From 9ca7d79eac3373df5b854f4b838163a953c944ab Mon Sep 17 00:00:00 2001
From: Rory Hunter <roryhunter2@gmail.com>
Date: Wed, 16 Jun 2021 10:19:18 +0100
Subject: [PATCH 1/5] More logging on Docker build failures

When compiling `curl`, if the configure step fails and a `config.log`
file exists, then dump it out before exiting to assist diagnosis.
---
 distribution/docker/src/docker/Dockerfile | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/distribution/docker/src/docker/Dockerfile b/distribution/docker/src/docker/Dockerfile
index e55fa8c40e584..8b1dc123c149f 100644
--- a/distribution/docker/src/docker/Dockerfile
+++ b/distribution/docker/src/docker/Dockerfile
@@ -99,11 +99,15 @@ RUN gpg --import --always-trust "curl-gpg.pub" && \\
     gpg --verify "\${TARBALL_PATH}.asc" "\${TARBALL_PATH}"
 
 # Unpack and build
-RUN tar xfJ "\${TARBALL_PATH}" && \\
-    cd "curl-\${VERSION}" && \\
-    ./configure --disable-shared --with-ca-fallback --with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt && \\
-    make curl_LDFLAGS="-all-static" && \\
-    cp src/curl /work/curl && \\
+RUN set -e ; \\
+    tar xfJ "\${TARBALL_PATH}" ; \\
+    cd "curl-\${VERSION}" ; \\
+    if ! ./configure --disable-shared --with-ca-fallback --with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt ; then \\
+        [[ -e config.log ]] && cat config.log ; \\
+        exit 1 ; \\
+    fi ; \\
+    make curl_LDFLAGS="-all-static" ; \\
+    cp src/curl /work/curl ; \\
     strip /work/curl
 
 ################################################################################

From cfc5165d50615677fb677c3bd3aea2c3b053579b Mon Sep 17 00:00:00 2001
From: Rory Hunter <roryhunter2@gmail.com>
Date: Wed, 16 Jun 2021 11:04:51 +0100
Subject: [PATCH 2/5] Update Docker image to curl 7.77.0, because why not

---
 distribution/docker/src/docker/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/distribution/docker/src/docker/Dockerfile b/distribution/docker/src/docker/Dockerfile
index 8b1dc123c149f..bad41a498831d 100644
--- a/distribution/docker/src/docker/Dockerfile
+++ b/distribution/docker/src/docker/Dockerfile
@@ -74,7 +74,7 @@ RUN chmod 0755 /bin/tini
 ################################################################################
 FROM alpine:latest AS curl
 
-ENV VERSION 7.71.0
+ENV VERSION 7.77.0
 ENV TARBALL_URL https://curl.haxx.se/download/curl-\${VERSION}.tar.xz
 ENV TARBALL_PATH curl-\${VERSION}.tar.xz
 
@@ -102,7 +102,7 @@ RUN gpg --import --always-trust "curl-gpg.pub" && \\
 RUN set -e ; \\
     tar xfJ "\${TARBALL_PATH}" ; \\
     cd "curl-\${VERSION}" ; \\
-    if ! ./configure --disable-shared --with-ca-fallback --with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt ; then \\
+    if ! ./configure --with-openssl --disable-shared --with-ca-fallback --with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt ; then \\
         [[ -e config.log ]] && cat config.log ; \\
         exit 1 ; \\
     fi ; \\

From dcd1c2232e96d4682c222450c61d351e31ea31d5 Mon Sep 17 00:00:00 2001
From: Rory Hunter <roryhunter2@gmail.com>
Date: Wed, 16 Jun 2021 11:43:15 +0100
Subject: [PATCH 3/5] Try adding --disable-dependency-tracking to Docker curl
 ./configure

---
 distribution/docker/src/docker/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/distribution/docker/src/docker/Dockerfile b/distribution/docker/src/docker/Dockerfile
index bad41a498831d..481ab91e7c101 100644
--- a/distribution/docker/src/docker/Dockerfile
+++ b/distribution/docker/src/docker/Dockerfile
@@ -102,7 +102,7 @@ RUN gpg --import --always-trust "curl-gpg.pub" && \\
 RUN set -e ; \\
     tar xfJ "\${TARBALL_PATH}" ; \\
     cd "curl-\${VERSION}" ; \\
-    if ! ./configure --with-openssl --disable-shared --with-ca-fallback --with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt ; then \\
+    if ! ./configure --disable-dependency-tracking --with-openssl --disable-shared --with-ca-fallback --with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt ; then \\
         [[ -e config.log ]] && cat config.log ; \\
         exit 1 ; \\
     fi ; \\

From 6ff2d42e9295f7af88d9f02375426cecf20a047f Mon Sep 17 00:00:00 2001
From: Rory Hunter <roryhunter2@gmail.com>
Date: Wed, 16 Jun 2021 12:25:52 +0100
Subject: [PATCH 4/5] Revert curl version bump

---
 distribution/docker/src/docker/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/distribution/docker/src/docker/Dockerfile b/distribution/docker/src/docker/Dockerfile
index 481ab91e7c101..572d6b7953c97 100644
--- a/distribution/docker/src/docker/Dockerfile
+++ b/distribution/docker/src/docker/Dockerfile
@@ -74,7 +74,7 @@ RUN chmod 0755 /bin/tini
 ################################################################################
 FROM alpine:latest AS curl
 
-ENV VERSION 7.77.0
+ENV VERSION 7.71.0
 ENV TARBALL_URL https://curl.haxx.se/download/curl-\${VERSION}.tar.xz
 ENV TARBALL_PATH curl-\${VERSION}.tar.xz
 

From 1e8125fde44fc24f076911cfdf0b65a68f53a825 Mon Sep 17 00:00:00 2001
From: Rory Hunter <roryhunter2@gmail.com>
Date: Wed, 16 Jun 2021 13:40:20 +0100
Subject: [PATCH 5/5] Pin Alpine version

---
 distribution/docker/build.gradle                              | 2 +-
 distribution/docker/src/docker/Dockerfile                     | 4 ++--
 .../test/java/org/elasticsearch/packaging/util/Docker.java    | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/distribution/docker/build.gradle b/distribution/docker/build.gradle
index 3caa02cbaddd7..c8403d8ebd1e8 100644
--- a/distribution/docker/build.gradle
+++ b/distribution/docker/build.gradle
@@ -295,7 +295,7 @@ void addBuildDockerImageTask(Architecture architecture, DockerBase base) {
         baseImages = [baseImage]
         buildArgs = buildArgsMap
       } else if (base == DockerBase.CENTOS) {
-        baseImages = ['alpine:latest', base.image]
+        baseImages = ['alpine:3.13', base.image]
       } else {
         baseImages = [base.image]
       }
diff --git a/distribution/docker/src/docker/Dockerfile b/distribution/docker/src/docker/Dockerfile
index 572d6b7953c97..2d627c5a519cf 100644
--- a/distribution/docker/src/docker/Dockerfile
+++ b/distribution/docker/src/docker/Dockerfile
@@ -72,7 +72,7 @@ RUN chmod 0755 /bin/tini
 # Stage 1. Build curl statically. Installing it from RPM on CentOS pulls in too
 # many dependencies.
 ################################################################################
-FROM alpine:latest AS curl
+FROM alpine:3.13 AS curl
 
 ENV VERSION 7.71.0
 ENV TARBALL_URL https://curl.haxx.se/download/curl-\${VERSION}.tar.xz
@@ -102,7 +102,7 @@ RUN gpg --import --always-trust "curl-gpg.pub" && \\
 RUN set -e ; \\
     tar xfJ "\${TARBALL_PATH}" ; \\
     cd "curl-\${VERSION}" ; \\
-    if ! ./configure --disable-dependency-tracking --with-openssl --disable-shared --with-ca-fallback --with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt ; then \\
+    if ! ./configure --disable-shared --with-ca-fallback --with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt ; then \\
         [[ -e config.log ]] && cat config.log ; \\
         exit 1 ; \\
     fi ; \\
diff --git a/qa/os/src/test/java/org/elasticsearch/packaging/util/Docker.java b/qa/os/src/test/java/org/elasticsearch/packaging/util/Docker.java
index 976f6b6148408..5b9333cabb461 100644
--- a/qa/os/src/test/java/org/elasticsearch/packaging/util/Docker.java
+++ b/qa/os/src/test/java/org/elasticsearch/packaging/util/Docker.java
@@ -330,7 +330,7 @@ private static void executePrivilegeEscalatedShellCmd(String shellCmd, Path loca
         args.add("--volume \"" + localPath.getParent() + ":" + containerPath.getParent() + "\"");
 
         // Use a lightweight musl libc based small image
-        args.add("alpine");
+        args.add("alpine:3.13");
 
         // And run inline commands via the POSIX shell
         args.add("/bin/sh -c \"" + shellCmd + "\"");