SysAdmin
4444dc11f3
Vendors Kicksecure derivative-maker as a pinned submodule (18.1.7.4), adds the wrapper + verify + diagnose scripts, the pinned builder image, and the reproducibility-gated Gitea Actions workflow. Base flavour only — no hardening overlay (that's M1.2). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
15 lines
588 B
Bash
15 lines
588 B
Bash
# Pinned snapshot.debian.org timestamp.
|
|
#
|
|
# This is the single value that determines which apt package versions land in
|
|
# the build. Bumping it is a deliberate, reviewed action — never automate it.
|
|
#
|
|
# Format: YYYYMMDDTHHMMSSZ (UTC, ISO 8601 basic, snapshot.debian.org compatible)
|
|
#
|
|
# To bump:
|
|
# 1. Pick a new timestamp from https://snapshot.debian.org/
|
|
# 2. Run a full reproducibility check with the new value
|
|
# 3. Commit the bump in its own PR with the verification log
|
|
#
|
|
# Initial pin: bookworm point-release era (M1.1 implementation date).
|
|
SNAPSHOT_TIMESTAMP=20260415T000000Z
|