MACI-1446: Remove JndiLookup (#77)

images/elasticsearch/5.2/Dockerfile

@@ -1,12 +1,16 @@
-FROM docker.elastic.co/elasticsearch/elasticsearch:5.2.2
+FROM elasticsearch:5.2.2
 
-RUN echo "xpack.security.enabled: false" >> /usr/share/elasticsearch/config/elasticsearch.yml
+RUN apt update || true \
+ && apt install zip
+RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
 
 RUN bin/elasticsearch-plugin install analysis-icu && \
     bin/elasticsearch-plugin install analysis-phonetic
 
 ADD docker-healthcheck.sh /docker-healthcheck.sh
 
+ADD docker-entrypoint.sh /docker-entrypoint.sh
+
 HEALTHCHECK --retries=3 CMD ["bash", "/docker-healthcheck.sh"]
 
 EXPOSE 9200 9300

images/elasticsearch/5.2/docker-entrypoint.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+
+set -e
+
+# Add elasticsearch as command if needed
+if [ "${1:0:1}" = '-' ]; then
+	set -- elasticsearch "$@"
+fi
+
+# Drop root privileges if we are running elasticsearch
+# allow the container to be started with `--user`
+if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then
+	# Change the ownership of user-mutable directories to elasticsearch
+	for path in \
+		/usr/share/elasticsearch/data \
+		/usr/share/elasticsearch/logs \
+	; do
+		chown -R elasticsearch:elasticsearch "$path"
+	done
+
+  es_opts=''
+
+  while IFS='=' read -r envvar_key envvar_value
+  do
+      # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name`
+      if [[ "$envvar_key" =~ ^[a-z]+\.[a-z]+ ]]
+      then
+          if [[ ! -z $envvar_value ]]; then
+            es_opt="-E${envvar_key}=${envvar_value}"
+            es_opts+=" ${es_opt}"
+          fi
+      fi
+  done < <(env)
+
+	set -- gosu elasticsearch "$@" ${es_opts}
+	#exec gosu elasticsearch "$BASH_SOURCE" "$@"
+fi
+
+# As argument is not related to elasticsearch,
+# then assume that user wants to run his own process,
+# for example a `bash` shell to explore this image
+exec "$@"

images/elasticsearch/6.5/Dockerfile

@@ -1,5 +1,8 @@
 FROM docker.elastic.co/elasticsearch/elasticsearch:6.5.4
 
+RUN yum -y install zip
+RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
+
 RUN echo "xpack.security.enabled: false" >> /usr/share/elasticsearch/config/elasticsearch.yml
 
 RUN bin/elasticsearch-plugin install -b analysis-icu && \

images/elasticsearch/6.8/Dockerfile

@@ -1,5 +1,8 @@
 FROM docker.elastic.co/elasticsearch/elasticsearch:6.8.15
 
+RUN yum -y install zip
+RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
+
 RUN echo "xpack.security.enabled: false" >> /usr/share/elasticsearch/config/elasticsearch.yml
 RUN echo "discovery.type: single-node" >> /usr/share/elasticsearch/config/elasticsearch.yml
 RUN bin/elasticsearch-plugin install -b analysis-icu && \

images/elasticsearch/7.11/Dockerfile

@@ -1,5 +1,8 @@
 FROM docker.elastic.co/elasticsearch/elasticsearch:7.11.2
 
+RUN yum -y install zip
+RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
+
 RUN echo "xpack.security.enabled: false" >> /usr/share/elasticsearch/config/elasticsearch.yml
 RUN echo "discovery.type: single-node" >> /usr/share/elasticsearch/config/elasticsearch.yml
 RUN bin/elasticsearch-plugin install -b analysis-icu && \

images/elasticsearch/7.5/Dockerfile

@@ -1,5 +1,8 @@
 FROM docker.elastic.co/elasticsearch/elasticsearch:7.5.2
 
+RUN yum -y install zip
+RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
+
 RUN echo "xpack.security.enabled: false" >> /usr/share/elasticsearch/config/elasticsearch.yml
 RUN echo "discovery.type: single-node" >> /usr/share/elasticsearch/config/elasticsearch.yml
 RUN bin/elasticsearch-plugin install -b analysis-icu && \

images/elasticsearch/7.6/Dockerfile

@@ -1,5 +1,8 @@
 FROM docker.elastic.co/elasticsearch/elasticsearch:7.6.2
 
+RUN yum -y install zip
+RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
+
 RUN echo "xpack.security.enabled: false" >> /usr/share/elasticsearch/config/elasticsearch.yml
 RUN echo "discovery.type: single-node" >> /usr/share/elasticsearch/config/elasticsearch.yml
 RUN bin/elasticsearch-plugin install -b analysis-icu && \

images/elasticsearch/7.7/Dockerfile

@@ -1,5 +1,8 @@
 FROM docker.elastic.co/elasticsearch/elasticsearch:7.7.1
 
+RUN yum -y install zip
+RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
+
 RUN echo "xpack.security.enabled: false" >> /usr/share/elasticsearch/config/elasticsearch.yml
 RUN echo "discovery.type: single-node" >> /usr/share/elasticsearch/config/elasticsearch.yml
 RUN bin/elasticsearch-plugin install -b analysis-icu && \

images/elasticsearch/7.9/Dockerfile

@@ -1,5 +1,8 @@
 FROM docker.elastic.co/elasticsearch/elasticsearch:7.9.3
 
+RUN yum -y install zip
+RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
+
 RUN echo "xpack.security.enabled: false" >> /usr/share/elasticsearch/config/elasticsearch.yml
 RUN echo "discovery.type: single-node" >> /usr/share/elasticsearch/config/elasticsearch.yml
 RUN bin/elasticsearch-plugin install -b analysis-icu && \

images/elasticsearch/es/Dockerfile

@@ -1,5 +1,8 @@
 FROM docker.elastic.co/elasticsearch/elasticsearch:{%version%}
 
+RUN yum -y install zip
+RUN zip -q -d /usr/share/elasticsearch/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
+
 RUN echo "xpack.security.enabled: false" >> /usr/share/elasticsearch/config/elasticsearch.yml
 {%single_node%}
 RUN bin/elasticsearch-plugin install -b analysis-icu && \