From 252a98096191286de3794b2aba5f09593169a01c Mon Sep 17 00:00:00 2001
From: Chongyi Zheng <git@zcy.dev>
Date: Thu, 29 Feb 2024 12:12:01 -0500
Subject: [PATCH] build: add glibc via gcompat layer (#5334)

---
 Dockerfile                                        |  6 +-----
 dependencies/sgerrand.rsa.pub                     |  9 ---------
 scripts/install-glibc.sh                          | 15 +--------------
 test/inspec/super-linter/controls/super_linter.rb |  2 +-
 4 files changed, 3 insertions(+), 29 deletions(-)
 delete mode 100644 dependencies/sgerrand.rsa.pub

diff --git a/Dockerfile b/Dockerfile
index d6649a33..4a605785 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -207,13 +207,9 @@ RUN apk add --no-cache --virtual .perl-build-deps \
 #################
 # Install glibc #
 #################
-# Source: https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub
-# Store the key here because the above host is sometimes down, and breaks our builds
-COPY dependencies/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub
-ARG GLIBC_VERSION='2.34-r0'
 COPY scripts/install-glibc.sh /
 RUN --mount=type=secret,id=GITHUB_TOKEN /install-glibc.sh \
-    && rm -rf /install-glibc.sh /sgerrand.rsa.pub
+    && rm -rf /install-glibc.sh
 
 ##################
 # Install chktex #
diff --git a/dependencies/sgerrand.rsa.pub b/dependencies/sgerrand.rsa.pub
deleted file mode 100644
index 3bf38b76..00000000
--- a/dependencies/sgerrand.rsa.pub
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZ2u1KJKUu/fW4A25y9m
-y70AGEa/J3Wi5ibNVGNn1gT1r0VfgeWd0pUybS4UmcHdiNzxJPgoWQhV2SSW1JYu
-tOqKZF5QSN6X937PTUpNBjUvLtTQ1ve1fp39uf/lEXPpFpOPL88LKnDBgbh7wkCp
-m2KzLVGChf83MS0ShL6G9EQIAUxLm99VpgRjwqTQ/KfzGtpke1wqws4au0Ab4qPY
-KXvMLSPLUp7cfulWvhmZSegr5AdhNw5KNizPqCJT8ZrGvgHypXyiFvvAH5YRtSsc
-Zvo9GI2e2MaZyo9/lvb+LbLEJZKEQckqRj4P26gmASrZEPStwc+yqy1ShHLA0j6m
-1QIDAQAB
------END PUBLIC KEY-----
diff --git a/scripts/install-glibc.sh b/scripts/install-glibc.sh
index d594242a..4fbef711 100755
--- a/scripts/install-glibc.sh
+++ b/scripts/install-glibc.sh
@@ -2,20 +2,7 @@
 
 set -euo pipefail
 
-url=$(
-  set -euo pipefail
-  curl -s \
-    -H "Accept: application/vnd.github+json" \
-    -H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
-    "https://api.github.com/repos/sgerrand/alpine-pkg-glibc/releases/tags/${GLIBC_VERSION}" |
-    jq --arg name "glibc-${GLIBC_VERSION}.apk" -r '.assets | .[] | select(.name | contains($name)) | .url'
-)
-curl --retry 5 --retry-delay 5 -sL -o "glibc-${GLIBC_VERSION}.apk" \
-  -H "Accept: application/octet-stream" \
-  -H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
-  "${url}"
-apk add --no-cache --force-overwrite "glibc-${GLIBC_VERSION}.apk"
-rm "glibc-${GLIBC_VERSION}.apk"
+apk add --no-cache gcompat
 
 # Install zlib
 apk add --no-cache --virtual .glibc-build-deps \
diff --git a/test/inspec/super-linter/controls/super_linter.rb b/test/inspec/super-linter/controls/super_linter.rb
index 0551a166..cae05fc8 100644
--- a/test/inspec/super-linter/controls/super_linter.rb
+++ b/test/inspec/super-linter/controls/super_linter.rb
@@ -39,9 +39,9 @@ control "super-linter-installed-packages" do
     "coreutils",
     "curl",
     "file",
+    "gcompat",
     "git-lfs",
     "git",
-    "glibc",
     "go",
     "jq",
     "libxml2-utils",