From 9cee57423bc659965f085bfeb1a23eaaa68ad9c0 Mon Sep 17 00:00:00 2001
From: Danno Ferrin <danno.ferrin@gmail.com>
Date: Tue, 14 Dec 2021 10:27:33 -0700
Subject: [PATCH] Change docker base images from debian to ubuntu (#3171)

Change the docker base images from debian (implied by openjdk image) to
ubuntu explicitly. Ubuntu has quicker reaction time to base image
security vulnerabilities.

Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
---
 CHANGELOG.md                                |  7 +++----
 docker/openjdk-11-debug/Dockerfile          |  4 ++--
 docker/openjdk-11/Dockerfile                |  9 ++++++---
 docker/openjdk-latest/Dockerfile            |  2 +-
 ethereum/evmtool/src/main/docker/Dockerfile | 11 ++++++++---
 5 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4e0a2bb1a0..5221dab3b9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,13 +2,11 @@
 
 ## 21.10.4
 
-### Additions and Improvements
-- Represent baseFee as Wei instead of long accordingly to the spec [#2785] (https://github.com/hyperledger/besu/issues/2785)
-
 ### 21.10.4 Breaking Changes
-- Plugin API: BlockHeader.getBaseFee() method now returns an optional Wei instead of an optional Long
+- Plugin API: BlockHeader.getBaseFee() method now returns an optional Wei instead of an optional Long [#3065](https://github.com/hyperledger/besu/issues/3065)
 
 ### Additions and Improvements
+- Represent baseFee as Wei instead of long accordingly to the spec [#2785](https://github.com/hyperledger/besu/issues/2785)
 - Adding support of the NO_COLOR environment variable as described in the [NO_COLOR](https://no-color.org/) standard [#3085](https://github.com/hyperledger/besu/pull/3085)
 - Add `privx_findFlexiblePrivacyGroup` RPC Method, `privx_findOnchainPrivacyGroup` will be removed in a future release [#3075](https://github.com/hyperledger/besu/pull/3075)
 - The invalid value is now shown when `--bootnodes` cannot parse an item to make it easier to identify which option is invalid. 
@@ -16,6 +14,7 @@
 - Implements [EIP-4399](https://eips.ethereum.org/EIPS/eip-4399) to repurpose DIFFICULTY opcode after the merge as a source of entropy from the Beacon chain. [#3081](https://github.com/hyperledger/besu/issues/3081)
 
 ### Bug Fixes
+- Change the base docker image from Debian Buster to Ubuntu 20.04 [#3171](https://github.com/hyperledger/besu/issues/3171) fixes [#3045](https://github.com/hyperledger/besu/issues/3045)
 
 ### Early Access Features
 - Add support for additional JWT authentication algorithms [#3017](https://github.com/hyperledger/besu/pull/3017)
diff --git a/docker/openjdk-11-debug/Dockerfile b/docker/openjdk-11-debug/Dockerfile
index 44d4ce0c68..f51f368b68 100644
--- a/docker/openjdk-11-debug/Dockerfile
+++ b/docker/openjdk-11-debug/Dockerfile
@@ -1,9 +1,9 @@
 
-FROM openjdk:11-slim-buster
+FROM ubuntu:20.04
 
 ARG VERSION="dev"
 RUN apt-get update  && \
- apt-get install --no-install-recommends -q --assume-yes curl=7* wget=1.20* jq=1.5* net-tools=1.60*  && \
+ apt-get install --no-install-recommends -q --assume-yes curl=7* wget=1.20* jq=1.6* net-tools=1.60* openjdk-11-jre-headless=11* && \
  apt-get clean  && \
  rm -rf /var/lib/apt/lists/*  && \
  adduser --disabled-password --gecos "" --home /opt/besu besu && \
diff --git a/docker/openjdk-11/Dockerfile b/docker/openjdk-11/Dockerfile
index a7786364f5..214cf16b66 100644
--- a/docker/openjdk-11/Dockerfile
+++ b/docker/openjdk-11/Dockerfile
@@ -1,9 +1,12 @@
 
-FROM openjdk:11-jre-slim-buster
-
+FROM ubuntu:20.04
 ARG VERSION="dev"
 
-RUN adduser --disabled-password --gecos "" --home /opt/besu besu && \
+RUN apt-get update && \
+ apt-get install --no-install-recommends -q --assume-yes openjdk-11-jre-headless=11* && \
+ apt-get clean  && \
+ rm -rf /var/lib/apt/lists/*  && \
+ adduser --disabled-password --gecos "" --home /opt/besu besu && \
     chown besu:besu /opt/besu
 
 USER besu
diff --git a/docker/openjdk-latest/Dockerfile b/docker/openjdk-latest/Dockerfile
index 77c3444d53..762e935b2b 100644
--- a/docker/openjdk-latest/Dockerfile
+++ b/docker/openjdk-latest/Dockerfile
@@ -1,5 +1,5 @@
 
-FROM debian:bullseye-slim
+FROM ubuntu:20.04
 ARG VERSION="dev"
 
 RUN apt-get update && \
diff --git a/ethereum/evmtool/src/main/docker/Dockerfile b/ethereum/evmtool/src/main/docker/Dockerfile
index bb83b972ae..3f7be38c42 100644
--- a/ethereum/evmtool/src/main/docker/Dockerfile
+++ b/ethereum/evmtool/src/main/docker/Dockerfile
@@ -1,8 +1,13 @@
 
-FROM openjdk:11.0.7-jre-slim-buster
+FROM ubuntu:20.04
+ARG VERSION="dev"
 
-RUN adduser --disabled-password --gecos "" --home /opt/besu-evmtool besu && \
-    chown besu:besu /opt/besu-evmtool
+RUN apt-get update && \
+ apt-get install --no-install-recommends -q --assume-yes openjdk-17-jre-headless=17* && \
+ apt-get clean  && \
+ rm -rf /var/lib/apt/lists/*  && \
+ adduser --disabled-password --gecos "" --home /opt/besu besu && \
+    chown besu:besu /opt/besu
 
 USER besu
 WORKDIR /opt/besu-evmtool