diff --git a/Dockerfile b/Dockerfile
index 9b8527e..0b1ca9d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,19 +1,21 @@
-###########################################
-# Build PyMuPDF
+ARG DEBIAN_DATE=20241202
 
-FROM debian:bookworm-20230904-slim as dangerzone-image
+###########################################
+# Build Dangerzone container image (inner)
+
+FROM debian:bookworm-${DEBIAN_DATE}-slim as dangerzone-image
 ENV DEBIAN_FRONTEND=noninteractive
 RUN \
   --mount=type=cache,target=/var/cache/apt,sharing=locked \
   --mount=type=cache,target=/var/lib/apt,sharing=locked \
-  --mount=type=bind,source=./repro-sources-list.sh,target=/usr/local/bin/repro-sources-list.sh \
+  --mount=type=bind,source=./oci/repro-sources-list.sh,target=/usr/local/bin/repro-sources-list.sh \
   repro-sources-list.sh && \
   apt-get update && \
   apt-get install -y --no-install-recommends python3-fitz libreoffice-nogui libreoffice-java-common python3 python3-magic default-jdk-headless fonts-noto-cjk && \
   : "Clean up for improving reproducibility (optional)" && \
   rm -rf /var/cache/fontconfig/ && \
   rm -rf /etc/ssl/certs/java/cacerts && \
-  rm -rf /var/log/* /var/cache/ldconfig/aux-cache /var/lib/apt/lists/*
+  rm -rf /var/log/* /var/cache/ldconfig/aux-cache
 
 RUN mkdir -p /opt/dangerzone/dangerzone && \
   touch /opt/dangerzone/dangerzone/__init__.py && \
@@ -22,38 +24,45 @@ RUN mkdir -p /opt/dangerzone/dangerzone && \
 
 COPY conversion/doc_to_pixels.py conversion/common.py conversion/errors.py conversion/__init__.py /opt/dangerzone/dangerzone/conversion
 
-###########################################
-# gVisor wrapper image
+####################################
+# Build gVisor wrapper image (outer)
 
-FROM alpine:latest as gvisor-image
+FROM debian:bookworm-${DEBIAN_DATE}-slim
 
-RUN GVISOR_URL="https://storage.googleapis.com/gvisor/releases/release/latest/$(uname -m)"; \
-    wget "${GVISOR_URL}/runsc" "${GVISOR_URL}/runsc.sha512" && \
-    sha512sum -c runsc.sha512 && \
-    rm -f runsc.sha512 && \
-    chmod 555 runsc && \
-    mv runsc /usr/bin/
+ARG GVISOR_DATE=20241202
 
-###########################################
-# gVisor wrapper image
-
-FROM debian:bookworm-20230904-slim
 ENV DEBIAN_FRONTEND=noninteractive
 RUN \
   --mount=type=cache,target=/var/cache/apt,sharing=locked \
   --mount=type=cache,target=/var/lib/apt,sharing=locked \
-  --mount=type=bind,source=./repro-sources-list.sh,target=/usr/local/bin/repro-sources-list.sh \
+  --mount=type=bind,source=./oci/repro-sources-list.sh,target=/usr/local/bin/repro-sources-list.sh \
+  --mount=type=bind,source=./oci/gvisor.key,target=/tmp/gvisor.key
   repro-sources-list.sh && \
+  : "Setup APT to install gVisor from its separate APT repo" && \
   apt-get update && \
-  apt-get install -y --no-install-recommends python3 && \
+  apt-get install -y --no-install-recommends apt-transport-https ca-certificates gnupg && \
+  gpg -o /usr/share/keyrings/gvisor-archive-keyring.gpg --dearmor /tmp/gvisor.key && \
+  echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/gvisor-archive-keyring.gpg] https://storage.googleapis.com/gvisor/releases ${GVISOR_DATE} main" > /etc/apt/sources.list.d/gvisor.list
+  : "Install Pthon3 and gVisor" && \
+  apt-get update && \
+  apt-get install -y --no-install-recommends python3 runsc && \
   : "Clean up for improving reproducibility (optional)" && \
-  rm -rf /var/log/* /var/cache/ldconfig/aux-cache /var/lib/apt/lists/*
+  rm -rf /var/log/* /var/cache/ldconfig/aux-cache
+
+# Download H2ORestart from GitHub using a pinned version and hash. Note that
+# it's available in Debian repos, but not Bookworm just yet.
+ARG H2ORESTART_CHECKSUM=d09bc5c93fe2483a7e4a57985d2a8d0e4efae2efb04375fe4b59a68afd7241e2
+ARG H2ORESTART_VERSION=v0.6.7
+
+RUN mkdir /libreoffice_ext && cd libreoffice_ext \
+    && H2ORESTART_FILENAME=h2orestart.oxt \
+    && wget https://github.com/ebandal/H2Orestart/releases/download/$H2ORESTART_VERSION/$H2ORESTART_FILENAME \
+    && echo "$H2ORESTART_CHECKSUM  $H2ORESTART_FILENAME" | sha256sum -c \
+    && install -dm777 "/usr/lib/libreoffice/share/extensions/"
 
 RUN addgroup --gid 1000 dangerzone && \
   adduser --uid 1000 --ingroup dangerzone --shell /bin/true --home /home/dangerzone dangerzone
 
-COPY --from=gvisor-image /usr/bin/runsc /usr/bin/runsc
-
 # Switch to the dangerzone user for the rest of the script.
 USER dangerzone
 
@@ -66,6 +75,6 @@ COPY --from=dangerzone-image / /home/dangerzone/dangerzone-image/rootfs
 # store the state of its containers.
 RUN mkdir /home/dangerzone/.containers
 
-COPY gvisor_wrapper/entrypoint.py /
+COPY oci/entrypoint.py /
 
 ENTRYPOINT ["/entrypoint.py"]
diff --git a/dangerzone/gvisor_wrapper/entrypoint.py b/dangerzone/oci/entrypoint.py
similarity index 100%
rename from dangerzone/gvisor_wrapper/entrypoint.py
rename to dangerzone/oci/entrypoint.py
diff --git a/dangerzone/oci/gvisor.key b/dangerzone/oci/gvisor.key
new file mode 100644
index 0000000..8946884
--- /dev/null
+++ b/dangerzone/oci/gvisor.key
@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBF0meAYBEACcBYPOSBiKtid+qTQlbgKGPxUYt0cNZiQqWXylhYUT4PuNlNx5
+s+sBLFvNTpdTrXMmZ8NkekyjD1HardWvebvJT4u+Ho/9jUr4rP71cNwNtocz/w8G
+DsUXSLgH8SDkq6xw0L+5eGc78BBg9cOeBeFBm3UPgxTBXS9Zevoi2w1lzSxkXvjx
+cGzltzMZfPXERljgLzp9AAfhg/2ouqVQm37fY+P/NDzFMJ1XHPIIp9KJl/prBVud
+jJJteFZ5sgL6MwjBQq2kw+q2Jb8Zfjl0BeXDgGMN5M5lGhX2wTfiMbfo7KWyzRnB
+RpSP3BxlLqYeQUuLG5Yx8z3oA3uBkuKaFOKvXtiScxmGM/+Ri2YM3m66imwDhtmP
+AKwTPI3Re4gWWOffglMVSv2sUAY32XZ74yXjY1VhK3bN3WFUPGrgQx4X7GP0A1Te
+lzqkT3VSMXieImTASosK5L5Q8rryvgCeI9tQLn9EpYFCtU3LXvVgTreGNEEjMOnL
+dR7yOU+Fs775stn6ucqmdYarx7CvKUrNAhgEeHMonLe1cjYScF7NfLO1GIrQKJR2
+DE0f+uJZ52inOkO8ufh3WVQJSYszuS3HCY7w5oj1aP38k/y9zZdZvVvwAWZaiqBQ
+iwjVs6Kub76VVZZhRDf4iYs8k1Zh64nXdfQt250d8U5yMPF3wIJ+c1yhxwARAQAB
+tCpUaGUgZ1Zpc29yIEF1dGhvcnMgPGd2aXNvci1ib3RAZ29vZ2xlLmNvbT6JAk4E
+EwEKADgCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQRvHfheOnHCSRjnJ9Vv
+xtVU4yvZQwUCYO4TxQAKCRBvxtVU4yvZQ9UoEACLPV7CnEA2bjCPi0NCWB/Mo1WL
+evqv7Wv7vmXzI1K9DrqOhxuamQW75SVXg1df0hTJWbKFmDAip6NEC2Rg5P+A8hHj
+nW/VG+q4ZFT662jDhnXQiO9L7EZzjyqNF4yWYzzgnqEu/SmGkDLDYiUCcGBqS2oE
+EQfk7RHJSLMJXAnNDH7OUDgrirSssg/dlQ5uAHA9Au80VvC5fsTKza8b3Aydw3SV
+iB8/Yuikbl8wKbpSGiXtR4viElXjNips0+mBqaUk2xpqSBrsfN+FezcInVXaXFeq
+xtpq2/3M3DYbqCRjqeyd9wNi92FHdOusNrK4MYe0pAYbGjc65BwH+F0T4oJ8ZSJV
+lIt+FZ0MqM1T97XadybYFsJh8qvajQpZEPL+zzNncc4f1d80e7+lwIZV/al0FZWW
+Zlp7TpbeO/uW+lHs5W14YKwaQVh1whapKXTrATipNOOSCw2hnfrT8V7Hy55QWaGZ
+f4/kfy929EeCP16d/LqOClv0j0RBr6NhRBQ0l/BE/mXjJwIk6nKwi+Yi4ek1ARi6
+AlCMLn9AZF7aTGpvCiftzIrlyDfVZT5IX03TayxRHZ4b1Rj8eyJaHcjI49u83gkr
+4LGX08lEawn9nxFSx4RCg2swGiYw5F436wwwAIozqJuDASeTa3QND3au5v0oYWnl
+umDySUl5wPaAaALgzA==
+=5/8T
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/dangerzone/repro-sources-list.sh b/dangerzone/oci/repro-sources-list.sh
similarity index 100%
rename from dangerzone/repro-sources-list.sh
rename to dangerzone/oci/repro-sources-list.sh