mirror of
https://github.com/freedomofpress/dangerzone.git
synced 2025-04-28 09:52:37 +02:00
491cca6341
66600f32dc introduced various improvements
to the determinism of the container image in this repository. This
change builds on this effort by ensuring that the base image is pulled
by digest. Image digests are immutable references, unlike tags, which
are mutable (except when optionally configured as immutable in certain
container registries, but not `docker.io`).
16 lines
968 B
Bash
16 lines
968 B
Bash
# Should be the INDEX DIGEST from an image tagged `bookworm-<DATE>-slim`:
|
|
# https://hub.docker.com/_/debian/tags?name=bookworm-
|
|
#
|
|
# Tag for this digest: bookworm-20250224-slim
|
|
DEBIAN_IMAGE_DIGEST=sha256:12c396bd585df7ec21d5679bb6a83d4878bc4415ce926c9e5ea6426d23c60bdc
|
|
# Can be bumped to today's date
|
|
DEBIAN_ARCHIVE_DATE=20250226
|
|
# Can be bumped to the latest date in https://github.com/google/gvisor/tags
|
|
GVISOR_ARCHIVE_DATE=20250217
|
|
# Can be bumped to the latest version and checksum from https://github.com/ebandal/H2Orestart/releases
|
|
H2ORESTART_CHECKSUM=452331f8603ef456264bd72db6fa8a11ca72b392019a8135c0b2f3095037d7b1
|
|
H2ORESTART_VERSION=v0.7.1
|
|
|
|
# Buildkit image (taken from freedomofpress/repro-build)
|
|
BUILDKIT_IMAGE="docker.io/moby/buildkit:v19.0@sha256:14aa1b4dd92ea0a4cd03a54d0c6079046ea98cd0c0ae6176bdd7036ba370cbbe"
|
|
BUILDKIT_IMAGE_ROOTLESS="docker.io/moby/buildkit:v0.19.0-rootless@sha256:e901cffdad753892a7c3afb8b9972549fca02c73888cf340c91ed801fdd96d71"
|