Chainguard Images Now Come With JCK Certified Java
Written by Nikos Vaggalis   
Thursday, 25 July 2024

Chainguard has released OpenJDK Java images which are JCK conformant, adhering to the strict Java standard but also with a twist. The twist is that the images are minimalist and based on Wolfi Linux (Un)Distribution. What's the deal with that?

chainguard

Wolfi is a community Linux (un)distribution that is built with security measures necessary for securing the software supply chain such as signing and sensible defaults. The defaults that it enforces on container images are:

  • build-time SBOM as standard for all packages

  • packages are designed to be granular and independent to support minimal images

  • uses the proven and reliable APK package format

  • enables fully declarative and reproducible build systems

  • supports glibc and musl

As far as the 'un' in (un)distribution goes, it means that Wolfi is not a full Linux distribution designed to run on bare metal. Instead it is a stripped-down version designed for the cloud era as it doesn't include a Linux kernel but relies on the environment, such as the container runtime, to provide it. This is so, so that dependencies are as much as possible minimized in order to reduce potential attack surfaces and to simplify actions such as auditing, updating and transferring images. Chainguard's ultimate aim is to eradicate CVEs from containers.

On top of that we now get JCK certified Java runtimes. The JCK is a comprehensive test suite provided by Oracle that validates adherence to the Java specification. This conformance now applies to any Chainguard Image that contains the JDK and JRE latest builds for OpenJDK Java 21.0.3 and Java 22.0.1.
JCK compliance ensures that Java applications will run consistently across different platforms and devices, and that they are compatible with other Java implementations.

This means that Chainguard's Java base images are fully compatible and conform to the rigorous standards set out for Java SE 21 and 22 for both compiler and runtime.
It's a scheme akin to Bellsoft adding CRaC enabled OpenJDKs in its Alpaquita containers, as we examined in "Liberica Alpaquita Containers Now Come With CRaC"

The Chainguard images are available on cgr.dev and can be pulled with:

for JRE

docker pull cgr.dev/chainguard/jre:latest

for JDK

docker pull cgr.dev/chainguard/jdk

To put it into practice, if you've written a simple Java class say HelloWolfi.java, to containerize it you would:

Following that, you can build the image:

docker build -t my-java-app .

and run it by referencing this tag, as in the following command:

docker run my-java-app

This way you get the best of two worlds; solid Java on secure containers. 

chainguard

More Information

JDK image

JRE image
 

Related Articles

Happy Birthday To Wolfi Linux Undistro

Liberica Alpaquita Containers Now Come With CRaC  

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner

50 Years Of the Intel 8080
05/01/2025

The Intel 8080 was the very first multi-purpose microprocessor and as such played a pivotal role in the evolution of personal computing. 2024 was the 50th anniversary of the chip that influenced  [ ... ]


+ Full Story
Remembering Grace Hopper On Her 114th Anniversary
09/12/2024

Today sees the start of Computer Science Education Week and  the 2024 Hour of Code. These educational event are timed to coincide with Grace Hopper's birthday on January 9th, 1906 due to her conc [ ... ]


+ Full Story
More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info
Last Updated ( Thursday, 25 July 2024 )