Chainguard Images Now Come With JCK Certified Java
Written by Nikos Vaggalis   
Thursday, 25 July 2024

Chainguard has released OpenJDK Java images which are JCK conformant, adhering to the strict Java standard but also with a twist. The twist is that the images are minimalist and based on Wolfi Linux (Un)Distribution. What's the deal with that?

chainguard

Wolfi is a community Linux (un)distribution that is built with security measures necessary for securing the software supply chain such as signing and sensible defaults. The defaults that it enforces on container images are:

  • build-time SBOM as standard for all packages

  • packages are designed to be granular and independent to support minimal images

  • uses the proven and reliable APK package format

  • enables fully declarative and reproducible build systems

  • supports glibc and musl

As far as the 'un' in (un)distribution goes, it means that Wolfi is not a full Linux distribution designed to run on bare metal. Instead it is a stripped-down version designed for the cloud era as it doesn't include a Linux kernel but relies on the environment, such as the container runtime, to provide it. This is so, so that dependencies are as much as possible minimized in order to reduce potential attack surfaces and to simplify actions such as auditing, updating and transferring images. Chainguard's ultimate aim is to eradicate CVEs from containers.

On top of that we now get JCK certified Java runtimes. The JCK is a comprehensive test suite provided by Oracle that validates adherence to the Java specification. This conformance now applies to any Chainguard Image that contains the JDK and JRE latest builds for OpenJDK Java 21.0.3 and Java 22.0.1.
JCK compliance ensures that Java applications will run consistently across different platforms and devices, and that they are compatible with other Java implementations.

This means that Chainguard's Java base images are fully compatible and conform to the rigorous standards set out for Java SE 21 and 22 for both compiler and runtime.
It's a scheme akin to Bellsoft adding CRaC enabled OpenJDKs in its Alpaquita containers, as we examined in "Liberica Alpaquita Containers Now Come With CRaC"

The Chainguard images are available on cgr.dev and can be pulled with:

for JRE

docker pull cgr.dev/chainguard/jre:latest

for JDK

docker pull cgr.dev/chainguard/jdk

To put it into practice, if you've written a simple Java class say HelloWolfi.java, to containerize it you would:

Following that, you can build the image:

docker build -t my-java-app .

and run it by referencing this tag, as in the following command:

docker run my-java-app

This way you get the best of two worlds; solid Java on secure containers. 

chainguard

More Information

JDK image

JRE image
 

Related Articles

Happy Birthday To Wolfi Linux Undistro

Liberica Alpaquita Containers Now Come With CRaC  

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner

Making Money From Subscription Apps
02/04/2025

The findings of RevenueCat's State of Subscription Apps Report show wide discrepancies in revenue potential between the top percentile of apps and the rest. Travel and photo apps are best earners.


+ Full Story
Rust Among GSoc Mentoring Organizations
07/03/2025

Google Summer of Code recently announced that 185 open source projects had been selected for participation as mentoring organizations for 2025.  One of those pleased to be selected is the Ru [ ... ]


+ Full Story
More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info
Last Updated ( Thursday, 25 July 2024 )