maven: 3.9.0 #14083

carlossg · 2023-02-14T08:56:51Z

remove openjdk-18 EOL

yosifkit · 2023-02-14T22:06:21Z

The reason for the diff job failing is because of the included KEYS files. See https://github.com/docker-library/faq#openpgp--gnupg-keys-and-verification -- TLDR, COPY KEYS ... is hard for users to verify, annoying during review (since the full exported key file shows up in our diffs), etc; I'd recommend instead pulling the keys via full fingerprint from a PGP keyserver (both so users can verify it with a fingerprint that's hopefully published on an official Maven page and so it gets fully verified during the image build)

carlossg · 2023-02-15T10:01:12Z

thanks, I had that but I though it would be a problem to pull the keys on each build, I'll put it back

remove openjdk-18 EOL

github-actions · 2023-02-15T10:46:42Z

Diff for 21726c3:

diff --git a/_bashbrew-cat b/_bashbrew-cat
index 0eb2118..7a3a083 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -1,111 +1,103 @@
 Maintainers: Carlos Sanchez <[email protected]> (@carlossg)
 GitRepo: https://github.com/carlossg/docker-maven.git
 
-Tags: 3.8.7-amazoncorretto-8, 3.8-amazoncorretto-8, 3-amazoncorretto-8
+Tags: 3.9.0-amazoncorretto-8, 3.9-amazoncorretto-8, 3-amazoncorretto-8
 Architectures: amd64, arm64v8
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: amazoncorretto-8
 
-Tags: 3.8.7-amazoncorretto-11, 3.8.7-amazoncorretto, 3.8-amazoncorretto-11, 3.8-amazoncorretto, 3-amazoncorretto-11, 3-amazoncorretto, amazoncorretto
+Tags: 3.9.0-amazoncorretto-11, 3.9.0-amazoncorretto, 3.9-amazoncorretto-11, 3.9-amazoncorretto, 3-amazoncorretto-11, 3-amazoncorretto, amazoncorretto
 Architectures: amd64, arm64v8
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: amazoncorretto-11
 
-Tags: 3.8.7-amazoncorretto-17, 3.8-amazoncorretto-17, 3-amazoncorretto-17
+Tags: 3.9.0-amazoncorretto-17, 3.9-amazoncorretto-17, 3-amazoncorretto-17
 Architectures: amd64, arm64v8
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: amazoncorretto-17
 
-Tags: 3.8.7-amazoncorretto-19, 3.8-amazoncorretto-19, 3-amazoncorretto-19
+Tags: 3.9.0-amazoncorretto-19, 3.9-amazoncorretto-19, 3-amazoncorretto-19
 Architectures: amd64, arm64v8
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: amazoncorretto-19
 
-Tags: 3.8.7-eclipse-temurin-8, 3.8-eclipse-temurin-8, 3-eclipse-temurin-8
+Tags: 3.9.0-eclipse-temurin-8, 3.9-eclipse-temurin-8, 3-eclipse-temurin-8
 Architectures: amd64, arm32v7, arm64v8, ppc64le
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: eclipse-temurin-8
 
-Tags: 3.8.7-eclipse-temurin-8-alpine, 3.8-eclipse-temurin-8-alpine, 3-eclipse-temurin-8-alpine
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+Tags: 3.9.0-eclipse-temurin-8-alpine, 3.9-eclipse-temurin-8-alpine, 3-eclipse-temurin-8-alpine
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: eclipse-temurin-8-alpine
 
-Tags: 3.8.7-eclipse-temurin-8-focal, 3.8-eclipse-temurin-8-focal, 3-eclipse-temurin-8-focal
+Tags: 3.9.0-eclipse-temurin-8-focal, 3.9-eclipse-temurin-8-focal, 3-eclipse-temurin-8-focal
 Architectures: amd64, arm32v7, arm64v8, ppc64le
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: eclipse-temurin-8-focal
 
-Tags: 3.8.7-eclipse-temurin-11, 3.8-eclipse-temurin-11, 3-eclipse-temurin-11
+Tags: 3.9.0-eclipse-temurin-11, 3.9-eclipse-temurin-11, 3-eclipse-temurin-11
 Architectures: amd64, arm32v7, arm64v8, ppc64le, s390x
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: eclipse-temurin-11
 
-Tags: 3.8.7-eclipse-temurin-11-alpine, 3.8-eclipse-temurin-11-alpine, 3-eclipse-temurin-11-alpine
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+Tags: 3.9.0-eclipse-temurin-11-alpine, 3.9-eclipse-temurin-11-alpine, 3-eclipse-temurin-11-alpine
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: eclipse-temurin-11-alpine
 
-Tags: 3.8.7-eclipse-temurin-11-focal, 3.8-eclipse-temurin-11-focal, 3-eclipse-temurin-11-focal
+Tags: 3.9.0-eclipse-temurin-11-focal, 3.9-eclipse-temurin-11-focal, 3-eclipse-temurin-11-focal
 Architectures: amd64, arm32v7, arm64v8, ppc64le, s390x
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: eclipse-temurin-11-focal
 
-Tags: 3.8.7-eclipse-temurin-17, 3.8.7, 3.8.7-eclipse-temurin, 3.8-eclipse-temurin-17, 3.8, 3.8-eclipse-temurin, 3-eclipse-temurin-17, 3, latest, 3-eclipse-temurin, eclipse-temurin
+Tags: 3.9.0-eclipse-temurin-17, 3.9.0, 3.9.0-eclipse-temurin, 3.9-eclipse-temurin-17, 3.9, 3.9-eclipse-temurin, 3-eclipse-temurin-17, 3, latest, 3-eclipse-temurin, eclipse-temurin
 Architectures: amd64, arm32v7, arm64v8, ppc64le, s390x
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: eclipse-temurin-17
 
-Tags: 3.8.7-eclipse-temurin-17-alpine, 3.8-eclipse-temurin-17-alpine, 3-eclipse-temurin-17-alpine
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+Tags: 3.9.0-eclipse-temurin-17-alpine, 3.9-eclipse-temurin-17-alpine, 3-eclipse-temurin-17-alpine
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: eclipse-temurin-17-alpine
 
-Tags: 3.8.7-eclipse-temurin-17-focal, 3.8-eclipse-temurin-17-focal, 3-eclipse-temurin-17-focal
+Tags: 3.9.0-eclipse-temurin-17-focal, 3.9-eclipse-temurin-17-focal, 3-eclipse-temurin-17-focal
 Architectures: amd64, arm32v7, arm64v8, ppc64le, s390x
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: eclipse-temurin-17-focal
 
-Tags: 3.8.7-eclipse-temurin-19, 3.8-eclipse-temurin-19, 3-eclipse-temurin-19
+Tags: 3.9.0-eclipse-temurin-19, 3.9-eclipse-temurin-19, 3-eclipse-temurin-19
 Architectures: amd64, arm32v7, arm64v8, ppc64le, s390x
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: eclipse-temurin-19
 
-Tags: 3.8.7-eclipse-temurin-19-alpine, 3.8-eclipse-temurin-19-alpine, 3-eclipse-temurin-19-alpine
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+Tags: 3.9.0-eclipse-temurin-19-alpine, 3.9-eclipse-temurin-19-alpine, 3-eclipse-temurin-19-alpine
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: eclipse-temurin-19-alpine
 
-Tags: 3.8.7-eclipse-temurin-19-focal, 3.8-eclipse-temurin-19-focal, 3-eclipse-temurin-19-focal
+Tags: 3.9.0-eclipse-temurin-19-focal, 3.9-eclipse-temurin-19-focal, 3-eclipse-temurin-19-focal
 Architectures: amd64, arm32v7, arm64v8, ppc64le, s390x
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: eclipse-temurin-19-focal
 
-Tags: 3.8.7-ibmjava-8, 3.8.7-ibmjava, 3.8-ibmjava-8, 3.8-ibmjava, 3-ibmjava-8, 3-ibmjava, ibmjava
+Tags: 3.9.0-ibmjava-8, 3.9.0-ibmjava, 3.9-ibmjava-8, 3.9-ibmjava, 3-ibmjava-8, 3-ibmjava, ibmjava
 Architectures: amd64, i386, ppc64le, s390x
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: ibmjava-8
 
-Tags: 3.8.7-ibm-semeru-11-focal, 3.8-ibm-semeru-11-focal, 3-ibm-semeru-11-focal
+Tags: 3.9.0-ibm-semeru-11-focal, 3.9-ibm-semeru-11-focal, 3-ibm-semeru-11-focal
 Architectures: amd64, arm64v8, ppc64le, s390x
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: ibm-semeru-11-focal
 
-Tags: 3.8.7-ibm-semeru-17-focal, 3.8-ibm-semeru-17-focal, 3-ibm-semeru-17-focal
+Tags: 3.9.0-ibm-semeru-17-focal, 3.9-ibm-semeru-17-focal, 3-ibm-semeru-17-focal
 Architectures: amd64, arm64v8, ppc64le, s390x
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: ibm-semeru-17-focal
 
-Tags: 3.8.7-openjdk-18, 3.8-openjdk-18, 3-openjdk-18
-Architectures: amd64, arm64v8
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
-Directory: openjdk-18
-
-Tags: 3.8.7-openjdk-18-slim, 3.8-openjdk-18-slim, 3-openjdk-18-slim
-Architectures: amd64, arm64v8
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
-Directory: openjdk-18-slim
-
-Tags: 3.8.7-sapmachine-11, 3.8-sapmachine-11, 3-sapmachine-11
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+Tags: 3.9.0-sapmachine-11, 3.9-sapmachine-11, 3-sapmachine-11
+Architectures: amd64, arm64v8, ppc64le
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: sapmachine-11
 
-Tags: 3.8.7-sapmachine-17, 3.8.7-sapmachine, 3.8-sapmachine-17, 3.8-sapmachine, 3-sapmachine-17, 3-sapmachine, sapmachine
-GitCommit: 34e7d27260ee61c6866922c523e04b53ba098337
+Tags: 3.9.0-sapmachine-17, 3.9.0-sapmachine, 3.9-sapmachine-17, 3.9-sapmachine, 3-sapmachine-17, 3-sapmachine, sapmachine
+Architectures: amd64, arm64v8, ppc64le
+GitCommit: 32760466401d45fabb8166b5dcf9003b07598918
 Directory: sapmachine-17
diff --git a/_bashbrew-list b/_bashbrew-list
index d7e6afe..62b622d 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -21,67 +21,61 @@ maven:3-ibmjava
 maven:3-ibmjava-8
 maven:3-ibm-semeru-11-focal
 maven:3-ibm-semeru-17-focal
-maven:3-openjdk-18
-maven:3-openjdk-18-slim
 maven:3-sapmachine
 maven:3-sapmachine-11
 maven:3-sapmachine-17
-maven:3.8
-maven:3.8-amazoncorretto
-maven:3.8-amazoncorretto-8
-maven:3.8-amazoncorretto-11
-maven:3.8-amazoncorretto-17
-maven:3.8-amazoncorretto-19
-maven:3.8-eclipse-temurin
-maven:3.8-eclipse-temurin-8
-maven:3.8-eclipse-temurin-8-alpine
-maven:3.8-eclipse-temurin-8-focal
-maven:3.8-eclipse-temurin-11
-maven:3.8-eclipse-temurin-11-alpine
-maven:3.8-eclipse-temurin-11-focal
-maven:3.8-eclipse-temurin-17
-maven:3.8-eclipse-temurin-17-alpine
-maven:3.8-eclipse-temurin-17-focal
-maven:3.8-eclipse-temurin-19
-maven:3.8-eclipse-temurin-19-alpine
-maven:3.8-eclipse-temurin-19-focal
-maven:3.8-ibmjava
-maven:3.8-ibmjava-8
-maven:3.8-ibm-semeru-11-focal
-maven:3.8-ibm-semeru-17-focal
-maven:3.8-openjdk-18
-maven:3.8-openjdk-18-slim
-maven:3.8-sapmachine
-maven:3.8-sapmachine-11
-maven:3.8-sapmachine-17
-maven:3.8.7
-maven:3.8.7-amazoncorretto
-maven:3.8.7-amazoncorretto-8
-maven:3.8.7-amazoncorretto-11
-maven:3.8.7-amazoncorretto-17
-maven:3.8.7-amazoncorretto-19
-maven:3.8.7-eclipse-temurin
-maven:3.8.7-eclipse-temurin-8
-maven:3.8.7-eclipse-temurin-8-alpine
-maven:3.8.7-eclipse-temurin-8-focal
-maven:3.8.7-eclipse-temurin-11
-maven:3.8.7-eclipse-temurin-11-alpine
-maven:3.8.7-eclipse-temurin-11-focal
-maven:3.8.7-eclipse-temurin-17
-maven:3.8.7-eclipse-temurin-17-alpine
-maven:3.8.7-eclipse-temurin-17-focal
-maven:3.8.7-eclipse-temurin-19
-maven:3.8.7-eclipse-temurin-19-alpine
-maven:3.8.7-eclipse-temurin-19-focal
-maven:3.8.7-ibmjava
-maven:3.8.7-ibmjava-8
-maven:3.8.7-ibm-semeru-11-focal
-maven:3.8.7-ibm-semeru-17-focal
-maven:3.8.7-openjdk-18
-maven:3.8.7-openjdk-18-slim
-maven:3.8.7-sapmachine
-maven:3.8.7-sapmachine-11
-maven:3.8.7-sapmachine-17
+maven:3.9
+maven:3.9-amazoncorretto
+maven:3.9-amazoncorretto-8
+maven:3.9-amazoncorretto-11
+maven:3.9-amazoncorretto-17
+maven:3.9-amazoncorretto-19
+maven:3.9-eclipse-temurin
+maven:3.9-eclipse-temurin-8
+maven:3.9-eclipse-temurin-8-alpine
+maven:3.9-eclipse-temurin-8-focal
+maven:3.9-eclipse-temurin-11
+maven:3.9-eclipse-temurin-11-alpine
+maven:3.9-eclipse-temurin-11-focal
+maven:3.9-eclipse-temurin-17
+maven:3.9-eclipse-temurin-17-alpine
+maven:3.9-eclipse-temurin-17-focal
+maven:3.9-eclipse-temurin-19
+maven:3.9-eclipse-temurin-19-alpine
+maven:3.9-eclipse-temurin-19-focal
+maven:3.9-ibmjava
+maven:3.9-ibmjava-8
+maven:3.9-ibm-semeru-11-focal
+maven:3.9-ibm-semeru-17-focal
+maven:3.9-sapmachine
+maven:3.9-sapmachine-11
+maven:3.9-sapmachine-17
+maven:3.9.0
+maven:3.9.0-amazoncorretto
+maven:3.9.0-amazoncorretto-8
+maven:3.9.0-amazoncorretto-11
+maven:3.9.0-amazoncorretto-17
+maven:3.9.0-amazoncorretto-19
+maven:3.9.0-eclipse-temurin
+maven:3.9.0-eclipse-temurin-8
+maven:3.9.0-eclipse-temurin-8-alpine
+maven:3.9.0-eclipse-temurin-8-focal
+maven:3.9.0-eclipse-temurin-11
+maven:3.9.0-eclipse-temurin-11-alpine
+maven:3.9.0-eclipse-temurin-11-focal
+maven:3.9.0-eclipse-temurin-17
+maven:3.9.0-eclipse-temurin-17-alpine
+maven:3.9.0-eclipse-temurin-17-focal
+maven:3.9.0-eclipse-temurin-19
+maven:3.9.0-eclipse-temurin-19-alpine
+maven:3.9.0-eclipse-temurin-19-focal
+maven:3.9.0-ibmjava
+maven:3.9.0-ibmjava-8
+maven:3.9.0-ibm-semeru-11-focal
+maven:3.9.0-ibm-semeru-17-focal
+maven:3.9.0-sapmachine
+maven:3.9.0-sapmachine-11
+maven:3.9.0-sapmachine-17
 maven:amazoncorretto
 maven:eclipse-temurin
 maven:ibmjava
diff --git a/_bashbrew-list-build-order b/_bashbrew-list-build-order
index 02924ba..947b2ea 100644
--- a/_bashbrew-list-build-order
+++ b/_bashbrew-list-build-order
@@ -17,7 +17,5 @@ maven:3-eclipse-temurin-19-focal
 maven:ibmjava
 maven:3-ibm-semeru-11-focal
 maven:3-ibm-semeru-17-focal
-maven:3-openjdk-18
-maven:3-openjdk-18-slim
 maven:3-sapmachine-11
 maven:sapmachine
diff --git a/maven_3-amazoncorretto-17/Dockerfile b/maven_3-amazoncorretto-17/Dockerfile
index 785bd4c..e92ef48 100644
--- a/maven_3-amazoncorretto-17/Dockerfile
+++ b/maven_3-amazoncorretto-17/Dockerfile
@@ -1,24 +1,33 @@
 FROM amazoncorretto:17
 
-RUN yum install -y tar which gzip \
-  && rm -rf /var/cache/yum/* \
-  && yum clean all
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && yum install -y tar which gzip \
+  && yum clean all \
+  && rm -rf /var/cache/yum/* \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_3-amazoncorretto-19/Dockerfile b/maven_3-amazoncorretto-19/Dockerfile
index b60861e..d852b71 100644
--- a/maven_3-amazoncorretto-19/Dockerfile
+++ b/maven_3-amazoncorretto-19/Dockerfile
@@ -1,24 +1,33 @@
 FROM amazoncorretto:19
 
-RUN yum install -y tar which gzip \
-  && rm -rf /var/cache/yum/* \
-  && yum clean all
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && yum install -y tar which gzip \
+  && yum clean all \
+  && rm -rf /var/cache/yum/* \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_3-amazoncorretto-8/Dockerfile b/maven_3-amazoncorretto-8/Dockerfile
index c165855..ba0f680 100644
--- a/maven_3-amazoncorretto-8/Dockerfile
+++ b/maven_3-amazoncorretto-8/Dockerfile
@@ -1,20 +1,9 @@
 FROM amazoncorretto:8
 
-RUN yum install -y tar which gzip \
-  && rm -rf /var/cache/yum/* \
-  && yum clean all
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
@@ -22,6 +11,26 @@ ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 # Workaround https://github.com/corretto/corretto-8-docker/pull/32
 ENV JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto
 
+RUN set -x \
+  && yum install -y tar which gzip \
+  && yum clean all \
+  && rm -rf /var/cache/yum/* \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_3-eclipse-temurin-11-alpine/Dockerfile b/maven_3-eclipse-temurin-11-alpine/Dockerfile
index bc7ab91..210f40d 100644
--- a/maven_3-eclipse-temurin-11-alpine/Dockerfile
+++ b/maven_3-eclipse-temurin-11-alpine/Dockerfile
@@ -1,22 +1,32 @@
 FROM eclipse-temurin:11-jdk-alpine
 
-RUN apk add --no-cache curl tar bash procps
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && apk add --no-cache bash procps curl tar gnupg \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  && apk del gnupg \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_3-eclipse-temurin-11-focal/Dockerfile b/maven_3-eclipse-temurin-11-focal/Dockerfile
index 17ff628..85499c2 100644
--- a/maven_3-eclipse-temurin-11-focal/Dockerfile
+++ b/maven_3-eclipse-temurin-11-focal/Dockerfile
@@ -1,24 +1,34 @@
 FROM eclipse-temurin:11-jdk-focal
 
-RUN apt-get update \
-    && apt-get install -y git \
-    && rm -rf /var/lib/apt/lists/*
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && apt-get update \
+  && apt-get install -y ca-certificates curl git gnupg dirmngr --no-install-recommends \
+  && rm -rf /var/lib/apt/lists/* \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  && apt-get remove --purge --autoremove -y gnupg dirmngr \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_3-eclipse-temurin-11/Dockerfile b/maven_3-eclipse-temurin-11/Dockerfile
index 4290717..2c05863 100644
--- a/maven_3-eclipse-temurin-11/Dockerfile
+++ b/maven_3-eclipse-temurin-11/Dockerfile
@@ -1,24 +1,34 @@
 FROM eclipse-temurin:11-jdk
 
-RUN apt-get update \
-    && apt-get install -y git \
-    && rm -rf /var/lib/apt/lists/*
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && apt-get update \
+  && apt-get install -y ca-certificates curl git gnupg dirmngr --no-install-recommends \
+  && rm -rf /var/lib/apt/lists/* \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  && apt-get remove --purge --autoremove -y gnupg dirmngr \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_3-eclipse-temurin-17-alpine/Dockerfile b/maven_3-eclipse-temurin-17-alpine/Dockerfile
index 4c38dab..715a256 100644
--- a/maven_3-eclipse-temurin-17-alpine/Dockerfile
+++ b/maven_3-eclipse-temurin-17-alpine/Dockerfile
@@ -1,22 +1,32 @@
 FROM eclipse-temurin:17-jdk-alpine
 
-RUN apk add --no-cache curl tar bash procps
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && apk add --no-cache bash procps curl tar gnupg \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  && apk del gnupg \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_3-eclipse-temurin-17-focal/Dockerfile b/maven_3-eclipse-temurin-17-focal/Dockerfile
index 157aa67..84dce7d 100644
--- a/maven_3-eclipse-temurin-17-focal/Dockerfile
+++ b/maven_3-eclipse-temurin-17-focal/Dockerfile
@@ -1,24 +1,34 @@
 FROM eclipse-temurin:17-jdk-focal
 
-RUN apt-get update \
-    && apt-get install -y git \
-    && rm -rf /var/lib/apt/lists/*
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && apt-get update \
+  && apt-get install -y ca-certificates curl git gnupg dirmngr --no-install-recommends \
+  && rm -rf /var/lib/apt/lists/* \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  && apt-get remove --purge --autoremove -y gnupg dirmngr \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_3-eclipse-temurin-19-alpine/Dockerfile b/maven_3-eclipse-temurin-19-alpine/Dockerfile
index 01e1549..cb5a691 100644
--- a/maven_3-eclipse-temurin-19-alpine/Dockerfile
+++ b/maven_3-eclipse-temurin-19-alpine/Dockerfile
@@ -1,22 +1,32 @@
 FROM eclipse-temurin:19-jdk-alpine
 
-RUN apk add --no-cache curl tar bash procps
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && apk add --no-cache bash procps curl tar gnupg \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  && apk del gnupg \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_3-eclipse-temurin-19-focal/Dockerfile b/maven_3-eclipse-temurin-19-focal/Dockerfile
index d2624e9..a66cfa1 100644
--- a/maven_3-eclipse-temurin-19-focal/Dockerfile
+++ b/maven_3-eclipse-temurin-19-focal/Dockerfile
@@ -1,24 +1,34 @@
 FROM eclipse-temurin:19-jdk-focal
 
-RUN apt-get update \
-    && apt-get install -y git \
-    && rm -rf /var/lib/apt/lists/*
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && apt-get update \
+  && apt-get install -y ca-certificates curl git gnupg dirmngr --no-install-recommends \
+  && rm -rf /var/lib/apt/lists/* \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  && apt-get remove --purge --autoremove -y gnupg dirmngr \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_3-eclipse-temurin-19/Dockerfile b/maven_3-eclipse-temurin-19/Dockerfile
index 302d0e9..70230f5 100644
--- a/maven_3-eclipse-temurin-19/Dockerfile
+++ b/maven_3-eclipse-temurin-19/Dockerfile
@@ -1,24 +1,34 @@
 FROM eclipse-temurin:19-jdk
 
-RUN apt-get update \
-    && apt-get install -y git \
-    && rm -rf /var/lib/apt/lists/*
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && apt-get update \
+  && apt-get install -y ca-certificates curl git gnupg dirmngr --no-install-recommends \
+  && rm -rf /var/lib/apt/lists/* \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  && apt-get remove --purge --autoremove -y gnupg dirmngr \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_3-eclipse-temurin-8-alpine/Dockerfile b/maven_3-eclipse-temurin-8-alpine/Dockerfile
index c04e6e4..aa4ec88 100644
--- a/maven_3-eclipse-temurin-8-alpine/Dockerfile
+++ b/maven_3-eclipse-temurin-8-alpine/Dockerfile
@@ -1,22 +1,32 @@
 FROM eclipse-temurin:8-jdk-alpine
 
-RUN apk add --no-cache curl tar bash procps
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && apk add --no-cache bash procps curl tar gnupg \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  && apk del gnupg \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_3-eclipse-temurin-8-focal/Dockerfile b/maven_3-eclipse-temurin-8-focal/Dockerfile
index 084e8c4..fbe0108 100644
--- a/maven_3-eclipse-temurin-8-focal/Dockerfile
+++ b/maven_3-eclipse-temurin-8-focal/Dockerfile
@@ -1,24 +1,34 @@
 FROM eclipse-temurin:8-jdk-focal
 
-RUN apt-get update \
-    && apt-get install -y git \
-    && rm -rf /var/lib/apt/lists/*
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && apt-get update \
+  && apt-get install -y ca-certificates curl git gnupg dirmngr --no-install-recommends \
+  && rm -rf /var/lib/apt/lists/* \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  && apt-get remove --purge --autoremove -y gnupg dirmngr \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_3-eclipse-temurin-8/Dockerfile b/maven_3-eclipse-temurin-8/Dockerfile
index 95f1f08..b06a2f6 100644
--- a/maven_3-eclipse-temurin-8/Dockerfile
+++ b/maven_3-eclipse-temurin-8/Dockerfile
@@ -1,24 +1,34 @@
 FROM eclipse-temurin:8-jdk
 
-RUN apt-get update \
-    && apt-get install -y git \
-    && rm -rf /var/lib/apt/lists/*
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && apt-get update \
+  && apt-get install -y ca-certificates curl git gnupg dirmngr --no-install-recommends \
+  && rm -rf /var/lib/apt/lists/* \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  && apt-get remove --purge --autoremove -y gnupg dirmngr \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_3-ibm-semeru-11-focal/Dockerfile b/maven_3-ibm-semeru-11-focal/Dockerfile
index ba6a87a..9b3c57a 100644
--- a/maven_3-ibm-semeru-11-focal/Dockerfile
+++ b/maven_3-ibm-semeru-11-focal/Dockerfile
@@ -1,24 +1,34 @@
 FROM ibm-semeru-runtimes:open-11-jdk-focal
 
-RUN apt-get update \
-    && apt-get install -y git \
-    && rm -rf /var/lib/apt/lists/*
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && apt-get update \
+  && apt-get install -y git gnupg dirmngr --no-install-recommends \
+  && rm -rf /var/lib/apt/lists/* \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  && apt-get remove --purge --autoremove -y gnupg dirmngr \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_3-ibm-semeru-17-focal/Dockerfile b/maven_3-ibm-semeru-17-focal/Dockerfile
index 744aa5e..ef380ea 100644
--- a/maven_3-ibm-semeru-17-focal/Dockerfile
+++ b/maven_3-ibm-semeru-17-focal/Dockerfile
@@ -1,24 +1,34 @@
 FROM ibm-semeru-runtimes:open-17-jdk-focal
 
-RUN apt-get update \
-    && apt-get install -y git \
-    && rm -rf /var/lib/apt/lists/*
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && apt-get update \
+  && apt-get install -y git gnupg dirmngr --no-install-recommends \
+  && rm -rf /var/lib/apt/lists/* \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  && apt-get remove --purge --autoremove -y gnupg dirmngr \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_3-openjdk-18-slim/Dockerfile b/maven_3-openjdk-18-slim/Dockerfile
deleted file mode 100644
index e840d22..0000000
diff --git a/maven_3-openjdk-18-slim/mvn-entrypoint.sh b/maven_3-openjdk-18-slim/mvn-entrypoint.sh
deleted file mode 100755
index 9f87dfa..0000000
diff --git a/maven_3-openjdk-18-slim/settings-docker.xml b/maven_3-openjdk-18-slim/settings-docker.xml
deleted file mode 100644
index 586c587..0000000
diff --git a/maven_3-openjdk-18/Dockerfile b/maven_3-openjdk-18/Dockerfile
deleted file mode 100644
index 3159393..0000000
diff --git a/maven_3-openjdk-18/mvn-entrypoint.sh b/maven_3-openjdk-18/mvn-entrypoint.sh
deleted file mode 100755
index 9f87dfa..0000000
diff --git a/maven_3-openjdk-18/settings-docker.xml b/maven_3-openjdk-18/settings-docker.xml
deleted file mode 100644
index 586c587..0000000
diff --git a/maven_3-sapmachine-11/Dockerfile b/maven_3-sapmachine-11/Dockerfile
index d6fa0de..17f730c 100644
--- a/maven_3-sapmachine-11/Dockerfile
+++ b/maven_3-sapmachine-11/Dockerfile
@@ -1,24 +1,34 @@
 FROM sapmachine:11
 
-RUN apt-get update \
-    && apt-get install -y curl git \
-    && rm -rf /var/lib/apt/lists/*
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && apt-get update \
+  && apt-get install -y ca-certificates curl git gnupg dirmngr --no-install-recommends \
+  && rm -rf /var/lib/apt/lists/* \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  && apt-get remove --purge --autoremove -y gnupg dirmngr \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_amazoncorretto/Dockerfile b/maven_amazoncorretto/Dockerfile
index d593213..abe08af 100644
--- a/maven_amazoncorretto/Dockerfile
+++ b/maven_amazoncorretto/Dockerfile
@@ -1,24 +1,33 @@
 FROM amazoncorretto:11
 
-RUN yum install -y tar which gzip \
-  && rm -rf /var/cache/yum/* \
-  && yum clean all
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && yum install -y tar which gzip \
+  && yum clean all \
+  && rm -rf /var/cache/yum/* \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_eclipse-temurin/Dockerfile b/maven_eclipse-temurin/Dockerfile
index 8320275..d5016d0 100644
--- a/maven_eclipse-temurin/Dockerfile
+++ b/maven_eclipse-temurin/Dockerfile
@@ -1,24 +1,34 @@
 FROM eclipse-temurin:17-jdk
 
-RUN apt-get update \
-    && apt-get install -y git \
-    && rm -rf /var/lib/apt/lists/*
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && apt-get update \
+  && apt-get install -y ca-certificates curl git gnupg dirmngr --no-install-recommends \
+  && rm -rf /var/lib/apt/lists/* \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  && apt-get remove --purge --autoremove -y gnupg dirmngr \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_ibmjava/Dockerfile b/maven_ibmjava/Dockerfile
index a6e7e2f..be7329b 100644
--- a/maven_ibmjava/Dockerfile
+++ b/maven_ibmjava/Dockerfile
@@ -1,22 +1,34 @@
 FROM ibmjava:8-sdk
 
-RUN apt-get update && apt-get install -y curl
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && apt-get update \
+  && apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \
+  && rm -rf /var/lib/apt/lists/* \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  && apt-get remove --purge --autoremove -y gnupg dirmngr \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/
 
diff --git a/maven_sapmachine/Dockerfile b/maven_sapmachine/Dockerfile
index ad82930..cd3c509 100644
--- a/maven_sapmachine/Dockerfile
+++ b/maven_sapmachine/Dockerfile
@@ -1,24 +1,34 @@
 FROM sapmachine:17
 
-RUN apt-get update \
-    && apt-get install -y curl git \
-    && rm -rf /var/lib/apt/lists/*
-
-ARG MAVEN_VERSION=3.8.7
+ARG MAVEN_VERSION=3.9.0
 ARG USER_HOME_DIR="/root"
-ARG SHA=21c2be0a180a326353e8f6d12289f74bc7cd53080305f05358936f3a1b6dd4d91203f4cc799e81761cf5c53c5bbe9dcc13bdb27ec8f57ecf21b2f9ceec3c8d27
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
-
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
+ARG SHA=1ea149f4e48bc7b34d554aef86f948eca7df4e7874e30caf449f3708e4f8487c71a5e5c072a05f17c60406176ebeeaf56b5f895090c7346f8238e2da06cf6ecd
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
 
+RUN set -x \
+  && apt-get update \
+  && apt-get install -y ca-certificates curl git gnupg dirmngr --no-install-recommends \
+  && rm -rf /var/lib/apt/lists/* \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  # GNUPGHOME may fail to delete even with -rf
+  && (rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz || true) \
+  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
+  && apt-get remove --purge --autoremove -y gnupg dirmngr \
+  # smoke test
+  && mvn --version
+
 COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
 COPY settings-docker.xml /usr/share/maven/ref/

Relevant Maintainers:

maven: @carlossg

yosifkit · 2023-02-15T23:32:21Z

+  && gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys \
+  6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \

Just a note that recv-keys can still return a successful exit code even if some keys fail to fetch, so we usually recommend to use multiple gpg --batch --recv-keys invocations (to keep the failure line as close to the cause as possible). The current Dockerfiles should work since the key would then be immediately used and fail there.

For whatever reason it might fail, we have multiple retries on our build system to combat flaky remote services like keyservers.

tianon · 2023-02-15T23:33:31Z

+  && echo "${SHA}  apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \

I'd suggest adding * here to put sha512sum into "binary" mode:

+  && echo "${SHA} *apache-maven-${MAVEN_VERSION}-bin.tar.gz" | sha512sum -c - \

+  # GNUPGHOME may fail to delete even with -rf

If you add gpgconf --kill all (in places with gpgconf and more one that supports --kill) it will succeed more often, but still not a full fix (because it doesn't wait for dirmngr to fully die before it returns - it just sends the signal and then there's still a race condition). 😭 ❤️

maintainers https://github.com/docker-library/official-images/pull/14083\#issuecomment-1432225413

carlossg · 2023-02-16T10:49:14Z

thanks! I've applied the suggestions. One question, for containers stuck with gpg 2.0 (amazoncorretto with amazon linux and libericaopenjdk with centos 7) I have an issue as the latest binaries are signed with EDDSA keys not supported.

I've seen some options like https://people.kernel.org/monsieuricon/run-gnupg-2-2-17-on-your-el7-system but needs some trust
Any suggestions?

carlossg/docker-maven#333 (comment)

carlossg · 2023-02-16T19:01:15Z

one option could be to use multistage builds, first to download and check signature, second to just copy the files

tianon · 2023-02-16T21:32:00Z

Oh, given this isn't a compiled project (where the distro you download/build on might affect the final result), doing COPY --from= is pretty reasonable if you wanted to choose one variant as the "canonical" downloading variant and COPY --from= in all the rest. 🤔

We do something similar in tomcat for JDK vs JRE and the compiled Tomcat Native bits: https://github.com/docker-library/tomcat/blob/76cf542f30956309447f435a432181bc64b3dce6/9.0/jre8/temurin-jammy/Dockerfile#L26

We also often do this for Windows Nano Server images, where it's complicated to download things, so we build the Server Core version and then COPY --from= into Nano Server.

I would suggest making sure the COPY --from=maven:x.y.z tagging is as specific as you can stand to automate, but that should work really reasonably and still give us a good chain-of-trust. 👍

carlossg · 2023-03-02T20:19:40Z

is this setup valid for you?

one canonical dockerfile (multi step) https://github.com/carlossg/docker-maven/blob/01666296749a28cd08fdc3b66faaee81632185df/eclipse-temurin-11/Dockerfile
other dockerfiles referencing it https://github.com/carlossg/docker-maven/blob/01666296749a28cd08fdc3b66faaee81632185df/eclipse-temurin-11-focal/Dockerfile

tianon · 2023-03-03T20:13:13Z

I guess you're using multi-stage so that the "builder" image has the same history/shape in the final output as the rest of the images too?

It's not strictly in line with https://github.com/docker-library/faq#multi-stage-builds, but if you add an explicit Builder: buildkit to at least that image (doesn't hurt to put globally next to Maintainers: if you want and just have it apply to all your images), it should be fine. We're working towards enabling that for all images by default, but that's still in-progress. 😅

carlossg · 2023-03-04T21:01:40Z

I'm using multi-stage to avoid the cleanup of build time dependencies and so the resulting image is the same as the other ones, no sideeffects. But I could do it in one step just fine, as it was before.

tianon · 2023-03-06T19:33:23Z

Naw, I think it's fine 👍

github-actions bot added the library/maven label Feb 14, 2023

maven: 3.9.0

21726c3

remove openjdk-18 EOL

carlossg force-pushed the maven branch from 560cce6 to 21726c3 Compare February 15, 2023 10:43

yosifkit merged commit 5614209 into docker-library:master Feb 15, 2023

carlossg deleted the maven branch February 16, 2023 08:23

carlossg referenced this pull request in carlossg/docker-maven Feb 16, 2023

chore: suggestions from docker-library

e756380

maintainers https://github.com/docker-library/official-images/pull/14083\#issuecomment-1432225413

carlossg mentioned this pull request Feb 16, 2023

chore: suggestions from docker-library carlossg/docker-maven#336

Merged

carlossg referenced this pull request in carlossg/docker-maven Feb 16, 2023

chore: suggestions from docker-library

5f28dfa

maintainers https://github.com/docker-library/official-images/pull/14083\#issuecomment-1432225413

This was referenced Feb 24, 2023

Create windows Dockerfile generator and add images carlossg/docker-maven#341

Closed

chore: install in one main image carlossg/docker-maven#342

Merged

carlossg mentioned this pull request Mar 9, 2023

maven: refactor build process #14223

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

maven: 3.9.0 #14083

maven: 3.9.0 #14083

carlossg commented Feb 14, 2023

yosifkit commented Feb 14, 2023

carlossg commented Feb 15, 2023

github-actions bot commented Feb 15, 2023

yosifkit commented Feb 15, 2023

tianon commented Feb 15, 2023

carlossg commented Feb 16, 2023

carlossg commented Feb 16, 2023

tianon commented Feb 16, 2023

carlossg commented Mar 2, 2023

tianon commented Mar 3, 2023

carlossg commented Mar 4, 2023

tianon commented Mar 6, 2023

maven: 3.9.0 #14083

maven: 3.9.0 #14083

Conversation

carlossg commented Feb 14, 2023

yosifkit commented Feb 14, 2023

carlossg commented Feb 15, 2023

github-actions bot commented Feb 15, 2023

yosifkit commented Feb 15, 2023

tianon commented Feb 15, 2023

carlossg commented Feb 16, 2023

carlossg commented Feb 16, 2023

tianon commented Feb 16, 2023

carlossg commented Mar 2, 2023

tianon commented Mar 3, 2023

carlossg commented Mar 4, 2023

tianon commented Mar 6, 2023