From 721f2b42eeec1b46478d847871091ea8e6a686bd Mon Sep 17 00:00:00 2001
From: nfuden <nathan.fudenberg@solo.io>
Date: Thu, 28 Sep 2023 14:36:49 -0400
Subject: [PATCH 1/3] ci: Update the intermediate image that gets emitted to no
 longer rely on alpine due to glibc issues

---
 .../v1.27.0-patch2/updatebuild-image.yaml     | 18 +++++++++++++++
 ci/Dockerfile                                 | 22 ++++++++++++-------
 2 files changed, 32 insertions(+), 8 deletions(-)
 create mode 100644 changelog/v1.27.0-patch2/updatebuild-image.yaml

diff --git a/changelog/v1.27.0-patch2/updatebuild-image.yaml b/changelog/v1.27.0-patch2/updatebuild-image.yaml
new file mode 100644
index 00000000..7abbadc7
--- /dev/null
+++ b/changelog/v1.27.0-patch2/updatebuild-image.yaml
@@ -0,0 +1,18 @@
+changelog:
+  - type: FIX
+    issueLink: https://github.com/solo-io/solo-projects/issues/5344
+    resolvesIssue: false
+    description: > 
+      Migrate from alpine to ubuntu for released version. 
+      Backlogged an issue to move fully to distroless on beta branch.
+      Can be found here https://github.com/solo-io/solo-projects/issues/5388
+      Not migrating prior as this may impact some debugging steps.
+      Forced to migrate per glibc being unable to update.
+      https://nvd.nist.gov/vuln/detail/CVE-2022-23218
+      https://nvd.nist.gov/vuln/detail/CVE-2022-23219
+      https://nvd.nist.gov/vuln/detail/CVE-2021-38604
+      https://nvd.nist.gov/vuln/detail/CVE-2021-3998
+      See here for glibc on alpine maintainers
+      https://gitlab.alpinelinux.org/alpine/tsc/-/issues/43#note_306270
+      https://github.com/sgerrand/alpine-pkg-glibc/issues/207#issuecomment-1707209887
+      https://github.com/sgerrand/alpine-pkg-glibc/issues/176
\ No newline at end of file
diff --git a/ci/Dockerfile b/ci/Dockerfile
index 71053c0a..8cd52566 100644
--- a/ci/Dockerfile
+++ b/ci/Dockerfile
@@ -1,17 +1,23 @@
-# This file was inspired by envoy Dockerfile:
-# https://github.com/envoyproxy/envoy/blob/445a67344ffda0c8828c8e438e463fcaa7878434/ci/Dockerfile-envoy-alpine
-
-FROM frolvlad/alpine-glibc:alpine-3.17_glibc-2.34
+# This file was inspired by mesh Dockerfile:
+# https://github.com/solo-io/gloo-mesh-enterprise/blob/c40b21c3ef260de1acc92ba25bd1794b17074c8c/docker/Dockerfile.ubuntu#L4
+# as it previously was based off of envoys old alpine setup. 
+FROM ubuntu:focal-20220826
 
 ENV loglevel=info
 
-RUN apk upgrade --update-cache \
-    && apk add dumb-init ca-certificates \
-    && rm -rf /var/cache/apk/*
+ENV DEBIAN_FRONTEND=noninteractive
+
+# hadolint ignore=DL3005,DL3008
+RUN apt-get update && \
+  apt-get install --no-install-recommends -y \
+  ca-certificates \
+  && apt-get upgrade -y \
+  && apt-get clean \
+  && rm -rf  /var/log/*log /var/lib/apt/lists/* /var/log/apt/* /var/lib/dpkg/*-old /var/cache/debconf/*-old
 
 RUN mkdir -p /etc/envoy
 
 ADD envoy.stripped /usr/local/bin/envoy
 
-ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/envoy"]
+ENTRYPOINT ["/usr/local/bin/envoy"]
 CMD ["-c", "/etc/envoy/envoy.yaml"]

From 4a183dc7005c4637be320418831d90e18fa91d32 Mon Sep 17 00:00:00 2001
From: nfuden <nathan.fudenberg@solo.io>
Date: Thu, 28 Sep 2023 14:50:09 -0400
Subject: [PATCH 2/3] changelog: move

---
 .../{v1.27.0-patch2 => v1.26.4-patch4}/updatebuild-image.yaml     | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename changelog/{v1.27.0-patch2 => v1.26.4-patch4}/updatebuild-image.yaml (100%)

diff --git a/changelog/v1.27.0-patch2/updatebuild-image.yaml b/changelog/v1.26.4-patch4/updatebuild-image.yaml
similarity index 100%
rename from changelog/v1.27.0-patch2/updatebuild-image.yaml
rename to changelog/v1.26.4-patch4/updatebuild-image.yaml

From 13b08b45195ed28a7dbd5bc110e90c26cc1cfd0f Mon Sep 17 00:00:00 2001
From: nfuden <nathan.fudenberg@solo.io>
Date: Mon, 2 Oct 2023 14:08:23 -0400
Subject: [PATCH 3/3] ci: Update docs in docker file and make it mimic upstream

---
 ci/Dockerfile | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/ci/Dockerfile b/ci/Dockerfile
index 8cd52566..9d00c6f8 100644
--- a/ci/Dockerfile
+++ b/ci/Dockerfile
@@ -1,7 +1,10 @@
-# This file was inspired by mesh Dockerfile:
-# https://github.com/solo-io/gloo-mesh-enterprise/blob/c40b21c3ef260de1acc92ba25bd1794b17074c8c/docker/Dockerfile.ubuntu#L4
-# as it previously was based off of envoys old alpine setup. 
-FROM ubuntu:focal-20220826
+# This file was inspired by a combination of the following:
+# Istio and platform's mesh derivative approach
+# Uses upstream envoy's ubuntu versioning
+# Consuemd by edge to buld gateway-proxy and gloo pods
+# May be used as is or as a builder intermediate (e.g. for distroless)
+# ON_MINOR_UPDATE: Pull from https://github.com/envoyproxy/envoy/blob/4d46da0bba54dfb849d8bf68b600e53d87310a1a/ci/Dockerfile-envoy#L1-L2
+FROM ubuntu:focal
 
 ENV loglevel=info