Fix opam-repository commit for reproducible builds

Thomas Leonard · Thomas Leonard · commit 07ff3d614773 · 2017-01-28T14:17:27.000Z
Also, display the actual and expected SHA hashes after building.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,9 @@
 FROM ocaml/opam:debian-8_ocaml-4.03.0
+
+# Pin last known-good version for reproducible builds.
+# Remove this line if you want to test with the latest versions.
+RUN cd opam-repository && git reset --hard 0f17b354206c97e729700ce60ddce3789ccb1d52 && opam update
+
 RUN sudo apt-get install -y m4 libxen-dev
 RUN opam install -y vchan xen-gnt mirage-xen-ocaml mirage-xen-minios io-page mirage-xen mirage
 RUN opam pin add -n -y mirage-nat 'https://github.com/talex5/mirage-nat.git#simplify-checksum'
diff --git a/build-with-docker.sh b/build-with-docker.sh
@@ -1,4 +1,8 @@
 #!/bin/sh
-set -eux
+set -eu
+echo Building Docker image with dependencies..
 docker build -t qubes-mirage-firewall .
+echo Building Firewall...
 docker run --rm -i -v `pwd`:/home/opam/qubes-mirage-firewall qubes-mirage-firewall
+echo "SHA2 of build:   $(sha256sum mir-qubes-firewall.xen)"
+echo "SHA2 last known: f0c1a06fc4b02b494c81972dc89419af6cffa73b75839c0e8ee3798d77bf69b3"
