Fix opam-repository commit for reproducible builds

Also, display the actual and expected SHA hashes after building.
2025-01-14 08:39:29 -05:00 · 2017-01-28 13:44:21 +00:00 · 2017-01-28 13:44:21 +00:00 · 07ff3d6147
commit 07ff3d6147
parent d6074f2271
2 changed files with 10 additions and 1 deletions
--- a/5
+++ b/5
@ -1,4 +1,9 @@
 FROM ocaml/opam:debian-8_ocaml-4.03.0
+
+# Pin last known-good version for reproducible builds.
+# Remove this line if you want to test with the latest versions.
+RUN cd opam-repository && git reset --hard 0f17b354206c97e729700ce60ddce3789ccb1d52 && opam update
+
 RUN sudo apt-get install -y m4 libxen-dev
 RUN opam install -y vchan xen-gnt mirage-xen-ocaml mirage-xen-minios io-page mirage-xen mirage
 RUN opam pin add -n -y mirage-nat 'https://github.com/talex5/mirage-nat.git#simplify-checksum'
--- a/build-with-docker.sh
+++ b/build-with-docker.sh
@ -1,4 +1,8 @@
 #!/bin/sh
-set -eux
+set -eu
+echo Building Docker image with dependencies..
 docker build -t qubes-mirage-firewall .
+echo Building Firewall...
 docker run --rm -i -v `pwd`:/home/opam/qubes-mirage-firewall qubes-mirage-firewall
+echo "SHA2 of build:   $(sha256sum mir-qubes-firewall.xen)"
+echo "SHA2 last known: f0c1a06fc4b02b494c81972dc89419af6cffa73b75839c0e8ee3798d77bf69b3"