docker_*.sh: add kvm support, X11 authentication, update README.md instructions. Bump docker image to v.0.2.7 with pinned hash under CircleCI #2036

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

tlaurion merged 4 commits into linuxboot:master from tlaurion:bugfix-qemu_kvm

Feb 8, 2026

.circleci/config.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -48,7 +48,8 @@ commands: @@
     jobs:
       prep_env:
         docker:
-          - image: tlaurion/heads-dev-env:v0.2.5
+          # Docker image: tlaurion/heads-dev-env:v0.2.7
+          - image: tlaurion/heads-dev-env@sha256:5f890f3d1b6b57f9e567191695df003a2ee880f084f5dfe7a5633e3e8f937479
         resource_class: large
         working_directory: ~/heads
         steps:
@@ Expand Down Expand Up / @@ -123,7 +124,8 @@ jobs: @@
       build_and_persist:
         docker:
-          - image: tlaurion/heads-dev-env:v0.2.5
+          # Docker image: tlaurion/heads-dev-env:v0.2.7
+          - image: tlaurion/heads-dev-env@sha256:5f890f3d1b6b57f9e567191695df003a2ee880f084f5dfe7a5633e3e8f937479
         resource_class: large
         working_directory: ~/heads
         parameters:
@@ Expand Down Expand Up / @@ -151,7 +153,8 @@ jobs: @@
       build:
         docker:
-          - image: tlaurion/heads-dev-env:v0.2.5
+          # Docker image: tlaurion/heads-dev-env:v0.2.7
+          - image: tlaurion/heads-dev-env@sha256:5f890f3d1b6b57f9e567191695df003a2ee880f084f5dfe7a5633e3e8f937479
         resource_class: large
         working_directory: ~/heads
         parameters:
@@ Expand All / @@ -172,7 +175,8 @@ jobs: @@
       save_cache:
         docker:
-          - image: tlaurion/heads-dev-env:v0.2.5
+          # Docker image: tlaurion/heads-dev-env:v0.2.7
+          - image: tlaurion/heads-dev-env@sha256:5f890f3d1b6b57f9e567191695df003a2ee880f084f5dfe7a5633e3e8f937479
         resource_class: large
         working_directory: ~/heads
         steps:
@@ Expand Down @@

README.md

Large diffs are not rendered by default.

docker/DOCKER_REPRO_DIGEST

-Original file line number
+Diff line change
@@ -0,0 +1,13 @@
+    # Optional: pin the Docker image used by ./docker_repro.sh to an immutable digest
+    # This file is read by docker_repro.sh if DOCKER_REPRO_DIGEST is not set in the
+    # environment. The first non-empty, non-comment line is used as the digest value.
+    # Acceptable formats are:
+    #  - sha256:<64-hex>
+    #  - sha256-<64-hex>  (will be normalized to sha256:<hex>)
+    #  - <64-hex>         (will be normalized to sha256:<hex>)
+    # Example:
+    # sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+    # Place the digest on the first non-comment line below (remove the leading '#')
+    # Version: v0.2.7
+    sha256:5f890f3d1b6b57f9e567191695df003a2ee880f084f5dfe7a5633e3e8f937479

docker/check_reproducibility.sh

-Original file line number
+Diff line change
@@ -0,0 +1,53 @@
+    #!/bin/bash
+    # Helper to compare local Docker image digest with remote docker.io
+    # Usage: ./docker/check_reproducibility.sh [local_image] [remote_image]
+    # Example:
+    #   ./docker/check_reproducibility.sh linuxboot/heads:dev-env tlaurion/heads-dev-env:latest
+    set -euo pipefail
+    usage() {
+      cat <<'USAGE' >&2
+    Usage: $0 [local_image] [remote_image]
+    Compare a local Docker image digest with a remote docker.io image.
+    Arguments:
+      local_image   Local image to check (default: linuxboot/heads:dev-env)
+      remote_image  Remote docker.io image to compare against (default: ${HEADS_MAINTAINER_DOCKER_IMAGE}:latest, where HEADS_MAINTAINER_DOCKER_IMAGE defaults to tlaurion/heads-dev-env)
+    Environment:
+      HEADS_MAINTAINER_DOCKER_IMAGE  Override the canonical maintainer's image repository (default: tlaurion/heads-dev-env)
+    Examples:
+      ./docker/check_reproducibility.sh
+      ./docker/check_reproducibility.sh linuxboot/heads:dev-env tlaurion/heads-dev-env:latest
+      ./docker/check_reproducibility.sh linuxboot/heads:dev-env tlaurion/heads-dev-env:v0.2.7
+      HEADS_MAINTAINER_DOCKER_IMAGE="myuser/heads-dev-env" ./docker/check_reproducibility.sh
+    Requirements:
+      - docker CLI (required; to inspect local images and perform pulls)
+      - Recommended (optional): `skopeo` (preferred for manifest inspection without pulling), `jq` + `curl` (fallback to query Docker Hub API). If these are missing the script will fall back to `docker pull` which may download large image layers.
+      - Network access (to pull remote images or query registries)
+    USAGE
+    }
+    if [ "${1:-}" = "-h" ] || [ "${1:-}" = "--help" ]; then
+      usage
+      exit 0
+    fi
+    echo "=== Docker Image Reproducibility Check ===" >&2
+    # Source shared helpers and delegate to centralized reproducibility checker
+    # shellcheck source=docker/common.sh
+    source "$(dirname "$0")/common.sh"
+    # Ensure docker is available
+    require_docker || exit $?
+    # Resolve local and remote images (remote uses shared defaulting logic)
+    local_image="${1:-linuxboot/heads:dev-env}"
+    remote_image=$(resolve_repro_remote_image "${2:-}")
+    # Delegate to the refactored checker which prefers image ID / config digest comparison
+    compare_image_reproducibility "${local_image}" "${remote_image}"
+    exit $?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

docker_*.sh: add kvm support, X11 authentication, update README.md instructions. Bump docker image to v.0.2.7 with pinned hash under CircleCI #2036

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Uh oh!