SilverMetal

SilverLABS/SilverMetal

Fork 0

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
SysAdmin	eae2b98906	fix(linux/build): re-pin BUILDER_IMAGE to amd64 registry digest Some checks failed Build SilverMetal Linux ISO (reproducibility-gated) / build-and-verify (push) Failing after 11s Details Two corrections to `f9e606d`: 1. Registry hostname: docker-registry:5000 isn't DNS-resolvable on the SLAB docker host (verified). The fleet-wide convention is the canonical docker-registry.silverlabs.uk URL, registered as an insecure-registry in /etc/docker/daemon.json on every docker host. 2. Architecture: the original push from WSL2-on-aarch64 produced an arm64 image that won't run on the amd64 runner. Rebuilt natively on the docker host. New manifest digest (amd64-only): sha256:9e7161f9f180483f434074d7f32c27c907955232bd0c44efe6dc0ee1d9e56ae0 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-26 11:59:52 +01:00
SysAdmin	f9e606d22d	fix(linux/build): pin BUILDER_IMAGE to pushed registry digest (M1.1) Image built from Dockerfile.builder@36f7672 was pushed to both docker-registry:5000 (internal) and docker-registry.silverlabs.uk (external) under tags m1.1-bootstrap + latest. Both URLs serve the same registry, so the manifest digest is identical: sha256:cedef039425e0b0f5901c1023eda820c7aa38ab4b81c2bb1e12d64cadb3d6c85 Default points at the internal hostname for CI; external dev overrides via BUILDER_IMAGE env var. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-26 11:48:48 +01:00
SysAdmin	4444dc11f3	feat(linux/build): scaffold reproducible ISO build pipeline (M1.1) Vendors Kicksecure derivative-maker as a pinned submodule (18.1.7.4), adds the wrapper + verify + diagnose scripts, the pinned builder image, and the reproducibility-gated Gitea Actions workflow. Base flavour only — no hardening overlay (that's M1.2). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-26 04:25:48 +01:00

SysAdmin

eae2b98906

fix(linux/build): re-pin BUILDER_IMAGE to amd64 registry digest

Build SilverMetal Linux ISO (reproducibility-gated) / build-and-verify (push) Failing after 11s

Details

Two corrections to f9e606d:

1. Registry hostname: docker-registry:5000 isn't DNS-resolvable on the
   SLAB docker host (verified). The fleet-wide convention is the canonical
   docker-registry.silverlabs.uk URL, registered as an insecure-registry
   in /etc/docker/daemon.json on every docker host.

2. Architecture: the original push from WSL2-on-aarch64 produced an arm64
   image that won't run on the amd64 runner. Rebuilt natively on the docker
   host. New manifest digest (amd64-only):
     sha256:9e7161f9f180483f434074d7f32c27c907955232bd0c44efe6dc0ee1d9e56ae0

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-26 11:59:52 +01:00

SysAdmin

f9e606d22d

fix(linux/build): pin BUILDER_IMAGE to pushed registry digest (M1.1)

Image built from Dockerfile.builder@36f7672 was pushed to both
docker-registry:5000 (internal) and docker-registry.silverlabs.uk
(external) under tags m1.1-bootstrap + latest. Both URLs serve the
same registry, so the manifest digest is identical:

  sha256:cedef039425e0b0f5901c1023eda820c7aa38ab4b81c2bb1e12d64cadb3d6c85

Default points at the internal hostname for CI; external dev overrides
via BUILDER_IMAGE env var.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-26 11:48:48 +01:00

SysAdmin

4444dc11f3

feat(linux/build): scaffold reproducible ISO build pipeline (M1.1)

Vendors Kicksecure derivative-maker as a pinned submodule (18.1.7.4),
adds the wrapper + verify + diagnose scripts, the pinned builder image,
and the reproducibility-gated Gitea Actions workflow. Base flavour only —
no hardening overlay (that's M1.2).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-26 04:25:48 +01:00

3 Commits