From 40d12ffcd68a32ee24cd9d4733cca2607e482ad3 Mon Sep 17 00:00:00 2001 From: Jon Ayers Date: Mon, 4 Aug 2025 00:02:07 +0000 Subject: [PATCH] chore: check integrity of Go in Dockefile --- dogfood/coder/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dogfood/coder/Dockerfile b/dogfood/coder/Dockerfile index 4e86b9e7ddf8c..4820eec56989b 100644 --- a/dogfood/coder/Dockerfile +++ b/dogfood/coder/Dockerfile @@ -12,6 +12,7 @@ FROM ubuntu:jammy@sha256:0e5e4a57c2499249aafc3b40fcd541e9a456aab7296681a3994d631 # Install Go manually, so that we can control the version ARG GO_VERSION=1.24.4 +ARG GO_CHECKSUM="77e5da33bb72aeaef1ba4418b6fe511bc4d041873cbf82e5aa6318740df98717" # Boring Go is needed to build FIPS-compliant binaries. RUN apt-get update && \ @@ -19,6 +20,7 @@ RUN apt-get update && \ curl --silent --show-error --location \ "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" \ -o /usr/local/go.tar.gz && \ + echo "$GO_CHECKSUM /usr/local/go.tar.gz" | sha256sum -c && \ rm -rf /var/lib/apt/lists/* ENV PATH=$PATH:/usr/local/go/bin