Bump nix develop based docker image to tlaurion/heads-dev-env:v0.2.7

tlaurion · tlaurion · commit db244c253674 · 2026-02-05T17:19:13.000-05:00
Adds coreboot-utils, needed by diffocsope to investigate changes in coreboot roms

The docker image IS reproducible once pushed (no change on docker.io) after having reordered commits etc.

README.md adapted from bumping to v0.2.7
.circleci/config.yml now includes comment for version and hash for docker pinning

Signed-off-by: Thierry Laurion &lt;insurgo@riseup.net&gt;
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -48,7 +48,8 @@ commands:
 jobs:
   prep_env:
     docker:
-      - image: tlaurion/heads-dev-env:v0.2.5
+      # Docker image: tlaurion/heads-dev-env:v0.2.7
+      - image: tlaurion/heads-dev-env@sha256:5f890f3d1b6b57f9e567191695df003a2ee880f084f5dfe7a5633e3e8f937479
     resource_class: large
     working_directory: ~/heads
     steps:
@@ -123,7 +124,8 @@ jobs:
 
   build_and_persist:
     docker:
-      - image: tlaurion/heads-dev-env:v0.2.5
+      # Docker image: tlaurion/heads-dev-env:v0.2.7
+      - image: tlaurion/heads-dev-env@sha256:5f890f3d1b6b57f9e567191695df003a2ee880f084f5dfe7a5633e3e8f937479
     resource_class: large
     working_directory: ~/heads
     parameters:
@@ -151,7 +153,8 @@ jobs:
 
   build:
     docker:
-      - image: tlaurion/heads-dev-env:v0.2.5
+      # Docker image: tlaurion/heads-dev-env:v0.2.7
+      - image: tlaurion/heads-dev-env@sha256:5f890f3d1b6b57f9e567191695df003a2ee880f084f5dfe7a5633e3e8f937479
     resource_class: large
     working_directory: ~/heads
     parameters:
@@ -172,7 +175,8 @@ jobs:
 
   save_cache:
     docker:
-      - image: tlaurion/heads-dev-env:v0.2.5
+      # Docker image: tlaurion/heads-dev-env:v0.2.7
+      - image: tlaurion/heads-dev-env@sha256:5f890f3d1b6b57f9e567191695df003a2ee880f084f5dfe7a5633e3e8f937479
     resource_class: large
     working_directory: ~/heads
     steps:
diff --git a/docker/DOCKER_REPRO_DIGEST b/docker/DOCKER_REPRO_DIGEST
@@ -9,4 +9,5 @@
 # sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
 # Place the digest on the first non-comment line below (remove the leading '#')
-sha256-50a9110cdfc6a74a383169d7c624139c3b3e05567b87203498118a8a33dd79f1
+# Version: v0.2.7
+sha256:5f890f3d1b6b57f9e567191695df003a2ee880f084f5dfe7a5633e3e8f937479
diff --git a/docker/get_digest.sh b/docker/get_digest.sh
@@ -7,7 +7,7 @@ Usage: $0 [--yes|-y] IMAGE[:TAG|@DIGEST]
 
 Helper to print the full 'repo@digest' and the raw digest for a docker image.
 Behavior:
- - The script treats the provided image reference literally. Provide exact `repo/name:tag` or `repo@digest` (e.g. `tlaurion/heads-dev-env:v0.2.6`).
+ - The script treats the provided image reference literally. Provide exact `repo/name:tag` or `repo@digest` (e.g. `tlaurion/heads-dev-env:v0.2.7`).
  - If the image exists locally, the script prints the first RepoDigest (repo@digest) and the raw digest.
  - If the image is not present locally, the script will offer to pull the exact provided reference to obtain a local RepoDigest (interactive or `-y`).
  - The script prefers to operate on local image state (e.g., Docker local RepoDigests). If a local digest is not available it may query the Docker Hub v2 HTTP API (docker.io) via `curl` to obtain an authoritative manifest digest for docker.io images; this requires network access and appropriate registry connectivity. For other registries or Docker versions you may still need to use `docker manifest inspect` or `skopeo inspect` manually if `RepoDigests` is not populated.
@@ -17,9 +17,9 @@ Options:
   -h, --help  Show this help message
 
 Examples:
-  ./docker/get_digest.sh tlaurion/heads-dev-env:v0.2.6
+  ./docker/get_digest.sh tlaurion/heads-dev-env:v0.2.7
   ./docker/get_digest.sh tlaurion/heads-dev-env:latest
-  ./docker/get_digest.sh -y tlaurion/heads-dev-env:v0.2.6
+  ./docker/get_digest.sh -y tlaurion/heads-dev-env:v0.2.7
   # Note: provide the exact repo:name:tag you intend; the script treats the reference literally.
 USAGE
 }
@@ -47,7 +47,7 @@ fi
 image="$1"
 
 # Treat the provided image reference literally and do not try to append ':latest'.
-# The caller should provide the exact reference they intend (e.g. 'tlaurion/heads-dev-env:v0.2.6'),
+# The caller should provide the exact reference they intend (e.g. 'tlaurion/heads-dev-env:v0.2.7'),
 # and the script will inspect that exact reference and prompt to pull it if missing.
 image_provided="${image}"
 image="${image_provided}"
diff --git a/docker/pin-and-run.sh b/docker/pin-and-run.sh
@@ -6,7 +6,7 @@ usage() {
 Usage: $0 [-y|--yes] [-w|--wrapper WRAPPER] IMAGE [-- [WRAPPER [WRAPPER_ARGS...]]]
 
 Helper: obtain an image digest and run a docker wrapper pinned to that digest.
-- IMAGE: an exact docker image ref (e.g. tlaurion/heads-dev-env:v0.2.6)
+- IMAGE: an exact docker image ref (e.g. tlaurion/heads-dev-env:v0.2.7)
 - If the image is not present locally, the helper will probe the registry and
   offer to pull it (use -y/--yes to auto-pull).
 - WRAPPER: the docker wrapper to execute (e.g. ./docker_latest.sh or ./docker_repro.sh).
@@ -20,16 +20,16 @@ Options:
 
 Examples:
   # Interactive: obtain digest and run the 'latest' wrapper pinned to that digest (explicit wrapper recommended)
-  ./docker/pin-and-run.sh tlaurion/heads-dev-env:v0.2.6 -- ./docker_latest.sh make BOARD=qemu-coreboot-fbwhiptail-tpm2
+  ./docker/pin-and-run.sh tlaurion/heads-dev-env:v0.2.7 -- ./docker_latest.sh make BOARD=qemu-coreboot-fbwhiptail-tpm2
 
   # Auto-pull and run (auto-pull the ref to obtain a local digest then run wrapper)
-  ./docker/pin-and-run.sh -y tlaurion/heads-dev-env:v0.2.6 -- ./docker_latest.sh make BOARD=qemu-coreboot-fbwhiptail-tpm2
+  ./docker/pin-and-run.sh -y tlaurion/heads-dev-env:v0.2.7 -- ./docker_latest.sh make BOARD=qemu-coreboot-fbwhiptail-tpm2
 
   # Shortcut: omit the wrapper and just provide the command — the helper will use the default './docker_latest.sh'
-  ./docker/pin-and-run.sh tlaurion/heads-dev-env:v0.2.6 -- make BOARD=qemu-coreboot-fbwhiptail-tpm2
+  ./docker/pin-and-run.sh tlaurion/heads-dev-env:v0.2.7 -- make BOARD=qemu-coreboot-fbwhiptail-tpm2
 
   # Use a different wrapper explicitly (e.g. repro):
-  ./docker/pin-and-run.sh -w ./docker_repro.sh tlaurion/heads-dev-env:v0.2.6 -- make BOARD=qemu-coreboot-fbwhiptail-tpm2
+  ./docker/pin-and-run.sh -w ./docker_repro.sh tlaurion/heads-dev-env:v0.2.7 -- make BOARD=qemu-coreboot-fbwhiptail-tpm2
 USAGE
 }
 
diff --git a/flake.nix b/flake.nix
@@ -30,6 +30,7 @@
         bzip2
         cacert
         ccache
+        coreboot-utils #consumed by diffoscope for ifdtool cbfsutils etc
         cmake
         cpio
         curl

-Original file line number
+Diff line change
         bzip2
         cacert
         ccache
 +        coreboot-utils #consumed by diffoscope for ifdtool cbfsutils etc
         cmake
         cpio
         curl