From 67a9d1a015fa4c90ffee0aa7956bc2ae576b38e6 Mon Sep 17 00:00:00 2001
From: Liam Newman <liam@verta.ai>
Date: Wed, 19 Oct 2022 13:12:57 -0700
Subject: [PATCH] Use busybox from alpine

Signed-off-by: Liam Newman <liam@verta.ai>
---
 glibc/Dockerfile  | 12 ++++++++++++
 uclibc/Dockerfile | 12 ++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/glibc/Dockerfile b/glibc/Dockerfile
index 0443145..a5de4b2 100644
--- a/glibc/Dockerfile
+++ b/glibc/Dockerfile
@@ -29,7 +29,19 @@ RUN set -x \
         fi; \
     done
 
+FROM        ${ARCH}alpine:latest as alpine
+
 FROM        ${ARCH}busybox:glibc
 MAINTAINER  The Prometheus Authors <prometheus-developers@googlegroups.com>
 
+# Use the busybox executable from alpine which is generally patched more quickly for vulnerabilities
+COPY --from=alpine /bin/busybox /tmp/busybox
+COPY --from=alpine /lib/ld-musl* /lib/libc.musl* /lib/
+
+RUN cd /lib && \
+    ln -sf $(ls ld-musl*) $(ls libc.musl*) && \
+    rm /bin/* && \
+    /tmp/busybox --install /bin && \
+    mv /tmp/busybox /bin/
+
 COPY --from=0 /rootfs /
diff --git a/uclibc/Dockerfile b/uclibc/Dockerfile
index 0d9b385..48bf108 100644
--- a/uclibc/Dockerfile
+++ b/uclibc/Dockerfile
@@ -28,7 +28,19 @@ RUN set -x \
         fi; \
     done
 
+FROM        ${ARCH}alpine:latest as alpine
+
 FROM        ${ARCH}busybox:uclibc
 MAINTAINER  The Prometheus Authors <prometheus-developers@googlegroups.com>
 
+# Use the busybox executable from alpine which is generally patched more quickly for vulnerabilities
+COPY --from=alpine /bin/busybox /tmp/busybox
+COPY --from=alpine /lib/ld-musl* /lib/libc.musl* /lib/
+
+RUN cd /lib && \
+    ln -sf $(ls ld-musl*) $(ls libc.musl*) && \
+    rm /bin/* && \
+    /tmp/busybox --install /bin && \
+    mv /tmp/busybox /bin/
+
 COPY --from=0 /rootfs /