From 55044246a44f4c643c08ad73bb68ab9ad9c4b72e Mon Sep 17 00:00:00 2001 From: cgbautista Date: Tue, 17 Mar 2026 18:32:32 +0100 Subject: [PATCH 1/7] Addresses several issues: - The first `d2-docker start ... -k` changes the LOAD_FROM_DATA env variable, destroying the core and data containers in the process, but keeping the volumes. That means that the INIT_DONE_FILE in the core container is no longer present and will always try to copy apps, documents, datavalues and will try to run sql files and pre-scripts. As the data container is run first and sees the LOAD_FROM_DATA=no, it will remove ALL contents under /data, so no apps, documents, datavalues or SQL files should be present for the core container but the mapped volume /data/db/post is still there, but not reachable (there is no /data/db, so `find /data/db/post` fails). Two safelines here: data container will create /data/db after deleting /data/*; the core container will check if there is a directory or not for base_db_path - Second: core container launches catalina.sh run in background, then waits for it to be ready and runs post-scripts. After that hangs in a wait until the container is stopped. When stopping the container, the term signal is not reaching tomcat and after 10 seconds the container is killed, thus generating a RC=137. As the docker-compose.yml has a restart:no, this prevents the core image from loading up automatically after a reboot (a manual d2-docker start will work as it does not depend on the RC of the previous stop). So the TERM signal is captured and it launches a catalina.sh stop and waits a little for it to finish. In any case, the RC from both the wait and the cleanup is forced to 0 to avoid errors. --- .gitignore | 1 + src/d2_docker/config/dhis2-core-start.sh | 28 +++++++++++++++++++++++- src/d2_docker/docker-compose.yml | 1 + src/d2_docker/images/dhis2-data/run.sh | 2 ++ 4 files changed, 31 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index f16235a..1af21a7 100644 --- a/.gitignore +++ b/.gitignore @@ -109,3 +109,4 @@ venv.bak/ *.war .flaskenv.secret +bom.json diff --git a/src/d2_docker/config/dhis2-core-start.sh b/src/d2_docker/config/dhis2-core-start.sh index 508fcde..7c89265 100755 --- a/src/d2_docker/config/dhis2-core-start.sh +++ b/src/d2_docker/config/dhis2-core-start.sh @@ -39,6 +39,10 @@ debug() { run_sql_files() { base_db_path=$(test "${LOAD_FROM_DATA}" = "yes" && echo "$root_db_path" || echo "$post_db_path") debug "Files in data path" + if [[ ! -d "$base_db_path" ]] ; then + debug " -- NO FILES -- " + return 0 + fi find "$base_db_path" >&2 find "$base_db_path" -type f \( -name '*.dump' \) | @@ -149,6 +153,27 @@ wait_for_tomcat() { done } +cleanup() { + debug "--- [SIGNAL RECEIVED] ---" + debug "Stopping tomcat" + catalina.sh stop & + STOP_PID=$! + count=0 + # if need more than 10 seconds (default), remember to configure stop_grace_period in docker-compose.yml accordingly + while [ $count -lt 10 ]; do + if ! kill -0 $STOP_PID 2>/dev/null; then + debug "Tomcat has stopped." + exit 0 + fi + sleep 1 + count=$((count + 1)) + done + exit 0 +} + +trap cleanup SIGTERM SIGINT + + INIT_DONE_FILE="/tmp/dhis2-core-start.done" is_init_done() { @@ -178,10 +203,11 @@ run() { fi start_tomcat & + LAST_PID=$! wait_for_tomcat run_post_scripts || true debug "DHIS2 instance ready" - wait + wait $LAST_PID || true } env diff --git a/src/d2_docker/docker-compose.yml b/src/d2_docker/docker-compose.yml index f0f8d22..a910e97 100644 --- a/src/d2_docker/docker-compose.yml +++ b/src/d2_docker/docker-compose.yml @@ -21,6 +21,7 @@ services: DHIS2_AUTH: "${DHIS2_AUTH}" entrypoint: bash /config/dhis2-core-entrypoint.sh command: bash /config/dhis2-core-start.sh + stop_grace_period: 10s restart: "no" depends_on: - "db" diff --git a/src/d2_docker/images/dhis2-data/run.sh b/src/d2_docker/images/dhis2-data/run.sh index 183a5c8..a283392 100755 --- a/src/d2_docker/images/dhis2-data/run.sh +++ b/src/d2_docker/images/dhis2-data/run.sh @@ -10,6 +10,8 @@ main() { local volume=$1 chmod -R u+rwX,go+rX,go-w $volume else rm -rf /$volume/* + # To avoid leaving dhis2-core without a path to /data/db/post after clearing up all /data + mkdir /$volume/db fi } From 8aea1768be95e0e0a536e632972055e073309df0 Mon Sep 17 00:00:00 2001 From: cgbautista Date: Tue, 24 Mar 2026 18:00:32 +0100 Subject: [PATCH 2/7] On feature/stop_on_error the docker-compose.yml was changed in order for the core container to not be restarted upon exit, to avoid mandatory SQL to be bypassed and exposing data that should have been altered/deleted. This had the side effect of not starting the core container upon server restart. As the core container is needed for the service, the logic has been changed so upon mandatory-SQL execution error, instead of just stopping, it removes the application and creates a flag in a named volume to persist this behavior upon core restart: it will delete the application and show a generic error, but will keep the container up and running. This achieves a better result in both scenarios: - In case of SQL error, the application won't work until the error is addressed. The db container would be working and the SQL could be run to fix the issue and adjust the SQL script accordingly. - In case all works as intended, even after server restart, the container will behave just like the other two db/gateway containers. --- src/d2_docker/config/dhis2-core-start.sh | 21 ++++++++++++++----- src/d2_docker/docker-compose.yml | 2 +- .../images/dhis2-core/docker-entrypoint.sh | 12 +++++++++-- 3 files changed, 27 insertions(+), 8 deletions(-) diff --git a/src/d2_docker/config/dhis2-core-start.sh b/src/d2_docker/config/dhis2-core-start.sh index 7c89265..0a35fde 100755 --- a/src/d2_docker/config/dhis2-core-start.sh +++ b/src/d2_docker/config/dhis2-core-start.sh @@ -29,8 +29,13 @@ post_db_path="/data/db/post" source_apps_path="/data/apps" source_documents_path="/data/document" source_datavalues_path="/data/dataValue" -files_path="/DHIS2_home/files/" -tomcat_conf_dir="/usr/local/tomcat/conf" +home_path="/DHIS2_home" +files_path="$home_path/files/" +tomcatdir=/usr/local/tomcat +tomcat_conf_dir="$tomcatdir/conf" +approot="$tomcatdir/webapps/ROOT" +flag_sql_error="$home_path/flag-sql-error" + debug() { echo "[dhis2-core-start] $*" >&2 @@ -64,6 +69,12 @@ run_sql_files() { run_psql_cmd "$path" || exit_code=$? if [ "$exit_code" -gt 0 ]; then echo "Exit code: $exit_code" + touch "$flag_sql_error" + rf -rvf $approot + mkdir -p -m 750 $approot + chown tomcat:tomcat $approot + echo 'Error + Error during preparation of the service' > $approot/index.html exit "$exit_code" fi done @@ -126,9 +137,9 @@ copy_non_empty_files() { setup_tomcat() { debug "Setup tomcat" - cp -v $configdir/DHIS2_home/* "/DHIS2_home/" - cp -v $homedir/* /DHIS2_home/ || true - copy_non_empty_files "$configdir/override/dhis2/" "/DHIS2_home/" + cp -v $configdir/DHIS2_home/* "$home_path/" + cp -v $homedir/* $home_path/ || true + copy_non_empty_files "$configdir/override/dhis2/" "$home_path/" cp -v "$configdir/server.xml" "$tomcat_conf_dir/server.xml" copy_non_empty_files "$configdir/override/tomcat/" "$tomcat_conf_dir/" diff --git a/src/d2_docker/docker-compose.yml b/src/d2_docker/docker-compose.yml index a910e97..cc6afde 100644 --- a/src/d2_docker/docker-compose.yml +++ b/src/d2_docker/docker-compose.yml @@ -22,7 +22,7 @@ services: entrypoint: bash /config/dhis2-core-entrypoint.sh command: bash /config/dhis2-core-start.sh stop_grace_period: 10s - restart: "no" + restart: unless-stopped depends_on: - "db" - "data" diff --git a/src/d2_docker/images/dhis2-core/docker-entrypoint.sh b/src/d2_docker/images/dhis2-core/docker-entrypoint.sh index 27844fb..3a387e3 100644 --- a/src/d2_docker/images/dhis2-core/docker-entrypoint.sh +++ b/src/d2_docker/images/dhis2-core/docker-entrypoint.sh @@ -8,10 +8,18 @@ WARFILE=/usr/local/tomcat/webapps/ROOT.war TOMCATDIR=/usr/local/tomcat DHIS2HOME=/DHIS2_home DATA_DIR=/data +FLAG_SQL_ERROR=$DHIS2HOME/flag_sql_error +APPROOT=$TOMCATDIR/webapps/ROOT if [ "$(id -u)" = "0" ]; then - if [ -f $WARFILE ]; then - unzip -q $WARFILE -d $TOMCATDIR/webapps/ROOT + if [ -f $FLAG_SQL_ERROR ]; then + rf -rvf $APPROOT + mkdir -p -m 750 $APPROOT + chown tomcat:tomcat $APPROOT + echo 'Error + Error during preparation of the service' > $APPROOT/index.html + elif [ -f $WARFILE ]; then + unzip -q $WARFILE -d $APPROOT rm -v $WARFILE # just to save space fi From 773011b6f740df6200d4f492a71aac8690ba13b2 Mon Sep 17 00:00:00 2001 From: cgbautista Date: Tue, 7 Apr 2026 17:36:42 +0200 Subject: [PATCH 3/7] Configured as an environmental variable the `stop_grace_period` from the compose file to avoid having to edit two files if this setting were to be modified. Fixed typo --- src/d2_docker/config/dhis2-core-start.sh | 8 +++++--- src/d2_docker/docker-compose.yml | 5 +++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/src/d2_docker/config/dhis2-core-start.sh b/src/d2_docker/config/dhis2-core-start.sh index 0a35fde..b7c43c3 100755 --- a/src/d2_docker/config/dhis2-core-start.sh +++ b/src/d2_docker/config/dhis2-core-start.sh @@ -15,6 +15,9 @@ set -e -u -o pipefail export PGPASSWORD="dhis" +# Default to 10 seconds +[[ "$STOP_GRACE_PERIOD" =~ ^[0-9]+$ ]] || STOP_GRACE_PERIOD=10 + dhis2_url="http://localhost:8080/$DEPLOY_PATH" dhis2_url_with_auth="http://$DHIS2_AUTH@localhost:8080/$DEPLOY_PATH" psql_base_cmd="psql --quiet -h db -U dhis dhis2" @@ -70,7 +73,7 @@ run_sql_files() { if [ "$exit_code" -gt 0 ]; then echo "Exit code: $exit_code" touch "$flag_sql_error" - rf -rvf $approot + rm -rvf $approot mkdir -p -m 750 $approot chown tomcat:tomcat $approot echo 'Error @@ -170,8 +173,7 @@ cleanup() { catalina.sh stop & STOP_PID=$! count=0 - # if need more than 10 seconds (default), remember to configure stop_grace_period in docker-compose.yml accordingly - while [ $count -lt 10 ]; do + while [ $count -lt $STOP_GRACE_PERIOD ]; do if ! kill -0 $STOP_PID 2>/dev/null; then debug "Tomcat has stopped." exit 0 diff --git a/src/d2_docker/docker-compose.yml b/src/d2_docker/docker-compose.yml index cc6afde..d523024 100644 --- a/src/d2_docker/docker-compose.yml +++ b/src/d2_docker/docker-compose.yml @@ -19,10 +19,11 @@ services: LOAD_FROM_DATA: "${LOAD_FROM_DATA}" DEPLOY_PATH: "${DEPLOY_PATH}" DHIS2_AUTH: "${DHIS2_AUTH}" - entrypoint: bash /config/dhis2-core-entrypoint.sh - command: bash /config/dhis2-core-start.sh + STOP_GRACE_PERIOD: 10 # This MUST be equal to the stop_grace_period, but without units stop_grace_period: 10s restart: unless-stopped + entrypoint: bash /config/dhis2-core-entrypoint.sh + command: bash /config/dhis2-core-start.sh depends_on: - "db" - "data" From d9376bb6b4aca15a4dcecbc2b6f0e15208cb8104 Mon Sep 17 00:00:00 2001 From: idelcano Date: Wed, 8 Apr 2026 11:40:32 +0200 Subject: [PATCH 4/7] extract error logic and improve error code workflow --- src/d2_docker/config/dhis2-core-start.sh | 52 +++++++++++++++++++----- 1 file changed, 41 insertions(+), 11 deletions(-) diff --git a/src/d2_docker/config/dhis2-core-start.sh b/src/d2_docker/config/dhis2-core-start.sh index b7c43c3..405f516 100755 --- a/src/d2_docker/config/dhis2-core-start.sh +++ b/src/d2_docker/config/dhis2-core-start.sh @@ -44,6 +44,15 @@ debug() { echo "[dhis2-core-start] $*" >&2 } +setup_error_page() { + debug "Setting up error page (application removed)" + rm -rvf "$approot" + mkdir -p -m 750 "$approot" + chown tomcat:tomcat "$approot" + echo 'Error + Error during preparation of the service' > "$approot/index.html" +} + run_sql_files() { base_db_path=$(test "${LOAD_FROM_DATA}" = "yes" && echo "$root_db_path" || echo "$post_db_path") debug "Files in data path" @@ -65,22 +74,24 @@ run_sql_files() { zcat "$path" | $psql_cmd || true done - find "$base_db_path" -type f \( -name '*.sql' \) | - sort | while read -r path; do + local sql_error=0 + while read -r path; do echo "Load SQL: $path" exit_code=0 run_psql_cmd "$path" || exit_code=$? if [ "$exit_code" -gt 0 ]; then echo "Exit code: $exit_code" - touch "$flag_sql_error" - rm -rvf $approot - mkdir -p -m 750 $approot - chown tomcat:tomcat $approot - echo 'Error - Error during preparation of the service' > $approot/index.html - exit "$exit_code" + sql_error=1 + break fi - done + done < <(find "$base_db_path" -type f \( -name '*.sql' \) | sort) + + if [ "$sql_error" -gt 0 ]; then + touch "$flag_sql_error" + setup_error_page + return 1 + fi + return 0 } run_psql_cmd() { @@ -201,6 +212,18 @@ run() { local host=$1 psql_port=$2 setup_tomcat + + # If a previous SQL error was flagged (persisted in named volume), keep showing error page + if [ -f "$flag_sql_error" ]; then + debug "SQL error flag detected from a previous run. Container will start with error page only." + setup_error_page + start_tomcat & + LAST_PID=$! + debug "Container is running with error page. Fix the SQL issue and remove the flag ($flag_sql_error) to recover." + wait $LAST_PID || true + return + fi + if is_init_done; then debug "Container: already configured. Skip DB load and keeping other changes" else @@ -210,7 +233,14 @@ run() { copy_datavalues debug "Container: clean. Load DB" wait_for_postgres - run_sql_files + if ! run_sql_files; then + debug "SQL error detected. Container will start with error page only." + start_tomcat & + LAST_PID=$! + debug "Fix the SQL issue and remove the flag ($flag_sql_error) to recover." + wait $LAST_PID || true + return + fi run_pre_scripts || true init_done fi From 705c1e14065679e8bce5c37343fa8ae35acddaad Mon Sep 17 00:00:00 2001 From: cgbautista Date: Wed, 8 Apr 2026 18:06:12 +0200 Subject: [PATCH 5/7] Merged with PR-162 Created a new function to unify tomcat startup in all scenarios. Removed old cert from Dockerfile (hardcoded and no longer needed) Removed flag checks from `entrypoints` to use the `start.sh` from the PR. TO-DO: - check whether the `docker-entrypoint.sh` from the `images/dhis2-core` is needed as it is not used in `Dockerfile`, nor defined as `ENTRYPOINT, nor used in `docker-compose.yml` - check if `$INIT_DONE_FILE` should be placed on a named volume to be persisted between flag changes or not --- src/d2_docker/config/dhis2-core-entrypoint.sh | 6 +-- src/d2_docker/config/dhis2-core-start.sh | 44 ++++++++++++------- .../images/dhis2-core/docker-entrypoint.sh | 9 +--- .../images/dhis2-core/java-11/Dockerfile | 4 -- .../dhis2-core/java-11/who_pub_cert.cert | 1 - .../dhis2-core/java-17-tomcat-10/Dockerfile | 4 -- .../java-17-tomcat-10/docker-entrypoint.sh | 33 +------------- .../java-17-tomcat-10/who_pub_cert.cert | 35 --------------- .../images/dhis2-core/java-17/Dockerfile | 4 -- .../dhis2-core/java-17/who_pub_cert.cert | 1 - .../images/dhis2-core/who_pub_cert.cert | 35 --------------- 11 files changed, 34 insertions(+), 142 deletions(-) delete mode 120000 src/d2_docker/images/dhis2-core/java-11/who_pub_cert.cert mode change 100644 => 120000 src/d2_docker/images/dhis2-core/java-17-tomcat-10/docker-entrypoint.sh delete mode 100644 src/d2_docker/images/dhis2-core/java-17-tomcat-10/who_pub_cert.cert delete mode 120000 src/d2_docker/images/dhis2-core/java-17/who_pub_cert.cert delete mode 100644 src/d2_docker/images/dhis2-core/who_pub_cert.cert diff --git a/src/d2_docker/config/dhis2-core-entrypoint.sh b/src/d2_docker/config/dhis2-core-entrypoint.sh index 6756169..58ed092 100755 --- a/src/d2_docker/config/dhis2-core-entrypoint.sh +++ b/src/d2_docker/config/dhis2-core-entrypoint.sh @@ -14,7 +14,7 @@ DHIS2HOME=/DHIS2_home DATA_DIR=/data GLOWROOT_ZIP="/opt/glowroot.zip" GLOWROOT_DIR="/opt/glowroot" - +APPROOT=$TOMCATDIR/webapps/ROOT debug() { echo "[dhis2-core-entrypoint] $*" >&2 @@ -95,8 +95,8 @@ setup_glowroot() { if [ "$(id -u)" = "0" ]; then if [ -f $WARFILE ]; then - unzip -q $WARFILE -d $TOMCATDIR/webapps/ROOT - rm -v $WARFILE # just to save space + unzip -q $WARFILE -d $APPROOT + rm -v $WARFILE # just to save space fi setup_glowroot diff --git a/src/d2_docker/config/dhis2-core-start.sh b/src/d2_docker/config/dhis2-core-start.sh index 405f516..0b6fc68 100755 --- a/src/d2_docker/config/dhis2-core-start.sh +++ b/src/d2_docker/config/dhis2-core-start.sh @@ -46,7 +46,7 @@ debug() { setup_error_page() { debug "Setting up error page (application removed)" - rm -rvf "$approot" + rm -rf "$approot" mkdir -p -m 750 "$approot" chown tomcat:tomcat "$approot" echo 'Error @@ -171,6 +171,22 @@ start_tomcat() { catalina.sh run } +manage_tomcat_lifecycle() { + local msg="${1:-}" + local callback="${2:-}" + + start_tomcat & + LAST_PID=$! + + if [ -n "$callback" ]; then + $callback + fi + + [ -n "$msg" ] && debug "$msg" + + wait $LAST_PID || true +} + wait_for_tomcat() { debug "Waiting for Tomcat to start: $dhis2_url" while ! curl -sS -i "$dhis2_url" 2>/dev/null | grep "^Location"; do @@ -217,10 +233,8 @@ run() { if [ -f "$flag_sql_error" ]; then debug "SQL error flag detected from a previous run. Container will start with error page only." setup_error_page - start_tomcat & - LAST_PID=$! - debug "Container is running with error page. Fix the SQL issue and remove the flag ($flag_sql_error) to recover." - wait $LAST_PID || true + manage_tomcat_lifecycle \ + "Container is running with error page. Fix the SQL issue and remove the flag ($flag_sql_error) to recover." return fi @@ -235,22 +249,22 @@ run() { wait_for_postgres if ! run_sql_files; then debug "SQL error detected. Container will start with error page only." - start_tomcat & - LAST_PID=$! - debug "Fix the SQL issue and remove the flag ($flag_sql_error) to recover." - wait $LAST_PID || true + manage_tomcat_lifecycle \ + "Fix the SQL issue and remove the flag ($flag_sql_error) to recover." return fi run_pre_scripts || true init_done fi - start_tomcat & - LAST_PID=$! - wait_for_tomcat - run_post_scripts || true - debug "DHIS2 instance ready" - wait $LAST_PID || true + post_start_actions() { + wait_for_tomcat + run_post_scripts || true + } + + manage_tomcat_lifecycle \ + "DHIS2 instance ready" \ + post_start_actions } env diff --git a/src/d2_docker/images/dhis2-core/docker-entrypoint.sh b/src/d2_docker/images/dhis2-core/docker-entrypoint.sh index 3a387e3..51e622a 100644 --- a/src/d2_docker/images/dhis2-core/docker-entrypoint.sh +++ b/src/d2_docker/images/dhis2-core/docker-entrypoint.sh @@ -8,17 +8,10 @@ WARFILE=/usr/local/tomcat/webapps/ROOT.war TOMCATDIR=/usr/local/tomcat DHIS2HOME=/DHIS2_home DATA_DIR=/data -FLAG_SQL_ERROR=$DHIS2HOME/flag_sql_error APPROOT=$TOMCATDIR/webapps/ROOT if [ "$(id -u)" = "0" ]; then - if [ -f $FLAG_SQL_ERROR ]; then - rf -rvf $APPROOT - mkdir -p -m 750 $APPROOT - chown tomcat:tomcat $APPROOT - echo 'Error - Error during preparation of the service' > $APPROOT/index.html - elif [ -f $WARFILE ]; then + if [ -f $WARFILE ]; then unzip -q $WARFILE -d $APPROOT rm -v $WARFILE # just to save space fi diff --git a/src/d2_docker/images/dhis2-core/java-11/Dockerfile b/src/d2_docker/images/dhis2-core/java-11/Dockerfile index 35cc2f0..55610f8 100644 --- a/src/d2_docker/images/dhis2-core/java-11/Dockerfile +++ b/src/d2_docker/images/dhis2-core/java-11/Dockerfile @@ -14,10 +14,6 @@ RUN rm -rf /usr/local/tomcat/webapps/* && \ addgroup root tomcat && \ useradd --shell /bin/bash --uid 101 --gid tomcat tomcat -COPY who_pub_cert.cert $DHIS2_CERT -RUN chmod +rx $DHIS2_CERT -RUN keytool -importcert -alias who_mail_ichigoout -file $DHIS2_CERT -keystore /usr/local/openjdk-11/lib/security/cacerts -storepass changeit -noprompt - RUN apt-get update RUN echo 'You can disregard the warning in noninteractive installations:' \ diff --git a/src/d2_docker/images/dhis2-core/java-11/who_pub_cert.cert b/src/d2_docker/images/dhis2-core/java-11/who_pub_cert.cert deleted file mode 120000 index 7178e72..0000000 --- a/src/d2_docker/images/dhis2-core/java-11/who_pub_cert.cert +++ /dev/null @@ -1 +0,0 @@ -../who_pub_cert.cert \ No newline at end of file diff --git a/src/d2_docker/images/dhis2-core/java-17-tomcat-10/Dockerfile b/src/d2_docker/images/dhis2-core/java-17-tomcat-10/Dockerfile index 82f1edf..423a166 100644 --- a/src/d2_docker/images/dhis2-core/java-17-tomcat-10/Dockerfile +++ b/src/d2_docker/images/dhis2-core/java-17-tomcat-10/Dockerfile @@ -14,10 +14,6 @@ RUN rm -rf /usr/local/tomcat/webapps/* && \ usermod -aG tomcat root && \ useradd --shell /bin/bash --uid 101 --gid tomcat tomcat -COPY who_pub_cert.cert $DHIS2_CERT -RUN chmod +rx $DHIS2_CERT -RUN keytool -importcert -alias who_mail_ichigoout -file $DHIS2_CERT -keystore /opt/java/openjdk/lib/security/cacerts -storepass changeit -noprompt - RUN apt-get update RUN echo 'You can disregard the warning in noninteractive installations:' \ diff --git a/src/d2_docker/images/dhis2-core/java-17-tomcat-10/docker-entrypoint.sh b/src/d2_docker/images/dhis2-core/java-17-tomcat-10/docker-entrypoint.sh deleted file mode 100644 index 27844fb..0000000 --- a/src/d2_docker/images/dhis2-core/java-17-tomcat-10/docker-entrypoint.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# -# This file should be basically the same as config/dhis2-core-entrypoint.sh -# -set -e # exit on errors - -WARFILE=/usr/local/tomcat/webapps/ROOT.war -TOMCATDIR=/usr/local/tomcat -DHIS2HOME=/DHIS2_home -DATA_DIR=/data - -if [ "$(id -u)" = "0" ]; then - if [ -f $WARFILE ]; then - unzip -q $WARFILE -d $TOMCATDIR/webapps/ROOT - rm -v $WARFILE # just to save space - fi - - mkdir -p $DATA_DIR/apps - chown -R tomcat:tomcat $TOMCATDIR $DATA_DIR/apps $DHIS2HOME - chmod -R u=rwX,g=rX,o-rwx $TOMCATDIR $DATA_DIR/apps $DHIS2HOME - - # Launch the given command as tomcat, in two ways for backwards compatibility: - if [ "$(grep '^ID=' /etc/os-release)" = "ID=alpine" ]; then - # The alpine linux way (for old images). - exec su-exec tomcat "$0" "$@" - else - # The ubuntu way (for new images). - exec setpriv --reuid=tomcat --regid=tomcat --init-groups "$0" "$@" - fi -fi - -exec "$@" diff --git a/src/d2_docker/images/dhis2-core/java-17-tomcat-10/docker-entrypoint.sh b/src/d2_docker/images/dhis2-core/java-17-tomcat-10/docker-entrypoint.sh new file mode 120000 index 0000000..92ff18c --- /dev/null +++ b/src/d2_docker/images/dhis2-core/java-17-tomcat-10/docker-entrypoint.sh @@ -0,0 +1 @@ +../docker-entrypoint.sh \ No newline at end of file diff --git a/src/d2_docker/images/dhis2-core/java-17-tomcat-10/who_pub_cert.cert b/src/d2_docker/images/dhis2-core/java-17-tomcat-10/who_pub_cert.cert deleted file mode 100644 index 9a179fa..0000000 --- a/src/d2_docker/images/dhis2-core/java-17-tomcat-10/who_pub_cert.cert +++ /dev/null @@ -1,35 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGJDCCBQygAwIBAgIQJUJnlAcKVsfQ9MMGpFjCBTANBgkqhkiG9w0BAQsFADCB -jzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G -A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD -Ey5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB -MB4XDTIyMDMxNjAwMDAwMFoXDTIzMDQxNjIzNTk1OVowFDESMBAGA1UEAwwJKi53 -aG8uaW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSHGIzs9hI1G -hoQpRqA6AJJHtV5UNU7HYGqewe/g/hO78YKa3GkCr2nXVz42fDrwtKI6qyTL8R4t -JlqxK7NgorwQK7swZlQq77pj0jGo2NaxqI68oaoz8Itkg361jlk2LJQrrSJBGemc -2vZC7o1hWZLwcf8PwSBkKTqjZjO7th0ESEUt8ic6YZxEWaWdJeZUc+xDGpM439L+ -mPeZKmwLzKUk41DPe1LBjeVCKOlTnFaGTX8/PescoifgAV+kZ9G+hmu5aZYVx2n+ -w8nVc4aIOiQow1LOtk8CDvBPoDnJMOpKEZobXcqcTDvbFnG4mzUnc6GXDWLaF/kJ -JMvRKoTsQwIDAQABo4IC9DCCAvAwHwYDVR0jBBgwFoAUjYxexFStiuF36Zv5mwXh -uAGNYeEwHQYDVR0OBBYEFHTQH+RF7rX7AXEqzVXnkXexoDIEMA4GA1UdDwEB/wQE -AwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgIHMCUwIwYIKwYBBQUHAgEWF2h0dHBz -Oi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATCBhAYIKwYBBQUHAQEEeDB2ME8G -CCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FEb21h -aW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRw -Oi8vb2NzcC5zZWN0aWdvLmNvbTAdBgNVHREEFjAUggkqLndoby5pbnSCB3doby5p -bnQwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB3AK33vvp8/xDIi509nB4+GGq0 -Zyldz7EMJMqFhjTr3IKKAAABf5MeKkoAAAQDAEgwRgIhAINPWOeOK9LR1KvwjXy3 -tq+VOtOl2pbxUSGpKb/on/5fAiEAl/zai8TthJdRZGYAQ1AJVY83+VPNlrAmYt4Y -aATC6GoAdgB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAX+THioV -AAAEAwBHMEUCIQC5LVSJjK/+axH2ygQBQvZBteFsrpfrjTwlxRUZIOVOegIgfe+9 -UxpopGPMoxAinRvmhV80DC2SjyB5tJ5gxdEwjy0AdQDoPtDaPvUGNTLnVyi8iWvJ -A9PL0RFr7Otp4Xd9bQa9bgAAAX+THiniAAAEAwBGMEQCIGzDAwbnDDooUiBzsIgx -qQTH9LWRw/sUP6oPqC/TCy5IAiBv5zoBNQRFF5xL747h+fonfzO29cOTOxII7OOE -tB5PtDANBgkqhkiG9w0BAQsFAAOCAQEAZoC2S+nrxP2loGfjDvbjo0N9cc7KhCJv -XPAG3qvc1T4RI4ZCfTKY5vpFYqu6E/TMdGlDTXD3NxheJyScm51x5tXGfvIsnKDc -//zWyUXvZPnJWLEjP4JKsRb/Gi8hIPfLP0PST1xjk+JlxE+vfbHfH5BUegfpfBgv -Fu+HiJEFS3ZDE6Im61Hq5BdMdLF84u5khs0smbWOyP4tP9fqD6gnq0RV+gcI2JzU -LLc0mPIpLqQ87zvj/Re0rMGS/JhXp4cAyvIuwi1AuechGjQR1zeBNgVIkxd+ccnc -OaI6t3HH7OQ2K8pCNLa4PyoAJL/XnIwq0FwvqSVKW8h3vTdZ4Z0+Jg== ------END CERTIFICATE----- diff --git a/src/d2_docker/images/dhis2-core/java-17/Dockerfile b/src/d2_docker/images/dhis2-core/java-17/Dockerfile index 1b385ef..d5ad3c7 100644 --- a/src/d2_docker/images/dhis2-core/java-17/Dockerfile +++ b/src/d2_docker/images/dhis2-core/java-17/Dockerfile @@ -14,10 +14,6 @@ RUN rm -rf /usr/local/tomcat/webapps/* && \ addgroup root tomcat && \ useradd --shell /bin/bash --uid 101 --gid tomcat tomcat -COPY who_pub_cert.cert $DHIS2_CERT -RUN chmod +rx $DHIS2_CERT -RUN keytool -importcert -alias who_mail_ichigoout -file $DHIS2_CERT -keystore /opt/java/openjdk/lib/security/cacerts -storepass changeit -noprompt - RUN apt-get update RUN echo 'You can disregard the warning in noninteractive installations:' \ diff --git a/src/d2_docker/images/dhis2-core/java-17/who_pub_cert.cert b/src/d2_docker/images/dhis2-core/java-17/who_pub_cert.cert deleted file mode 120000 index 7178e72..0000000 --- a/src/d2_docker/images/dhis2-core/java-17/who_pub_cert.cert +++ /dev/null @@ -1 +0,0 @@ -../who_pub_cert.cert \ No newline at end of file diff --git a/src/d2_docker/images/dhis2-core/who_pub_cert.cert b/src/d2_docker/images/dhis2-core/who_pub_cert.cert deleted file mode 100644 index c576482..0000000 --- a/src/d2_docker/images/dhis2-core/who_pub_cert.cert +++ /dev/null @@ -1,35 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGJDCCBQygAwIBAgIQJUJnlAcKVsfQ9MMGpFjCBTANBgkqhkiG9w0BAQsFADCB -jzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G -A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD -Ey5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB -MB4XDTIyMDMxNjAwMDAwMFoXDTIzMDQxNjIzNTk1OVowFDESMBAGA1UEAwwJKi53 -aG8uaW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSHGIzs9hI1G -hoQpRqA6AJJHtV5UNU7HYGqewe/g/hO78YKa3GkCr2nXVz42fDrwtKI6qyTL8R4t -JlqxK7NgorwQK7swZlQq77pj0jGo2NaxqI68oaoz8Itkg361jlk2LJQrrSJBGemc -2vZC7o1hWZLwcf8PwSBkKTqjZjO7th0ESEUt8ic6YZxEWaWdJeZUc+xDGpM439L+ -mPeZKmwLzKUk41DPe1LBjeVCKOlTnFaGTX8/PescoifgAV+kZ9G+hmu5aZYVx2n+ -w8nVc4aIOiQow1LOtk8CDvBPoDnJMOpKEZobXcqcTDvbFnG4mzUnc6GXDWLaF/kJ -JMvRKoTsQwIDAQABo4IC9DCCAvAwHwYDVR0jBBgwFoAUjYxexFStiuF36Zv5mwXh -uAGNYeEwHQYDVR0OBBYEFHTQH+RF7rX7AXEqzVXnkXexoDIEMA4GA1UdDwEB/wQE -AwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgIHMCUwIwYIKwYBBQUHAgEWF2h0dHBz -Oi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATCBhAYIKwYBBQUHAQEEeDB2ME8G -CCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FEb21h -aW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRw -Oi8vb2NzcC5zZWN0aWdvLmNvbTAdBgNVHREEFjAUggkqLndoby5pbnSCB3doby5p -bnQwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB3AK33vvp8/xDIi509nB4+GGq0 -Zyldz7EMJMqFhjTr3IKKAAABf5MeKkoAAAQDAEgwRgIhAINPWOeOK9LR1KvwjXy3 -tq+VOtOl2pbxUSGpKb/on/5fAiEAl/zai8TthJdRZGYAQ1AJVY83+VPNlrAmYt4Y -aATC6GoAdgB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAX+THioV -AAAEAwBHMEUCIQC5LVSJjK/+axH2ygQBQvZBteFsrpfrjTwlxRUZIOVOegIgfe+9 -UxpopGPMoxAinRvmhV80DC2SjyB5tJ5gxdEwjy0AdQDoPtDaPvUGNTLnVyi8iWvJ -A9PL0RFr7Otp4Xd9bQa9bgAAAX+THiniAAAEAwBGMEQCIGzDAwbnDDooUiBzsIgx -qQTH9LWRw/sUP6oPqC/TCy5IAiBv5zoBNQRFF5xL747h+fonfzO29cOTOxII7OOE -tB5PtDANBgkqhkiG9w0BAQsFAAOCAQEAZoC2S+nrxP2loGfjDvbjo0N9cc7KhCJv -XPAG3qvc1T4RI4ZCfTKY5vpFYqu6E/TMdGlDTXD3NxheJyScm51x5tXGfvIsnKDc -//zWyUXvZPnJWLEjP4JKsRb/Gi8hIPfLP0PST1xjk+JlxE+vfbHfH5BUegfpfBgv -Fu+HiJEFS3ZDE6Im61Hq5BdMdLF84u5khs0smbWOyP4tP9fqD6gnq0RV+gcI2JzU -LLc0mPIpLqQ87zvj/Re0rMGS/JhXp4cAyvIuwi1AuechGjQR1zeBNgVIkxd+ccnc -OaI6t3HH7OQ2K8pCNLa4PyoAJL/XnIwq0FwvqSVKW8h3vTdZ4Z0+Jg== ------END CERTIFICATE----- \ No newline at end of file From e2391118d38560b4c70400622283dce733bca908 Mon Sep 17 00:00:00 2001 From: cgbautista Date: Wed, 8 Apr 2026 18:24:43 +0200 Subject: [PATCH 6/7] Remove environmental no longer needed --- src/d2_docker/images/dhis2-core/java-11/Dockerfile | 2 -- src/d2_docker/images/dhis2-core/java-17-tomcat-10/Dockerfile | 1 - src/d2_docker/images/dhis2-core/java-17/Dockerfile | 1 - 3 files changed, 4 deletions(-) diff --git a/src/d2_docker/images/dhis2-core/java-11/Dockerfile b/src/d2_docker/images/dhis2-core/java-11/Dockerfile index 55610f8..974e4ae 100644 --- a/src/d2_docker/images/dhis2-core/java-11/Dockerfile +++ b/src/d2_docker/images/dhis2-core/java-11/Dockerfile @@ -1,7 +1,6 @@ FROM tomcat:9.0.64-jre11-openjdk-slim-bullseye ENV DHIS2_HOME=/DHIS2_home -ENV DHIS2_CERT=/DHIS2_home/who_pub_cert.cert ENV DATA_DIR=/data COPY docker-entrypoint.sh /usr/local/bin/ @@ -14,7 +13,6 @@ RUN rm -rf /usr/local/tomcat/webapps/* && \ addgroup root tomcat && \ useradd --shell /bin/bash --uid 101 --gid tomcat tomcat - RUN apt-get update RUN echo 'You can disregard the warning in noninteractive installations:' \ '"debconf: delaying package configuration, since apt-utils is not installed"' diff --git a/src/d2_docker/images/dhis2-core/java-17-tomcat-10/Dockerfile b/src/d2_docker/images/dhis2-core/java-17-tomcat-10/Dockerfile index 423a166..1629098 100644 --- a/src/d2_docker/images/dhis2-core/java-17-tomcat-10/Dockerfile +++ b/src/d2_docker/images/dhis2-core/java-17-tomcat-10/Dockerfile @@ -1,7 +1,6 @@ FROM tomcat:10.1.36-jre21-temurin ENV DHIS2_HOME=/DHIS2_home -ENV DHIS2_CERT=/DHIS2_home/who_pub_cert.cert ENV DATA_DIR=/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/src/d2_docker/images/dhis2-core/java-17/Dockerfile b/src/d2_docker/images/dhis2-core/java-17/Dockerfile index d5ad3c7..7344e0c 100644 --- a/src/d2_docker/images/dhis2-core/java-17/Dockerfile +++ b/src/d2_docker/images/dhis2-core/java-17/Dockerfile @@ -1,7 +1,6 @@ FROM tomcat:9.0.85-jre17-temurin-jammy ENV DHIS2_HOME=/DHIS2_home -ENV DHIS2_CERT=/DHIS2_home/who_pub_cert.cert ENV DATA_DIR=/data COPY docker-entrypoint.sh /usr/local/bin/ From cbd00900f1bce3c4050461921eba4c441dded42f Mon Sep 17 00:00:00 2001 From: cgbautista Date: Wed, 8 Apr 2026 18:26:36 +0200 Subject: [PATCH 7/7] Upgraded requests to 2.33.0 to avoid vuln (not affected) --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 6dd5ad7..129dfa5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ Flask==3.1.1 python-dotenv Flask_Cors==6.0.0 -requests==2.32.4 +requests==2.33.0 PyYAML setuptools