From 26251abee36a4ef407b76be2582f9f76a6ef482a Mon Sep 17 00:00:00 2001
From: Nic Doye <nic.doye@alfresco.com>
Date: Tue, 18 Sep 2018 23:11:43 +0100
Subject: [PATCH 1/2] Multistage builds

---
 .travis.yml                | 16 ++++++++--------
 7/jre7-alpine/Dockerfile   | 29 +++++++++++++++--------------
 7/jre7-slim/Dockerfile     | 16 ++++++++--------
 7/jre7/Dockerfile          | 16 ++++++++--------
 7/jre8-alpine/Dockerfile   | 29 +++++++++++++++--------------
 7/jre8-slim/Dockerfile     | 16 ++++++++--------
 7/jre8/Dockerfile          | 16 ++++++++--------
 8.0/jre7-alpine/Dockerfile | 29 +++++++++++++++--------------
 8.0/jre7-slim/Dockerfile   | 16 ++++++++--------
 8.0/jre7/Dockerfile        | 16 ++++++++--------
 8.0/jre8-alpine/Dockerfile | 29 +++++++++++++++--------------
 8.0/jre8-slim/Dockerfile   | 16 ++++++++--------
 8.0/jre8/Dockerfile        | 16 ++++++++--------
 8.5/jre10-slim/Dockerfile  | 16 ++++++++--------
 8.5/jre10/Dockerfile       | 16 ++++++++--------
 8.5/jre8-alpine/Dockerfile | 29 +++++++++++++++--------------
 8.5/jre8-slim/Dockerfile   | 16 ++++++++--------
 8.5/jre8/Dockerfile        | 16 ++++++++--------
 9.0/jre10-slim/Dockerfile  | 16 ++++++++--------
 9.0/jre10/Dockerfile       | 16 ++++++++--------
 9.0/jre8-alpine/Dockerfile | 29 +++++++++++++++--------------
 9.0/jre8-slim/Dockerfile   | 16 ++++++++--------
 9.0/jre8/Dockerfile        | 16 ++++++++--------
 Dockerfile-alpine.template | 29 +++++++++++++++--------------
 Dockerfile.template        | 16 ++++++++--------
 update.sh                  |  2 +-
 26 files changed, 250 insertions(+), 243 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index bae4dcd8c..04f061f87 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,28 +2,28 @@ language: bash
 services: docker
 
 env:
+  - VERSION=9.0 VARIANT=jre8
   - VERSION=9.0 VARIANT=jre8-slim
   - VERSION=9.0 VARIANT=jre8-alpine
-  - VERSION=9.0 VARIANT=jre8
-  - VERSION=9.0 VARIANT=jre10-slim
   - VERSION=9.0 VARIANT=jre10
+  - VERSION=9.0 VARIANT=jre10-slim
+  - VERSION=8.5 VARIANT=jre8
   - VERSION=8.5 VARIANT=jre8-slim
   - VERSION=8.5 VARIANT=jre8-alpine
-  - VERSION=8.5 VARIANT=jre8
-  - VERSION=8.5 VARIANT=jre10-slim
   - VERSION=8.5 VARIANT=jre10
+  - VERSION=8.5 VARIANT=jre10-slim
+  - VERSION=8.0 VARIANT=jre8
   - VERSION=8.0 VARIANT=jre8-slim
   - VERSION=8.0 VARIANT=jre8-alpine
-  - VERSION=8.0 VARIANT=jre8
+  - VERSION=8.0 VARIANT=jre7
   - VERSION=8.0 VARIANT=jre7-slim
   - VERSION=8.0 VARIANT=jre7-alpine
-  - VERSION=8.0 VARIANT=jre7
+  - VERSION=7 VARIANT=jre8
   - VERSION=7 VARIANT=jre8-slim
   - VERSION=7 VARIANT=jre8-alpine
-  - VERSION=7 VARIANT=jre8
+  - VERSION=7 VARIANT=jre7
   - VERSION=7 VARIANT=jre7-slim
   - VERSION=7 VARIANT=jre7-alpine
-  - VERSION=7 VARIANT=jre7
 
 install:
   - git clone https://github.com/docker-library/official-images.git ~/official-images
diff --git a/7/jre7-alpine/Dockerfile b/7/jre7-alpine/Dockerfile
index 130812f03..d1365554c 100644
--- a/7/jre7-alpine/Dockerfile
+++ b/7/jre7-alpine/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:7-jre-alpine
+FROM openjdk:7-jre-alpine as common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -9,6 +9,17 @@ WORKDIR $CATALINA_HOME
 ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib
 ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR
 
+RUN set -eux; \
+	\
+	apk add --no-cache --virtual .tomcat-rundeps \
+		ca-certificates \
+		openssl \
+		bash \
+		apr \
+		libuuid
+
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -36,9 +47,6 @@ RUN set -eux; \
 	\
 	apk add --no-cache --virtual .fetch-deps \
 		gnupg \
-		\
-		ca-certificates \
-		openssl \
 	; \
 	\
 	export GNUPGHOME="$(mktemp -d)"; \
@@ -102,18 +110,8 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-	runDeps="$( \
-		scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \
-			| tr ',' '\n' \
-			| sort -u \
-			| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
-	)"; \
-	apk add --virtual .tomcat-native-rundeps $runDeps; \
-	apk del .fetch-deps .native-build-deps; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
-	apk add --no-cache bash; \
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
 	\
 # fix permissions (especially for running as non-root)
@@ -131,5 +129,8 @@ RUN set -e \
 		exit 1; \
 	fi
 
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
+
 EXPOSE 8080
 CMD ["catalina.sh", "run"]
diff --git a/7/jre7-slim/Dockerfile b/7/jre7-slim/Dockerfile
index ba0a6362e..393bca9ba 100644
--- a/7/jre7-slim/Dockerfile
+++ b/7/jre7-slim/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:7-jre-slim
+FROM openjdk:7-jre-slim AS common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		libapr1 \
 	&& rm -rf /var/lib/apt/lists/*
 
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -138,12 +140,6 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
@@ -163,5 +159,9 @@ RUN set -e \
 		exit 1; \
 	fi
 
+
+
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
 EXPOSE 8080
-CMD ["catalina.sh", "run"]
+CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/7/jre7/Dockerfile b/7/jre7/Dockerfile
index 6f4acdcd1..4f67eed2a 100644
--- a/7/jre7/Dockerfile
+++ b/7/jre7/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:7-jre
+FROM openjdk:7-jre AS common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		libapr1 \
 	&& rm -rf /var/lib/apt/lists/*
 
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -138,12 +140,6 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
@@ -163,5 +159,9 @@ RUN set -e \
 		exit 1; \
 	fi
 
+
+
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
 EXPOSE 8080
-CMD ["catalina.sh", "run"]
+CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/7/jre8-alpine/Dockerfile b/7/jre8-alpine/Dockerfile
index 3a28b1696..5b1a7b818 100644
--- a/7/jre8-alpine/Dockerfile
+++ b/7/jre8-alpine/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:8-jre-alpine
+FROM openjdk:8-jre-alpine as common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -9,6 +9,17 @@ WORKDIR $CATALINA_HOME
 ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib
 ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR
 
+RUN set -eux; \
+	\
+	apk add --no-cache --virtual .tomcat-rundeps \
+		ca-certificates \
+		openssl \
+		bash \
+		apr \
+		libuuid
+
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -36,9 +47,6 @@ RUN set -eux; \
 	\
 	apk add --no-cache --virtual .fetch-deps \
 		gnupg \
-		\
-		ca-certificates \
-		openssl \
 	; \
 	\
 	export GNUPGHOME="$(mktemp -d)"; \
@@ -102,18 +110,8 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-	runDeps="$( \
-		scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \
-			| tr ',' '\n' \
-			| sort -u \
-			| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
-	)"; \
-	apk add --virtual .tomcat-native-rundeps $runDeps; \
-	apk del .fetch-deps .native-build-deps; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
-	apk add --no-cache bash; \
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
 	\
 # fix permissions (especially for running as non-root)
@@ -131,5 +129,8 @@ RUN set -e \
 		exit 1; \
 	fi
 
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
+
 EXPOSE 8080
 CMD ["catalina.sh", "run"]
diff --git a/7/jre8-slim/Dockerfile b/7/jre8-slim/Dockerfile
index c18045317..f88602bf7 100644
--- a/7/jre8-slim/Dockerfile
+++ b/7/jre8-slim/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:8-jre-slim
+FROM openjdk:8-jre-slim AS common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		libapr1 \
 	&& rm -rf /var/lib/apt/lists/*
 
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -138,12 +140,6 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
@@ -163,5 +159,9 @@ RUN set -e \
 		exit 1; \
 	fi
 
+
+
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
 EXPOSE 8080
-CMD ["catalina.sh", "run"]
+CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/7/jre8/Dockerfile b/7/jre8/Dockerfile
index 2c93d0d50..e97ab4a9a 100644
--- a/7/jre8/Dockerfile
+++ b/7/jre8/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:8-jre
+FROM openjdk:8-jre AS common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		libapr1 \
 	&& rm -rf /var/lib/apt/lists/*
 
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -138,12 +140,6 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
@@ -163,5 +159,9 @@ RUN set -e \
 		exit 1; \
 	fi
 
+
+
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
 EXPOSE 8080
-CMD ["catalina.sh", "run"]
+CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/8.0/jre7-alpine/Dockerfile b/8.0/jre7-alpine/Dockerfile
index 2fa2e82fd..1c6175bd8 100644
--- a/8.0/jre7-alpine/Dockerfile
+++ b/8.0/jre7-alpine/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:7-jre-alpine
+FROM openjdk:7-jre-alpine as common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -9,6 +9,17 @@ WORKDIR $CATALINA_HOME
 ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib
 ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR
 
+RUN set -eux; \
+	\
+	apk add --no-cache --virtual .tomcat-rundeps \
+		ca-certificates \
+		openssl \
+		bash \
+		apr \
+		libuuid
+
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -36,9 +47,6 @@ RUN set -eux; \
 	\
 	apk add --no-cache --virtual .fetch-deps \
 		gnupg \
-		\
-		ca-certificates \
-		openssl \
 	; \
 	\
 	export GNUPGHOME="$(mktemp -d)"; \
@@ -102,18 +110,8 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-	runDeps="$( \
-		scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \
-			| tr ',' '\n' \
-			| sort -u \
-			| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
-	)"; \
-	apk add --virtual .tomcat-native-rundeps $runDeps; \
-	apk del .fetch-deps .native-build-deps; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
-	apk add --no-cache bash; \
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
 	\
 # fix permissions (especially for running as non-root)
@@ -131,5 +129,8 @@ RUN set -e \
 		exit 1; \
 	fi
 
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
+
 EXPOSE 8080
 CMD ["catalina.sh", "run"]
diff --git a/8.0/jre7-slim/Dockerfile b/8.0/jre7-slim/Dockerfile
index eda3c9cb2..5b1a1a023 100644
--- a/8.0/jre7-slim/Dockerfile
+++ b/8.0/jre7-slim/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:7-jre-slim
+FROM openjdk:7-jre-slim AS common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		libapr1 \
 	&& rm -rf /var/lib/apt/lists/*
 
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -138,12 +140,6 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
@@ -163,5 +159,9 @@ RUN set -e \
 		exit 1; \
 	fi
 
+
+
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
 EXPOSE 8080
-CMD ["catalina.sh", "run"]
+CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/8.0/jre7/Dockerfile b/8.0/jre7/Dockerfile
index c04aa379f..0ae6087dc 100644
--- a/8.0/jre7/Dockerfile
+++ b/8.0/jre7/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:7-jre
+FROM openjdk:7-jre AS common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		libapr1 \
 	&& rm -rf /var/lib/apt/lists/*
 
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -138,12 +140,6 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
@@ -163,5 +159,9 @@ RUN set -e \
 		exit 1; \
 	fi
 
+
+
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
 EXPOSE 8080
-CMD ["catalina.sh", "run"]
+CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/8.0/jre8-alpine/Dockerfile b/8.0/jre8-alpine/Dockerfile
index d450ad952..9d8bfee9c 100644
--- a/8.0/jre8-alpine/Dockerfile
+++ b/8.0/jre8-alpine/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:8-jre-alpine
+FROM openjdk:8-jre-alpine as common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -9,6 +9,17 @@ WORKDIR $CATALINA_HOME
 ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib
 ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR
 
+RUN set -eux; \
+	\
+	apk add --no-cache --virtual .tomcat-rundeps \
+		ca-certificates \
+		openssl \
+		bash \
+		apr \
+		libuuid
+
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -36,9 +47,6 @@ RUN set -eux; \
 	\
 	apk add --no-cache --virtual .fetch-deps \
 		gnupg \
-		\
-		ca-certificates \
-		openssl \
 	; \
 	\
 	export GNUPGHOME="$(mktemp -d)"; \
@@ -102,18 +110,8 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-	runDeps="$( \
-		scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \
-			| tr ',' '\n' \
-			| sort -u \
-			| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
-	)"; \
-	apk add --virtual .tomcat-native-rundeps $runDeps; \
-	apk del .fetch-deps .native-build-deps; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
-	apk add --no-cache bash; \
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
 	\
 # fix permissions (especially for running as non-root)
@@ -131,5 +129,8 @@ RUN set -e \
 		exit 1; \
 	fi
 
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
+
 EXPOSE 8080
 CMD ["catalina.sh", "run"]
diff --git a/8.0/jre8-slim/Dockerfile b/8.0/jre8-slim/Dockerfile
index 013c2d56b..4bcaa730d 100644
--- a/8.0/jre8-slim/Dockerfile
+++ b/8.0/jre8-slim/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:8-jre-slim
+FROM openjdk:8-jre-slim AS common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		libapr1 \
 	&& rm -rf /var/lib/apt/lists/*
 
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -138,12 +140,6 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
@@ -163,5 +159,9 @@ RUN set -e \
 		exit 1; \
 	fi
 
+
+
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
 EXPOSE 8080
-CMD ["catalina.sh", "run"]
+CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/8.0/jre8/Dockerfile b/8.0/jre8/Dockerfile
index 41f4c0689..acdef9262 100644
--- a/8.0/jre8/Dockerfile
+++ b/8.0/jre8/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:8-jre
+FROM openjdk:8-jre AS common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		libapr1 \
 	&& rm -rf /var/lib/apt/lists/*
 
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -138,12 +140,6 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
@@ -163,5 +159,9 @@ RUN set -e \
 		exit 1; \
 	fi
 
+
+
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
 EXPOSE 8080
-CMD ["catalina.sh", "run"]
+CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/8.5/jre10-slim/Dockerfile b/8.5/jre10-slim/Dockerfile
index de535a95a..3c45ea679 100644
--- a/8.5/jre10-slim/Dockerfile
+++ b/8.5/jre10-slim/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:10-jre-slim
+FROM openjdk:10-jre-slim AS common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		libapr1 \
 	&& rm -rf /var/lib/apt/lists/*
 
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -138,12 +140,6 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
@@ -163,5 +159,9 @@ RUN set -e \
 		exit 1; \
 	fi
 
+
+
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
 EXPOSE 8080
-CMD ["catalina.sh", "run"]
+CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/8.5/jre10/Dockerfile b/8.5/jre10/Dockerfile
index 48ad8e378..39428d7c7 100644
--- a/8.5/jre10/Dockerfile
+++ b/8.5/jre10/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:10-jre
+FROM openjdk:10-jre AS common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		libapr1 \
 	&& rm -rf /var/lib/apt/lists/*
 
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -138,12 +140,6 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
@@ -163,5 +159,9 @@ RUN set -e \
 		exit 1; \
 	fi
 
+
+
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
 EXPOSE 8080
-CMD ["catalina.sh", "run"]
+CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/8.5/jre8-alpine/Dockerfile b/8.5/jre8-alpine/Dockerfile
index 51903c5d7..b66d9de2c 100644
--- a/8.5/jre8-alpine/Dockerfile
+++ b/8.5/jre8-alpine/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:8-jre-alpine
+FROM openjdk:8-jre-alpine as common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -9,6 +9,17 @@ WORKDIR $CATALINA_HOME
 ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib
 ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR
 
+RUN set -eux; \
+	\
+	apk add --no-cache --virtual .tomcat-rundeps \
+		ca-certificates \
+		openssl \
+		bash \
+		apr \
+		libuuid
+
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -36,9 +47,6 @@ RUN set -eux; \
 	\
 	apk add --no-cache --virtual .fetch-deps \
 		gnupg \
-		\
-		ca-certificates \
-		openssl \
 	; \
 	\
 	export GNUPGHOME="$(mktemp -d)"; \
@@ -102,18 +110,8 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-	runDeps="$( \
-		scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \
-			| tr ',' '\n' \
-			| sort -u \
-			| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
-	)"; \
-	apk add --virtual .tomcat-native-rundeps $runDeps; \
-	apk del .fetch-deps .native-build-deps; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
-	apk add --no-cache bash; \
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
 	\
 # fix permissions (especially for running as non-root)
@@ -131,5 +129,8 @@ RUN set -e \
 		exit 1; \
 	fi
 
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
+
 EXPOSE 8080
 CMD ["catalina.sh", "run"]
diff --git a/8.5/jre8-slim/Dockerfile b/8.5/jre8-slim/Dockerfile
index 391ebc557..3bea9f624 100644
--- a/8.5/jre8-slim/Dockerfile
+++ b/8.5/jre8-slim/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:8-jre-slim
+FROM openjdk:8-jre-slim AS common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		libapr1 \
 	&& rm -rf /var/lib/apt/lists/*
 
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -138,12 +140,6 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
@@ -163,5 +159,9 @@ RUN set -e \
 		exit 1; \
 	fi
 
+
+
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
 EXPOSE 8080
-CMD ["catalina.sh", "run"]
+CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/8.5/jre8/Dockerfile b/8.5/jre8/Dockerfile
index 74405a424..07b9bde6d 100644
--- a/8.5/jre8/Dockerfile
+++ b/8.5/jre8/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:8-jre
+FROM openjdk:8-jre AS common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		libapr1 \
 	&& rm -rf /var/lib/apt/lists/*
 
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -138,12 +140,6 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
@@ -163,5 +159,9 @@ RUN set -e \
 		exit 1; \
 	fi
 
+
+
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
 EXPOSE 8080
-CMD ["catalina.sh", "run"]
+CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/9.0/jre10-slim/Dockerfile b/9.0/jre10-slim/Dockerfile
index c9d7fa865..e0301d9da 100644
--- a/9.0/jre10-slim/Dockerfile
+++ b/9.0/jre10-slim/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:10-jre-slim
+FROM openjdk:10-jre-slim AS common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		libapr1 \
 	&& rm -rf /var/lib/apt/lists/*
 
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -138,12 +140,6 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
@@ -163,5 +159,9 @@ RUN set -e \
 		exit 1; \
 	fi
 
+
+
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
 EXPOSE 8080
-CMD ["catalina.sh", "run"]
+CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/9.0/jre10/Dockerfile b/9.0/jre10/Dockerfile
index 49d717cd2..a9673fcf7 100644
--- a/9.0/jre10/Dockerfile
+++ b/9.0/jre10/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:10-jre
+FROM openjdk:10-jre AS common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		libapr1 \
 	&& rm -rf /var/lib/apt/lists/*
 
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -138,12 +140,6 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
@@ -163,5 +159,9 @@ RUN set -e \
 		exit 1; \
 	fi
 
+
+
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
 EXPOSE 8080
-CMD ["catalina.sh", "run"]
+CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/9.0/jre8-alpine/Dockerfile b/9.0/jre8-alpine/Dockerfile
index 88af654a2..164e925d1 100644
--- a/9.0/jre8-alpine/Dockerfile
+++ b/9.0/jre8-alpine/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:8-jre-alpine
+FROM openjdk:8-jre-alpine as common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -9,6 +9,17 @@ WORKDIR $CATALINA_HOME
 ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib
 ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR
 
+RUN set -eux; \
+	\
+	apk add --no-cache --virtual .tomcat-rundeps \
+		ca-certificates \
+		openssl \
+		bash \
+		apr \
+		libuuid
+
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -36,9 +47,6 @@ RUN set -eux; \
 	\
 	apk add --no-cache --virtual .fetch-deps \
 		gnupg \
-		\
-		ca-certificates \
-		openssl \
 	; \
 	\
 	export GNUPGHOME="$(mktemp -d)"; \
@@ -102,18 +110,8 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-	runDeps="$( \
-		scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \
-			| tr ',' '\n' \
-			| sort -u \
-			| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
-	)"; \
-	apk add --virtual .tomcat-native-rundeps $runDeps; \
-	apk del .fetch-deps .native-build-deps; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
-	apk add --no-cache bash; \
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
 	\
 # fix permissions (especially for running as non-root)
@@ -131,5 +129,8 @@ RUN set -e \
 		exit 1; \
 	fi
 
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
+
 EXPOSE 8080
 CMD ["catalina.sh", "run"]
diff --git a/9.0/jre8-slim/Dockerfile b/9.0/jre8-slim/Dockerfile
index 0fd4c969c..e5f85440c 100644
--- a/9.0/jre8-slim/Dockerfile
+++ b/9.0/jre8-slim/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:8-jre-slim
+FROM openjdk:8-jre-slim AS common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		libapr1 \
 	&& rm -rf /var/lib/apt/lists/*
 
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -138,12 +140,6 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
@@ -163,5 +159,9 @@ RUN set -e \
 		exit 1; \
 	fi
 
+
+
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
 EXPOSE 8080
-CMD ["catalina.sh", "run"]
+CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/9.0/jre8/Dockerfile b/9.0/jre8/Dockerfile
index 2fe557b29..09da231b3 100644
--- a/9.0/jre8/Dockerfile
+++ b/9.0/jre8/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:8-jre
+FROM openjdk:8-jre AS common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		libapr1 \
 	&& rm -rf /var/lib/apt/lists/*
 
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
@@ -138,12 +140,6 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
@@ -163,5 +159,9 @@ RUN set -e \
 		exit 1; \
 	fi
 
+
+
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
 EXPOSE 8080
-CMD ["catalina.sh", "run"]
+CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template
index d03f099b9..da952da72 100644
--- a/Dockerfile-alpine.template
+++ b/Dockerfile-alpine.template
@@ -1,4 +1,4 @@
-FROM PLACEHOLDER
+FROM PLACEHOLDER as common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -9,6 +9,17 @@ WORKDIR $CATALINA_HOME
 ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib
 ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR
 
+RUN set -eux; \
+	\
+	apk add --no-cache --virtual .tomcat-rundeps \
+		ca-certificates \
+		openssl \
+		bash \
+		apr \
+		libuuid
+
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS placeholder
@@ -36,9 +47,6 @@ RUN set -eux; \
 	\
 	apk add --no-cache --virtual .fetch-deps \
 		gnupg \
-		\
-		ca-certificates \
-		openssl \
 	; \
 	\
 	export GNUPGHOME="$(mktemp -d)"; \
@@ -102,18 +110,8 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-	runDeps="$( \
-		scanelf --needed --nobanner --format '%n#p' --recursive "$TOMCAT_NATIVE_LIBDIR" \
-			| tr ',' '\n' \
-			| sort -u \
-			| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
-	)"; \
-	apk add --virtual .tomcat-native-rundeps $runDeps; \
-	apk del .fetch-deps .native-build-deps; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
-	apk add --no-cache bash; \
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
 	\
 # fix permissions (especially for running as non-root)
@@ -131,5 +129,8 @@ RUN set -e \
 		exit 1; \
 	fi
 
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
+
 EXPOSE 8080
 CMD ["catalina.sh", "run"]
diff --git a/Dockerfile.template b/Dockerfile.template
index 178bc425a..203f373a3 100644
--- a/Dockerfile.template
+++ b/Dockerfile.template
@@ -1,4 +1,4 @@
-FROM PLACEHOLDER
+FROM PLACEHOLDER AS common-packages
 
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		libapr1 \
 	&& rm -rf /var/lib/apt/lists/*
 
+FROM common-packages as builder
+
 # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
 # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
 ENV GPG_KEYS placeholder
@@ -138,12 +140,6 @@ RUN set -eux; \
 	rm -rf "$nativeBuildDir"; \
 	rm bin/tomcat-native.tar.gz; \
 	\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-	apt-mark auto '.*' > /dev/null; \
-	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
 # sh removes env vars it doesn't support (ones with periods)
 # https://github.com/docker-library/tomcat/issues/77
 	find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \
@@ -163,5 +159,9 @@ RUN set -e \
 		exit 1; \
 	fi
 
+
+
+FROM common-packages as runtime
+COPY --from=builder $CATALINA_HOME $CATALINA_HOME
 EXPOSE 8080
-CMD ["catalina.sh", "run"]
+CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/update.sh b/update.sh
index 40c0ab397..1c14a0c07 100755
--- a/update.sh
+++ b/update.sh
@@ -152,7 +152,7 @@ for version in "${versions[@]}"; do
 
 		sed -r \
 			-e 's/^(ENV TOMCAT_VERSION) .*/\1 '"$fullVersion"'/' \
-			-e 's/^(FROM) .*/\1 '"$baseImage"'/' \
+			-e 's/^(FROM) (PLACEHOLDER) (.*)$/\1 '"$baseImage"' \3/' \
 			-e 's/^(ENV OPENSSL_VERSION) .*/\1 '"${opensslVersionDebian}"'/' \
 			-e 's/^(ENV TOMCAT_MAJOR) .*/\1 '"$majorVersion"'/' \
 			-e 's/^(ENV TOMCAT_SHA512) .*/\1 '"$sha512"'/' \

From f3575698d4ebaa83296c7ba4f811c31eda556c48 Mon Sep 17 00:00:00 2001
From: Nic Doye <nic.doye@alfresco.com>
Date: Wed, 19 Sep 2018 12:53:16 +0100
Subject: [PATCH 2/2] More sane sed expression

---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index 1c14a0c07..485c4d8d9 100755
--- a/update.sh
+++ b/update.sh
@@ -152,7 +152,7 @@ for version in "${versions[@]}"; do
 
 		sed -r \
 			-e 's/^(ENV TOMCAT_VERSION) .*/\1 '"$fullVersion"'/' \
-			-e 's/^(FROM) (PLACEHOLDER) (.*)$/\1 '"$baseImage"' \3/' \
+			-e 's/^(FROM) (PLACEHOLDER)/\1 '"$baseImage"'/' \
 			-e 's/^(ENV OPENSSL_VERSION) .*/\1 '"${opensslVersionDebian}"'/' \
 			-e 's/^(ENV TOMCAT_MAJOR) .*/\1 '"$majorVersion"'/' \
 			-e 's/^(ENV TOMCAT_SHA512) .*/\1 '"$sha512"'/' \