fix: update apt.llvm.org gpg key checksum

[Ron (rjaegers)]

🚀 Hey, I have created a Pull Request

Description of changes

According to apt.llvm.org the GPG key was updated to support SHA-512, as it was previously using SHA-1 that is deemed compromised/insecure as of 01-feb-2026.

See llvm/llvm-project#179147 and llvm/llvm-project#179148 and the attached screenshot.

✔️ Checklist

• I have followed the contribution guidelines for this repository
• I have added tests for new behavior, and have not broken any existing tests
• I have added or updated relevant documentation
• I have verified that all added components are accounted for in the SBOM

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	21		0	0	0.54s
✅ DOCKERFILE	hadolint	3		0	0	0.68s
✅ GHERKIN	gherkin-lint	6		0	0	2.42s
✅ JSON	npm-package-json-lint	yes		no	no	0.43s
✅ JSON	prettier	21	4	0	0	0.61s
✅ JSON	v8r	21		0	0	7.28s
✅ MARKDOWN	markdownlint	12	0	0	0	0.95s
✅ MARKDOWN	markdown-table-formatter	12	0	0	0	0.24s
✅ REPOSITORY	checkov	yes		no	no	17.75s
✅ REPOSITORY	gitleaks	yes		no	no	0.54s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
⚠️ REPOSITORY	grype	yes		no	20	30.91s
✅ REPOSITORY	secretlint	yes		no	no	0.94s
✅ REPOSITORY	syft	yes		no	no	1.92s
✅ REPOSITORY	trivy	yes		no	no	5.69s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.24s
✅ REPOSITORY	trufflehog	yes		no	no	2.21s
⚠️ SPELL	lychee	81		2	0	21.93s
✅ YAML	prettier	29	0	0	0	0.91s
✅ YAML	v8r	29		0	0	8.31s
✅ YAML	yamllint	29		0	0	0.7s

Detailed Issues

⚠️ REPOSITORY / grype - 20 warnings

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/continuous-integration.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/image-cleanup.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/issue-cleanup.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/issue-creation-tool-versions.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/linting-formatting.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/ossf-scorecard.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/pr-conventional-title.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/pr-image-cleanup.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/pr-report.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/release-build.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/release-please.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/update-dependencies.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/vulnerability-scan.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/wc-acceptance-test.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/wc-build-push.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/wc-dependency-review.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/wc-document-generation.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/wc-integration-test.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/wc-publish-templates.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/wc-sanitize-image-name.yml

warning: 20 warnings emitted

⚠️ SPELL / lychee - 2 errors

[IGNORED] docker://pandoc/extra:3.7.0@sha256:a703d335fa237f8fc3303329d87e2555dca5187930da38bfa9010fa4e690933a | Unsupported: Error creating request client: builder error for url (docker://pandoc/extra:3.7.0@sha256:a703d335fa237f8fc3303329d87e2555dca5187930da38bfa9010fa4e690933a)
[403] https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads | Network error: Forbidden
[IGNORED] https://vscode.dev/redirect?url=vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer | Unsupported: Error creating request client: builder error for url (vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer)
[502] https://github.com/philips-software/amp-devcontainer/network/dependencies | Network error: Bad Gateway
📝 Summary
---------------------
🔍 Total..........126
✅ Successful.....122
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........0
❓ Unknown..........0
🚫 Errors...........2

Errors in README.md
[502] https://github.com/philips-software/amp-devcontainer/network/dependencies | Network error: Bad Gateway

Errors in .github/TOOL_VERSION_ISSUE_TEMPLATE.md
[403] https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads | Network error: Forbidden

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.3.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,DOCKERFILE_HADOLINT,GHERKIN_GHERKIN_LINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

[Copilot]

Pull request overview

This PR updates the GPG key checksum for apt.llvm.org in the C++ devcontainer following an upstream key rotation that now supports SHA-512 signatures. This is a security maintenance update to ensure the container can continue to verify and install LLVM/Clang packages from the official repository.

Changes:

• Updated the SHA-256 checksum for the LLVM GPG key download in the cpp Dockerfile

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-base:edge ➔ ghcr.io/philips-software/amp-devcontainer-base:pr-1162

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	175.16 MB	175.16 MB	+2.09 kB (+0%)	🔼
linux/arm64	167.62 MB	167.63 MB	+1.19 kB (+0%)	🔼

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-rust:edge ➔ ghcr.io/philips-software/amp-devcontainer-rust:pr-1162

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	555.57 MB	555.57 MB	+2.05 kB (+0%)	🔼
linux/arm64	509.75 MB	509.75 MB	+1.6 kB (+0%)	🔼

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-cpp:edge ➔ ghcr.io/philips-software/amp-devcontainer-cpp:pr-1162

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	696.88 MB	696.88 MB	+2.2 kB (+0%)	🔼
linux/arm64	677.68 MB	677.68 MB	+1.11 kB (+0%)	🔼

[github-actions]

Test Results

 7 files  ±0   7 suites  ±0   6m 12s ⏱️ -1s
33 tests ±0  33 ✅ ±0  0 💤 ±0  0 ❌ ±0 
69 runs  ±0  69 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit b0be6b6. ± Comparison against base commit bfe1bc2.

[github-actions]

Pull Request Report (#1162)

Static measures

Description	Value
Number of added lines	1
Number of deleted lines	1
Number of changed files	1
Number of commits	1
Number of reviews	2
Number of comments (w/o review comments)	6
Number of reviews that contains a comment to resolve	1
Number of reviews that requested a change from the author	0
Number of reviews that approved the Pull Request	1
Get the total number of participants of a Pull Request	5

Time related measures

Description	Value
PR lead time (from creation to close of PR)	2.1 Hours
Time that was spend on the branch before the PR was created	1.3 Min
Time that was spend on the branch before the PR was merged	2.1 Hours
Time to merge after last review	43.1 Min

Status check related measures

Description	Value
Total runtime for last status check run (Workflow for PR)	53.1 Min
Total time spend in last status check run on PR	18.5 Min