SysAdmin
2a163bb9e7
Some checks failed
Build SilverMetal Linux ISO (reproducibility-gated) / build-and-verify (push) Failing after 1m21s
Run #4255 reached deeper into 1100_sanity-tests, finished its apt-get phase, and then died at the supply-chain verification step: /workspace/.../help-steps/git_sanity_test: line 184: sq-git: command not found ERROR: sq-git verification failed: main repo INFO: If this is intentional, configure your own sq-git policy file. See 'buildconfig.d/30_signing_key.conf'. derivative-maker uses sq-git (sequoia-git) to authenticate the commit chain against an OpenPGP policy file before building. The policy file itself ships in the upstream repo (./openpgp-policy.toml) and the trust-root defaults are correctly configured by help-steps/variables (line 232 + 290) for non-redistributable builds — i.e. the verification machinery is fully wired and just needs the binary. Aligns with the upstream container's package list at linux/build/derivative-maker/docker/derivative-maker-docker-setup. Changes: - Dockerfile.builder: add sq, sqv, sqop, sequoia-git, sequoia-chameleon-gnupg, gpg-agent. All available in trixie main. - build.sh: BUILDER_IMAGE digest re-pinned to sha256:c1490bab…5c97 (rebuilt on 10.0.0.51, sq-git binary verified present at /usr/bin/sq-git). No reproducibility implications — image rebuilds against the same pinned snapshot timestamp. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>