Ian Lewis

I think I can see two issues with the trust store handling in [docker-server.sh](https://github.com/OpenLiberty/ci.docker/blob/main/releases/latest/full/helpers/runtime/docker-server.sh) 1. The script uses 'keytool -import' to add certificates to the default trust store in 2...

@mtamboli I tried to reproduce this but didn't manage it. Can you give me any more details on the failing scenario? Maybe examples of the dockerfile and server.xml? Thanks.

I've now managed to reproduce this. The failure occurs if the liberty container is running under the open liberty operator.

@mtamboli Sorry for the slow reponse, I have been out for a few days. This isn't an easy fix, I'm sorry but I don't have an ETA for you right...

Liberty will write to certain locations while running, so in order to run with readOnlyRootFilesystem, some additional writeable storage is necessary. This can be mounted in the container. The difficulty...

For /opt/ol/wlp/output This contains: /opt/ol/wlp/output/workarea, which is populated at container build time, and contributes to startup performance. Mounting writeable storage on top of this would be possible, but would slow...

As mentioned in #457 /tmp also needs to be writeable. This is because the `/opt/ol/wlp/bin/server` (the liberty startup bash script) uses `heredoc`. On bash < 5.1, this causes a file...

@leochr I've built all these images locally, so this is ready for review.

I've tested this locally with an update to the `infinispan-client-setup.sh` to use microdnf instead of yum, and can't see any issues. Current plan is to get this fix included in...

@leochr Both these PRs are ready for review, which I believe is all the work needed for this issue.