610e3044ad
Even though we use `ubi8-minimal` as the parent of our container, it still has many RPMs installed that aren't necessary to run the Keycloak server. Also, since the JDK RPM (that we install on top of `ubi8-minimal`) is designed for general use, it pulls in more dependency RPMs than it strictly needs to, like cups and avahi. Keycloak will never need to access a printer itself! Trimming down these excess RPMs will improve our CVE statistics with automated scanners, and therefore let us perform fewer CVE rebuilds. `ubi8-null.sh` uses the low-level `rpm` command to identify and forcibly remove dependencies and operating system files that are not required to boot our Quarkus-based server. This includes `microdnf` and `rpm` itself! I have preserved bash however, so it's still possible to debug the container from a shell. I've created an initial set of allow/disallow lists, that seems to pass a smoke test (server boots, admin console works). This leaves 37 packages installed, with 96 removed relative to `ubi8-minimal`. We could go more minimal than this, or less minimal if required. Trial and error is required. Closes #16902 |
||
|---|---|---|
| .github | ||
| .mvn/wrapper | ||
| adapters | ||
| authz | ||
| boms | ||
| common | ||
| core | ||
| crypto | ||
| dependencies | ||
| distribution | ||
| docs | ||
| examples | ||
| federation | ||
| integration | ||
| js | ||
| misc | ||
| model | ||
| operator | ||
| quarkus | ||
| rest | ||
| saml-core | ||
| saml-core-api | ||
| server-spi | ||
| server-spi-private | ||
| services | ||
| testsuite | ||
| themes | ||
| util | ||
| .gitattributes | ||
| .gitignore | ||
| .gitleaks.toml | ||
| ADOPTERS.md | ||
| CONTRIBUTING.md | ||
| get-version.sh | ||
| GOVERNANCE.md | ||
| LICENSE.txt | ||
| MAINTAINERS.md | ||
| maven-settings.xml | ||
| mvnw | ||
| mvnw.cmd | ||
| pom.xml | ||
| PR-CHECKLIST.md | ||
| prod-arguments.json | ||
| README.md | ||
| release.sh | ||
| set-version.sh | ||
Keycloak
Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services.
This repository contains the source code for the Keycloak Server, Java adapters and the JavaScript adapter.
Help and Documentation
- Documentation
- User Mailing List - Mailing list for help and general questions about Keycloak
Reporting Security Vulnerabilities
If you've found a security vulnerability, please look at the instructions on how to properly report it
Reporting an issue
If you believe you have discovered a defect in Keycloak, please open an issue. Please remember to provide a good summary, description as well as steps to reproduce the issue.
Getting started
To run Keycloak, download the distribution from our website. Unzip and run:
bin/kc.[sh|bat] start-dev
Alternatively, you can use the Docker image by running:
docker run quay.io/keycloak/keycloak start-dev
For more details refer to the Keycloak Documentation.
Building from Source
To build from source, refer to the building and working with the code base guide.
Testing
To run tests, refer to the running tests guide.
Writing Tests
To write tests, refer to the writing tests guide.
Contributing
Before contributing to Keycloak, please read our contributing guidelines.
Other Keycloak Projects
- Keycloak - Keycloak Server and Java adapters
- Keycloak Documentation - Documentation for Keycloak
- Keycloak QuickStarts - QuickStarts for getting started with Keycloak
- Keycloak Node.js Connect - Node.js adapter for Keycloak
- Keycloak Node.js Admin Client - Node.js library for Keycloak Admin REST API