anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(infra): pin Docker base images by digest (DEBT-023)

Browse Source 
All base images (debian:bookworm-slim, ubuntu:22.04, ubuntu:20.04,
rockylinux:9-minimal, centos:7, alpine:3.19, fedora:39,
kalilinux/kali-rolling, archlinux:latest, honeynet/conpot:latest)
now carry their resolved sha256 digest so 'docker pull' is
deterministic. :tag retained for human readability; @sha256 is what
Docker actually resolves. Refresh procedure documented at the top of
decnet/distros.py.
This commit is contained in:
anti
2026-05-03 04:38:39 -04:00
parent 6e19d3a25a
commit dcd558fd91
33 changed files with 74 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
decnet/topology/compose.py
View File

@@ -24,7 +24,8 @@ import yaml
from decnet.services.registry import get_service
_DEFAULT_BASE_IMAGE = "debian:bookworm-slim"
# Pinned by digest; refresh procedure documented in decnet/distros.py.
_DEFAULT_BASE_IMAGE = "debian:bookworm-slim@sha256:f9c6a2fd2ddbc23e336b6257a5245e31f996953ef06cd13a59fa0a1df2d5c252"
# 8 chars matches the git short-SHA convention; collision-safe within
# a single deployment's network namespace.