9-11.yml: -------------------------------------------------------------------------------- 1 | --- 2 | variant: openj9 3 | java_version: 11.0.6 4 | java_home_dir: jdk-11.0.6+10 5 | -------------------------------------------------------------------------------- /test/integration/custom-package/inputs/hotspot-11.yml: -------------------------------------------------------------------------------- 1 | --- 2 | variant: hotspot 3 | java_version: 11.0.6 4 | java_home_dir: jdk-11.0.6+10 5 | -------------------------------------------------------------------------------- /test/integration/custom-package/inputs/hotspot-8.yml: -------------------------------------------------------------------------------- 1 | --- 2 | variant: hotspot 3 | java_version: 1.8.0_232 4 | java_home_dir: jdk8u232-b09 5 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Community Guidelines 2 | 3 | This project follows the Chef Community Guidelines 4 | -------------------------------------------------------------------------------- /kitchen.exec.yml: -------------------------------------------------------------------------------- 1 | --- 2 | driver: { name: exec } 3 | transport: { name: exec } 4 | 5 | platforms: 6 | - name: macos-latest 7 | - name: windows-latest 8 | -------------------------------------------------------------------------------- /test/integration/custom-package/inputs/openj9-large-heap-11.yml: -------------------------------------------------------------------------------- 1 | --- 2 | variant: openj9-large-heap 3 | java_version: 11.0.6 4 | java_home_dir: jdk-11.0.6+10 5 | -------------------------------------------------------------------------------- /Berksfile: -------------------------------------------------------------------------------- 1 | source 'https://supermarket.chef.io' 2 | 3 | metadata 4 | 5 | group :integration do 6 | cookbook 'test', path: 'test/fixtures/cookbooks/test' 7 | end 8 | -------------------------------------------------------------------------------- /test/fixtures/cookbooks/test/recipes/openjdk_pkg.rb: -------------------------------------------------------------------------------- 1 | openjdk_install node['version'] do 2 | install_type 'package' 3 | end 4 | 5 | include_recipe 'test::java_cert' 6 | -------------------------------------------------------------------------------- /test/fixtures/cookbooks/test/files/UnlimitedSupportJCETest.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sous-chefs/java/HEAD/test/fixtures/cookbooks/test/files/UnlimitedSupportJCETest.jar -------------------------------------------------------------------------------- /resources/partial/_openjdk.rb: -------------------------------------------------------------------------------- 1 | property :variant, String, 2 | equal_to: %w(openjdk temurin), 3 | default: 'openjdk', 4 | description: 'Install flavour' 5 | -------------------------------------------------------------------------------- /templates/jinfo.erb: -------------------------------------------------------------------------------- 1 | name=<%= @name %> 2 | priority=<%= @priority %> 3 | section=main 4 | 5 | <% @bin_cmds.each do |cmd| -%>jdk <%= cmd %> <%= @app_dir %>/bin/<%= cmd %> 6 | <% end -%> 7 | -------------------------------------------------------------------------------- /test/integration/temurin/inspec.yml: -------------------------------------------------------------------------------- 1 | name: temurin 2 | title: Temurin Java Installation 3 | maintainer: Sous Chefs 4 | copyright: Sous Chefs 5 | license: Apache-2.0 6 | version: 1.0.0 7 | -------------------------------------------------------------------------------- /TESTING.md: -------------------------------------------------------------------------------- 1 | # Testing 2 | 3 | Please refer to [the community cookbook documentation on testing](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/main/TESTING.MD). 4 | -------------------------------------------------------------------------------- /lefthook.yml: -------------------------------------------------------------------------------- 1 | pre-commit: 2 | commands: 3 | rubocop: 4 | glob: "*.rb" 5 | run: chef exec rubocop {staged_files} 6 | skip: 7 | - merge 8 | - rebase 9 | -------------------------------------------------------------------------------- /test/integration/openjdk/inspec.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: openjdk 3 | title: OpenJDK tests 4 | license: Public domain 5 | copyright: None 6 | summary: Verify installation of OpenJDK 7 | version: 0.0.1 8 | -------------------------------------------------------------------------------- /test/fixtures/cookbooks/test/recipes/base.rb: -------------------------------------------------------------------------------- 1 | apt_update if platform_family?('debian') 2 | 3 | cookbook_file '/tmp/UnlimitedSupportJCETest.jar' do 4 | source 'UnlimitedSupportJCETest.jar' 5 | end 6 | -------------------------------------------------------------------------------- /.vscode/extensions.json: -------------------------------------------------------------------------------- 1 | { 2 | "recommendations": [ 3 | "chef-software.chef", 4 | "Shopify.ruby-lsp", 5 | "editorconfig.editorconfig", 6 | "DavidAnson.vscode-markdownlint" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /test/integration/corretto/inspec.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: corretto 3 | title: Corretto tests 4 | license: Public domain 5 | copyright: None 6 | summary: Verify installation of Amazon Corretto 7 | version: 0.0.1 8 | -------------------------------------------------------------------------------- /test/integration/openjdk_pkg/inspec.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: openjdk_pkg 3 | title: OpenJDK tests 4 | license: Public domain 5 | copyright: None 6 | summary: Verify installation of OpenJDK 7 | version: 0.0.1 8 | -------------------------------------------------------------------------------- /.markdownlint-cli2.yaml: -------------------------------------------------------------------------------- 1 | config: 2 | ul-indent: false # MD007 3 | line-length: false # MD013 4 | no-duplicate-heading: false # MD024 5 | reference-links-images: false # MD052 6 | ignores: 7 | - .github/copilot-instructions.md 8 | -------------------------------------------------------------------------------- /test/fixtures/cookbooks/test/recipes/temurin_pkg.rb: -------------------------------------------------------------------------------- 1 | # This recipe tests the temurin_package_install resource 2 | # It should install temurin java packages based on the version specified 3 | 4 | temurin_package_install node['version'] 5 | -------------------------------------------------------------------------------- /test/integration/custom-package/inspec.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: custom-package 3 | title: Custom package from URL testing 4 | license: Public domain 5 | copyright: None 6 | summary: Verify installation from a custom URL 7 | version: 0.0.1 8 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Please refer to 4 | [https://github.com/chef-cookbooks/community_cookbook_documentation/blob/main/CONTRIBUTING.MD](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/main/CONTRIBUTING.MD) 5 | -------------------------------------------------------------------------------- /test/fixtures/cookbooks/test/metadata.rb: -------------------------------------------------------------------------------- 1 | name 'test' 2 | maintainer 'test cookbook' 3 | license 'Apache-2.0' 4 | description 'A test cookbook for the java cookbook' 5 | version '0.1.0' 6 | depends 'java' 7 | -------------------------------------------------------------------------------- /.github/lock.yml: -------------------------------------------------------------------------------- 1 | --- 2 | daysUntilLock: 365 3 | exemptLabels: [] 4 | lockLabel: false 5 | lockComment: > 6 | This thread has been automatically locked since there has not been 7 | any recent activity after it was closed. Please open a new issue for 8 | related bugs. 9 | -------------------------------------------------------------------------------- /test/fixtures/cookbooks/test/recipes/openjdk.rb: -------------------------------------------------------------------------------- 1 | # Test recipe for verifying installation paths 2 | # This focuses only on path verification, avoiding non-idempotent operations 3 | 4 | openjdk_install node['version'].to_s do 5 | variant node['variant'] if node['variant'] 6 | end 7 | -------------------------------------------------------------------------------- /resources/partial/_common.rb: -------------------------------------------------------------------------------- 1 | property :version, String, 2 | name_property: true, 3 | description: 'Java version to install' 4 | 5 | property :skip_alternatives, [true, false], 6 | default: false, 7 | description: 'Skip alternatives installation' 8 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | rules: 4 | line-length: 5 | max: 256 6 | level: warning 7 | document-start: disable 8 | braces: 9 | forbid: false 10 | min-spaces-inside: 0 11 | max-spaces-inside: 1 12 | min-spaces-inside-empty: -1 13 | max-spaces-inside-empty: -1 14 | comments: 15 | min-spaces-from-content: 1 16 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # https://EditorConfig.org 2 | 3 | # top-most EditorConfig file 4 | root=true 5 | 6 | # Unix-style newlines with a newline ending every file 7 | [*] 8 | end_of_line = lf 9 | insert_final_newline = true 10 | 11 | # 2 space indentation 12 | indent_style = space 13 | indent_size = 2 14 | 15 | # Avoid issues parsing cookbook files later 16 | charset = utf-8 17 | 18 | # Avoid cookstyle warnings 19 | trim_trailing_whitespace = true 20 | -------------------------------------------------------------------------------- /resources/partial/_java_home.rb: -------------------------------------------------------------------------------- 1 | property :java_home_mode, String, 2 | default: '0755', 3 | description: 'The permission for the Java home directory' 4 | 5 | property :java_home_owner, String, 6 | default: 'root', 7 | description: 'Owner of the Java Home' 8 | 9 | property :java_home_group, String, 10 | default: lazy { node['root_group'] }, 11 | description: 'Group for the Java Home' 12 | -------------------------------------------------------------------------------- /resources/partial/_linux.rb: -------------------------------------------------------------------------------- 1 | property :alternatives_priority, Integer, 2 | default: 1, 3 | description: 'Alternatives priority to set for this Java' 4 | 5 | property :reset_alternatives, [true, false], 6 | default: true, 7 | description: 'Whether to reset alternatives before setting' 8 | 9 | property :default, [true, false], 10 | default: true, 11 | description: ' Whether to set this as the default Java' 12 | -------------------------------------------------------------------------------- /resources/partial/_macos.rb: -------------------------------------------------------------------------------- 1 | property :tap_url, 2 | String, 3 | description: 'The URL of the tap' 4 | 5 | property :cask_options, 6 | String, 7 | description: 'Options to pass to the brew command during installation' 8 | 9 | property :homebrew_path, 10 | String, 11 | description: 'The path to the homebrew binary' 12 | 13 | property :owner, 14 | [String, Integer], 15 | description: 'The owner of the Homebrew installation' 16 | -------------------------------------------------------------------------------- /kitchen.windows.yml: -------------------------------------------------------------------------------- 1 | # --- 2 | # driver: 3 | # name: exec 4 | # host: localhost 5 | 6 | # provisioner: 7 | # require_chef_omnibus: false 8 | # # chef_client_path: "/opt/chef-workstation/bin/chef-client" 9 | # name: chef_zero 10 | # deprecations_as_errors: false 11 | # log_level: :info 12 | # install_strategy: skip 13 | 14 | # suites: 15 | # - name: adoptopenjdk-13-openj9 16 | # run_list: 17 | # - recipe[test::adoptopenjdk] 18 | 19 | # platforms: 20 | # - name: windows_2019 21 | -------------------------------------------------------------------------------- /bin/check_temurin_versions.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # # Fetch latest Temurin versions from endoflife.date API 4 | # curl --request GET \ 5 | # --url https://endoflife.date/api/eclipse-temurin.json \ 6 | # --header 'Accept: application/json' | jq '.' 7 | 8 | # Filter for LTS versions only 9 | echo "LTS Versions:" 10 | curl -s --request GET \ 11 | --url https://endoflife.date/api/eclipse-temurin.json \ 12 | --header 'Accept: application/json' | \ 13 | jq -r '.[] | select(.lts == true) | "Java \(.cycle) (LTS) - Latest: \(.latest), EOL: \(.eol)"' 14 | -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": ["config:base"], 4 | "packageRules": [ 5 | { 6 | "groupName": "Actions", 7 | "matchUpdateTypes": ["minor", "patch", "pin"], 8 | "automerge": true, 9 | "addLabels": ["Release: Patch", "Skip: Announcements"] 10 | }, 11 | { 12 | "groupName": "Actions", 13 | "matchUpdateTypes": ["major"], 14 | "automerge": false, 15 | "addLabels": ["Release: Patch", "Skip: Announcements"] 16 | } 17 | ] 18 | } 19 | -------------------------------------------------------------------------------- /test/integration/corretto/controls/verify_openjdk.rb: -------------------------------------------------------------------------------- 1 | java_version = input('java_version', description: 'Which version of java should be installed') 2 | 3 | control 'Java is installed & linked correctly' do 4 | impact 1.0 5 | title 'Installed' 6 | desc 'Java is installed & linked correctly' 7 | describe command('java -version 2>&1') do 8 | its('stdout') { should match java_version.to_s } 9 | end 10 | 11 | describe command('update-alternatives --display jar') do 12 | its('stdout') { should match %r{\/usr\/lib\/jvm\/java} } 13 | end 14 | end 15 | -------------------------------------------------------------------------------- /test/integration/openjdk_pkg/controls/verify_openjdk.rb: -------------------------------------------------------------------------------- 1 | java_version = input('java_version', description: 'Which version of java should be installed') 2 | 3 | control 'Java is installed & linked correctly' do 4 | impact 1.0 5 | title 'Installed' 6 | desc 'Java is installed & linked correctly' 7 | describe command('java -version 2>&1') do 8 | its('stdout') { should match java_version.to_s } 9 | end 10 | 11 | describe command('update-alternatives --display java') do 12 | its('stdout') { should match %r{/usr/lib/jvm/java} } 13 | end 14 | end 15 | -------------------------------------------------------------------------------- /libraries/certificate_helpers.rb: -------------------------------------------------------------------------------- 1 | module Java 2 | module Cookbook 3 | module CertificateHelpers 4 | def default_truststore_path(version, java_home) 5 | if version.to_i > 8 6 | "#{java_home}/lib/security/cacerts" 7 | else 8 | Chef::Log.fatal('Java 8 is no longer supported') 9 | raise 'Java 8 is no longer supported' 10 | end 11 | end 12 | 13 | def keystore_argument(cacerts, truststore_path) 14 | cacerts ? '-cacerts' : "-keystore #{truststore_path}" 15 | end 16 | end 17 | end 18 | end 19 | -------------------------------------------------------------------------------- /.overcommit.yml: -------------------------------------------------------------------------------- 1 | --- 2 | PreCommit: 3 | TrailingWhitespace: 4 | enabled: true 5 | YamlLint: 6 | enabled: true 7 | required_executable: "yamllint" 8 | ChefSpec: 9 | enabled: true 10 | required_executable: "chef" 11 | command: ["chef", "exec", "rspec"] 12 | Cookstyle: 13 | enabled: true 14 | required_executable: "cookstyle" 15 | command: ["cookstyle"] 16 | MarkdownLint: 17 | enabled: false 18 | required_executable: "npx" 19 | command: ["npx", "markdownlint-cli2", "'**/*.md'"] 20 | include: ["**/*.md"] 21 | 22 | CommitMsg: 23 | HardTabs: 24 | enabled: true 25 | -------------------------------------------------------------------------------- /kitchen.macos.local.yml: -------------------------------------------------------------------------------- 1 | --- 2 | provisioner: 3 | name: chef_zero 4 | install_strategy: skip 5 | channel: current 6 | 7 | platforms: 8 | - name: macos 9 | driver: 10 | box: damacus/macos-10.15.4 11 | provider: parallels 12 | linked_clone: true 13 | gui: false 14 | 15 | suites: 16 | - name: default 17 | run_list: 18 | - recipe[homebrew] 19 | - recipe[test::openjdk] 20 | attributes: 21 | version: 14 22 | variant: openj9 23 | verifier: 24 | inspec_tests: [test/integration/openjdk] 25 | input_files: [test/integration/openjdk/inputs/openjdk-14-macos.yml] 26 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.rbc 2 | .config 3 | InstalledFiles 4 | pkg 5 | test/tmp 6 | test/version_tmp 7 | tmp 8 | _Store 9 | *~ 10 | *# 11 | .#* 12 | \#*# 13 | *.un~ 14 | *.tmp 15 | *.bk 16 | *.bkup 17 | 18 | # editor files 19 | .idea 20 | .*.sw[a-z] 21 | 22 | # ruby/bundler/rspec files 23 | .ruby-version 24 | .ruby-gemset 25 | .rvmrc 26 | Gemfile.lock 27 | .bundle 28 | *.gem 29 | coverage 30 | spec/reports 31 | 32 | # YARD / rdoc artifacts 33 | .yardoc 34 | _yardoc 35 | doc/ 36 | rdoc 37 | 38 | # chef infra stuff 39 | Berksfile.lock 40 | .kitchen 41 | kitchen.local.yml 42 | vendor/ 43 | .coverage/ 44 | .zero-knife.rb 45 | Policyfile.lock.json 46 | 47 | # vagrant stuff 48 | .vagrant/ 49 | .vagrant.d/ 50 | -------------------------------------------------------------------------------- /spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | require 'chefspec' 2 | require 'chefspec/berkshelf' 3 | 4 | require_relative '../libraries/certificate_helpers' 5 | require_relative '../libraries/corretto_helpers' 6 | require_relative '../libraries/openjdk_helpers' 7 | 8 | RSpec.configure do |config| 9 | config.file_cache_path = File.join(Dir.tmpdir, 'chefspec') if config.respond_to?(:file_cache_path) 10 | config.color = true 11 | config.tty = true 12 | config.formatter = :documentation 13 | config.filter_run focus: true 14 | config.run_all_when_everything_filtered = true 15 | config.platform = 'ubuntu' 16 | config.version = '18.04' 17 | config.expect_with :rspec do |c| 18 | c.syntax = :expect 19 | end 20 | end 21 | -------------------------------------------------------------------------------- /metadata.rb: -------------------------------------------------------------------------------- 1 | name 'java' 2 | maintainer 'Sous Chefs' 3 | maintainer_email 'help@sous-chefs.org' 4 | license 'Apache-2.0' 5 | description 'Recipes and resources for installing Java and managing certificates' 6 | source_url 'https://github.com/sous-chefs/java' 7 | issues_url 'https://github.com/sous-chefs/java/issues' 8 | chef_version '>= 16.0' 9 | version '14.0.1' 10 | 11 | supports 'debian' 12 | supports 'ubuntu' 13 | supports 'centos' 14 | supports 'redhat' 15 | supports 'scientific' 16 | supports 'fedora' 17 | supports 'amazon' 18 | supports 'oracle' 19 | supports 'freebsd' 20 | supports 'suse' 21 | supports 'opensuseleap' 22 | 23 | depends 'line' 24 | -------------------------------------------------------------------------------- /kitchen.macos.yml: -------------------------------------------------------------------------------- 1 | --- 2 | driver: 3 | name: exec 4 | host: localhost 5 | 6 | provisioner: 7 | require_chef_omnibus: false 8 | name: chef_zero 9 | install_strategy: skip 10 | chef_client_path: "/opt/chef-workstation/bin/chef-client" 11 | deprecations_as_errors: false 12 | sudo: true 13 | 14 | platforms: 15 | - name: macos 16 | driver: 17 | box: damacus/macos-10.15.4 18 | provider: parallels 19 | linked_clone: true 20 | gui: false 21 | 22 | suites: 23 | - name: default 24 | run_list: 25 | - recipe[test::openjdk] 26 | attributes: 27 | version: 17 28 | verifier: 29 | inspec_tests: [test/integration/openjdk] 30 | inputs: { java_version: "17" } 31 | -------------------------------------------------------------------------------- /test/fixtures/cookbooks/test/recipes/java_cert.rb: -------------------------------------------------------------------------------- 1 | version = node['version'].to_s 2 | 3 | cookbook_file '/tmp/java_certificate_test.pem' do 4 | source 'java_certificate_test.pem' 5 | end 6 | 7 | java_certificate 'java_certificate_test' do 8 | cert_file '/tmp/java_certificate_test.pem' 9 | java_version version 10 | end 11 | 12 | java_certificate 'java_certificate_ssl_endpoint' do 13 | ssl_endpoint 'google.com:443' 14 | java_version version 15 | end 16 | 17 | java_certificate 'java_certificate_ssl_endpoint' do 18 | java_version version 19 | action :remove 20 | end 21 | 22 | java_certificate 'java_certificate_ssl_endpoint_starttls_smtp' do 23 | ssl_endpoint 'smtp.gmail.com:587' 24 | starttls 'smtp' 25 | java_version version 26 | end 27 | 28 | java_certificate 'java_certificate_ssl_endpoint_starttls_smtp' do 29 | java_version version 30 | action :remove 31 | end 32 | -------------------------------------------------------------------------------- /kitchen.global.yml: -------------------------------------------------------------------------------- 1 | --- 2 | provisioner: 3 | name: chef_infra 4 | product_name: chef 5 | product_version: <%= ENV['CHEF_VERSION'] || 'latest' %> 6 | channel: stable 7 | install_strategy: once 8 | chef_license: accept 9 | enforce_idempotency: <%= ENV['ENFORCE_IDEMPOTENCY'] || true %> 10 | multiple_converge: <%= ENV['MULTIPLE_CONVERGE'] || 2 %> 11 | deprecations_as_errors: true 12 | log_level: <%= ENV['CHEF_LOG_LEVEL'] || 'auto' %> 13 | 14 | verifier: 15 | name: inspec 16 | 17 | platforms: 18 | - name: almalinux-8 19 | - name: almalinux-9 20 | - name: amazonlinux-2023 21 | - name: centos-stream-9 22 | - name: debian-11 23 | - name: debian-12 24 | - name: fedora-latest 25 | - name: opensuse-leap-15 26 | - name: oraclelinux-8 27 | - name: oraclelinux-9 28 | - name: rockylinux-8 29 | - name: rockylinux-9 30 | - name: ubuntu-20.04 31 | - name: ubuntu-22.04 32 | - name: ubuntu-24.04 33 | -------------------------------------------------------------------------------- /test/fixtures/cookbooks/test/files/java_certificate_test.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICjzCCAfigAwIBAgIJAOXrhcX4ZaGtMA0GCSqGSIb3DQEBBQUAMDoxCzAJBgNV 3 | BAYTAlVTMQ0wCwYDVQQIEwRUZXN0MQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQDEwR0 4 | ZXN0MB4XDTE2MTAxMzAxMTkzOVoXDTM2MTAwODAxMTkzOVowOjELMAkGA1UEBhMC 5 | VVMxDTALBgNVBAgTBFRlc3QxDTALBgNVBAoTBFRlc3QxDTALBgNVBAMTBHRlc3Qw 6 | gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALu8/ylmItn9wUOB4qvlONEiFQpJ 7 | DCK5bt/OkjT02Knm+aAEZS1EDTVEiZWkumM884fd2+WgaMREk02Gy6u5CraOTtEz 8 | VjLeHdr7V9CBZpR6l5gmUY5Ujk1coHZImiqRs3STLVlWHJGjzLXMkRx10CIU8SHC 9 | zgTr57kNG/FT+e25AgMBAAGjgZwwgZkwHQYDVR0OBBYEFP3Ox0pHbZ0u6z746Hp0 10 | Yk1EBTacMGoGA1UdIwRjMGGAFP3Ox0pHbZ0u6z746Hp0Yk1EBTacoT6kPDA6MQsw 11 | CQYDVQQGEwJVUzENMAsGA1UECBMEVGVzdDENMAsGA1UEChMEVGVzdDENMAsGA1UE 12 | AxMEdGVzdIIJAOXrhcX4ZaGtMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD 13 | gYEAG4idDXusAZ9OrzqdWdFQ+rhQYRovZnfSgPSdF7hugWL5i/qGGlsFjZld2Kyj 14 | X0msGzk61iW7C6kv6OfPGaGNzdNtsH8jUvIYP1IrKpf1NKTKetIWiP08ZI1XNF4H 15 | bXmOxdtxzlHW4qukka+HkK0RBrwX35C8HYqePmInI51JnqY= 16 | -----END CERTIFICATE----- 17 | -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Mark stale issues and pull requests 3 | 4 | "on": 5 | schedule: [cron: "0 0 * * *"] 6 | 7 | jobs: 8 | stale: 9 | runs-on: ubuntu-latest 10 | steps: 11 | - uses: actions/stale@v10 12 | with: 13 | repo-token: ${{ secrets.GITHUB_TOKEN }} 14 | close-issue-message: > 15 | Closing due to inactivity. 16 | If this is still an issue please reopen or open another issue. 17 | Alternatively drop by the #sous-chefs channel on the [Chef Community Slack](http://community-slack.chef.io/) and we'll be happy to help! 18 | Thanks, Sous-Chefs. 19 | days-before-close: 7 20 | days-before-stale: 365 21 | stale-issue-message: > 22 | Marking stale due to inactivity. 23 | Remove stale label or comment or this will be closed in 7 days. 24 | Alternatively drop by the #sous-chefs channel on the [Chef Community Slack](http://community-slack.chef.io/) and we'll be happy to help! 25 | Thanks, Sous-Chefs. 26 | -------------------------------------------------------------------------------- /spec/libraries/certificate_helpers_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | RSpec.describe Java::Cookbook::CertificateHelpers do 4 | class DummyClass < Chef::Node 5 | include Java::Cookbook::CertificateHelpers 6 | end 7 | 8 | subject { DummyClass.new } 9 | 10 | describe '#default_truststore_path' do 11 | context 'Java 9' do 12 | let(:version) { '9' } 13 | let(:java_home) { '/usr/lib/jvm/corretto-9' } 14 | 15 | it 'returns the correct path' do 16 | expect(subject.default_truststore_path(version, java_home)).to eq('/usr/lib/jvm/corretto-9/lib/security/cacerts') 17 | end 18 | end 19 | end 20 | 21 | describe '#keystore_argument' do 22 | context 'cacerts set ' do 23 | let(:cacerts) { true } 24 | let(:truststore_path) { '/usr/lib/jvm/corretto-9/jre/lib/security/cacerts' } 25 | 26 | it 'returns the correct argument' do 27 | expect(subject.keystore_argument(cacerts, truststore_path)).to eq('-cacerts') 28 | end 29 | end 30 | 31 | context 'no cacerts' do 32 | let(:cacerts) { false } 33 | let(:truststore_path) { '/mycertstore.jks' } 34 | 35 | it 'returns the correct argument' do 36 | expect(subject.keystore_argument(cacerts, truststore_path)).to eq('-keystore /mycertstore.jks') 37 | end 38 | end 39 | end 40 | end 41 | -------------------------------------------------------------------------------- /test/fixtures/cookbooks/test/files/UnlimitedSupportJCETest.java: -------------------------------------------------------------------------------- 1 | # Copyright [2014] [Kyle McGovern] 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | import java.security.NoSuchAlgorithmException; 16 | import javax.crypto.Cipher; 17 | 18 | public class UnlimitedSupportJCETest 19 | { 20 | public static void main(final String[] args) 21 | { 22 | int strength = 0; 23 | try { 24 | strength = Cipher.getMaxAllowedKeyLength("AES"); 25 | } catch (NoSuchAlgorithmException e) { 26 | System.out.println("isUnlimitedSupported=FALSE"); 27 | return; 28 | } 29 | if ( strength > 128 ){ 30 | System.out.printf("isUnlimitedSupported=TRUE, strength: %d%n", strength); 31 | } else { 32 | System.out.printf("isUnlimitedSupported=FALSE, strength: %d%n", strength); 33 | } 34 | } 35 | } -------------------------------------------------------------------------------- /test/integration/openjdk/controls/verify_openjdk.rb: -------------------------------------------------------------------------------- 1 | java_version = input('java_version', description: 'Which version of java should be installed') 2 | 3 | control 'Java is installed & linked correctly' do 4 | impact 1.0 5 | title 'Installed' 6 | desc 'Java is installed & linked correctly' 7 | describe command('java -version 2>&1') do 8 | its('stdout') { should match java_version.to_s } 9 | end 10 | end 11 | 12 | control 'Java path is correct' do 13 | impact 1.0 14 | title 'Path Verification' 15 | desc 'Verifies that keytool and other binaries are accessible in the correct paths using update-alternatives' 16 | 17 | # Get architecture suffix 18 | arch_suffix = command('uname -m').stdout.strip == 'x86_64' ? 'amd64' : 'arm64' 19 | 20 | describe command('update-alternatives --display jar') do 21 | its('stdout') { should match %r{/usr/lib/jvm/java} } 22 | end 23 | 24 | describe command('update-alternatives --display java') do 25 | its('stdout') { should match %r{/usr/lib/jvm/java-#{java_version}-openjdk-#{arch_suffix}/bin/java} } 26 | end 27 | 28 | describe command('update-alternatives --display keytool') do 29 | its('stdout') { should match %r{link best version is /usr/lib/jvm/java-#{java_version}-openjdk-#{arch_suffix}/bin/keytool} } 30 | its('stdout') { should match %r{link keytool is /usr/bin/keytool} } 31 | its('stdout') { should match /priority 1/ } 32 | end 33 | end 34 | -------------------------------------------------------------------------------- /test/integration/custom-package/controls/verify_home.rb: -------------------------------------------------------------------------------- 1 | variant = input('variant', description: 'Variant being used: openj9, openj9-large-heap, or hotspot') 2 | java_version = input('java_version', description: 'Which version of java should be installed') 3 | parent_install_dir = input('parent_install_dir', 4 | value: "java-#{java_version.to_i > 8 ? java_version.to_i : java_version.split('.')[1]}-adoptopenjdk-#{variant}", 5 | description: 'The parent of the Java home') 6 | java_home_dir = input('java_home_dir', description: 'Name of the JAVA_HOME directory') 7 | 8 | control 'check-java-version' do 9 | impact 1.0 10 | title 'Verify java version' 11 | desc 'Verify the correct version of java is installed' 12 | 13 | describe command('java -version 2>&1') do 14 | its('stdout') { should match /AdoptOpenJDK/ } unless java_version.to_i == 1 15 | its('stdout') { should match Regexp.new(java_version.to_s) } 16 | end 17 | end 18 | 19 | control 'check-java-home' do 20 | impact 1.0 21 | title 'Check JAVA_HOME is set' 22 | desc 'Check that custom URL install sets JAVA_HOME properly' 23 | 24 | describe directory("/usr/lib/jvm/#{parent_install_dir}/#{java_home_dir}") do 25 | it { should exist } 26 | end 27 | 28 | describe file('/etc/profile.d/java.sh') do 29 | its('content') { should eq "export JAVA_HOME=/usr/lib/jvm/#{parent_install_dir}/#{java_home_dir}\n" } 30 | end 31 | end 32 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Test" 3 | 4 | "on": 5 | pull_request: 6 | push: 7 | branches: [main] 8 | 9 | jobs: 10 | lint-unit: 11 | uses: sous-chefs/.github/.github/workflows/lint-unit.yml@5.0.3 12 | permissions: 13 | actions: write 14 | checks: write 15 | pull-requests: write 16 | statuses: write 17 | issues: write 18 | 19 | integration: 20 | needs: "lint-unit" 21 | runs-on: ubuntu-latest 22 | strategy: 23 | matrix: 24 | os: 25 | - amazonlinux-2023 26 | - debian-12 27 | - debian-11 28 | - rockylinux-9 29 | - rockylinux-8 30 | - ubuntu-2204 31 | - ubuntu-2004 32 | suite: 33 | - corretto-11 34 | - corretto-17 35 | - corretto-18 36 | - temurin-8 37 | - temurin-11 38 | - temurin-17 39 | - temurin-21 40 | fail-fast: false 41 | steps: 42 | - name: Check out code 43 | uses: actions/checkout@v5 44 | - name: Install Chef 45 | uses: actionshub/chef-install@3.0.1 46 | - name: Dokken 47 | uses: actionshub/test-kitchen@3.0.0 48 | env: 49 | CHEF_LICENSE: accept-no-persist 50 | KITCHEN_LOCAL_YAML: kitchen.dokken.yml 51 | with: 52 | suite: ${{ matrix.suite }} 53 | os: ${{ matrix.os }} 54 | 55 | final: 56 | runs-on: ubuntu-latest 57 | needs: [integration] 58 | steps: 59 | - run: echo ${{needs.integration.outputs}} 60 | -------------------------------------------------------------------------------- /documentation/resources/alternatives.md: -------------------------------------------------------------------------------- 1 | 2 | # java_alternatives 3 | 4 | [back to resource list](https://github.com/sous-chefs/java#resources) 5 | 6 | The `java_alternatives` resource uses `update-alternatives` command to set and unset command alternatives for various Java tools such as java, javac, etc. 7 | 8 | ## Actions 9 | 10 | - `:set`: set alternatives for Java tools 11 | - `:unset`: unset alternatives for Java tools 12 | 13 | ## Properties 14 | 15 | | Name | Type | Default | Description | 16 | | -------------------- | ------------- | ------- | ---------------------------------------------------------------------------- | 17 | | `java_location` | `String` | | Java installation location | 18 | | `bin_cmds` | `String` | | Array of Java tool names to set or unset alternatives on | 19 | | `default` | `true, false` | `true` | Whether to set the Java tools as system default. Boolean, defaults to `true` | 20 | | `priority` | `Integer` | `1061` | Priority of the alternatives. Integer, defaults to `1061` | 21 | | `reset_alternatives` | `true, false` | `true` | Whether to reset alternatives before setting them | 22 | 23 | - `java_location`: Java installation location. 24 | - `bin_cmds`: . 25 | - `default`: . 26 | - `priority`: . 27 | 28 | ## Examples 29 | 30 | ```ruby 31 | java_alternatives "set java alternatives" do 32 | java_location '/usr/local/java' 33 | bin_cmds ["java", "javac"] 34 | end 35 | ``` 36 | -------------------------------------------------------------------------------- /Dangerfile: -------------------------------------------------------------------------------- 1 | # Reference: http://danger.systems/reference.html 2 | 3 | # A pull request summary is required. Add a description of the pull request purpose. 4 | # Changelog must be updated for each pull request that changes code. 5 | # Warnings will be issued for: 6 | # Pull request with more than 400 lines of code changed 7 | # Pull reqest that change more than 5 lines without test changes 8 | # Failures will be issued for: 9 | # Pull request without summary 10 | # Pull requests with code changes without changelog entry 11 | 12 | def code_changes? 13 | code = %w(libraries attributes recipes resources files templates) 14 | code.each do |location| 15 | return true unless git.modified_files.grep(/#{location}/).empty? 16 | end 17 | false 18 | end 19 | 20 | def test_changes? 21 | tests = %w(spec test kitchen.yml kitchen.dokken.yml) 22 | tests.each do |location| 23 | return true unless git.modified_files.grep(/#{location}/).empty? 24 | end 25 | false 26 | end 27 | 28 | failure 'Please provide a summary of your Pull Request.' if github.pr_body.length < 10 29 | 30 | warn 'This is a big Pull Request.' if git.lines_of_code > 400 31 | 32 | warn 'This is a Table Flip.' if git.lines_of_code > 2000 33 | 34 | # Require a CHANGELOG entry for non-test changes. 35 | if !git.modified_files.include?('CHANGELOG.md') && code_changes? 36 | failure 'Please include a CHANGELOG entry.' 37 | end 38 | 39 | # Require Major Minor Patch version labels 40 | unless github.pr_labels.grep /minor|major|patch/i 41 | warn 'Please add a release label to this pull request' 42 | end 43 | 44 | # A sanity check for tests. 45 | if git.lines_of_code > 5 && code_changes? && !test_changes? 46 | warn 'This Pull Request is probably missing tests.' 47 | end 48 | -------------------------------------------------------------------------------- /libraries/corretto_helpers.rb: -------------------------------------------------------------------------------- 1 | module Java 2 | module Cookbook 3 | module CorrettoHelpers 4 | def corretto_arch 5 | node['kernel']['machine'].match?('aarch64') ? 'aarch64' : 'x64' 6 | end 7 | 8 | def default_corretto_bin_cmds(version) 9 | case version.to_s 10 | when '11' 11 | %w(jaotc jar jarsigner java javac javadoc javap jcmd jconsole jdb jdeprscan jdeps jfr jhsdb jimage jinfo jjs jlink jmap jmod jps jrunscript jshell jstack jstat jstatd keytool pack200 rmic rmid rmiregistry serialver unpack200) 12 | when '15', '17', '18' 13 | %w(jaotc jar jarsigner java javac javadoc javap jcmd jconsole jdb jdeprscan jdeps jfr jhsdb jimage jinfo jlink jmap jmod jpackage jps jrunscript jshell jstack jstat jstatd keytool rmid rmiregistry serialver) 14 | else 15 | raise 'Corretto version not recognised' 16 | end 17 | end 18 | 19 | def default_corretto_minor(version) 20 | case version 21 | when '11' 22 | '11.0.15.9.1' 23 | when '17' 24 | '17.0.3.6.1' 25 | when '18' 26 | '18.0.1.10.1' 27 | else 28 | raise 'Corretto version not recognised' 29 | end 30 | end 31 | 32 | def corretto_sub_dir(version, full_version = nil) 33 | ver = full_version.nil? ? default_corretto_minor(version) : full_version 34 | "amazon-corretto-#{ver}-linux-#{corretto_arch}" 35 | end 36 | 37 | def default_corretto_url(version) 38 | ver = version.include?('.') ? version : default_corretto_minor(version) 39 | 40 | "https://corretto.aws/downloads/resources/#{ver}/amazon-corretto-#{ver}-linux-#{corretto_arch}.tar.gz" 41 | end 42 | end 43 | end 44 | end 45 | -------------------------------------------------------------------------------- /libraries/temurin_helpers.rb: -------------------------------------------------------------------------------- 1 | module Java 2 | module Cookbook 3 | module TemurinHelpers 4 | # Fetch available Temurin releases from Adoptium API 5 | def available_temurin_releases 6 | require 'net/http' 7 | require 'json' 8 | require 'uri' 9 | 10 | uri = URI('https://api.adoptium.net/v3/info/available_releases') 11 | response = Net::HTTP.get_response(uri) 12 | 13 | if response.is_a?(Net::HTTPSuccess) 14 | releases = JSON.parse(response.body) 15 | Chef::Log.info("Available Temurin releases: #{releases}") 16 | releases 17 | else 18 | Chef::Log.warn("Failed to fetch Temurin releases: #{response.code} #{response.message}") 19 | {} 20 | end 21 | rescue => e 22 | Chef::Log.warn("Error fetching Temurin releases: #{e.message}") 23 | {} 24 | end 25 | 26 | # Get available LTS versions 27 | def temurin_lts_versions 28 | releases = available_temurin_releases 29 | return [] unless releases.is_a?(Hash) && releases.key?('available_lts_releases') 30 | 31 | releases['available_lts_releases'] 32 | end 33 | 34 | # Get latest LTS version 35 | def temurin_latest_lts 36 | lts = temurin_lts_versions 37 | lts.empty? ? '17' : lts.max.to_s 38 | end 39 | 40 | # Helper to determine if a version is available as LTS 41 | def temurin_version_available?(version) 42 | version = version.to_s 43 | lts = temurin_lts_versions 44 | 45 | return true if lts.include?(version.to_i) 46 | false 47 | end 48 | end 49 | end 50 | end 51 | 52 | # Ensure the helper is included in the recipe DSL 53 | Chef::DSL::Recipe.include Java::Cookbook::TemurinHelpers 54 | Chef::Resource.include Java::Cookbook::TemurinHelpers 55 | -------------------------------------------------------------------------------- /chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # to a Chef Infra Server or Supermarket. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | ehthumbs.db 9 | Icon? 10 | nohup.out 11 | Thumbs.db 12 | .envrc 13 | 14 | # EDITORS # 15 | ########### 16 | .#* 17 | .project 18 | .settings 19 | *_flymake 20 | *_flymake.* 21 | *.bak 22 | *.sw[a-z] 23 | *.tmproj 24 | *~ 25 | \#* 26 | REVISION 27 | TAGS* 28 | tmtags 29 | .vscode 30 | .editorconfig 31 | 32 | ## COMPILED ## 33 | ############## 34 | *.class 35 | *.com 36 | *.dll 37 | *.exe 38 | *.o 39 | *.pyc 40 | *.so 41 | */rdoc/ 42 | a.out 43 | mkmf.log 44 | 45 | # Testing # 46 | ########### 47 | .circleci/* 48 | .codeclimate.yml 49 | .delivery/* 50 | .foodcritic 51 | .kitchen* 52 | .mdlrc 53 | .overcommit.yml 54 | .rspec 55 | .rubocop.yml 56 | .travis.yml 57 | .watchr 58 | .yamllint 59 | azure-pipelines.yml 60 | Dangerfile 61 | examples/* 62 | features/* 63 | Guardfile 64 | kitchen*.yml 65 | mlc_config.json 66 | Procfile 67 | Rakefile 68 | spec/* 69 | test/* 70 | 71 | # SCM # 72 | ####### 73 | .git 74 | .gitattributes 75 | .gitconfig 76 | .github/* 77 | .gitignore 78 | .gitkeep 79 | .gitmodules 80 | .svn 81 | */.bzr/* 82 | */.git 83 | */.hg/* 84 | */.svn/* 85 | 86 | # Berkshelf # 87 | ############# 88 | Berksfile 89 | Berksfile.lock 90 | cookbooks/* 91 | tmp 92 | 93 | # Bundler # 94 | ########### 95 | vendor/* 96 | Gemfile 97 | Gemfile.lock 98 | 99 | # Policyfile # 100 | ############## 101 | Policyfile.rb 102 | Policyfile.lock.json 103 | 104 | # Documentation # 105 | ############# 106 | CODE_OF_CONDUCT* 107 | CONTRIBUTING* 108 | documentation/* 109 | TESTING* 110 | UPGRADING* 111 | 112 | # Vagrant # 113 | ########### 114 | .vagrant 115 | Vagrantfile 116 | -------------------------------------------------------------------------------- /documentation/resources/certificate.md: -------------------------------------------------------------------------------- 1 | 2 | # java_certificate 3 | 4 | [back to resource list](https://github.com/sous-chefs/java#resources) 5 | 6 | Java certificate simplifies adding certificates to a java keystore. 7 | It can also populate the keystore with a certificate retrieved from a given SSL end-point. 8 | 9 | ## Actions 10 | 11 | - `:install`: installs a certificate. 12 | - `:remove`: removes a certificate. 13 | 14 | ## Properties 15 | 16 | | Name | Type | Default | Description | 17 | | ----------------- | ------ | --------------------------- | --------------------------------------------------------------------------------------- | 18 | | `java_home` | | `node['java']['java_home']` | The java home directory | 19 | | `java_version` | | `node['java']['jdk_version']` | The java version | 20 | | `keystore_path` | String | | Path to the keystore | 21 | | `keystore_passwd` | String | `changeit` | Password to the keystore | 22 | | `cert_alias` | String | | The alias of the certificate in the keystore. This defaults to the name of the resource | 23 | | `cert_data` | String | | The certificate data to install | 24 | | `cert_file` | String | | Path to a certificate file to install | 25 | | `ssl_endpoint` | String | | An SSL end-point from which to download the certificate | 26 | | `starttls` | String | | Control the TLS protocol handler when fetching a remote certificate from `ssl_endpoint` | 27 | 28 | ## Examples 29 | 30 | ```ruby 31 | java_certificate 'java_certificate_ssl_endpoint' do 32 | ssl_endpoint 'google.com:443' 33 | java_version '8' 34 | end 35 | ``` 36 | -------------------------------------------------------------------------------- /test/integration/temurin/controls/verify_temurin.rb: -------------------------------------------------------------------------------- 1 | java_version = input('java_version', description: 'Which version of java should be installed') 2 | 3 | control 'Temurin Java is installed & linked correctly' do 4 | impact 1.0 5 | title 'Installed' 6 | desc 'Temurin Java is installed & linked correctly' 7 | 8 | describe command('java -version 2>&1') do 9 | its('stdout') { should match(java_version.to_s) } 10 | its('stdout') { should match(/Temurin/) } 11 | end 12 | end 13 | 14 | control 'Temurin Java path is correct' do 15 | impact 1.0 16 | title 'Path Verification' 17 | desc 'Verifies that keytool and other binaries are accessible in the correct paths using update-alternatives' 18 | 19 | # Handle architecture-specific paths 20 | describe command('update-alternatives --display jar') do 21 | its('stdout') { should match %r{/usr/lib/jvm/temurin-#{java_version}-jdk(-[a-z0-9]+)?/bin/jar} } 22 | end 23 | 24 | describe command('update-alternatives --display java') do 25 | its('stdout') { should match %r{/usr/lib/jvm/temurin-#{java_version}-jdk(-[a-z0-9]+)?/bin/java} } 26 | end 27 | 28 | describe command('update-alternatives --display keytool') do 29 | # Check for architecture-specific paths with regex that allows for optional architecture suffix 30 | its('stdout') { should match %r{/usr/lib/jvm/temurin-#{java_version}-jdk(-[a-z0-9]+)?/bin/keytool} } 31 | its('stdout') { should match(/priority/) } 32 | end 33 | end 34 | 35 | control 'Adoptium repository is properly configured' do 36 | impact 1.0 37 | title 'Repository Configuration' 38 | desc 'Verifies that the Adoptium repository is properly configured' 39 | 40 | # Handle platform detection more robustly 41 | if os.family == 'debian' 42 | describe file('/etc/apt/sources.list.d/adoptium.list') do 43 | it { should exist } 44 | its('content') { should match(/packages.adoptium.net/) } 45 | end 46 | elsif os.family == 'redhat' || os.family == 'fedora' || os.name == 'amazon' 47 | describe file('/etc/yum.repos.d/adoptium.repo') do 48 | it { should exist } 49 | its('content') { should match(/packages.adoptium.net/) } 50 | end 51 | elsif os.family == 'suse' 52 | describe file('/etc/zypp/repos.d/adoptium.repo') do 53 | it { should exist } 54 | its('content') { should match(/packages.adoptium.net/) } 55 | end 56 | end 57 | end 58 | -------------------------------------------------------------------------------- /libraries/bin_cmd_helpers.rb: -------------------------------------------------------------------------------- 1 | module Java 2 | module Cookbook 3 | module BinCmdHelpers 4 | def default_bin_cmds(version) 5 | case version 6 | when '8' 7 | %w(appletviewer extcheck idlj jar jarsigner java javac javadoc javah javap jcmd jconsole jdb jdeps jhat jinfo jjs jmap jps jrunscript jsadebugd jstack jstat jstatd keytool native2ascii orbd pack200 policytool rmic rmid rmiregistry schemagen serialver servertool tnameserv unpack200 wsgen wsimport xjc) 8 | when '9' 9 | %w(appletviewer idlj jaotc jar jarsigner java javac javadoc javah javap jcmd jconsole jdb jdeprscan jdeps jhsdb jimage jinfo jjs jlink jmap jmod jps jrunscript jshell jstack jstat jstatd keytool orbd pack200 policytool rmic rmid rmiregistry schemagen serialver servertool tnameserv unpack200 wsgen wsimport xjc) 10 | when '10' 11 | %w(appletviewer idlj jaotc jar jarsigner java javac javadoc javap jcmd jconsole jdb jdeprscan jdeps jhsdb jimage jinfo jjs jlink jmap jmod jps jrunscript jshell jstack jstat jstatd keytool orbd pack200 rmic rmid rmiregistry schemagen serialver servertool tnameserv unpack200 wsgen wsimport xjc) 12 | when '11' 13 | %w(jaotc jar jarsigner java javac javadoc javap jcmd jconsole jdb jdeprscan jdeps jhsdb jimage jinfo jjs jlink jmap jmod jps jrunscript jshell jstack jstat jstatd keytool pack200 rmic rmid rmiregistry serialver unpack200) 14 | when '12', '13', '14', '15', '16' 15 | %w(jaotc jarsigner javac javap jconsole jdeprscan jfr jimage jjs jmap jps jshell jstat keytool rmic rmiregistry unpack200 jar java javadoc jcmd jdb jdeps jhsdb jinfo jlink jmod jrunscript jstack jstatd pack200 rmid serialver) 16 | when '17' 17 | %w(jarsigner javac javap jconsole jdeprscan jfr jimage jjs jmap jps jshell jstat keytool rmic rmiregistry unpack200 jar java javadoc jcmd jdb jdeps jhsdb jinfo jlink jmod jrunscript jstack jstatd pack200 rmid serialver) 18 | when '18', '19', '20', '21', '22', 'latest' 19 | %w(jarsigner javac javap jconsole jdeprscan jfr jimage jjs jmap jps jshell jstat keytool rmic rmiregistry unpack200 jar java javadoc jcmd jdb jdeps jhsdb jinfo jlink jmod jrunscript jstack jstatd pack200 rmid serialver jwebserver) 20 | else 21 | Chef::Log.fatal('Version specified does not have a default set of bin_cmds') 22 | end 23 | end 24 | end 25 | end 26 | end 27 | -------------------------------------------------------------------------------- /documentation/resources/jce.md: -------------------------------------------------------------------------------- 1 | 2 | # java_jce 3 | 4 | [back to resource list](https://github.com/sous-chefs/java#resources) 5 | 6 | `java_jce` installs the Java Cryptography Extension (JCE) policy files for a given Java installation. 7 | 8 | ## Actions 9 | 10 | - `:install`: Installs the JCE policy files. 11 | 12 | ## Properties 13 | 14 | | Name | Type | Default | Description | 15 | | -------------- | ------ | -------------------------------------------------------- | -------------------------------------------------------------------------- | 16 | | `jdk_version` | String | `node['java']['jdk_version']` | The Java version to install into | 17 | | `jce_url` | String | `node['java']['oracle']['jce'][jdk_version]['url']` | The URL for the JCE distribution | 18 | | `jce_checksum` | String | `node['java']['oracle']['jce'][jdk_version]['checksum']` | The checksum of the JCE distribution | 19 | | `jce_cookie` | String | `node['java']['oracle']['accept_oracle_download_terms']` | Indicates that you accept Oracle's EULA | 20 | | `jce_home` | String | `node['java']['oracle']['jce']['home']` | The location where JCE files will be decompressed for installation | 21 | | `java_home` | String | `node['java']['java_home']` | The location of the Java installation | 22 | | `principal` | String | `node['java']['windows']['owner']` | For Windows installations only, this determines the owner of the JCE files | 23 | 24 | ## Examples 25 | 26 | ``` ruby 27 | # Install the JCE for the default Java installation: 28 | java_jce 'Install the JCE files' 29 | 30 | # Install the JCE for a Java installation in /opt/tools/jdk8: 31 | java_jce 'Install the JCE files' do 32 | java_home '/opt/tools/jdk8' 33 | end 34 | 35 | # Install the JCE for a Java 8 installation in /opt/tools/java using a custom download location: 36 | java_jce 'Install the JCE files' do 37 | java_home '/opt/tools/java' 38 | jdk_version '8' 39 | jce_url 'https://artifacts/path/to/jce/policy.zip' 40 | jce_checksum 'deadbeefcafe...' 41 | end 42 | ``` 43 | -------------------------------------------------------------------------------- /bin/check_java_versions.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | require 'net/http' 4 | require 'json' 5 | require 'uri' 6 | 7 | TEMURIN_REPOS = { 8 | '11' => 'adoptium/temurin11-binaries', 9 | '17' => 'adoptium/temurin17-binaries', 10 | }.freeze 11 | 12 | CORRETTO_REPOS = { 13 | '11' => 'corretto-11', 14 | '17' => 'corretto-17', 15 | }.freeze 16 | 17 | def get_latest_release(repo) 18 | uri = URI("https://api.github.com/repos/#{repo}/releases/latest") 19 | response = Net::HTTP.get_response(uri) 20 | 21 | if response.is_a?(Net::HTTPSuccess) 22 | JSON.parse(response.body) 23 | else 24 | puts "Failed to fetch release info for #{repo}: #{response.code} #{response.message}" 25 | nil 26 | end 27 | end 28 | 29 | def verify_url(url) 30 | uri = URI(url) 31 | response = Net::HTTP.get_response(uri) 32 | 33 | case response 34 | when Net::HTTPRedirection 35 | location = response['location'] 36 | puts " ✓ URL redirects successfully to: #{location}" 37 | true 38 | when Net::HTTPSuccess 39 | puts ' ✓ URL is directly accessible' 40 | true 41 | else 42 | puts " ✗ URL is not accessible: #{response.code} #{response.message}" 43 | false 44 | end 45 | end 46 | 47 | def find_linux_x64_jdk(assets) 48 | assets.find { |asset| asset['name'] =~ /OpenJDK\d+U-jdk_x64_linux_hotspot.*\.tar\.gz$/ } 49 | end 50 | 51 | def check_versions 52 | puts 'Checking Temurin versions...' 53 | puts '-' * 50 54 | 55 | TEMURIN_REPOS.each do |version, repo| 56 | puts "\nChecking Java #{version}..." 57 | release = get_latest_release(repo) 58 | next unless release 59 | 60 | tag = release['tag_name'] 61 | puts "Latest release: #{tag}" 62 | 63 | asset = find_linux_x64_jdk(release['assets']) 64 | if asset 65 | url = asset['browser_download_url'] 66 | puts "Download URL: #{url}" 67 | if verify_url(url) 68 | puts 'Current version in cookbook needs updating!' if url != current_url_in_cookbook(version) 69 | end 70 | else 71 | puts ' ✗ No Linux x64 JDK found in release assets' 72 | end 73 | end 74 | end 75 | 76 | def current_url_in_cookbook(version) 77 | # Read the current URLs from openjdk_helpers.rb 78 | helpers_file = File.join(File.dirname(__FILE__), '..', 'libraries', 'openjdk_helpers.rb') 79 | content = File.read(helpers_file) 80 | 81 | case version 82 | when '11' 83 | content.match(/temurin.*when '11'\s+'(.+?)'/m)&.[](1) 84 | when '17' 85 | content.match(/temurin.*when '17'\s+'(.+?)'/m)&.[](1) 86 | end 87 | end 88 | 89 | if __FILE__ == $PROGRAM_NAME 90 | check_versions 91 | end 92 | -------------------------------------------------------------------------------- /kitchen.dokken.yml: -------------------------------------------------------------------------------- 1 | driver: 2 | name: dokken 3 | privileged: true 4 | chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> 5 | 6 | transport: { name: dokken } 7 | provisioner: { name: dokken } 8 | 9 | platforms: 10 | - name: almalinux-8 11 | driver: 12 | image: dokken/almalinux-8 13 | pid_one_command: /usr/lib/systemd/systemd 14 | 15 | - name: almalinux-9 16 | driver: 17 | image: dokken/almalinux-9 18 | pid_one_command: /usr/lib/systemd/systemd 19 | 20 | - name: almalinux-10 21 | driver: 22 | image: dokken/almalinux-10 23 | pid_one_command: /usr/lib/systemd/systemd 24 | 25 | - name: amazonlinux-2023 26 | driver: 27 | image: dokken/amazonlinux-2023 28 | pid_one_command: /usr/lib/systemd/systemd 29 | 30 | - name: centos-stream-9 31 | driver: 32 | image: dokken/centos-stream-9 33 | pid_one_command: /usr/lib/systemd/systemd 34 | 35 | - name: centos-stream-10 36 | driver: 37 | image: dokken/centos-stream-10 38 | pid_one_command: /usr/lib/systemd/systemd 39 | 40 | - name: debian-12 41 | driver: 42 | image: dokken/debian-12 43 | pid_one_command: /bin/systemd 44 | 45 | - name: debian-13 46 | driver: 47 | image: dokken/debian-13 48 | pid_one_command: /usr/lib/systemd/systemd 49 | 50 | - name: fedora-latest 51 | driver: 52 | image: dokken/fedora-latest 53 | pid_one_command: /usr/lib/systemd/systemd 54 | 55 | - name: opensuse-leap-15 56 | driver: 57 | image: dokken/opensuse-leap-15 58 | pid_one_command: /usr/lib/systemd/systemd 59 | 60 | - name: oraclelinux-8 61 | driver: 62 | image: dokken/oraclelinux-8 63 | pid_one_command: /usr/lib/systemd/systemd 64 | 65 | - name: oraclelinux-9 66 | driver: 67 | image: dokken/oraclelinux-9 68 | pid_one_command: /usr/lib/systemd/systemd 69 | 70 | - name: rockylinux-8 71 | driver: 72 | image: dokken/rockylinux-8 73 | pid_one_command: /usr/lib/systemd/systemd 74 | 75 | - name: rockylinux-9 76 | driver: 77 | image: dokken/rockylinux-9 78 | pid_one_command: /usr/lib/systemd/systemd 79 | 80 | - name: rockylinux-10 81 | driver: 82 | image: dokken/rockylinux-10 83 | pid_one_command: /usr/lib/systemd/systemd 84 | 85 | - name: ubuntu-20.04 86 | driver: 87 | image: dokken/ubuntu-20.04 88 | pid_one_command: /bin/systemd 89 | 90 | - name: ubuntu-22.04 91 | driver: 92 | image: dokken/ubuntu-22.04 93 | pid_one_command: /bin/systemd 94 | 95 | - name: ubuntu-24.04 96 | driver: 97 | image: dokken/ubuntu-24.04 98 | pid_one_command: /bin/systemd 99 | -------------------------------------------------------------------------------- /documentation/resources/openjdk_pkg_install.md: -------------------------------------------------------------------------------- 1 | 2 | # openjdk_pkg_install 3 | 4 | [back to resource list](https://github.com/sous-chefs/java#resources) 5 | 6 | Installs OpenJDK Java packages from the system's package manager. This resource handles platform-specific package installation for OpenJDK across different Linux distributions and versions, and configures the alternatives system appropriately. 7 | 8 | Introduced: v8.1.0 9 | 10 | ## Actions 11 | 12 | - `:install` 13 | - `:remove` 14 | 15 | ## Properties 16 | 17 | | Name | Type | Default | Description | 18 | | --------------------- | ------- | ------------------------------------ | --------------------------------------------------- | 19 | | version | String | | Java major version to install | 20 | | pkg_names | Array | `default_openjdk_pkg_names(version)` | List of packages to install | 21 | | pkg_version | String | `nil` | Package version to install | 22 | | java_home | String | Based on the version | Set to override the java_home | 23 | | default | Boolean | `true` | Whether to set this as the default Java | 24 | | bin_cmds | Array | `default_bin_cmds(version)` | A list of bin_cmds based on the version and variant | 25 | | alternatives_priority | Integer | `1062` | Alternatives priority to set for this Java | 26 | | reset_alternatives | Boolean | `true` | Whether to reset alternatives before setting | 27 | | skip_alternatives | Boolean | `false` | Skip alternatives installation completely | 28 | | repository_uri | String | `nil` | URI for the repository mirror to use instead of default repository URLs | 29 | 30 | ## Examples 31 | 32 | To install OpenJDK 11 and set it as the default Java: 33 | 34 | ```ruby 35 | openjdk_pkg_install '11' 36 | ``` 37 | 38 | To install OpenJDK 11 and set it as second highest priority: 39 | 40 | ```ruby 41 | openjdk_pkg_install '11' do 42 | alternatives_priority 2 43 | end 44 | ``` 45 | 46 | ## Architecture Support 47 | 48 | This resource supports installation on both x86_64 and ARM64 architectures. On ARM64 platforms (like ARM Macs or ARM-based cloud instances), package paths may include architecture-specific suffixes in paths (e.g., `-arm64` or `-aarch64`). 49 | -------------------------------------------------------------------------------- /documentation/resources/openjdk_source_install.md: -------------------------------------------------------------------------------- 1 | 2 | # openjdk_source_install 3 | 4 | [back to resource list](https://github.com/sous-chefs/java#resources) 5 | 6 | Installs OpenJDK Java from source archives. This resource handles downloading, extracting, and configuring OpenJDK from source tarballs, including setting up the Java home directory and alternatives system entries. 7 | 8 | Introduced: v8.0.0 9 | 10 | ## Actions 11 | 12 | - `:install` 13 | - `:remove` 14 | 15 | ## Properties 16 | 17 | | Name | Type | Default | Description | 18 | | --------------------- | --------------- | ----------------------------------- | --------------------------------------------------- | 19 | | version | String | | Java version to install | 20 | | url | String | `default_openjdk_url(version)` | The URL to download from | 21 | | checksum | String | `default_openjdk_checksum(version)` | The checksum for the downloaded file | 22 | | java_home | String | Based on the version | Set to override the java_home | 23 | | java_home_mode | Integer, String | `0755` | The permission for the Java home directory | 24 | | java_home_owner | String | `root` | Owner of the Java Home | 25 | | java_home_group | String | `node['root_group']` | Group for the Java Home | 26 | | default | Boolean | `true` | Whether to set this as the default Java | 27 | | bin_cmds | Array | `default_bin_cmds(version)` | A list of bin_cmds based on the version and variant | 28 | | alternatives_priority | Integer | `1` | Alternatives priority to set for this Java | 29 | | reset_alternatives | Boolean | `true` | Whether to reset alternatives before setting | 30 | | skip_alternatives | Boolean | `false` | Skip alternatives installation completely | 31 | 32 | ## Examples 33 | 34 | To install OpenJDK 11 and set it as the default Java: 35 | 36 | ```ruby 37 | openjdk_install '11' 38 | ``` 39 | 40 | To install OpenJDK 11 and set it as second highest priority: 41 | 42 | ```ruby 43 | openjdk_install '11' do 44 | alternatives_priority 2 45 | end 46 | ``` 47 | -------------------------------------------------------------------------------- /resources/openjdk_pkg_install.rb: -------------------------------------------------------------------------------- 1 | provides :openjdk_pkg_install 2 | unified_mode true 3 | include Java::Cookbook::OpenJdkHelpers 4 | include Java::Cookbook::BinCmdHelpers 5 | 6 | property :pkg_names, [String, Array], 7 | default: lazy { default_openjdk_pkg_names(version) }, 8 | description: 'List of packages to install' 9 | 10 | property :pkg_version, String, 11 | description: 'Package version to install' 12 | 13 | property :java_home, String, 14 | default: lazy { default_openjdk_pkg_java_home(version) }, 15 | description: 'Set to override the java_home' 16 | 17 | property :bin_cmds, Array, 18 | default: lazy { default_bin_cmds(version) }, 19 | description: 'A list of bin_cmds based on the version and variant' 20 | 21 | property :alternatives_priority, Integer, 22 | default: 1062, 23 | description: 'Alternatives priority to set for this Java' 24 | 25 | property :repository_uri, String, 26 | description: 'URI for the repository mirror (e.g., "https://custom-mirror.example.com/openjdk/ubuntu")' 27 | 28 | use 'partial/_common' 29 | use 'partial/_linux' 30 | use 'partial/_openjdk' 31 | 32 | action :install do 33 | if platform?('ubuntu') 34 | apt_repository 'openjdk-r-ppa' do 35 | uri new_resource.repository_uri || 'ppa:openjdk-r' 36 | end 37 | end 38 | 39 | pkg_version = 40 | if new_resource.pkg_version && new_resource.pkg_names.is_a?(String) 41 | version new_resource.pkg_version 42 | elsif new_resource.pkg_version && new_resource.pkg_names.is_a?(Array) 43 | Array.new(new_resource.pkg_names.size, new_resource.pkg_version) 44 | end 45 | 46 | package new_resource.pkg_names do 47 | version pkg_version if pkg_version 48 | end 49 | 50 | node.default['java']['java_home'] = new_resource.java_home 51 | 52 | java_alternatives 'set-java-alternatives' do 53 | java_location new_resource.java_home 54 | bin_cmds new_resource.bin_cmds 55 | priority new_resource.alternatives_priority 56 | default new_resource.default 57 | reset_alternatives new_resource.reset_alternatives 58 | not_if { new_resource.skip_alternatives } 59 | end 60 | end 61 | 62 | action :remove do 63 | java_alternatives 'unset-java-alternatives' do 64 | java_location new_resource.java_home 65 | bin_cmds new_resource.bin_cmds 66 | only_if { ::File.exist?(new_resource.java_home) } 67 | not_if { new_resource.skip_alternatives } 68 | action :unset 69 | end 70 | 71 | package new_resource.pkg_names do 72 | action :remove 73 | end 74 | 75 | if platform?('ubuntu') 76 | apt_repository 'openjdk-r-ppa' do 77 | uri 'ppa:openjdk-r' 78 | action :remove 79 | end 80 | end 81 | end 82 | -------------------------------------------------------------------------------- /documentation/resources/openjdk_install.md: -------------------------------------------------------------------------------- 1 | 2 | # openjdk_install 3 | 4 | [back to resource list](https://github.com/sous-chefs/java#resources) 5 | 6 | Installs OpenJDK Java via source or package manager. This resource selects the appropriate installation method based on the `install_type` property and handles cross-platform Java installation including alternatives configuration. 7 | 8 | Introduced: v8.0.0 9 | 10 | ## Actions 11 | 12 | - `:install` 13 | - `:remove` 14 | 15 | ## Properties 16 | 17 | | Name | Type | Default | Description | Allowed values | 18 | | --------------------- | --------------- | ------- | --------------------------------------------------- | ------------------ | 19 | | version | String | | Java version to install | | 20 | | url | String | | The URL to download from | | 21 | | checksum | String | | The checksum for the downloaded file | | 22 | | java_home | String | | Set to override the java_home | | 23 | | java_home_mode | Integer, String | | The permission for the Java home directory | | 24 | | java_home_owner | String | | Owner of the Java Home | | 25 | | java_home_group | String | | Group for the Java Home | | 26 | | default | Boolean | | Whether to set this as the default Java | | 27 | | bin_cmds | Array | | A list of bin_cmds based on the version and variant | | 28 | | alternatives_priority | Integer | | Alternatives priority to set for this Java | | 29 | | reset_alternatives | Boolean | | Whether to reset alternatives before setting | | 30 | | skip_alternatives | Boolean | `false` | Skip alternatives installation completely | | 31 | | pkg_names | Array | | List of packages to install | | 32 | | pkg_version | String | | Package version to install | | 33 | | install_type | String | | Installation type | `package` `source` | 34 | 35 | ## Examples 36 | 37 | To install OpenJDK 11 and set it as the default Java: 38 | 39 | ```ruby 40 | openjdk_install '11' 41 | ``` 42 | 43 | To install OpenJDK 11 and set it as second highest priority: 44 | 45 | ```ruby 46 | openjdk_install '11' do 47 | alternatives_priority 2 48 | end 49 | ``` 50 | -------------------------------------------------------------------------------- /resources/openjdk_source_install.rb: -------------------------------------------------------------------------------- 1 | provides :openjdk_source_install 2 | unified_mode true 3 | include Java::Cookbook::OpenJdkHelpers 4 | include Java::Cookbook::BinCmdHelpers 5 | 6 | property :version, String, 7 | name_property: true, 8 | description: 'Java version to install' 9 | 10 | property :url, String, 11 | default: lazy { default_openjdk_url(version, variant) }, 12 | description: 'The URL to download from. Can be an internal mirror URL (e.g., "https://internal-mirror.example.com/java/openjdk/").' 13 | 14 | property :checksum, String, 15 | regex: /^[0-9a-f]{32}$|^[a-zA-Z0-9]{40,64}$/, 16 | default: lazy { default_openjdk_checksum(version) }, 17 | description: 'The checksum for the downloaded file' 18 | 19 | property :java_home, String, 20 | default: lazy { "/usr/lib/jvm/java-#{version}-openjdk/jdk-#{version}" }, 21 | description: 'Set to override the java_home' 22 | 23 | property :bin_cmds, Array, 24 | default: lazy { default_bin_cmds(version) }, 25 | description: 'A list of bin_cmds based on the version and variant' 26 | 27 | use 'partial/_common' 28 | use 'partial/_linux' 29 | use 'partial/_java_home' 30 | use 'partial/_openjdk' 31 | 32 | action :install do 33 | extract_dir = new_resource.java_home.split('/')[0..-2].join('/') 34 | parent_dir = new_resource.java_home.split('/')[0..-3].join('/') 35 | tarball_name = new_resource.url.split('/').last 36 | 37 | directory parent_dir do 38 | owner new_resource.java_home_owner 39 | group new_resource.java_home_group 40 | mode new_resource.java_home_mode 41 | recursive true 42 | end 43 | 44 | remote_file "#{Chef::Config[:file_cache_path]}/#{tarball_name}" do 45 | source new_resource.url 46 | checksum new_resource.checksum 47 | retries new_resource.retries 48 | retry_delay new_resource.retry_delay 49 | mode '644' 50 | end 51 | 52 | archive_file "#{Chef::Config[:file_cache_path]}/#{tarball_name}" do 53 | destination extract_dir 54 | end 55 | 56 | node.default['java']['java_home'] = new_resource.java_home 57 | 58 | java_alternatives 'set-java-alternatives' do 59 | java_location new_resource.java_home 60 | bin_cmds new_resource.bin_cmds 61 | priority new_resource.alternatives_priority 62 | default new_resource.default 63 | reset_alternatives new_resource.reset_alternatives 64 | not_if { new_resource.skip_alternatives } 65 | action :set 66 | end 67 | 68 | append_if_no_line 'Java Home' do 69 | path '/etc/profile.d/java.sh' 70 | line "export JAVA_HOME=#{new_resource.java_home}" 71 | end 72 | end 73 | 74 | action :remove do 75 | extract_dir = new_resource.java_home.split('/')[0..-2].join('/') 76 | 77 | java_alternatives 'unset-java-alternatives' do 78 | java_location new_resource.java_home 79 | bin_cmds new_resource.bin_cmds 80 | only_if { ::File.exist?(extract_dir) } 81 | not_if { new_resource.skip_alternatives } 82 | action :unset 83 | end 84 | 85 | directory "Removing #{extract_dir}" do 86 | path extract_dir 87 | recursive true 88 | only_if { ::File.exist?(extract_dir) } 89 | action :delete 90 | end 91 | end 92 | -------------------------------------------------------------------------------- /kitchen.yml: -------------------------------------------------------------------------------- 1 | --- 2 | driver: 3 | name: vagrant 4 | chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> 5 | env: [CHEF_LICENSE=accept] 6 | 7 | provisioner: 8 | name: chef_zero 9 | 10 | verifier: 11 | name: inspec 12 | 13 | platforms: 14 | - name: amazonlinux-2023 15 | - name: debian-12 16 | - name: debian-11 17 | - name: freebsd-13 18 | - name: fedora-latest 19 | - name: rockylinux-9 20 | - name: rockylinux-8 21 | - name: ubuntu-22.04 22 | - name: ubuntu-20.04 23 | 24 | suites: 25 | # OpenJDK 26 | - name: openjdk-11 27 | run_list: 28 | - recipe[test::openjdk] 29 | attributes: { version: "11" } 30 | verifier: 31 | inspec_tests: [test/integration/openjdk] 32 | inputs: { java_version: "11" } 33 | 34 | - name: openjdk-16 35 | run_list: 36 | - recipe[test::openjdk] 37 | attributes: { version: "16" } 38 | verifier: 39 | inspec_tests: [test/integration/openjdk] 40 | inputs: { java_version: "16" } 41 | 42 | - name: openjdk-17 43 | run_list: 44 | - recipe[test::openjdk] 45 | attributes: { version: "17" } 46 | verifier: 47 | inspec_tests: [test/integration/openjdk] 48 | inputs: { java_version: "17" } 49 | 50 | # Temurin 51 | - name: temurin-8 52 | run_list: 53 | - recipe[test::temurin_pkg] 54 | attributes: 55 | version: 8 56 | verifier: 57 | inspec_tests: [test/integration/temurin] 58 | inputs: { java_version: "8" } 59 | 60 | - name: temurin-11 61 | run_list: 62 | - recipe[test::temurin_pkg] 63 | attributes: 64 | version: 11 65 | verifier: 66 | inspec_tests: 67 | - test/integration/temurin 68 | inputs: { java_version: "11" } 69 | 70 | - name: temurin-17 71 | run_list: 72 | - recipe[test::temurin_pkg] 73 | attributes: 74 | version: 17 75 | verifier: 76 | inspec_tests: 77 | - test/integration/temurin 78 | inputs: { java_version: "17" } 79 | 80 | - name: temurin-21 81 | run_list: 82 | - recipe[test::temurin_pkg] 83 | attributes: 84 | version: 21 85 | verifier: 86 | inspec_tests: 87 | - test/integration/temurin 88 | inputs: { java_version: "21" } 89 | 90 | # Corretto 91 | - name: corretto-8 92 | run_list: 93 | - recipe[test::corretto] 94 | attributes: { version: "8" } 95 | verifier: 96 | inspec_tests: [test/integration/corretto] 97 | inputs: { java_version: "8" } 98 | - name: corretto-11 99 | run_list: 100 | - recipe[test::corretto] 101 | attributes: { version: "11" } 102 | verifier: 103 | inspec_tests: [test/integration/corretto] 104 | inputs: { java_version: "11" } 105 | - name: corretto-17 106 | run_list: 107 | - recipe[test::corretto] 108 | attributes: { version: "17" } 109 | verifier: 110 | inspec_tests: [test/integration/corretto] 111 | inputs: { java_version: "17" } 112 | - name: corretto-18 113 | run_list: 114 | - recipe[test::corretto] 115 | attributes: { version: "18" } 116 | verifier: 117 | inspec_tests: [test/integration/corretto] 118 | inputs: { java_version: "18" } 119 | -------------------------------------------------------------------------------- /resources/corretto_install.rb: -------------------------------------------------------------------------------- 1 | provides :corretto_install 2 | unified_mode true 3 | include Java::Cookbook::CorrettoHelpers 4 | 5 | property :full_version, String, 6 | description: 'Used to configure the package directory, change this is the version installed by the package is no longer correct' 7 | 8 | property :url, String, 9 | default: lazy { default_corretto_url(version) }, 10 | description: 'The URL to download from' 11 | 12 | property :checksum, String, 13 | regex: /^[0-9a-f]{32}$|^[a-zA-Z0-9]{40,64}$/, 14 | description: 'The checksum for the downloaded file' 15 | 16 | property :java_home, String, 17 | default: lazy { "/usr/lib/jvm/java-#{version}-corretto/#{corretto_sub_dir(version, full_version)}" }, 18 | description: 'Set to override the java_home' 19 | 20 | property :bin_cmds, Array, 21 | default: lazy { default_corretto_bin_cmds(version) }, 22 | description: 'A list of bin_cmds based on the version and variant' 23 | 24 | use 'partial/_common' 25 | use 'partial/_linux' 26 | use 'partial/_java_home' 27 | 28 | action :install do 29 | extract_dir = new_resource.java_home.split('/')[0..-2].join('/') 30 | parent_dir = new_resource.java_home.split('/')[0..-3].join('/') 31 | tarball_name = new_resource.url.split('/').last 32 | 33 | directory parent_dir do 34 | owner new_resource.java_home_owner 35 | group new_resource.java_home_group 36 | mode new_resource.java_home_mode 37 | recursive true 38 | end 39 | 40 | remote_file "#{Chef::Config[:file_cache_path]}/#{tarball_name}" do 41 | source new_resource.url 42 | checksum new_resource.checksum if new_resource.checksum 43 | retries new_resource.retries 44 | retry_delay new_resource.retry_delay 45 | mode '644' 46 | end 47 | 48 | archive_file "#{Chef::Config[:file_cache_path]}/#{tarball_name}" do 49 | destination extract_dir 50 | end 51 | 52 | node.default['java']['java_home'] = new_resource.java_home 53 | 54 | # Set up .jinfo file for update-java-alternatives 55 | template "/usr/lib/jvm/.java-#{new_resource.version}-corretto.jinfo" do 56 | cookbook 'java' 57 | source 'jinfo.erb' 58 | owner new_resource.java_home_owner 59 | group new_resource.java_home_group 60 | variables( 61 | priority: new_resource.alternatives_priority, 62 | bin_cmds: new_resource.bin_cmds, 63 | name: extract_dir.split('/').last, 64 | app_dir: new_resource.java_home 65 | ) 66 | only_if { platform_family?('debian') } 67 | end 68 | 69 | java_alternatives 'set-java-alternatives' do 70 | java_location new_resource.java_home 71 | bin_cmds new_resource.bin_cmds 72 | priority new_resource.alternatives_priority 73 | default new_resource.default 74 | reset_alternatives new_resource.reset_alternatives 75 | not_if { new_resource.skip_alternatives } 76 | end 77 | end 78 | 79 | action :remove do 80 | extract_dir = new_resource.java_home.split('/')[0..-2].join('/') 81 | 82 | java_alternatives 'unset-java-alternatives' do 83 | java_location new_resource.java_home 84 | bin_cmds new_resource.bin_cmds 85 | only_if { ::File.exist?(extract_dir) } 86 | action :unset 87 | end 88 | 89 | directory "Removing #{extract_dir}" do 90 | path extract_dir 91 | recursive true 92 | only_if { ::File.exist?(extract_dir) } 93 | action :delete 94 | end 95 | end 96 | -------------------------------------------------------------------------------- /resources/openjdk_install.rb: -------------------------------------------------------------------------------- 1 | provides :openjdk_install 2 | unified_mode true 3 | include Java::Cookbook::OpenJdkHelpers 4 | include Java::Cookbook::BinCmdHelpers 5 | 6 | property :install_type, 7 | String, 8 | default: lazy { default_openjdk_install_method(version) }, 9 | equal_to: %w( package source ), 10 | description: 'Installation type' 11 | 12 | property :pkg_names, 13 | [String, Array], 14 | description: 'List of packages to install' 15 | 16 | property :pkg_version, 17 | String, 18 | description: 'Package version to install' 19 | 20 | property :java_home, 21 | String, 22 | description: 'Set to override the java_home' 23 | 24 | property :bin_cmds, 25 | Array, 26 | default: lazy { default_bin_cmds(version) }, 27 | description: 'A list of bin_cmds based on the version and variant' 28 | 29 | property :url, 30 | String, 31 | description: 'The URL to download from' 32 | 33 | property :checksum, 34 | String, 35 | description: 'The checksum for the downloaded file' 36 | 37 | use 'partial/_common' 38 | use 'partial/_linux' 39 | use 'partial/_java_home' 40 | use 'partial/_openjdk' 41 | 42 | action :install do 43 | if new_resource.install_type == 'package' 44 | openjdk_pkg_install new_resource.version do 45 | pkg_names new_resource.pkg_names 46 | pkg_version new_resource.pkg_version 47 | java_home new_resource.java_home 48 | default new_resource.default 49 | bin_cmds new_resource.bin_cmds 50 | skip_alternatives new_resource.skip_alternatives 51 | alternatives_priority new_resource.alternatives_priority 52 | reset_alternatives new_resource.reset_alternatives 53 | end 54 | elsif new_resource.install_type == 'source' 55 | openjdk_source_install new_resource.version do 56 | url new_resource.url 57 | checksum new_resource.checksum 58 | java_home new_resource.java_home 59 | java_home_mode new_resource.java_home_mode 60 | java_home_group new_resource.java_home_group 61 | default new_resource.default 62 | bin_cmds new_resource.bin_cmds 63 | skip_alternatives new_resource.skip_alternatives 64 | alternatives_priority new_resource.alternatives_priority 65 | reset_alternatives new_resource.reset_alternatives 66 | end 67 | else 68 | ChefLog.fatal('Invalid install method specified') 69 | end 70 | end 71 | 72 | action :remove do 73 | if new_resource.install_type == 'package' 74 | openjdk_pkg_install new_resource.version do 75 | pkg_names new_resource.pkg_names 76 | pkg_version new_resource.pkg_version 77 | java_home new_resource.java_home 78 | default new_resource.default 79 | bin_cmds new_resource.bin_cmds 80 | skip_alternatives new_resource.skip_alternatives 81 | alternatives_priority new_resource.alternatives_priority 82 | reset_alternatives new_resource.reset_alternatives 83 | action :remove 84 | end 85 | elsif new_resource.install_type == 'source' 86 | openjdk_source_install new_resource.version do 87 | url new_resource.url 88 | checksum new_resource.checksum 89 | java_home new_resource.java_home 90 | java_home_mode new_resource.java_home_mode 91 | java_home_group new_resource.java_home_group 92 | default new_resource.default 93 | bin_cmds new_resource.bin_cmds 94 | skip_alternatives new_resource.skip_alternatives 95 | alternatives_priority new_resource.alternatives_priority 96 | reset_alternatives new_resource.reset_alternatives 97 | action :remove 98 | end 99 | else 100 | ChefLog.fatal('Invalid install method specified') 101 | end 102 | end 103 | -------------------------------------------------------------------------------- /documentation/resources/corretto_install.md: -------------------------------------------------------------------------------- 1 | 2 | # corretto_install 3 | 4 | [back to resource list](https://github.com/sous-chefs/java#resources) 5 | 6 | Installs Amazon Corretto Java distribution. This resource handles downloading, extracting and configuring Amazon's Corretto distribution of OpenJDK, including setting up Java home directories and configuring system alternatives. 7 | 8 | Introduced: v8.0.0 9 | 10 | ## Actions 11 | 12 | - `:install` 13 | - `:remove` 14 | 15 | ## Properties 16 | 17 | | Name | Type | Default | Description | 18 | | --------------------- | --------------- | ------------------------------------ | ----------------------------------------------------------------------------------------------------------------- | 19 | | version | String | | Java version to install | 20 | | full_version | String | | Used to configure the package directory, change this is the version installed by the package is no longer correct | 21 | | url | String | `default_corretto_url(version)` | The URL to download from | 22 | | checksum | String | | The checksum for the downloaded file | 23 | | java_home | String | Based on the version | Set to override the java_home | 24 | | java_home_mode | Integer, String | `0755` | The permission for the Java home directory | 25 | | java_home_owner | String | `root` | Owner of the Java Home | 26 | | java_home_group | String | `node['root_group']` | Group for the Java Home | 27 | | default | Boolean | `true` | Whether to set this as the default Java | 28 | | bin_cmds | Array | `default_corretto_bin_cmds(version)` | A list of bin_cmds based on the version and variant | 29 | | alternatives_priority | Integer | `1` | Alternatives priority to set for this Java | 30 | | reset_alternatives | Boolean | `true` | Whether to reset alternatives before setting | 31 | | skip_alternatives | Boolean | `false` | Skip alternatives installation completely | 32 | 33 | ## Examples 34 | 35 | To install Corretto 11 and set it as the default Java: 36 | 37 | ```ruby 38 | corretto_install '11' 39 | ``` 40 | 41 | To install Corretto 11 and set it as second highest priority: 42 | 43 | ```ruby 44 | corretto_install '8' do 45 | alternatives_priority 2 46 | end 47 | ``` 48 | 49 | ## Architecture Support 50 | 51 | This resource supports installation on both x86_64 and ARM64 architectures. Amazon Corretto provides architecture-specific builds and the resource automatically handles the correct paths and downloads for the target platform. 52 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # java cookbook 2 | 3 | [![Cookbook Version](https://img.shields.io/cookbook/v/java.svg)](https://supermarket.chef.io/cookbooks/java) 4 | [![Build Status](https://img.shields.io/circleci/project/github/sous-chefs/java/master.svg)](https://circleci.com/gh/sous-chefs/java) 5 | [![OpenCollective](https://opencollective.com/sous-chefs/backers/badge.svg)](#backers) 6 | [![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors) 7 | [![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0) 8 | 9 | This cookbook installs a Java JDK/JRE. It defaults to installing [OpenJDK](https://openjdk.java.net/), but it can also install [AdoptOpenJDK](https://adoptopenjdk.net/) and [Amazon Corretto](https://corretto.aws/). 10 | 11 | ## Maintainers 12 | 13 | This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF). 14 | 15 | ## Usage 16 | 17 | ## Requirements 18 | 19 | Chef 15.3+ 20 | 21 | ### Platforms 22 | 23 | - Debian, Ubuntu 24 | - CentOS, RedHat, Fedora, Scientific, Amazon 25 | 26 | ## Resources 27 | 28 | - [adoptopenjdk_install](https://github.com/sous-chefs/java/blob/master/documentation/resources/adoptopenjdk_install.md) 29 | - [adoptopenjdk_macos_install](https://github.com/sous-chefs/java/blob/master/documentation/resources/adoptopenjdk_macos_install.md) 30 | - [alternatives](https://github.com/sous-chefs/java/blob/master/documentation/resources/alternatives.md) 31 | - [certificate](https://github.com/sous-chefs/java/blob/master/documentation/resources/certificate.md) 32 | - [corretto_install](https://github.com/sous-chefs/java/blob/master/documentation/resources/corretto_install.md) 33 | - [jce](https://github.com/sous-chefs/java/blob/master/documentation/resources/jce.md) 34 | - [openjdk_install](https://github.com/sous-chefs/java/blob/master/documentation/resources/openjdk_install.md) 35 | - [openjdk_pkg_install](https://github.com/sous-chefs/java/blob/master/documentation/resources/openjdk_pkg_install.md) 36 | 37 | ## Contributors 38 | 39 | This project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890&button=false) 40 | 41 | ### Backers 42 | 43 | Thank you to all our backers! 44 | 45 | ![https://opencollective.com/sous-chefs#backers](https://opencollective.com/sous-chefs/backers.svg?width=600&avatarHeight=40) 46 | 47 | ### Sponsors 48 | 49 | Support this project by becoming a sponsor. Your logo will show up here with a link to your website. 50 | 51 | ![https://opencollective.com/sous-chefs/sponsor/0/website](https://opencollective.com/sous-chefs/sponsor/0/avatar.svg?avatarHeight=100) 52 | ![https://opencollective.com/sous-chefs/sponsor/1/website](https://opencollective.com/sous-chefs/sponsor/1/avatar.svg?avatarHeight=100) 53 | ![https://opencollective.com/sous-chefs/sponsor/2/website](https://opencollective.com/sous-chefs/sponsor/2/avatar.svg?avatarHeight=100) 54 | ![https://opencollective.com/sous-chefs/sponsor/3/website](https://opencollective.com/sous-chefs/sponsor/3/avatar.svg?avatarHeight=100) 55 | ![https://opencollective.com/sous-chefs/sponsor/4/website](https://opencollective.com/sous-chefs/sponsor/4/avatar.svg?avatarHeight=100) 56 | ![https://opencollective.com/sous-chefs/sponsor/5/website](https://opencollective.com/sous-chefs/sponsor/5/avatar.svg?avatarHeight=100) 57 | ![https://opencollective.com/sous-chefs/sponsor/6/website](https://opencollective.com/sous-chefs/sponsor/6/avatar.svg?avatarHeight=100) 58 | ![https://opencollective.com/sous-chefs/sponsor/7/website](https://opencollective.com/sous-chefs/sponsor/7/avatar.svg?avatarHeight=100) 59 | ![https://opencollective.com/sous-chefs/sponsor/8/website](https://opencollective.com/sous-chefs/sponsor/8/avatar.svg?avatarHeight=100) 60 | ![https://opencollective.com/sous-chefs/sponsor/9/website](https://opencollective.com/sous-chefs/sponsor/9/avatar.svg?avatarHeight=100) 61 | -------------------------------------------------------------------------------- /documentation/resources/temurin_package_install.md: -------------------------------------------------------------------------------- 1 | # temurin_package_install 2 | 3 | [back to resource list](https://github.com/sous-chefs/java#resources) 4 | 5 | Installs Java Temurin (AdoptOpenJDK) packages provided by Adoptium. This resource handles the repository setup and package installation for Temurin JDK packages across various platforms. 6 | 7 | Introduced: v12.0.0 8 | 9 | ## Actions 10 | 11 | - `:install` - Installs Temurin JDK packages 12 | - `:remove` - Removes Temurin JDK packages 13 | 14 | ## Properties 15 | 16 | | Property | Type | Default | Description | 17 | |-----------------------|----------------|----------------------------------------|----------------------------------------------| 18 | | `version` | String | Name Property | Java version to install (e.g. '8', '11', '17') | 19 | | `pkg_name` | String | `temurin-#{version}-jdk` | Package name to install | 20 | | `pkg_version` | String | `nil` | Package version to install | 21 | | `java_home` | String | Platform-specific JAVA_HOME | Path to set as JAVA_HOME | 22 | | `bin_cmds` | Array | Version-specific binary commands | Commands for alternatives | 23 | | `alternatives_priority` | Integer | 1062 | Priority for alternatives system | 24 | | `reset_alternatives` | Boolean | true | Whether to reset alternatives before setting | 25 | | `default` | Boolean | true | Whether to set this as the default Java | 26 | | `skip_alternatives` | Boolean | false | Skip alternatives installation completely | 27 | | `repository_uri` | String | `nil` | URI for the repository mirror to use instead of default repository URLs | 28 | | air_gap | Boolean | false | Whether to install in air-gap mode | 29 | 30 | ## Platform Support 31 | 32 | - Debian/Ubuntu: Uses apt_repository with `signed_by false` and `trusted true` options to bypass GPG signature verification issues 33 | - Amazon Linux/CentOS/RHEL: Uses yum_repository with standard configuration 34 | - SUSE: Uses zypper_repository with standard configuration 35 | 36 | ## Architecture Support 37 | 38 | This resource supports installation on both x86_64 and ARM64 architectures. On ARM64 platforms (like ARM Macs or ARM-based cloud instances), the package paths may include architecture-specific suffixes (e.g., `/usr/lib/jvm/temurin-8-jdk-arm64/bin/java`). 39 | 40 | ## Notes 41 | 42 | - Due to a bug in Chef's apt_repository resource ([PR #15043](https://github.com/chef/chef/pull/15043)), GPG key verification is disabled by default on Debian-family systems to ensure the repository can be used successfully 43 | 44 | ## Examples 45 | 46 | ### Install Temurin JDK 11 47 | 48 | ```ruby 49 | temurin_package_install '11' 50 | ``` 51 | 52 | ### Install Temurin JDK 17 with custom alternatives priority 53 | 54 | ```ruby 55 | temurin_package_install '17' do 56 | alternatives_priority 1100 57 | end 58 | ``` 59 | 60 | ### Install specific version with custom package name 61 | 62 | ```ruby 63 | temurin_package_install '11' do 64 | pkg_name 'temurin-11-jdk' 65 | end 66 | ``` 67 | 68 | ## Supported Platforms 69 | 70 | This resource supports the following platforms: 71 | 72 | - Debian 73 | - Ubuntu 74 | - RHEL/CentOS/Rocky Linux 75 | - Fedora 76 | - Amazon Linux 77 | - OpenSUSE/SLES 78 | 79 | Each platform will have the appropriate Adoptium repository configured automatically. 80 | 81 | ## Additional Information 82 | 83 | - This resource uses the Adoptium API to validate available releases. 84 | - The resource will warn if a requested version is not available as an LTS release. 85 | - For most use cases, you can simply specify the major version number. 86 | - Air-gap mode disables version checking via the Adoptium API and instead uses the version specified in the `pkg_version` property. 87 | -------------------------------------------------------------------------------- /resources/jce.rb: -------------------------------------------------------------------------------- 1 | unified_mode true 2 | 3 | property :jdk_version, 4 | String, 5 | default: lazy { node['java']['jdk_version'].to_s }, description: 'The Java version to install into' 6 | 7 | property :jce_url, 8 | String, 9 | default: lazy { node['java']['oracle']['jce'][jdk_version]['url'] }, description: 'The URL for the JCE distribution' 10 | 11 | property :jce_checksum, 12 | String, 13 | default: lazy { node['java']['oracle']['jce'][jdk_version]['checksum'] }, description: 'The checksum of the JCE distribution' 14 | 15 | property :java_home, 16 | String, 17 | default: lazy { node['java']['java_home'] }, description: 'The location of the Java installation' 18 | 19 | property :jce_home, 20 | String, 21 | default: lazy { node['java']['oracle']['jce']['home'] }, description: 'The location where JCE files will be decompressed for installation' 22 | 23 | property :jce_cookie, 24 | String, 25 | default: lazy { node['java']['oracle']['accept_oracle_download_terms'] ? 'oraclelicense=accept-securebackup-cookie' : '' }, description: 'Indicates that you accept Oracles EULA' 26 | 27 | property :principal, 28 | String, 29 | default: lazy { platform_family?('windows') ? node['java']['windows']['owner'] : 'administrator' }, description: 'For Windows installations only, this determines the owner of the JCE files' 30 | 31 | action :install do 32 | jdk_version = new_resource.jdk_version 33 | jce_url = new_resource.jce_url 34 | jce_checksum = new_resource.jce_checksum 35 | java_home = new_resource.java_home 36 | jce_home = new_resource.jce_home 37 | jce_cookie = new_resource.jce_cookie 38 | principal = new_resource.principal 39 | 40 | directory ::File.join(jce_home, jdk_version) do 41 | mode '0755' 42 | recursive true 43 | end 44 | 45 | r = remote_file "#{node['java']['download_path']}/jce.zip" do 46 | source jce_url 47 | checksum jce_checksum 48 | headers( 49 | 'Cookie' => jce_cookie 50 | ) 51 | not_if { ::File.exist?(::File.join(jce_home, jdk_version, 'US_export_policy.jar')) } 52 | end 53 | 54 | # JRE installation does not have a jre folder 55 | jre_path = node['java']['install_type'] == 'jdk' ? 'jre' : '' 56 | 57 | if platform_family?('windows') 58 | 59 | staging_path = ::File.join(jce_home, jdk_version) 60 | staging_local_policy = ::File.join(staging_path, "UnlimitedJCEPolicyJDK#{jdk_version}", 'local_policy.jar') 61 | staging_export_policy = ::File.join(staging_path, "UnlimitedJCEPolicyJDK#{jdk_version}", 'US_export_policy.jar') 62 | jre_final_path = ::File.join(java_home, jre_path, 'lib', 'security') 63 | final_local_policy = ::File.join(jre_final_path, 'local_policy.jar') 64 | final_export_policy = ::File.join(jre_final_path, 'US_export_policy.jar') 65 | 66 | archive_file staging_path do 67 | path r.path 68 | destination staging_path 69 | action :extract 70 | not_if { ::File.exist? staging_local_policy } 71 | end 72 | 73 | remote_file final_local_policy do 74 | rights :full_control, principal 75 | source "file://#{staging_local_policy}" 76 | end 77 | 78 | remote_file final_export_policy do 79 | rights :full_control, principal 80 | source "file://#{staging_export_policy}" 81 | end 82 | 83 | else 84 | package 'unzip' 85 | package 'curl' 86 | 87 | execute 'extract jce' do 88 | command <<-EOF 89 | rm -rf java_jce 90 | mkdir java_jce 91 | cd java_jce 92 | unzip -o ../jce.zip 93 | find ./ -name '*.jar' | xargs -I JCE_JAR mv JCE_JAR #{jce_home}/#{jdk_version}/ 94 | chmod -R 0644 #{jce_home}/#{jdk_version}/*.jar 95 | EOF 96 | cwd node['java']['download_path'] 97 | creates ::File.join(jce_home, jdk_version, 'US_export_policy.jar') 98 | end 99 | 100 | %w(local_policy.jar US_export_policy.jar).each do |jar| 101 | jar_path = ::File.join(java_home, jre_path, 'lib', 'security', jar) 102 | # remove the jars already in the directory 103 | file jar_path do 104 | action :delete 105 | not_if { ::File.symlink? jar_path } 106 | end 107 | link jar_path do 108 | to ::File.join(jce_home, jdk_version, jar) 109 | end 110 | end 111 | end 112 | end 113 | -------------------------------------------------------------------------------- /resources/temurin_package_install.rb: -------------------------------------------------------------------------------- 1 | provides :temurin_package_install 2 | unified_mode true 3 | include Java::Cookbook::OpenJdkHelpers 4 | include Java::Cookbook::TemurinHelpers 5 | include Java::Cookbook::BinCmdHelpers 6 | 7 | def default_temurin_pkg_name(version) 8 | # Validate version against available releases 9 | unless temurin_version_available?(version) 10 | Chef::Log.warn("Temurin version #{version} might not be available. Available LTS versions: #{temurin_lts_versions.join(', ')}") 11 | end 12 | "temurin-#{version}-jdk" 13 | end 14 | 15 | property :pkg_name, String, 16 | default: lazy { default_temurin_pkg_name(version) }, 17 | description: 'Package name to install' 18 | 19 | property :pkg_version, String, 20 | description: 'Package version to install' 21 | 22 | property :java_home, String, 23 | default: lazy { "/usr/lib/jvm/temurin-#{version}-jdk" }, 24 | description: 'Set to override the java_home' 25 | 26 | property :bin_cmds, Array, 27 | default: lazy { default_bin_cmds(version) }, 28 | description: 'A list of bin_cmds based on the version' 29 | 30 | property :repository_uri, String, 31 | description: 'URI for the repository mirror (e.g., "https://custom-mirror.example.com/artifactory/deb")' 32 | 33 | use 'partial/_common' 34 | use 'partial/_linux' 35 | 36 | action :install do 37 | apt_repository 'adoptium' do 38 | uri new_resource.repository_uri || 'https://packages.adoptium.net/artifactory/deb' 39 | components ['main'] 40 | distribution lazy { node['lsb']['codename'] || node['debian']['distribution_codename'] } 41 | # TODO: https://github.com/chef/chef/pull/15043 42 | # key '843C48A565F8F04B' 43 | # keyserver 'keyserver.ubuntu.com' 44 | signed_by false 45 | trusted true 46 | only_if { platform_family?('debian') } 47 | end 48 | 49 | yum_repository 'adoptium' do 50 | description 'Eclipse Adoptium' 51 | baseurl new_resource.repository_uri || value_for_platform( 52 | 'amazon' => { 'default' => 'https://packages.adoptium.net/artifactory/rpm/amazonlinux/2/$basearch' }, 53 | 'centos' => { 'default' => 'https://packages.adoptium.net/artifactory/rpm/centos/$releasever/$basearch' }, 54 | 'fedora' => { 'default' => 'https://packages.adoptium.net/artifactory/rpm/fedora/$releasever/$basearch' }, 55 | 'opensuse' => { 'default' => 'https://packages.adoptium.net/artifactory/rpm/opensuse/$releasever/$basearch' }, 56 | 'oracle' => { 'default' => 'https://packages.adoptium.net/artifactory/rpm/oraclelinux/$releasever/$basearch' }, 57 | 'redhat' => { 'default' => 'https://packages.adoptium.net/artifactory/rpm/rhel/$releasever/$basearch' }, 58 | 'rocky' => { 'default' => 'https://packages.adoptium.net/artifactory/rpm/rocky/8/$basearch' }, 59 | 'suse' => { 'default' => 'https://packages.adoptium.net/artifactory/rpm/sles/$releasever/$basearch' } 60 | ) 61 | enabled true 62 | gpgcheck true 63 | gpgkey 'https://packages.adoptium.net/artifactory/api/gpg/key/public' 64 | only_if { platform_family?('rhel', 'fedora', 'amazon', 'rocky', 'suse', 'oraclelinux') } 65 | end 66 | 67 | zypper_repository 'adoptium' do 68 | description 'Eclipse Adoptium' 69 | baseurl new_resource.repository_uri || 'https://packages.adoptium.net/artifactory/rpm/opensuse/$releasever/$basearch' 70 | gpgcheck true 71 | gpgkey 'https://packages.adoptium.net/artifactory/api/gpg/key/public' 72 | action :create 73 | only_if { platform_family?('suse') } 74 | end 75 | 76 | package new_resource.pkg_name do 77 | version new_resource.pkg_version if new_resource.pkg_version 78 | end 79 | 80 | node.default['java']['java_home'] = new_resource.java_home 81 | 82 | java_alternatives 'set-java-alternatives' do 83 | java_location new_resource.java_home 84 | bin_cmds new_resource.bin_cmds 85 | priority new_resource.alternatives_priority 86 | default new_resource.default 87 | reset_alternatives new_resource.reset_alternatives 88 | not_if { new_resource.skip_alternatives } 89 | end 90 | end 91 | 92 | action :remove do 93 | java_alternatives 'unset-java-alternatives' do 94 | java_location new_resource.java_home 95 | bin_cmds new_resource.bin_cmds 96 | only_if { ::File.exist?(new_resource.java_home) } 97 | action :unset 98 | not_if { new_resource.skip_alternatives } 99 | end 100 | 101 | package new_resource.pkg_name do 102 | action :remove 103 | end 104 | 105 | apt_repository 'adoptium' do 106 | action :remove 107 | only_if { platform_family?('debian') } 108 | end 109 | 110 | yum_repository 'adoptium' do 111 | action :remove 112 | only_if { platform_family?('rhel', 'fedora', 'amazon', 'rocky', 'suse', 'oraclelinux') } 113 | end 114 | 115 | zypper_repository 'adoptium' do 116 | action :remove 117 | only_if { platform_family?('suse') } 118 | end 119 | end 120 | -------------------------------------------------------------------------------- /.github/copilot-instructions.md: -------------------------------------------------------------------------------- 1 | # Copilot Instructions for Sous Chefs Cookbooks 2 | 3 | ## Repository Overview 4 | 5 | **Chef cookbook** for managing software installation and configuration. Part of the Sous Chefs cookbook ecosystem. 6 | 7 | **Key Facts:** Ruby-based, Chef >= 16 required, supports various OS platforms (check metadata.rb, kitchen.yml and .github/workflows/ci.yml for which platforms to specifically test) 8 | 9 | ## Project Structure 10 | 11 | **Critical Paths:** 12 | - `recipes/` - Chef recipes for cookbook functionality (if this is a recipe-driven cookbook) 13 | - `resources/` - Custom Chef resources with properties and actions (if this is a resource-driven cookbook) 14 | - `spec/` - ChefSpec unit tests 15 | - `test/integration/` - InSpec integration tests (tests all platforms supported) 16 | - `test/cookbooks/` or `test/fixtures/` - Example cookbooks used during testing that show good examples of custom resource usage 17 | - `attributes/` - Configuration for recipe driven cookbooks (not applicable to resource cookbooks) 18 | - `libraries/` - Library helpers to assist with the cookbook. May contain multiple files depending on complexity of the cookbook. 19 | - `templates/` - ERB templates that may be used in the cookbook 20 | - `files/` - files that may be used in the cookbook 21 | - `metadata.rb`, `Berksfile` - Cookbook metadata and dependencies 22 | 23 | ## Build and Test System 24 | 25 | ### Environment Setup 26 | **MANDATORY:** Install Chef Workstation first - provides chef, berks, cookstyle, kitchen tools. 27 | 28 | ### Essential Commands (strict order) 29 | ```bash 30 | berks install # Install dependencies (always first) 31 | cookstyle # Ruby/Chef linting 32 | yamllint . # YAML linting 33 | markdownlint-cli2 '**/*.md' # Markdown linting 34 | chef exec rspec # Unit tests (ChefSpec) 35 | # Integration tests will be done via the ci.yml action. Do not run these. Only check the action logs for issues after CI is done running. 36 | ``` 37 | 38 | ### Critical Testing Details 39 | - **Kitchen Matrix:** Multiple OS platforms × software versions (check kitchen.yml for specific combinations) 40 | - **Docker Required:** Integration tests use Dokken driver 41 | - **CI Environment:** Set `CHEF_LICENSE=accept-no-persist` 42 | - **Full CI Runtime:** 30+ minutes for complete matrix 43 | 44 | ### Common Issues and Solutions 45 | - **Always run `berks install` first** - most failures are dependency-related 46 | - **Docker must be running** for kitchen tests 47 | - **Chef Workstation required** - no workarounds, no alternatives 48 | - **Test data bags needed** (optional for some cookbooks) in `test/integration/data_bags/` for convergence 49 | 50 | ## Development Workflow 51 | 52 | ### Making Changes 53 | 1. Edit recipes/resources/attributes/templates/libraries 54 | 2. Update corresponding ChefSpec tests in `spec/` 55 | 3. Also update any InSpec tests under test/integration 56 | 4. Ensure cookstyle and rspec passes at least. You may run `cookstyle -a` to automatically fix issues if needed. 57 | 5. Also always update all documentation found in README.md and any files under documentation/* 58 | 6. **Always update CHANGELOG.md** (required by Dangerfile) - Make sure this conforms with the Sous Chefs changelog standards. 59 | 60 | ### Pull Request Requirements 61 | - **PR description >10 chars** (Danger enforced) 62 | - **CHANGELOG.md entry** for all code changes 63 | - **Version labels** (major/minor/patch) required 64 | - **All linters must pass** (cookstyle, yamllint, markdownlint) 65 | - **Test updates** needed for code changes >5 lines and parameter changes that affect the code logic 66 | 67 | ## Chef Cookbook Patterns 68 | 69 | ### Resource Development 70 | - Custom resources in `resources/` with properties and actions 71 | - Include comprehensive ChefSpec tests for all actions 72 | - Follow Chef resource DSL patterns 73 | 74 | ### Recipe Conventions 75 | - Use `include_recipe` for modularity 76 | - Handle platforms with `platform_family?` conditionals 77 | - Use encrypted data bags for secrets (passwords, SSL certs) 78 | - Leverage attributes for configuration with defaults 79 | 80 | ### Testing Approach 81 | - **ChefSpec (Unit):** Mock dependencies, test recipe logic in `spec/` 82 | - **InSpec (Integration):** Verify actual system state in `test/integration/inspec/` - InSpec files should contain proper inspec.yml and controls directories so that it could be used by other suites more easily. 83 | - One test file per recipe, use standard Chef testing patterns 84 | 85 | ## Trust These Instructions 86 | 87 | These instructions are validated for Sous Chefs cookbooks. **Do not search for build instructions** unless information here fails. 88 | 89 | **Error Resolution Checklist:** 90 | 1. Verify Chef Workstation installation 91 | 2. Confirm `berks install` completed successfully 92 | 3. Ensure Docker is running for integration tests 93 | 4. Check for missing test data dependencies 94 | 95 | The CI system uses these exact commands - following them matches CI behavior precisely. 96 | -------------------------------------------------------------------------------- /spec/libraries/corretto_helpers_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | RSpec.describe Java::Cookbook::CorrettoHelpers do 4 | class DummyClass < Chef::Node 5 | include Java::Cookbook::CorrettoHelpers 6 | end 7 | 8 | subject { DummyClass.new } 9 | 10 | describe '#default_corretto_url' do 11 | before do 12 | allow(subject).to receive(:[]).with('version').and_return(version) 13 | allow(subject).to receive(:[]).with('kernel').and_return('machine' => machine) 14 | end 15 | 16 | context 'Corretto 11 x64' do 17 | let(:version) { '11' } 18 | let(:machine) { 'x86_64' } 19 | 20 | it 'returns the correct URL' do 21 | expect(subject.default_corretto_url(version)).to match /corretto-11.+\.tar.gz/ 22 | end 23 | end 24 | 25 | context 'Corretto 17 x64' do 26 | let(:version) { '17' } 27 | let(:machine) { 'x86_64' } 28 | 29 | it 'returns the correct URL' do 30 | expect(subject.default_corretto_url(version)).to match /corretto-17.+\.tar.gz/ 31 | end 32 | end 33 | 34 | context 'Corretto 18 x64' do 35 | let(:version) { '18' } 36 | let(:machine) { 'x86_64' } 37 | 38 | it 'returns the correct URL' do 39 | expect(subject.default_corretto_url(version)).to match /corretto-18.+\.tar.gz/ 40 | end 41 | end 42 | 43 | context 'Corretto 11 aarch64' do 44 | let(:version) { '11' } 45 | let(:machine) { 'aarch64' } 46 | 47 | it 'returns the correct URL' do 48 | expect(subject.default_corretto_url(version)).to match /corretto-11.+\.tar.gz/ 49 | end 50 | end 51 | 52 | context 'Corretto 17 aarch64' do 53 | let(:version) { '17' } 54 | let(:machine) { 'aarch64' } 55 | 56 | it 'returns the correct URL' do 57 | expect(subject.default_corretto_url(version)).to match /corretto-17.+\.tar.gz/ 58 | end 59 | end 60 | 61 | context 'Corretto 18 aarch64' do 62 | let(:version) { '18' } 63 | let(:machine) { 'aarch64' } 64 | 65 | it 'returns the correct URL' do 66 | expect(subject.default_corretto_url(version)).to match /corretto-18.+\.tar.gz/ 67 | end 68 | end 69 | end 70 | 71 | describe '#default_bin_cmds' do 72 | before do 73 | allow(subject).to receive(:[]).with('version').and_return(version) 74 | end 75 | 76 | context 'Corretto 11' do 77 | let(:version) { '11' } 78 | 79 | it 'returns the correct bin command array' do 80 | expect(subject.default_corretto_bin_cmds(version)).to_not include 'appletviewer' 81 | expect(subject.default_corretto_bin_cmds(version)).to include 'jaotc' 82 | end 83 | end 84 | 85 | context 'Corretto 17' do 86 | let(:version) { '17' } 87 | 88 | it 'returns the correct bin command array' do 89 | expect(subject.default_corretto_bin_cmds(version)).to_not include 'jjs' 90 | expect(subject.default_corretto_bin_cmds(version)).to include 'jaotc' 91 | end 92 | end 93 | 94 | context 'Corretto 18' do 95 | let(:version) { '18' } 96 | 97 | it 'returns the correct bin command array' do 98 | expect(subject.default_corretto_bin_cmds(version)).to_not include 'jjs' 99 | expect(subject.default_corretto_bin_cmds(version)).to include 'jaotc' 100 | end 101 | end 102 | 103 | describe '#corretto_sub_dir' do 104 | before do 105 | allow(subject).to receive(:[]).with('version', 'full_version').and_return(version) 106 | allow(subject).to receive(:[]).with('kernel').and_return('machine' => machine) 107 | end 108 | 109 | context 'No full_version passed for Corretto 11 x64' do 110 | let(:version) { '11' } 111 | let(:machine) { 'x86_64' } 112 | 113 | it 'returns the default directory value for Corrretto 11 x64' do 114 | expect(subject.corretto_sub_dir(version)).to include '11.0.15.9.1' 115 | end 116 | end 117 | 118 | context 'No full_version passed for Corretto 11 aarch64' do 119 | let(:version) { '11' } 120 | let(:machine) { 'aarch64' } 121 | 122 | it 'returns the default directory value for Corrretto 11 aarch64' do 123 | expect(subject.corretto_sub_dir(version)).to include '11.0.15.9.1' 124 | end 125 | end 126 | 127 | context 'No full_version passed for Corretto 17 x64' do 128 | let(:version) { '17' } 129 | let(:machine) { 'x86_64' } 130 | 131 | it 'returns the default directory value for Corrretto 17 x64' do 132 | expect(subject.corretto_sub_dir(version)).to include '17.0.3.6.1' 133 | end 134 | end 135 | 136 | context 'No full_version passed for Corretto 17 aarch64' do 137 | let(:version) { '17' } 138 | let(:machine) { 'aarch64' } 139 | 140 | it 'returns the default directory value for Corrretto 17 aarch64' do 141 | expect(subject.corretto_sub_dir(version)).to include '17.0.3.6.1' 142 | end 143 | end 144 | 145 | context 'No full_version passed for Corretto 18 x64' do 146 | let(:version) { '18' } 147 | let(:machine) { 'x86_64' } 148 | 149 | it 'returns the default directory value for Corrretto 18 x64' do 150 | expect(subject.corretto_sub_dir(version)).to include '18.0.1.10.1' 151 | end 152 | end 153 | 154 | context 'No full_version passed for Corretto 18 aarch64' do 155 | let(:version) { '18' } 156 | let(:machine) { 'aarch64' } 157 | 158 | it 'returns the default directory value for Corrretto 18 aarch64' do 159 | expect(subject.corretto_sub_dir(version)).to include '18.0.1.10.1' 160 | end 161 | end 162 | end 163 | end 164 | end 165 | -------------------------------------------------------------------------------- /resources/alternatives.rb: -------------------------------------------------------------------------------- 1 | unified_mode true 2 | 3 | property :java_location, 4 | String, 5 | description: 'Java installation location' 6 | 7 | property :bin_cmds, 8 | Array, 9 | description: 'Array of Java tool names to set or unset alternatives on' 10 | 11 | property :default, 12 | [true, false], 13 | default: true, 14 | description: 'Whether to set the Java tools as system default. Boolean, defaults to `true`' 15 | 16 | property :priority, 17 | Integer, 18 | default: 1061, 19 | description: ' Priority of the alternatives. Integer, defaults to `1061`' 20 | 21 | property :reset_alternatives, 22 | [true, false], 23 | default: false, 24 | description: 'Whether to reset alternatives before setting them' 25 | 26 | action :set do 27 | bin_cmds_to_setup = parse_java_alternatives 28 | # Use not_if guard to make resource fully idempotent 29 | set_alternatives(bin_cmds_to_setup) do |cmd, alt_path| 30 | # Skip if the alternative file already exists with our path 31 | alternative_exists = ::File.exist?("/var/lib/alternatives/#{cmd}") && 32 | shell_out("#{alternatives_cmd} --display #{cmd}").stdout.include?(alt_path) 33 | Chef::Log.debug("Alternative for #{cmd} exists with correct path? #{alternative_exists}") 34 | alternative_exists 35 | end 36 | end 37 | 38 | action :unset do 39 | new_resource.bin_cmds.each do |cmd| 40 | converge_by("Remove alternative for #{cmd}") do 41 | shell_out("#{alternatives_cmd} --remove #{cmd} #{new_resource.java_location}/bin/#{cmd}") 42 | end 43 | end 44 | end 45 | 46 | action_class do 47 | def alternatives_cmd 48 | platform_family?('rhel', 'fedora', 'amazon') ? 'alternatives' : 'update-alternatives' 49 | end 50 | 51 | def parse_java_alternatives 52 | bin_cmds_to_setup = [] 53 | new_resource.bin_cmds.each do |cmd| 54 | bin_path = "/usr/bin/#{cmd}" 55 | alt_path = "#{new_resource.java_location}/bin/#{cmd}" 56 | priority = new_resource.priority 57 | 58 | unless ::File.exist?(alt_path) 59 | Chef::Log.debug "Skipping setting alternative for #{cmd}. Command #{alt_path} does not exist." 60 | next 61 | end 62 | 63 | # Add this command to the list of commands to process 64 | bin_cmds_to_setup << [cmd, bin_path, alt_path, priority] 65 | end 66 | bin_cmds_to_setup 67 | end 68 | 69 | def set_alternatives(bin_cmds) 70 | bin_cmds.each do |cmd, bin_path, alt_path, priority| 71 | # Use a custom not_if condition if provided as a block 72 | if block_given? && yield(cmd, alt_path) 73 | Chef::Log.debug "Skipping alternative for #{cmd} as it already exists with correct path" 74 | next 75 | end 76 | 77 | # Get the full output of update-alternatives for this command 78 | display_result = shell_out("#{alternatives_cmd} --display #{cmd}") 79 | cmd_output = display_result.stdout 80 | 81 | # Check if the alternative exists at all 82 | alternative_system_exists = display_result.exitstatus == 0 && !cmd_output.empty? 83 | 84 | # Check if our specific path is already configured as an alternative 85 | our_alternative_exists = alternative_system_exists && cmd_output.include?(alt_path) 86 | 87 | # Parse the priority of the existing alternative 88 | existing_priority = nil 89 | if our_alternative_exists 90 | if cmd_output =~ /#{Regexp.escape(alt_path)}.*priority\s+(\d+)/ 91 | existing_priority = Regexp.last_match(1).to_i 92 | end 93 | end 94 | 95 | # Only remove alternative if it exists with a different priority 96 | if our_alternative_exists && existing_priority && existing_priority != priority 97 | converge_by("Removing alternative for #{cmd} with old priority #{existing_priority}") do 98 | remove_cmd = shell_out("#{alternatives_cmd} --remove #{cmd} #{alt_path}") 99 | unless remove_cmd.exitstatus == 0 100 | raise(%( remove alternative failed )) 101 | end 102 | end 103 | end 104 | 105 | # Check if the alternative file exists at all 106 | alternative_file_exists = ::File.exist?("/var/lib/alternatives/#{cmd}") 107 | 108 | # Install the alternative if needed 109 | if !our_alternative_exists || !alternative_file_exists 110 | converge_by("Add alternative for #{cmd}") do 111 | if new_resource.reset_alternatives && alternative_file_exists 112 | shell_out("rm /var/lib/alternatives/#{cmd}") 113 | end 114 | install_cmd = shell_out("#{alternatives_cmd} --install #{bin_path} #{cmd} #{alt_path} #{priority}") 115 | unless install_cmd.exitstatus == 0 116 | raise(%( install alternative failed )) 117 | end 118 | end 119 | end 120 | 121 | # set the alternative if default 122 | next unless new_resource.default 123 | alternative_is_set = shell_out("#{alternatives_cmd} --display #{cmd} | grep \"link currently points to #{alt_path}\"").exitstatus == 0 124 | next if alternative_is_set 125 | converge_by("Set alternative for #{cmd}") do 126 | Chef::Log.debug "Setting alternative for #{cmd}" 127 | set_cmd = shell_out("#{alternatives_cmd} --set #{cmd} #{alt_path}") 128 | unless set_cmd.exitstatus == 0 129 | raise(%( set alternative failed )) 130 | end 131 | end 132 | end 133 | end 134 | end 135 | 136 | action :unset do 137 | new_resource.bin_cmds.each do |cmd| 138 | converge_by("Remove alternative for #{cmd}") do 139 | shell_out("#{alternatives_cmd} --remove #{cmd} #{new_resource.java_location}/bin/#{cmd}") 140 | end 141 | end 142 | end 143 | 144 | action_class do 145 | def alternatives_cmd 146 | platform_family?('rhel', 'fedora', 'amazon') ? 'alternatives' : 'update-alternatives' 147 | end 148 | end 149 | -------------------------------------------------------------------------------- /spec/libraries/openjdk_helpers_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | RSpec.describe Java::Cookbook::OpenJdkHelpers do 4 | class DummyClass < Chef::Node 5 | include Java::Cookbook::OpenJdkHelpers 6 | end 7 | 8 | subject { DummyClass.new } 9 | 10 | describe '#lts' do 11 | it 'returns the currently supported OpenJDK versions minus version 8' do 12 | expect(subject.lts).to include('11', '17') 13 | end 14 | end 15 | 16 | describe '#default_openjdk_url' do 17 | before do 18 | allow(subject).to receive(:[]).with(version).and_return(version) 19 | end 20 | 21 | context 'OpenJDK 17' do 22 | let(:version) { '17' } 23 | 24 | it 'returns the correct download URL' do 25 | expect(subject.default_openjdk_url(version)).to eq 'https://download.java.net/java/GA/jdk17/0d483333a00540d886896bac774ff48b/35/GPL/openjdk-17_linux-x64_bin.tar.gz' 26 | end 27 | end 28 | 29 | context 'Invalid OpenJDK version' do 30 | let(:version) { '18.2' } 31 | 32 | it 'should raise an error' do 33 | expect { subject.default_openjdk_url(version) } 34 | .to raise_error('Version supplied does not have a download URL set') 35 | end 36 | end 37 | 38 | context 'Temurin' do 39 | let(:version) { '17' } 40 | 41 | it 'returns the correct download URL for Temurin' do 42 | expect(subject.default_openjdk_url(version, 'temurin')) 43 | .to eq 'https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_x64_linux_hotspot_17.0.13_11.tar.gz' 44 | end 45 | 46 | it 'returns the correct download URL for Temurin 11' do 47 | expect(subject.default_openjdk_url('11', 'temurin')) 48 | .to eq 'https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_x64_linux_hotspot_11.0.25_9.tar.gz' 49 | end 50 | end 51 | end 52 | 53 | describe '#default_openjdk_install_method' do 54 | before do 55 | allow(subject).to receive(:[]).with(version).and_return(version) 56 | allow(subject).to receive(:[]).with('platform_family').and_return(platform_family) 57 | allow(subject).to receive(:[]).with('platform_version').and_return(platform_version) 58 | end 59 | 60 | context 'Amazon' do 61 | let(:platform_family) { 'amazon' } 62 | let(:platform_version) { '2' } 63 | let(:version) { '17' } 64 | it 'should default to a source install' do 65 | expect(subject.default_openjdk_install_method(version)).to eq 'source' 66 | end 67 | end 68 | 69 | context 'Debian' do 70 | let(:platform_family) { 'debian' } 71 | 72 | context '9' do 73 | let(:platform_version) { '9' } 74 | 75 | context 'OpenJDK 8' do 76 | let(:version) { '8' } 77 | 78 | it 'should default to a package install' do 79 | expect(subject.default_openjdk_install_method(version)).to eq 'package' 80 | end 81 | end 82 | 83 | context 'OpenJDK 11' do 84 | let(:version) { '11' } 85 | 86 | it 'should default to a source install' do 87 | expect(subject.default_openjdk_install_method(version)).to eq 'source' 88 | end 89 | end 90 | 91 | context 'OpenJDK 17' do 92 | let(:version) { '17' } 93 | 94 | it 'should default to a source install' do 95 | expect(subject.default_openjdk_install_method(version)).to eq 'source' 96 | end 97 | end 98 | end 99 | 100 | context '10' do 101 | let(:platform_version) { '10' } 102 | 103 | context 'OpenJDK 17' do 104 | let(:version) { '17' } 105 | 106 | it 'should default to a source install' do 107 | expect(subject.default_openjdk_install_method(version)).to eq 'source' 108 | end 109 | end 110 | 111 | context 'OpenJDK 11' do 112 | let(:version) { '11' } 113 | 114 | it 'should default to a package install' do 115 | expect(subject.default_openjdk_install_method(version)).to eq 'package' 116 | end 117 | end 118 | end 119 | 120 | context '11' do 121 | let(:platform_version) { '11' } 122 | 123 | context 'OpenJDK 17' do 124 | let(:version) { '17' } 125 | 126 | it 'should default to a package install' do 127 | expect(subject.default_openjdk_install_method(version)).to eq 'package' 128 | end 129 | end 130 | 131 | context 'OpenJDK 11' do 132 | let(:version) { '11' } 133 | 134 | it 'should default to a package install' do 135 | expect(subject.default_openjdk_install_method(version)).to eq 'package' 136 | end 137 | end 138 | end 139 | 140 | context 'Ubuntu 18.04' do 141 | let(:platform_version) { '18.04' } 142 | 143 | context 'OpenJDK 17' do 144 | let(:version) { '17' } 145 | 146 | it 'should default to a source install' do 147 | expect(subject.default_openjdk_install_method(version)).to eq 'source' 148 | end 149 | end 150 | 151 | context 'OpenJDK 11' do 152 | let(:version) { '11' } 153 | 154 | it 'should default to a package install' do 155 | expect(subject.default_openjdk_install_method(version)).to eq 'package' 156 | end 157 | end 158 | end 159 | 160 | context 'Ubuntu 20.04' do 161 | let(:platform_version) { '20.04' } 162 | 163 | context 'OpenJDK 17' do 164 | let(:version) { '17' } 165 | 166 | it 'should default to a package install' do 167 | expect(subject.default_openjdk_install_method(version)).to eq 'package' 168 | end 169 | end 170 | 171 | context 'OpenJDK 11' do 172 | let(:version) { '11' } 173 | 174 | it 'should default to a package install' do 175 | expect(subject.default_openjdk_install_method(version)).to eq 'package' 176 | end 177 | end 178 | end 179 | end 180 | 181 | # context 'Debian 11' do 182 | # let(:platform_family) { 'debian' } 183 | # let(:platform_version) { '10' } 184 | # let(:version) { '17' } 185 | # it 'should default to a package install' do 186 | # expect(subject.default_openjdk_install_method(version)).to eq 'package' 187 | # end 188 | # end 189 | end 190 | end 191 | -------------------------------------------------------------------------------- /libraries/openjdk_helpers.rb: -------------------------------------------------------------------------------- 1 | module Java 2 | module Cookbook 3 | module OpenJdkHelpers 4 | def lts 5 | %w(11 17) 6 | end 7 | 8 | # This method relies on the GitHub release artefact URL 9 | # e.g. https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.3%2B7/OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.3_7.tar.gz 10 | def sub_dir(url) 11 | URI.parse(url) 12 | url.split('/')[7].split('_')[0].gsub('%2', '-').downcase 13 | end 14 | 15 | def default_openjdk_install_method(version) 16 | case node['platform_family'] 17 | when 'amazon' 18 | 'source' 19 | when 'rhel' 20 | supported = lts.delete('11') 21 | supported.include?(version) ? 'package' : 'source' 22 | when 'debian' 23 | case node['platform_version'] 24 | when '10', '18.04' 25 | supported = lts - ['17'] 26 | supported.include?(version) ? 'package' : 'source' 27 | when '9' 28 | %w(8).include?(version) ? 'package' : 'source' 29 | else 30 | lts.include?(version) ? 'package' : 'source' 31 | end 32 | else 33 | lts.include?(version) ? 'package' : 'source' 34 | end 35 | end 36 | 37 | def default_openjdk_url(version, variant = 'openjdk') 38 | case variant.downcase 39 | when 'temurin' 40 | case version 41 | when '11' 42 | 'https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_x64_linux_hotspot_11.0.25_9.tar.gz' 43 | when '17' 44 | 'https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jdk_x64_linux_hotspot_17.0.13_11.tar.gz' 45 | else 46 | Chef::Log.fatal('Version specified does not have a URL value set') 47 | raise 'Version supplied does not have a download URL set' 48 | end 49 | else 50 | case version 51 | when '9' 52 | 'https://download.java.net/java/GA/jdk9/9/binaries/openjdk-9_linux-x64_bin.tar.gz' 53 | when '10' 54 | 'https://download.java.net/java/GA/jdk10/10/binaries/openjdk-10_linux-x64_bin.tar.gz' 55 | when '11' 56 | 'https://download.java.net/java/ga/jdk11/openjdk-11_linux-x64_bin.tar.gz' 57 | when '12' 58 | 'https://download.java.net/java/GA/jdk12/33/GPL/openjdk-12_linux-x64_bin.tar.gz' 59 | when '13' 60 | 'https://download.java.net/java/GA/jdk13/5b8a42f3905b406298b72d750b6919f6/33/GPL/openjdk-13_linux-x64_bin.tar.gz' 61 | when '14' 62 | 'https://download.java.net/java/GA/jdk14/076bab302c7b4508975440c56f6cc26a/36/GPL/openjdk-14_linux-x64_bin.tar.gz' 63 | when '15' 64 | 'https://download.java.net/java/GA/jdk15/779bf45e88a44cbd9ea6621d33e33db1/36/GPL/openjdk-15_linux-x64_bin.tar.gz' 65 | when '16' 66 | 'https://download.java.net/java/GA/jdk16/7863447f0ab643c585b9bdebf67c69db/36/GPL/openjdk-16_linux-x64_bin.tar.gz' 67 | when '17' 68 | 'https://download.java.net/java/GA/jdk17/0d483333a00540d886896bac774ff48b/35/GPL/openjdk-17_linux-x64_bin.tar.gz' 69 | when '18' 70 | 'https://download.java.net/java/GA/jdk18.0.1/3f48cabb83014f9fab465e280ccf630b/10/GPL/openjdk-18.0.1_linux-x64_bin.tar.gz' 71 | else 72 | Chef::Log.fatal('Version specified does not have a URL value set') 73 | raise 'Version supplied does not have a download URL set' 74 | end 75 | end 76 | end 77 | 78 | def default_openjdk_checksum(version) 79 | case version 80 | when '9' 81 | 'f908e31b6185e11b322825809172dcbb7ac0dce64061c9cf154cb1b0df884480' 82 | when '10' 83 | 'c851df838a51af52517b74e3a4b251d90c54cf478a4ebed99e7285ef134c3435' 84 | when '11' 85 | '3784cfc4670f0d4c5482604c7c513beb1a92b005f569df9bf100e8bef6610f2e' 86 | when '12' 87 | 'b43bc15f4934f6d321170419f2c24451486bc848a2179af5e49d10721438dd56' 88 | when '13' 89 | '5f547b8f0ffa7da517223f6f929a5055d749776b1878ccedbd6cc1334f4d6f4d' 90 | when '14' 91 | 'c7006154dfb8b66328c6475447a396feb0042608ee07a96956547f574a911c09' 92 | when '15' 93 | 'bb67cadee687d7b486583d03c9850342afea4593be4f436044d785fba9508fb7' 94 | when '16' 95 | 'e952958f16797ad7dc7cd8b724edd69ec7e0e0434537d80d6b5165193e33b931' 96 | when '17' 97 | 'aef49cc7aa606de2044302e757fa94c8e144818e93487081c4fd319ca858134b' 98 | else 99 | Chef::Log.fatal('Version specified does not have a checksum value set') 100 | raise 'No checksum value' 101 | end 102 | end 103 | 104 | def default_openjdk_pkg_names(version) 105 | value_for_platform_family( 106 | amazon: ["java-1.#{version}.0-openjdk", "java-1.#{version}.0-openjdk-devel"], 107 | %w(rhel fedora) => version.to_i < 11 ? ["java-1.#{version}.0-openjdk", "java-1.#{version}.0-openjdk-devel"] : ["java-#{version}-openjdk", "java-#{version}-openjdk-devel"], 108 | suse: version.to_i == 8 ? ["java-1_#{version}_0-openjdk", "java-1_#{version}_0-openjdk-devel"] : ["java-#{version}-openjdk", "java-#{version}-openjdk-devel"], 109 | freebsd: "openjdk#{version}", 110 | arch: "openjdk#{version}", 111 | debian: ["openjdk-#{version}-jdk", "openjdk-#{version}-jre-headless"], 112 | default: ["openjdk-#{version}-jdk"] 113 | ) 114 | end 115 | 116 | def default_openjdk_pkg_java_home(version) 117 | # For both standard OpenJDK and Temurin variants, use the standard OpenJDK paths 118 | # Temurin variant is installed using package managers with standard paths 119 | 120 | # Map architecture to the correct suffix used in Java paths 121 | arch = case node['kernel']['machine'] 122 | when 'x86_64' 123 | 'amd64' 124 | when 'aarch64', 'arm64' 125 | 'arm64' 126 | when 'i386', 'i686' 127 | 'i386' 128 | else 129 | node['kernel']['machine'] 130 | end 131 | 132 | # For Debian-based systems, Temurin variant uses the same path structure 133 | # with architecture-specific suffixes 134 | value_for_platform_family( 135 | %w(rhel fedora) => version.to_i < 11 ? "/usr/lib/jvm/java-1.#{version}.0" : "/usr/lib/jvm/java-#{version}", 136 | amazon: version.to_i < 11 ? "/usr/lib/jvm/java-1.#{version}.0" : "/usr/lib/jvm/jre-#{version}", 137 | suse: "/usr/lib#{node['kernel']['machine'] == 'x86_64' ? '64' : nil}/jvm/java-#{version.to_i == 8 ? "1.#{version}.0" : version}", 138 | freebsd: "/usr/local/openjdk#{version}", 139 | arch: "/usr/lib/jvm/java-#{version}-openjdk", 140 | debian: "/usr/lib/jvm/java-#{version}-openjdk-#{arch}", 141 | default: '/usr/lib/jvm/default-java' 142 | ) 143 | end 144 | end 145 | end 146 | end 147 | -------------------------------------------------------------------------------- /resources/certificate.rb: -------------------------------------------------------------------------------- 1 | unified_mode true 2 | include Java::Cookbook::CertificateHelpers 3 | 4 | property :cert_alias, 5 | String, 6 | name_property: true, 7 | description: 'The alias of the certificate in the keystore. This defaults to the name of the resource' 8 | 9 | property :java_home, 10 | String, 11 | default: lazy { node['java']['java_home'] }, 12 | description: 'The java home directory' 13 | 14 | property :java_version, 15 | String, 16 | default: lazy { node['java']['jdk_version'] }, 17 | description: 'The major java version' 18 | 19 | property :cacerts, 20 | [true, false], 21 | default: true, 22 | description: 'Specify true for interacting with the Java installation cacerts file. (Java 9+)' 23 | 24 | property :keystore_path, 25 | String, 26 | default: lazy { default_truststore_path(java_version, java_home) }, 27 | description: 'Path to the keystore' 28 | 29 | property :keystore_passwd, 30 | String, 31 | default: 'changeit', 32 | description: 'Password to the keystore' 33 | 34 | property :cert_data, 35 | String, 36 | description: 'The certificate data to install' 37 | 38 | property :cert_file, 39 | String, 40 | description: 'Path to a certificate file to install' 41 | 42 | property :ssl_endpoint, 43 | String, 44 | description: 'An SSL end-point from which to download the certificate' 45 | 46 | property :starttls, 47 | String, 48 | equal_to: %w(smtp pop3 imap ftp xmpp xmpp-server irc postgres mysql lmtp nntp sieve ldap), 49 | description: 'A protocol specific STARTTLS argument to use when fetching from an ssl_endpoint' 50 | 51 | property :file_cache_path, 52 | String, 53 | default: Chef::Config[:file_cache_path], 54 | description: 'Location to store certificate files' 55 | 56 | action :install do 57 | require 'openssl' 58 | 59 | keystore_argument = keystore_argument(new_resource.cacerts, new_resource.keystore_path) 60 | 61 | certdata = new_resource.cert_data || fetch_certdata 62 | 63 | hash = OpenSSL::Digest::SHA512.hexdigest(certdata) 64 | certfile = ::File.join(new_resource.file_cache_path, "#{new_resource.cert_alias}.cert.#{hash}") 65 | 66 | cmd = Mixlib::ShellOut.new("#{new_resource.java_home}/bin/keytool -list #{keystore_argument} -storepass #{new_resource.keystore_passwd} -rfc -alias \"#{new_resource.cert_alias}\"") 67 | cmd.run_command 68 | keystore_cert = cmd.stdout.match(/^[-]+BEGIN.*END(\s|\w)+[-]+$/m).to_s 69 | 70 | keystore_cert_digest = keystore_cert.empty? ? nil : OpenSSL::Digest::SHA512.hexdigest(OpenSSL::X509::Certificate.new(keystore_cert).to_der) 71 | certfile_digest = OpenSSL::Digest::SHA512.hexdigest(OpenSSL::X509::Certificate.new(certdata).to_der) 72 | if keystore_cert_digest == certfile_digest 73 | Chef::Log.debug("Certificate \"#{new_resource.cert_alias}\" in keystore \"#{new_resource.keystore_path}\" is up-to-date.") 74 | else 75 | cmd = Mixlib::ShellOut.new("#{new_resource.java_home}/bin/keytool -list #{keystore_argument} -storepass #{new_resource.keystore_passwd} -v") 76 | cmd.run_command 77 | Chef::Log.debug(cmd.format_for_exception) 78 | Chef::Application.fatal!("Error querying keystore for existing certificate: #{cmd.exitstatus}", cmd.exitstatus) unless cmd.exitstatus == 0 79 | 80 | has_key = !cmd.stdout[/Alias name: \b#{new_resource.cert_alias}\s*$/i].nil? 81 | 82 | if has_key 83 | converge_by("delete existing certificate #{new_resource.cert_alias} from #{new_resource.keystore_path}") do 84 | cmd = Mixlib::ShellOut.new("#{new_resource.java_home}/bin/keytool -delete -alias \"#{new_resource.cert_alias}\" #{keystore_argument} -storepass #{new_resource.keystore_passwd}") 85 | cmd.run_command 86 | Chef::Log.debug(cmd.format_for_exception) 87 | unless cmd.exitstatus == 0 88 | Chef::Application.fatal!("Error deleting existing certificate \"#{new_resource.cert_alias}\" in " \ 89 | "keystore so it can be updated: #{cmd.exitstatus}", cmd.exitstatus) 90 | end 91 | end 92 | end 93 | 94 | ::File.open(certfile, 'w', 0o644) { |f| f.write(certdata) } 95 | 96 | converge_by("add certificate #{new_resource.cert_alias} to keystore #{new_resource.keystore_path}") do 97 | cmd = Mixlib::ShellOut.new("#{new_resource.java_home}/bin/keytool -import -trustcacerts -alias \"#{new_resource.cert_alias}\" -file #{certfile} #{keystore_argument} -storepass #{new_resource.keystore_passwd} -noprompt") 98 | cmd.run_command 99 | Chef::Log.debug(cmd.format_for_exception) 100 | 101 | unless cmd.exitstatus == 0 102 | FileUtils.rm_f(certfile) 103 | Chef::Application.fatal!("Error importing certificate into keystore: #{cmd.exitstatus}", cmd.exitstatus) 104 | end 105 | end 106 | end 107 | end 108 | 109 | action :remove do 110 | keystore_argument = keystore_argument(new_resource.cacerts, new_resource.keystore_path) 111 | 112 | cmd = Mixlib::ShellOut.new("#{new_resource.java_home}/bin/keytool -list #{keystore_argument} -storepass #{new_resource.keystore_passwd} -v | grep \"#{new_resource.cert_alias}\"") 113 | cmd.run_command 114 | has_key = !cmd.stdout[/Alias name: #{new_resource.cert_alias}/].nil? 115 | does_not_exist = cmd.stdout[/Alias <#{new_resource.cert_alias}> does not exist/].nil? 116 | Chef::Application.fatal!("Error querying keystore for existing certificate: #{cmd.exitstatus}", cmd.exitstatus) unless (cmd.exitstatus == 0) || does_not_exist 117 | 118 | if has_key 119 | converge_by("remove certificate #{new_resource.cert_alias} from #{new_resource.keystore_path}") do 120 | cmd = Mixlib::ShellOut.new("#{new_resource.java_home}/bin/keytool -delete -alias \"#{new_resource.cert_alias}\" #{keystore_argument} -storepass #{new_resource.keystore_passwd}") 121 | cmd.run_command 122 | unless cmd.exitstatus == 0 123 | Chef::Application.fatal!("Error deleting existing certificate \"#{new_resource.cert_alias}\" in " \ 124 | "keystore so it can be updated: #{cmd.exitstatus}", cmd.exitstatus) 125 | end 126 | end 127 | end 128 | 129 | FileUtils.rm_f("#{new_resource.file_cache_path}/#{new_resource.cert_alias}.cert.*") 130 | end 131 | 132 | action_class do 133 | def fetch_certdata 134 | return IO.read(new_resource.cert_file) unless new_resource.cert_file.nil? 135 | 136 | certendpoint = new_resource.ssl_endpoint 137 | starttls = new_resource.starttls.nil? ? '' : "-starttls #{new_resource.starttls}" 138 | unless certendpoint.nil? 139 | cmd = Mixlib::ShellOut.new("echo QUIT | openssl s_client -showcerts -servername #{certendpoint.split(':').first} -connect #{certendpoint} #{starttls} 2> /dev/null | openssl x509") 140 | cmd.run_command 141 | Chef::Log.debug(cmd.format_for_exception) 142 | 143 | Chef::Application.fatal!("Error returned when attempting to retrieve certificate from remote endpoint #{certendpoint}: #{cmd.exitstatus}", cmd.exitstatus) unless cmd.exitstatus == 0 144 | 145 | certout = cmd.stdout 146 | return certout unless certout.empty? 147 | Chef::Application.fatal!("Unable to parse certificate from openssl query of #{certendpoint}.", 999) 148 | end 149 | 150 | Chef::Application.fatal!('At least one of cert_data, cert_file or ssl_endpoint attributes must be provided.', 999) 151 | end 152 | end 153 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Java Cookbook CHANGELOG 2 | 3 | This file is used to list changes made in each version of the Java cookbook. 4 | 5 | ## Unreleased 6 | 7 | Standardise files with files in sous-chefs/repo-management 8 | 9 | Standardise files with files in sous-chefs/repo-management 10 | 11 | ## 14.0.1 - *2025-09-04* 12 | 13 | ## 14.0.0 - *2025-07-16* 14 | 15 | - Remove Semeru support as there is no clean yum or apt repository for it 16 | 17 | ## 13.2.0 - *2025-07-14* 18 | 19 | - Add `repository_uri` property to `temurin_package_install` and `openjdk_pkg_install` resources to support installation from alternative/internal mirrors ([#728](https://github.com/sous-chefs/java/issues/728)) 20 | - Clarify documentation for `url` property in `openjdk_source_install` resource to note it can be used for internal mirrors 21 | - Standardise files with files in sous-chefs/repo-management 22 | Update the recommended Ruby VSCode extensions 23 | - Fix missing skip_alternatives property in openjdk_pkg_install 24 | 25 | ## 13.1.0 - *2025-07-14* 26 | 27 | - add `skip_alternatives` to resources `corretto_install`, `openjdk_install`, `openjdk_pkg_install`, `openjdk_source_install` for cases when management of alternatives is not desired. (@dschlenk) 28 | 29 | ## 13.0.0 - *2025-07-13* 30 | 31 | - Add new resource `temurin_package_install` 32 | - Add script to check for Java updates 33 | - Update Temurin Java 8 support 34 | - Update Temurin repositories 35 | - Update bin commands for all OpenJDK versions 36 | - Fix Java alternatives to prevent unnecessary removal and re-addition of alternatives 37 | - Move bin_cmds from Java::Cookbook::OpenJdkHelpers to Java::Cookbook::BinCmdHelpers for reuse outside of OpenJDK 38 | - Fix apt_repository failing to install the GPG in the correct location 39 | - Add Temurin 21 to the test matrix 40 | - Remove Semeru from the test matrix 41 | 42 | ## 12.1.1 - *2024-12-05* 43 | 44 | ## 12.1.0 - *2024-12-03* 45 | 46 | - Add support for OpenJDK versions 19, 20, 21 and 22 47 | - Remove commented out `adoptopenjdk_linux_install` resource 48 | - CI: chore(deps): update sous-chefs/.github action to v3.1.0 49 | - CI: chore(deps): update actionshub/chef-install action to v3 50 | - Update platforms 51 | - Replace AdoptOpenJDK with Eclipse Temurin and IBM Semeru 52 | 53 | ## 12.0.7 - *2024-11-18* 54 | 55 | - Standardise files with files in sous-chefs/repo-management 56 | 57 | ## 12.0.6 - *2024-07-15* 58 | 59 | - Standardise files with files in sous-chefs/repo-management 60 | 61 | ## 12.0.2 - *2024-01-16* 62 | 63 | - Fix `openjdk_pkg_install` to obey `pkg_version` property for all `pkg_names` 64 | 65 | ## 11.2.0 - *2023-09-12* 66 | 67 | - Standardise files with files in sous-chefs/repo-management 68 | 69 | ## 11.1.0 - *2023-04-17* 70 | 71 | - Standardise files with files in sous-chefs/repo-management 72 | 73 | ## 11.1.0 - *2022-04-26* 74 | 75 | - Remove Correto 15 and 16 76 | - Add Corretto 17 and 18 77 | - Change the defualt download URL for Corretto to the versioned resources URL, rather than latest. 78 | 79 | ## 11.0.0 - *2022-02-16* 80 | 81 | - Require Chef 16 for resource partials 82 | - Add resource partials for: MacOS, Linux, Java Home and Common as these are used in a multiple places 83 | 84 | ## 10.2.0 - *2022-01-26* 85 | 86 | - Remove tap_full option as this is no longer supported and there is no replacement 87 | - Remove delivery and move to calling RSpec directly via a reusable workflow 88 | 89 | ## 10.1.0 - *2021-10-06* 90 | 91 | - Revert worklfow split out 92 | - Rename InSpec attribute folders to input 93 | - Add Corretto 16 94 | - Update the Corretto minor version numbers 95 | - Default the Debian install method to package 96 | - Remove testing for end of life OpenJDK suites 97 | - Primarily support OpenJDK LTS versions 11, 17 98 | - Drop support for OpenJDK package installs for non-LTS versions 99 | - Direct Amazon users to Amazon Corretto instead of installing OpenJDK 100 | - Drop package install support for Java 8 101 | 102 | ## 10.0.0 - *2021-09-02* 103 | 104 | - Remove recipes to stop confusing users 105 | 106 | ## 9.0.0 - *2021-06-04* 107 | 108 | - Remove Corretto checksum code defaults as this changes regularly, and is not provided in the SHA256 format via an API 109 | - Set unified_mode to true for Chef 17 support 110 | - Bump the minimum Chef version to 15.3 for unified_mode support 111 | 112 | ## 8.6.0 - *2021-01-22* 113 | 114 | - Added Amazon Corretto 15 support to `corretto_install` 115 | - Added configurable `file_cache_path` property to `java_certificate` 116 | - Added `cacerts` property to `java_certificate` for interacting with java cacerts file (Java 9+) 117 | 118 | ## 8.5.0 - *2020-12-03* 119 | 120 | - If installation issues with `openjdk_install` resource (fixes #645) 121 | - Remove testing of Amazon Linux 1 122 | - Use fedora-latest 123 | 124 | ## 8.4.0 - *2020-09-09* 125 | 126 | - Add `starttls` property to `java_certificate` resource to allow fetching certificates from non HTTPS endpoints 127 | 128 | ## 8.3.2 - *2020-08-20* 129 | 130 | - Add aarch64 installation candidate for Corretto 131 | 132 | ## 8.3.1 - *2020-08-06* 133 | 134 | - Extract correct JAVA_HOME from custom URLs 135 | 136 | ## 8.3.0 - *2020-06-18* 137 | 138 | - Restore compatibility with Chef Infra Client < 16 139 | - Update Fedora releases in the Kitchen configs 140 | 141 | ## 8.2.0 - *2020-06-02* 142 | 143 | - resolved cookstyle error: resources/adoptopenjdk_install.rb:1:1 warning: `ChefDeprecations/ResourceUsesOnlyResourceName` 144 | - Remove testing of Ubuntu 14.04, support at this point is no longer guaranteed 145 | 146 | ## 8.1.0 - *2020-04-19* 147 | 148 | - Added `openjdk_pkg_install` resource 149 | - Added documentation for openjdk_pkg_install 150 | - Added `adoptopenjdk_linux_install` resource 151 | - Added `adoptopenjdk_macos_install` resource 152 | - Added documentation for `adoptopenjdk_linux_install` 153 | - Added documentation for `adoptopenjdk_macos_install` 154 | - Resolved cookstyle error: resources/alternatives.rb:49:13 refactor: `ChefCorrectness/ChefApplicationFatal` 155 | - Resolved cookstyle error: resources/alternatives.rb:62:13 refactor: `ChefCorrectness/ChefApplicationFatal` 156 | - Resolved cookstyle error: resources/alternatives.rb:75:11 refactor: `ChefCorrectness/ChefApplicationFatal` 157 | - Resolved cookstyle error: resources/jce.rb:51:6 refactor: `ChefStyle/UnnecessaryOSCheck` 158 | 159 | ## 8.0.0 - *2020-03-30* 160 | 161 | - Added `openjdk_install` resource & documentation 162 | - Removed openjdk, corretto, default_java_symlink, ibm & ibm_tar, notify & oracle recipes 163 | - Removed support for IBM and Oracle Java 164 | - Temporarily removed support for Windows 165 | - Split out helpers for each provider into their own namespace and file 166 | 167 | ## 7.0.0 - *2020-03-05* 168 | 169 | - Refactored and sped up unit tests. 170 | - Added `adoptopenjdk_install` resource & documentation 171 | - Added AdoptOpenJDK 13 testing 172 | - Removed the adoptopenjdk recipe, please use the `adoptopenjdk_install` resource instead. 173 | - Increased the minimum Chef requirement to Chef 15 to use the archive resource. 174 | - Removed AdoptOpenJDK 10 testing 175 | 176 | ## 6.0.0 - *2020-03-02* 177 | 178 | - The resource alias `java_ark` has been deprecated in favour of `java_oracle_install` 179 | 180 | ## 5.0.0 - *2020-02-21* 181 | 182 | - Fixed java_certificate regex where it checks if cert exists in cacert file. 183 | - Make Homebrew Cask name an attribute to allow for other options (ex: adoptopenjdk) 184 | - Switch homebrew tap to homebrew/cask-versions 185 | - Make builds parallel 186 | - Updates package name and link changes for adoptopenjdk 187 | - Migrated testing to github actions 188 | - Removes openjdk-6 189 | - Removes openjdk-7 for Ubuntu 16.04 190 | - Removes openjdk-11 for Ubuntu 191 | - Removes openjdk-direct for Debian 8 192 | - Removes oracle variants from test configurations 193 | 194 | ## 4.3.0 - *2019-08-04* 195 | 196 | - Upgrade Amazon Corretto to the latest versions: 8.222.10.1 and 11.0.4.11.1 197 | - Upgrade circleci orb to version 2 and add yamllint and markdown lint 198 | 199 | ## 4.2.0 - *2019-07-15* 200 | 201 | - Fix for issue 538 202 | - Added "download_path" node attribute defaulting to file_cache_path 203 | - Replaced all hardcoded instances of file_cache_path with the node attribute 204 | 205 | ## 4.1.0 - *2019-05-08* 206 | 207 | - Added new install flavor "corretto" for Amazon's Corretto distribution of OpenJDK 208 | 209 | ## 4.0.0 - *2019-04-19* 210 | 211 | - Added new install flavor "adoptopenjdk" for AdoptOpenJDK's distribution of Java 212 | - The certificate resource now uses the Java version to determine the default cacerts location 213 | - Updated AdoptOpenJDK links for Java 8 214 | - Updated AdoptOpenJDK links for Java 11 to 11.0.1 215 | - BREAKING CHANGE: Remove support for Java 6 & 7 216 | - Remove platform suport for untested platforms (smartOS, XenServer, zlinux, arch) 217 | - Remove testing of Ubuntu 14.04, support at this point is no longer guaranteed and patches or other changes may not be accepted going further as Ubuntu 14.04 will be shortly EOL 218 | - Fixed oracle download link for JDK 8 (update to 8u202 from 8u201) 219 | - fixed specs for windows 220 | 221 | ## 3.2.0 - *2019-01-24* 222 | 223 | - Add support OpenJDK 11 224 | - Fixed oracle download link again 225 | 226 | ## 3.1.2 - *2018-12-11* 227 | 228 | - Set java home on macosx using /usr/libexec/java_home 229 | - Find command should have ./ for path to search, works for nix and mac 230 | - Make `java_certificate` work with SNI endpoints 231 | 232 | ## 3.1.1 - *2018-11-09* 233 | 234 | - Fix jce installation linux 235 | - Allow overwrite `returns` property of windows_packages 236 | 237 | ## 3.1.0 - *2018-10-18* 238 | 239 | - Add support for JDK 11 240 | 241 | ## 3.0.0 - *2018-10-18* 242 | 243 | - Fix broken JCE with JRE installations 244 | - make cert alias matching case insensitive as `keytool` always returns results downcases 245 | - BREAKING CHANGE: fixed greedy matching by adding a word boundry when checking cert alias this prevents matching `foo_123` as `foo` 246 | - verify artifact after downloading from oracle 247 | - fixed `recipes/openjdk` when `node['java']['jdk_version']` by casting it to a string 248 | - Updated Oracle Java links to 8u191 249 | 250 | ## 2.2.1 - *2018-09-29* 251 | 252 | - Allows for additional Oracle (post 9) jdk download file naming, including '10.0.2'. '18.9', '11' 253 | 254 | ## 2.2.0 - *2018-07-19* 255 | 256 | - Updated Oracle Java links to 8u181 257 | - Fixed incorrect kitchen setup runlists that preventing local testing 258 | - Resolve undefined certout errors 259 | 260 | ## 2.1.0 - *2018-05-25* 261 | 262 | - Added Java 10 JCE attributes to default attrs 263 | - Update oracle recipeM to not perform a switch on java major version and instead use the version provided in attributes. This allows end users to include new Java versions without the cookbook requiring an update each time a major version gets released 264 | - Updated the oracle_install resource to pick up semantic versioning that Oracle has started using for Java 10+ 265 | - Updated the default attributes file to include x86_64 endpoint and checksum for Oracle Java 10\. The i586 version is not (yet) available. 266 | - Fix JCE installation on Windows 267 | - Avoid EmptyWindowsCommand error on Windows 268 | 269 | ## v2.0.1 - *2018-05-02* 270 | 271 | - Fix java_certificate and java_oracle_install to work on FIPS enabled systems 272 | 273 | ## v2.0.0 - *2018-05-02* 274 | 275 | - Converted alternatives, ark, and certificate LWRP/HWRPs to custom resources with improved logging and convergence notification. 276 | - Renamed the java_ark resource to java_oracle_install, which better represents what it does. The existing name will continue to function 277 | - Removed the need for the apt cookbook and instead require Chef 12.9+ 278 | - Fixed Amazon Linux support on Chef 13+. 279 | - Fixed the alternatives commands on Fedora systems. 280 | - Added initial openSUSE leap support. 281 | - Updated code to use multi-package installs to speed up runs 282 | - Made the 'cert_alias' property in the certificate resource the name_property to allow users to avoid resource cloning and to be able to use friendly resource names 283 | - Moved the warning code for downloading directly from Oracle into the resource to prevent another resource showing as converged 284 | - Updated the metadata to resolve failures to parse chef_version on older chef-client releases. 285 | - Added installation of tar directly to the ark resource when uncompression .tar.gz files. This prevents installation in the recipe that occurred even if tar wasn't needed. 286 | - Add support for Mac OS X "mac_os_x" via homebrew. 287 | - Update metadata.rb to contain source and issue information for supermarket and chef-repo convenience 288 | 289 | ### Known Issues 290 | 291 | - Kitchen CI test with 12.04 fails due to hostname unable to be set. 292 | 293 | ## v1.31 - *2/3/2015* 294 | 295 | - Update to latest JDKs for 7 and 8\. JDK7 will be EOL April 2015 296 | - Fix up Travis support. 297 | - Add ability to install JCE policy files for oracle JDK #228 298 | - Change connect timeout to 30 seconds 299 | 300 | ## v1.29.0 - *11/14/2014* 301 | 302 | - Ensure dirs, links, and jinfo files are owned correctly 303 | - Update to Oracle JDK 8u25 304 | - Update to Oracle JDK 7u71-b14 305 | - Adding a connect_timeout option for downloading java. 306 | - Switched to chef-zero provisioner in test suites. 307 | - Adding ISSUES.md for guidance on creating new issues for the Java cookbook. 308 | - Fix IBM unit tests. 309 | 310 | ## v1.28.0 - *9/6/2014* 311 | 312 | - Allow setting of group to extracted java files. 313 | - Add -no-same-owner parameter to tar extract to avoid issues when the chef cache dir is on an NFS mounted drive. 314 | - In the ark provider, it doesn't compare the MD5 sum with the right value which causes Java cookbook always download tarball from oracle server 315 | 316 | ## v1.27.0 - *8/22/2014* 317 | 318 | - Update Oracle JDK8 to version 8u20 319 | 320 | ## v1.26.0 - *8/16/2014* 321 | 322 | - Allow pinning of package versions for openjdk 323 | - Update Oracle JDK7 to version 7u67 324 | - Support specific version and name for Oracle RPM 325 | 326 | ## v1.25.0 - *8/1/2014* 327 | 328 | - Resource ark -> attribute bin_cmds default value 329 | - Add option to put JAVA_HOME in /etc/environment 330 | - Allow ark to pull from http and files ending in .gz. 331 | - Recommendations for inclusion in community cookbooks 332 | - Production Deployment with Oracle Java 333 | - Update testing instructions for chefdk 334 | - Various Readme formatting. 335 | - Use Supermarket endpoint in berksfile 336 | - rspec cleanup 337 | - Adding ubuntu-14.04 to test suite 338 | 339 | ## v1.24.0 - *7/25/2014* 340 | 341 | New Cookbook maintainer! **[Agile Orbit](http://agileorbit.com)** 342 | 343 | - Bump JDK7 URLs to 7u65 344 | - Upgrade Oracle's Java 8 to u11 345 | - Allow for alternatives priority to be set from attribute. 346 | - Change ownership of extracted files 347 | - Add retries and retry_delay parameters to java_ark LWRP 348 | - default: don't fail when using java 8 on windows 349 | - Support for Server JRE 350 | - Updated README for accepting oracle terms 351 | - Remove VirtualBox specific box_urls 352 | - List AgileOrbit as the maintainer (AgileOrbit took over from Socrata in July 2014) 353 | 354 | ## v1.23.0 - *7/25/2014* 355 | 356 | - Tagged but never published to community cookbooks. All changes rolled into 1.24.0 357 | 358 | ## v1.22.0 359 | 360 | - Add support for Oracle JDK 1.8.0 361 | - Make use of Chef's cache directory instead of /tmp 362 | - Update Test Kitchen suites 363 | - Add safety check for JDK 8 on non-Oracle 364 | 365 | ## v1.21.2 366 | 367 | [COOK-4210] - remove unneeded run_command to prevent zombie processes 368 | 369 | ## v1.21.0 370 | 371 | - Update Oracle accept-license-terms cookie format 372 | 373 | ## v1.20.0 374 | 375 | - Fixing version number. Accidently released at 0.15.x instead of 1.15.x 376 | 377 | ## v0.15.2 378 | 379 | ### FIX 380 | 381 | - Fixing JAVA_HOME on Ubuntu 10.04 382 | 383 | ## v1.14.0 384 | 385 | - Fix alternatives when the package is already installed 386 | - Fix a condition that would result in an error executing action `run` on resource 'bash[update-java-alternatives]' 387 | - Fix bad checksum length 388 | - Fix an issue where Java cookbook installs both JDK 6 and JDK 7 when JDK 7 is specified 389 | - Allow Windoes recipe to download from signed S3 url 390 | - Fix a failure on Centos 6.4 and Oracle JDK 7 391 | - Improve Windows support 392 | 393 | ## v1.13.0 394 | 395 | - Add default `platform_family` option in Java helper 396 | - Fix support for Fedora 397 | - Upgrade to Oracle Java 7u25 398 | - Add Oracle RPM support 399 | - Add support for the platform `xenserver` 400 | - Add SmartOS support 401 | 402 | ## v1.12.0 403 | 404 | - Add SmartOS support to java::openjdk recipe 405 | - upgrade to Oracle Java 7u25 406 | - Adding support for the platform 'xenserver' (for installations of java in DOM0) 407 | - java cookbook fails on Fedora 408 | 409 | ## v1.11.6 410 | 411 | - Java cookbook does not have opensuse support 412 | - Syntax Errors spec/default_spec.rb:4-8 413 | 414 | ## v1.11.4 415 | 416 | - `bash[update-java-alternatives]` resource uses wrong attribute 417 | 418 | ## v1.11.2 419 | 420 | - Use SHA256 checksums for Oracle downloads, not SHA1. 421 | 422 | ## v1.11.0 423 | 424 | This version brings a wealth of tests and (backwards-compatible) refactoring, plus some new features (updated Java, IBM recipe). 425 | 426 | - Add ibm recipe to java cookbook 427 | - move java_home resources to their own recipe 428 | - refactor ruby_block "update-java-alternatives" 429 | - use platform_family in java cookbook 430 | - add chefspec to java cookbook 431 | - Refactor java cookbook 432 | - update JDK to JDK 7u21, 6u45 433 | 434 | ## v1.10.2 435 | 436 | - [2415] - Fixed deprecation warnings in ark provider and openjdk recipe by using Chef::Mixin::ShellOut instead of Chef::ShellOut 437 | 438 | ## v1.10.0 439 | 440 | - Allow java ark :url to be https 441 | - Upgrade needed for oracle jdk in java cookbook 442 | 443 | ## v1.9.6 444 | 445 | - add support for Oracle Linux 446 | 447 | ## v1.9.4 448 | 449 | - Run set-env-java-home in Java cookbook only if necessary 450 | - ark provider does not allow for *.tgz tarballs to be used 451 | - Java cookbook fails on CentOS6 (update-java-alternatives) 452 | 453 | ## v1.9.2 454 | 455 | - FoodCritic fixes for java cookbook 456 | 457 | ## v1.9.0 458 | 459 | - Update the Oracle Java version in the Java cookbook to release 1.7u11 460 | 461 | ## v1.8.2 462 | 463 | - Fix for missing /usr/lib/jvm/default-java on Debian 464 | 465 | ## v1.8.0 466 | 467 | - Add windows support 468 | 469 | ## v1.7.0 470 | 471 | - improvements for Oracle update-alternatives 472 | - When installing an Oracle JDK it is now registered with a higher priority than OpenJDK. (Related to COOK-1131.) 473 | - When running both the oracle and oracle_i386 recipes, alternatives are now created for both JDKs. 474 | - Alternatives are now created for all binaries listed in version specific attributes. (Related to COOK-1563 and COOK-1635.) 475 | - When installing Oracke JDKs on Ubuntu, create .jinfo files for use with update-java-alternatives. Commands to set/install alternatives now only run if needed. 476 | 477 | ## v1.6.4 478 | 479 | - fixed typo in attribute for java 5 on i586 480 | 481 | ## v1.6.2 482 | 483 | - whyrun support in `java_ark` LWRP 484 | - CHEF-1804 compatibility 485 | - install Java 6u37 and Java 7u9 486 | - incorrect warning text about `node['java']['oracle']['accept_oracle_download_terms']` 487 | 488 | ## v1.6.0 489 | 490 | - Install Oracle JDK from Oracle download directly 491 | - set JAVA_HOME in openjdk recipe 492 | - Install correct architecture on Amazon Linux 493 | 494 | ## v1.5.4 495 | 496 | update alternatives called on wrong file 497 | use shellout instead of execute resource to update alternatives 498 | 499 | ## v1.5.2 500 | 501 | - remove sun-java6-jre on Ubuntu before installing Oracle's Java 502 | - fails on Ubuntu 12.04 64bit with openjdk7 503 | - Oracle Java should symlink the jar command 504 | 505 | ## v1.5.0 506 | 507 | - Oracle now prevents download of JDK via non-browser 508 | - fix File.exists? 509 | 510 | ## v1.4.2 511 | 512 | - fix attributes typo and platform case switch consistency 513 | 514 | ## v1.4.0 515 | 516 | - numerous updates: handle jdk6 and 7, switch from sun to oracle, make openjdk default, add `java_ark` LWRP. 517 | - [42] - FreeBSD support 518 | - ArchLinux support 519 | --------------------------------------------------------------------------------