From 6c31b2949ab3ccf7c49e587a3d3acd03ddf682de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADtor=20Vasconcellos?= <vasconcellos.dev@gmail.com>
Date: Wed, 28 Feb 2024 06:11:10 -0300
Subject: [PATCH] Implement more suggestions  - Pin genent version to latest
 stable release of UClibc  - Add checksum checks for all ADD clauses in
 Spacedrive server Dockerfile

---
 apps/server/docker/Dockerfile | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/apps/server/docker/Dockerfile b/apps/server/docker/Dockerfile
index dedd53b11ecb..c19c2ecff05b 100644
--- a/apps/server/docker/Dockerfile
+++ b/apps/server/docker/Dockerfile
@@ -5,7 +5,8 @@ ARG REPO_REF=main
 
 FROM debian:bookworm as base
 
-ADD https://gist.githubusercontent.com/HeavenVolkoff/ff7b77b9087f956b8df944772e93c071/raw \
+ADD --chmod=644 --checksum=sha256:8bea540b2cd1a47c94555e746c75fd41a42847a46d8c8c36c7ab6dd9c8526ab4 \
+	https://gist.githubusercontent.com/HeavenVolkoff/ff7b77b9087f956b8df944772e93c071/raw \
 	/etc/apt/apt.conf.d/99docker-apt-config
 
 RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
@@ -102,8 +103,11 @@ ENV TZ=UTC \
 COPY --from=server --chmod=755 /srv/spacedrive/target/release/sd-server /usr/bin/
 COPY --from=server --chmod=755 /lib/x86_64-linux-gnu/libgcc_s.so.1 /usr/lib/
 COPY --from=server --chmod=755 /srv/spacedrive/apps/.deps/lib /usr/lib/spacedrive
-ADD --chmod=755 https://raw.githubusercontent.com/kraj/uClibc/ca1c74d67dd115d059a875150e10b8560a9c35a8/extra/scripts/getent /usr/bin/
-ADD --chmod=755 https://github.com/spacedriveapp/native-deps/releases/download/yolo-2024-02-07/yolov8s.onnx /usr/share/spacedrive/models/yolov8s.onnx
+
+ADD --chmod=755 --checksum=sha256:a99beabea22571cfad4f77422e5d3ed922d9490232d94cb87cf32956766bc42a \
+	https://github.com/kraj/uClibc/raw/v0.9.33.2/extra/scripts/getent /usr/bin/
+ADD --chmod=755 --checksum=sha256:1d127c69218f2cd14964036f2b057c4b2652cda3996c6908605cc139192f66aa \
+	https://github.com/spacedriveapp/native-deps/releases/download/yolo-2024-02-07/yolov8s.onnx /usr/share/spacedrive/models/yolov8s.onnx
 
 COPY --chmod=755 entrypoint.sh /usr/bin/