elastic · pugnascotia · Apr 24, 2020 · Apr 13, 2020 · Apr 20, 2020 · Apr 20, 2020
diff --git a/distribution/docker/build.gradle b/distribution/docker/build.gradle
@@ -38,13 +38,12 @@ ext.expansions = { architecture, oss, local ->
   final String classifier = "aarch64".equals(architecture) ? "linux-aarch64" : "linux-x86_64"
   final String elasticsearch = oss ? "elasticsearch-oss-${VersionProperties.elasticsearch}-${classifier}.tar.gz" : "elasticsearch-${VersionProperties.elasticsearch}-${classifier}.tar.gz"
   return [
-    'base_image'          : "aarch64".equals(architecture) ? "arm64v8/centos:7" : "centos:7",
+    'base_image'          : "centos:7",
     'build_date'          : BuildParams.buildDate,
     'elasticsearch'       : elasticsearch,
     'git_revision'        : BuildParams.gitRevision,
     'license'             : oss ? 'Apache-2.0' : 'Elastic-License',
     'source_elasticsearch': local ? "COPY $elasticsearch /opt/" : "RUN cd /opt && curl --retry 8 -s -L -O https://artifacts.elastic.co/downloads/elasticsearch/${elasticsearch} && cd -",
-    'tini_suffix'         : "aarch64".equals(architecture) ? "-arm64" : "",
     'version'             : VersionProperties.elasticsearch
   ]
 }

diff --git a/distribution/docker/src/docker/Dockerfile b/distribution/docker/src/docker/Dockerfile
@@ -14,7 +14,7 @@
 FROM ${base_image} AS builder
 
 RUN for iter in {1..10}; do yum update --setopt=tsflags=nodocs -y && \
-    yum install --setopt=tsflags=nodocs -y gzip shadow-utils tar && \
+    yum install --setopt=tsflags=nodocs -y epel-release && yum install --setopt=tsflags=nodocs -y dpkg wget gzip shadow-utils tar && \
     yum clean all && exit_code=0 && break || exit_code=\$? && echo "yum error: retry \$iter in 10s" && sleep 10; done; \
     (exit \$exit_code)
 
@@ -40,11 +40,13 @@ RUN chmod 0660 config/elasticsearch.yml config/log4j2.properties
 #
 # The tini GitHub page gives instructions for verifying the binary using
 # gpg, but the keyservers are slow to return the key and this can fail the
-# build. Instead, we check the binary against a checksum that we have
-# computed.
-ADD https://github.com/krallin/tini/releases/download/v0.18.0/tini${tini_suffix} /tini
-COPY config/tini${tini_suffix}.sha512 /tini.sha512
-RUN sha512sum -c /tini.sha512 && chmod +x /tini
+# build. Instead, we check the binary against a checksum that they provide.
+RUN wget --no-check-certificate --no-cookies --quiet https://github.com/krallin/tini/releases/download/v0.19.0/tini-\$(dpkg --print-architecture) \
+    && wget --no-check-certificate --no-cookies --quiet https://github.com/krallin/tini/releases/download/v0.19.0/tini-\$(dpkg --print-architecture).sha256sum \
+    && echo "\$(cat tini-\$(dpkg --print-architecture).sha256sum)" | sha256sum -c \
+    && rm -f tini-\$(dpkg --print-architecture).sha256sum \
+    && mv tini-\$(dpkg --print-architecture) /tini \
+    && chmod +x /tini
 
 ################################################################################
 # Build stage 1 (the actual elasticsearch image):

diff --git a/distribution/docker/src/docker/config/tini-arm64.sha512 b/distribution/docker/src/docker/config/tini-arm64.sha512
diff --git a/distribution/docker/src/docker/config/tini.sha512 b/distribution/docker/src/docker/config/tini.sha512