From 57fc36493755db94a898c091f3de53a4f51cac1e Mon Sep 17 00:00:00 2001
From: Jim Crowley <james.crowley@ibm.com>
Date: Mon, 20 Apr 2020 15:36:47 -0400
Subject: [PATCH 1/2] Removed generated tini SHAs and now pull from SHAs
 uploaded to releases for tini

---
 distribution/docker/build.gradle                   |  3 +--
 distribution/docker/src/docker/Dockerfile          | 14 ++++++++------
 .../docker/src/docker/config/tini-arm64.sha512     |  1 -
 distribution/docker/src/docker/config/tini.sha512  |  1 -
 4 files changed, 9 insertions(+), 10 deletions(-)
 delete mode 100644 distribution/docker/src/docker/config/tini-arm64.sha512
 delete mode 100644 distribution/docker/src/docker/config/tini.sha512

diff --git a/distribution/docker/build.gradle b/distribution/docker/build.gradle
index f472a2c802d23..1a705ee47d38d 100644
--- a/distribution/docker/build.gradle
+++ b/distribution/docker/build.gradle
@@ -38,13 +38,12 @@ ext.expansions = { architecture, oss, local ->
   final String classifier = "aarch64".equals(architecture) ? "linux-aarch64" : "linux-x86_64"
   final String elasticsearch = oss ? "elasticsearch-oss-${VersionProperties.elasticsearch}-${classifier}.tar.gz" : "elasticsearch-${VersionProperties.elasticsearch}-${classifier}.tar.gz"
   return [
-    'base_image'          : "aarch64".equals(architecture) ? "arm64v8/centos:7" : "centos:7",
+    'base_image'          : "centos:7",
     'build_date'          : BuildParams.buildDate,
     'elasticsearch'       : elasticsearch,
     'git_revision'        : BuildParams.gitRevision,
     'license'             : oss ? 'Apache-2.0' : 'Elastic-License',
     'source_elasticsearch': local ? "COPY $elasticsearch /opt/" : "RUN cd /opt && curl --retry 8 -s -L -O https://artifacts.elastic.co/downloads/elasticsearch/${elasticsearch} && cd -",
-    'tini_suffix'         : "aarch64".equals(architecture) ? "-arm64" : "",
     'version'             : VersionProperties.elasticsearch
   ]
 }
diff --git a/distribution/docker/src/docker/Dockerfile b/distribution/docker/src/docker/Dockerfile
index 7eb62b7d8ad1b..9562101e9e370 100644
--- a/distribution/docker/src/docker/Dockerfile
+++ b/distribution/docker/src/docker/Dockerfile
@@ -14,7 +14,7 @@
 FROM ${base_image} AS builder
 
 RUN for iter in {1..10}; do yum update --setopt=tsflags=nodocs -y && \
-    yum install --setopt=tsflags=nodocs -y gzip shadow-utils tar && \
+    yum install --setopt=tsflags=nodocs -y epel-release && yum install --setopt=tsflags=nodocs -y dpkg wget gzip shadow-utils tar && \
     yum clean all && exit_code=0 && break || exit_code=\$? && echo "yum error: retry \$iter in 10s" && sleep 10; done; \
     (exit \$exit_code)
 
@@ -40,11 +40,13 @@ RUN chmod 0660 config/elasticsearch.yml config/log4j2.properties
 #
 # The tini GitHub page gives instructions for verifying the binary using
 # gpg, but the keyservers are slow to return the key and this can fail the
-# build. Instead, we check the binary against a checksum that we have
-# computed.
-ADD https://github.com/krallin/tini/releases/download/v0.18.0/tini${tini_suffix} /tini
-COPY config/tini${tini_suffix}.sha512 /tini.sha512
-RUN sha512sum -c /tini.sha512 && chmod +x /tini
+# build. Instead, we check the binary against a checksum that they provide.
+RUN wget --no-check-certificate --no-cookies --quiet https://github.com/krallin/tini/releases/download/v0.19.0/tini-\$(dpkg --print-architecture) \
+    && wget --no-check-certificate --no-cookies --quiet https://github.com/krallin/tini/releases/download/v0.19.0/tini-\$(dpkg --print-architecture).sha256sum \
+    && echo "\$(cat tini-\$(dpkg --print-architecture).sha256sum)" | sha256sum -c \
+    && rm -f tini-\$(dpkg --print-architecture).sha256sum \
+    && mv tini-\$(dpkg --print-architecture) /tini \
+    && chmod +x /tini
 
 ################################################################################
 # Build stage 1 (the actual elasticsearch image):
diff --git a/distribution/docker/src/docker/config/tini-arm64.sha512 b/distribution/docker/src/docker/config/tini-arm64.sha512
deleted file mode 100644
index 274eaa28cff08..0000000000000
--- a/distribution/docker/src/docker/config/tini-arm64.sha512
+++ /dev/null
@@ -1 +0,0 @@
-6ae5147e522e484b9d59b0caa04e6dadf0efe332b272039c7cf5951e39f5028e9852c3c4bcdd46b98977329108d555ee7ea55f9eca99765d05922ec7aff837d8  /tini
diff --git a/distribution/docker/src/docker/config/tini.sha512 b/distribution/docker/src/docker/config/tini.sha512
deleted file mode 100644
index fc2fc738d87e7..0000000000000
--- a/distribution/docker/src/docker/config/tini.sha512
+++ /dev/null
@@ -1 +0,0 @@
-ffdb31563e34bca91a094f962544b9d31f5d138432f2d639a0856ff605b3a69f47e48191da42d6956ab62a1b24eafca1a95b299901257832225d26770354ce5e  /tini

From 73af316fa444ff789a28ff2b2815d9fbbd485402 Mon Sep 17 00:00:00 2001
From: Jim Crowley <james.crowley@ibm.com>
Date: Wed, 22 Apr 2020 10:57:39 -0400
Subject: [PATCH 2/2] Utilize switch case for arch info and bring in changes
 suggested by pugnascotia

---
 distribution/docker/build.gradle          | 14 ++++++++++--
 distribution/docker/src/docker/Dockerfile | 27 +++++++++++------------
 2 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/distribution/docker/build.gradle b/distribution/docker/build.gradle
index 1a705ee47d38d..c9ecceac1101e 100644
--- a/distribution/docker/build.gradle
+++ b/distribution/docker/build.gradle
@@ -28,22 +28,32 @@ dependencies {
 }
 
 ext.expansions = { architecture, oss, local ->
+  String base_image = null
+  String tini_arch = null
+  String classifier = null
   switch (architecture) {
     case "aarch64":
+      base_image = "arm64v8/centos:7"
+      tini_arch = "arm64"
+      classifier = "linux-aarch64"
+      break;
     case "x64":
+      base_image = "amd64/centos:7"
+      tini_arch = "amd64"
+      classifier = "linux-x86_64"
       break;
     default:
       throw new IllegalArgumentException("unrecongized architecture [" + architecture + "], must be one of (aarch64|x64)")
   }
-  final String classifier = "aarch64".equals(architecture) ? "linux-aarch64" : "linux-x86_64"
   final String elasticsearch = oss ? "elasticsearch-oss-${VersionProperties.elasticsearch}-${classifier}.tar.gz" : "elasticsearch-${VersionProperties.elasticsearch}-${classifier}.tar.gz"
   return [
-    'base_image'          : "centos:7",
+    'base_image'          : base_image,
     'build_date'          : BuildParams.buildDate,
     'elasticsearch'       : elasticsearch,
     'git_revision'        : BuildParams.gitRevision,
     'license'             : oss ? 'Apache-2.0' : 'Elastic-License',
     'source_elasticsearch': local ? "COPY $elasticsearch /opt/" : "RUN cd /opt && curl --retry 8 -s -L -O https://artifacts.elastic.co/downloads/elasticsearch/${elasticsearch} && cd -",
+    'tini_arch'           : tini_arch,
     'version'             : VersionProperties.elasticsearch
   ]
 }
diff --git a/distribution/docker/src/docker/Dockerfile b/distribution/docker/src/docker/Dockerfile
index 9562101e9e370..5208186010a45 100644
--- a/distribution/docker/src/docker/Dockerfile
+++ b/distribution/docker/src/docker/Dockerfile
@@ -14,10 +14,22 @@
 FROM ${base_image} AS builder
 
 RUN for iter in {1..10}; do yum update --setopt=tsflags=nodocs -y && \
-    yum install --setopt=tsflags=nodocs -y epel-release && yum install --setopt=tsflags=nodocs -y dpkg wget gzip shadow-utils tar && \
+    yum install --setopt=tsflags=nodocs -y wget gzip shadow-utils tar && \
     yum clean all && exit_code=0 && break || exit_code=\$? && echo "yum error: retry \$iter in 10s" && sleep 10; done; \
     (exit \$exit_code)
 
+# `tini` is a tiny but valid init for containers. This is used to cleanly
+# control how ES and any child processes are shut down.
+#
+# The tini GitHub page gives instructions for verifying the binary using
+# gpg, but the keyservers are slow to return the key and this can fail the
+# build. Instead, we check the binary against a checksum that they provide.
+RUN wget --no-cookies --quiet https://github.com/krallin/tini/releases/download/v0.19.0/tini-${tini_arch} \
+    && wget --no-cookies --quiet https://github.com/krallin/tini/releases/download/v0.19.0/tini-${tini_arch}.sha256sum \
+    && sha256sum -c tini-${tini_arch}.sha256sum \
+    && mv tini-${tini_arch} /tini \
+    && chmod +x /tini
+
 ENV PATH /usr/share/elasticsearch/bin:\$PATH
 
 RUN groupadd -g 1000 elasticsearch && \
@@ -35,19 +47,6 @@ RUN chmod 0775 config config/jvm.options.d data logs
 COPY config/elasticsearch.yml config/log4j2.properties config/
 RUN chmod 0660 config/elasticsearch.yml config/log4j2.properties
 
-# `tini` is a tiny but valid init for containers. This is used to cleanly
-# control how ES and any child processes are shut down.
-#
-# The tini GitHub page gives instructions for verifying the binary using
-# gpg, but the keyservers are slow to return the key and this can fail the
-# build. Instead, we check the binary against a checksum that they provide.
-RUN wget --no-check-certificate --no-cookies --quiet https://github.com/krallin/tini/releases/download/v0.19.0/tini-\$(dpkg --print-architecture) \
-    && wget --no-check-certificate --no-cookies --quiet https://github.com/krallin/tini/releases/download/v0.19.0/tini-\$(dpkg --print-architecture).sha256sum \
-    && echo "\$(cat tini-\$(dpkg --print-architecture).sha256sum)" | sha256sum -c \
-    && rm -f tini-\$(dpkg --print-architecture).sha256sum \
-    && mv tini-\$(dpkg --print-architecture) /tini \
-    && chmod +x /tini
-
 ################################################################################
 # Build stage 1 (the actual elasticsearch image):
 # Copy elasticsearch from stage 0