feat: stagex updates w/ canokey smartcard emulation

Containerfile

@@ -1,56 +1,63 @@
-FROM stagex/alsa-lib:sx2024.09.0@sha256:a41b481187f76c1e9ed4e237977f4892c1507a3b8f8f6736ff3fdd5144bd2afb AS alsa-lib
+FROM stagex/user-alsa-lib:sx2025.02.0@sha256:5e29d15860ea2f01b7b4a614d2ffbc6bb41b87b8892138a93b4adca206105593 AS user-alsa-lib
-FROM stagex/bash:sx2024.09.0@sha256:cb58f55d268fbe7ef629cda86e3a8af893066e4af7f26ef54748b6ad47bdaa66 AS bash
+FROM stagex/core-bash:sx2025.02.0@sha256:ae98e66f8623629151d79fd2b574442778b50bd37511dea8da4237d4c18ce04c AS core-bash
-FROM stagex/bc:sx2024.09.0@sha256:039cc5ac357a17d6374445fe4eed1dac15cc72f615bd9657c17e2c3904d42b62 AS bc
+FROM stagex/core-bc:sx2025.02.0@sha256:8f0a8d3e86a2221f5179a1817f482013dbc5b5f8f985c1a3404a6f3975c5eda9 AS core-bc
-FROM stagex/busybox:sx2024.09.0@sha256:d34bfa56566aa72d605d6cbdc154de8330cf426cfea1bc4ba8013abcac594395 AS busybox
+FROM stagex/core-busybox:sx2025.02.0@sha256:01b31cc07543733fbf6889e596427af943aba2780bc2f514a3d30bb290da7e2a AS core-busybox
-FROM stagex/ccid:sx2024.09.0@sha256:3225dc4a6a1af5f828854157a6b16eb09a0b0f7ebe9d9ee34030afe3966afad1 AS ccid
+FROM stagex/user-ccid:sx2025.02.0@sha256:a2ab2199974a60fc711e881e8cda43007bd39482213fd9fa50c9580e027d6fa8 AS user-ccid
-FROM stagex/cpio:sx2024.09.0@sha256:abccb58edb5f1f31b3b9c8b61cffa10cd56de3307e337335927b8df4d9112d24 AS cpio
+FROM stagex/user-cpio:sx2025.02.0@sha256:d8837d12a89ef7e35c72115a7919224a3246a2e17a685b684628cc03957726ac AS user-cpio
-FROM stagex/curl:sx2024.09.0@sha256:8e5705a77a76c92d058e016184dabd0c4fa2f6117021cc5ff55df35f654cb158 AS curl
+FROM stagex/core-curl:sx2025.02.0@sha256:b65975066d7b2256c51601749d947fa54ce9a23d4f2b46f4de7daf6f11f9730f AS core-curl
-FROM stagex/dtc:sx2024.09.0@sha256:57f8aaa94059c43081b32fccb473ebd2c0cf16878dcf0e24e0e56c910467e93a AS dtc
+FROM stagex/user-dtc:sx2025.02.0@sha256:39231aa3e2ca4e3ac46aa7faea4e7aee5733f425c35ae5ca83e54ce5b3629f89 AS user-dtc
-FROM stagex/eudev:sx2024.09.0@sha256:7da7aed7ea7eb73bda86e206e765bdc8e6367c2c2ae535ccd68c7c1b0a936611 AS eudev
+FROM stagex/user-eudev:sx2025.02.0@sha256:292ece79a82c2d2dc422d44a0d4e65dd6dde0304566a40f286e8e2ff62b59c52 AS user-eudev
-FROM stagex/flashtools:sx2024.09.0@sha256:4e61cc6f0af9aa6116bb93f048c20d00026d75c27dc52b7e8604f0e340c55b80 AS flashtools
+FROM stagex/user-flashtools:sx2025.02.0@sha256:1d3aa7c7e6f061e2f738b9bf01d9584786c9b96ae5f0e84d302278ae687a58cc AS user-flashtools
-FROM stagex/gcc:sx2024.09.0@sha256:439bf36289ef036a934129d69dd6b4c196427e4f8e28bc1a3de5b9aab6e062f0 AS gcc
+FROM stagex/core-gcc:sx2025.02.0@sha256:02896413375c15cbff666fbab7c534caefc8936d53e167a6ea457a05c27e8096 AS core-gcc
-FROM stagex/glib:sx2024.09.0@sha256:d280c18f8b52ce21a26924b0cb1bfb69ea6508b57db73efe22401572e71dbe84 AS glib
+FROM stagex/user-glib:sx2025.02.0@sha256:b7e6e23e3d95b95f1e9183f3571bba21ebc2304c3ce5b545962651d29706f901 AS user-glib
-FROM stagex/gpg:sx2024.09.0@sha256:f63555b39740db63b34c06894a4a9d5e125d04f5d51e799909d06c490e8ecd42 AS gpg
+FROM stagex/core-gmp:sx2025.02.0@sha256:bb8b3e57bbbd105b049f1ab097927f7b33bc25e47b5407dd4e55b259ec5a9a14 AS core-gmp
-FROM stagex/grub:sx2024.09.0@sha256:a14c60f152c759185e5702e910053cb5c0d9eee11f43d8d5d40a84123aece9fd AS grub
+FROM stagex/user-gpg:sx2025.02.0@sha256:df188d540aa18e8b9684941bff9a591270765141f0ad5a87a0e1d7cd9961da7a AS user-gpg
-FROM stagex/ipxe:sx2024.09.0@sha256:5791d9b42c7e9099a0180c4fe6cc4b8e9afc9e6b9ec392099c65c53b71db7908 AS ipxe
+FROM stagex/user-grub:sx2025.02.0@sha256:f2a574d88520fbc37ac233e3380d6cc89ce969e0abd36626fb04179355cf1d92 AS user-grub
-FROM stagex/jq:sx2024.09.0@sha256:3e8b44aa54481bdd46406e9d3a63862f4216f81530a1898b3c144e1c38847a82 AS jq
+FROM stagex/user-icepick:sx2025.02.0@sha256:341262fbc019ae8ce3940fe9bb940810c3cef90ba2e7969a5b28aebc4730593d AS user-icepick
-FROM stagex/jq:sx2024.09.0@sha256:3e8b44aa54481bdd46406e9d3a63862f4216f81530a1898b3c144e1c38847a82 AS jq
+FROM stagex/user-ipxe:sx2025.02.0@sha256:bac91399972e5a12b534ee92ac6be103a9d28758c609926f168924eb9a175e4b AS user-ipxe
-FROM stagex/keyfork:sx2024.09.0@sha256:2288c1d769a0c3c535835019ad4919cc45b094492b5aa959a0eaf1e883a96214 AS keyfork
+FROM stagex/user-jq:sx2025.02.0@sha256:c6b5baceb4c171859d7a75c2919f12558fee7951db3fd87dae76076ac9d85fda AS user-jq
-FROM stagex/libaio:sx2024.09.0@sha256:c8d6dd6f3e6fbda73ac0620b2bc4b4cfe6fa504bf7a17eee3bb56e286c394b8b AS libaio
+FROM stagex/user-keyfork:sx2025.02.0@sha256:16fc7cf733c3654bf92bc4beb2b8d254e0cfdf7a82f1dbe1be4e7acb1e82e29e AS user-keyfork
-FROM stagex/libassuan:sx2024.09.0@sha256:1f31e888ab3f02634009d1a38acca9f25deb827432eb91392e21fd75128a44aa AS libassuan
+FROM stagex/user-libaio:sx2025.02.0@sha256:6ec20e9f3a77c555a6bfcecd5b3461740fc6d3faa9a0f81b97ca3606819ef26b AS user-libaio
-FROM stagex/libffi:sx2024.09.0@sha256:ab647ebf8464e00cde623f86f716e7f50ce82c30eafde813b7977d917ff7143a AS libffi
+FROM stagex/user-libassuan:sx2025.02.0@sha256:3aa891c65990114ba697d1bcf90c51515947daf932ce96d8861658391206c8c7 AS user-libassuan
-FROM stagex/libgcrypt:sx2024.09.0@sha256:49c84a586969ff625b3304dcf8905a98db0da36fb8704e3d7a0771d271509b68 AS libgcrypt
+FROM stagex/core-libffi:sx2025.02.0@sha256:8b22d8fa8aa4da590fcc7257aba1b6a2eb74598f5f60a95900050bf00ce470ac AS core-libffi
-FROM stagex/libgpg-error:sx2024.09.0@sha256:11c17c1ac41f36c85e538bd34a0095a9f17e116f61c38d560350c02a6929e55a AS libgpg-error
+FROM stagex/user-libgcrypt:sx2025.02.0@sha256:2281a0b1093d2bc60f4208f3a34f7e01440c3dac31f122ed9b42a2417d4085c8 AS user-libgcrypt
-FROM stagex/libksba:sx2024.09.0@sha256:2913b382fdb76f02f9d78ee162066e04953ba782b8f722145111617a842f40a3 AS libksba
+FROM stagex/user-libgpg-error:sx2025.02.0@sha256:902cfc4a40cc69e003dec008f4bbf86338f5984847d11f0d422f06a797e656b4 AS user-libgpg-error
-FROM stagex/libqrencode:sx2024.09.0@sha256:8c0f523bdf8d315e7b67cadd584e23d22a316dd1973232d49603e127717e4d1a AS libqrencode
+FROM stagex/user-libksba:sx2025.02.0@sha256:e6b7bd3a005a881b545b6b4066dc6392d741e1f062718428f9115db1a1edf23a AS user-libksba
-FROM stagex/libseccomp:sx2024.09.0@sha256:f48d783989da9d509cc6b4c12ec34e14074ffc1ab7a4f2d1e322c417d967e12f AS libseccomp
+FROM stagex/user-libqrencode:sx2025.02.0@sha256:e6ed8097b670b0ea79018a50efc0cdde3968a2165b9ff3b7b96af92fc8a43b45 AS user-libqrencode
-FROM stagex/libslirp:sx2024.09.0@sha256:9dfb87e4a0adba80b862ce6b96112d96f509ffbca25bb71c60ba5bb5693b481d AS libslirp
+FROM stagex/user-libseccomp:sx2025.02.0@sha256:632684b54847814367247b8d1247832fa56bb0dd8300495c342b0585cca47c10 AS user-libseccomp
-FROM stagex/libtpms:sx2024.09.0@sha256:d909a55137d0bf4a76331c2bf0358ee192d6c93ad77a5099af09ce1bcca2a6cd AS libtpms
+FROM stagex/user-libslirp:sx2025.02.0@sha256:29d98f357f98f91e634659b945ccbe834d37f4c9c7e243aeb8d47ed438df741d AS user-libslirp
-FROM stagex/libusb:sx2024.09.0@sha256:6c0dcf2b9519b1a41066ad71d3b597e9dae84fb73e5d031a3bdd2eb40f78ef94 AS libusb
+FROM stagex/user-libtpms:sx2025.02.0@sha256:09b410b27db7e3adbf61019fbdb6bb09fad597cb32de37f869b2f157332c771b AS user-libtpms
-FROM stagex/libzstd:sx2024.09.0@sha256:a055f8cd6e11b0b8836b2e5e1d755f672edbd344a4f4b5aba94919a6511be4c3 AS libzstd
+FROM stagex/core-libunwind:sx2025.02.0@sha256:ce594ad617278d675db6a9b851fda8988e1f3969849ece0d9cf97192436168d5 AS core-libunwind
-FROM stagex/linux-airgap:sx2024.09.0@sha256:efb98b59ab37a7e33db423eda7a49bb7273b087838fda8098ce6736a0860fc73 AS linux-airgap
+FROM stagex/user-libusb:sx2025.02.0@sha256:b78ca9194fdb8dfb7b7177d16a156fac21e6c9822a0c35a17841400bc1a27f68 AS user-libusb
-FROM stagex/lzo:sx2024.09.0@sha256:09c60840e3e3e5835ec027c21283febc9f8cf53ab887576fbe9c38dbdbdfd571 AS lzo
+FROM stagex/core-libzstd:sx2025.02.0@sha256:23cd975a27e218c5398efd17e1f8c491d31969ab674d3468dbf8b75ba40611ad AS core-libzstd
-FROM stagex/mtools:sx2024.09.0@sha256:c83f7aebce9076903dbf1082aac981d3c0950d9e8952a900e5e072e2a811cda7 AS mtools
+FROM stagex/user-linux-airgap:sx2025.02.0@sha256:a2dbeace3ce085ba487e88b3968fea1ec29ce392f691d28c4b183e1ed9c0df4d AS user-linux-airgap
-FROM stagex/musl:sx2024.09.0@sha256:ad351b875f26294562d21740a3ee51c23609f15e6f9f0310e0994179c4231e1d AS musl
+FROM stagex/user-lzo:sx2025.02.0@sha256:b71c2944073f3fbc1fe543b9e4dfc4f59ec013a763a6209ded77b8f8bd0a33b4 AS user-lzo
-FROM stagex/npth:sx2024.09.0@sha256:21d50ec1421fe75af4bea240d76022ddb8c114fd2805bfeb06fb938e5a58fc0d AS npth
+FROM stagex/user-mtools:sx2025.02.0@sha256:ea76e5f82f9833274a4438e9706779afd9b1c0b197c984c9d54c9887163ffb42 AS user-mtools
-FROM stagex/numactl:sx2024.09.0@sha256:39e667b966a443f42e1c7a8c944203945bd1808ce759df1706bb3b93b0b674c2 AS numactl
+FROM stagex/core-musl:sx2025.02.0@sha256:23d0614f60449015add2369959c89a6ea08e208302773b9a0811ce1195afc3a4 AS core-musl
-FROM stagex/openpgp-card-tools:sx2024.09.0@sha256:56d4696d111b309e536f1b70980db7098cd7823005432e4130432cb2f625cf9f AS openpgp-card-tools
+FROM stagex/user-nettle:sx2025.02.0@sha256:e346d2c60a16e34f0f914a82f22357e5dade255f9ef8c2be006564847ce64ac5 AS user-nettle
-FROM stagex/opensc:sx2024.09.0@sha256:5117a9d39d3b77655b29bf661d9e04eea2001a5b033b2fd6b4297048330ff6e7 AS opensc
+FROM stagex/user-npth:sx2025.02.0@sha256:82462e0c12a8d3e3196ea8b3a647e75efd6d1cc0a84b091a0bb844e0c623d9be AS user-npth
-FROM stagex/openssl:sx2024.09.0@sha256:2c1a9d8fcc6f52cb11a206f380b17d74c1079f04cbb08071a4176648b4df52c1 AS openssl
+FROM stagex/user-numactl:sx2025.02.0@sha256:b89612d78567874127522af2c73d5d0a7d5fffbb37bf4b2193affa679d7f367c AS user-numactl
-FROM stagex/pcsc-lite:sx2024.09.0@sha256:4fe37671197ac768637e95f7395ae1a18412b3f42359d0c0aa9f4e7f684aef4e AS pcsc-lite
+FROM stagex/user-openpgp-card-tools:sx2025.02.0@sha256:77d9f2d949548c22badbf29ff8e43a3329ef568c77c66ddbde8d9e2e2dfecb1b AS user-openpgp-card-tools
-FROM stagex/pcsc-tools:sx2024.09.0@sha256:05046ca5d41a09163eda26785563fd98f0cb1179030c3f4ee3243997a907bb96 AS pcsc-tools
+FROM stagex/user-opensc:sx2025.02.0@sha256:985c0ea0d7ca91b0ed3b2f72c736b75f6d8a392e826f62859f2056a7222f7b75 AS user-opensc
-FROM stagex/qemu:sx2024.09.0@sha256:c9b099bc7d810a581e0e0f68061dd525d7efdb5334d119b4253249a459bd907e AS qemu
+FROM stagex/core-openssl:sx2025.02.0@sha256:b3371fba4b4c61ddd02d97e81d0406d122a552a59f474d23822b099874690af0 AS core-openssl
-FROM stagex/seabios:sx2024.09.0@sha256:f4e535fb1bfc2c7ae1756cdaa2404b1572f6ad195ceabba90d87ed0599fd97d7 AS seabios
+FROM stagex/user-pcsc-lite:sx2025.02.0@sha256:825708912c41d93dd38230f6f481f5876acb5b2959461504bdaa02a942f8c7b4 AS user-pcsc-lite
-FROM stagex/sops:sx2024.09.0@sha256:c742fb1f0c5a4f9d9bc9afc37ba686b247d2b17d55d179409d33736b43c9aaa5 AS sops
+FROM stagex/user-pcsc-tools:sx2025.02.0@sha256:dc609b2eb7ba44f877b481633baa86873e99739573f81fe10d5485eb5a1b4f9d AS user-pcsc-tools
-FROM stagex/swtpm:sx2024.09.0@sha256:c47fb2c4d8690936b4adef832a3f354231bb5a04206bf2fb565218034ce27792 AS swtpm
+FROM stagex/user-qemu:sx2025.02.0@sha256:47653f32fb5874d91969a4b206e8f46f26f056dc2adfc88758d57208a6659b03 AS user-qemu
-FROM stagex/syslinux:sx2024.09.0@sha256:a41388558d7f6d9a29847ee2ff5507ab3100bfe9032ef3b99a3d783ad60ed390 AS syslinux
+FROM stagex/user-canokey-qemu:sx2025.02.0@sha256:aba3be44d4b0da2f4ee52fdc2e2cd5b4f6dd05162323015745d2fd194d3074a7 AS user-canokey-qemu
-FROM stagex/tpm2-tools:sx2024.09.0@sha256:c2fc693ec68a9d097151e5b3dd5b923f0dcc35fd4e0624b91ade3bf21367162c AS tpm2-tools
+FROM stagex/user-seabios:sx2025.02.0@sha256:03eeb1344ad5f94dccdedbb3379906b272b62e246972e9334011746c79f234cf AS user-seabios
-FROM stagex/tpm2-tss:sx2024.09.0@sha256:a8bf8c0973e1b5ba62ce5034a6230684ebe5a142da275d09e81fa2f2f9c87411 AS tpm2-tss
+FROM stagex/user-sops:sx2025.02.0@sha256:1eb6f16dcae77f43dddfed09d471a4aca7db3773e7de5352278c3d334927b0dd AS user-sops
-FROM stagex/util-linux:sx2024.09.0@sha256:7e3f3c1e748f5c216503e69b9f8f2e9f8084ec675fb29b23f3a6f0ed3b20c54a AS util-linux
+FROM stagex/core-zlib:sx2025.02.0@sha256:15860e0789afa0f3ed1bd4e9d771ecb34fbab399064f6aa69c05e71cb8822156 AS core-zlib
-FROM stagex/xorriso:sx2024.09.0@sha256:2205a8f53d4fc569880c311061daa085f40c62b2fd94d556e72bd31b4df9e63a AS xorriso
+FROM stagex/user-sequoia-sq:sx2025.02.0@sha256:48b9a0f425604f46a0587e6dcbf81576f32145363dcfbdb86a9c46af659996a6 AS user-sequoia-sq
-FROM stagex/xz:sx2024.09.0@sha256:b57c5e6144117bc0124855e9538e60c302cc7bf53fafb53e2eef3434015366f1 AS xz
+FROM stagex/user-sequoia-sq-wot:sx2025.02.0@sha256:aeedcfbe20ff38937a0157fa2047a831f187a53deb319d8bee7848cf52b0cd5f AS user-sequoia-sq-wot
-FROM stagex/yq:sx2024.09.0@sha256:bd6882f0f3ea664e9de6cf732cef2fa2781fc2852f5e6502a6aea1e63eb9708b AS yq
+FROM stagex/user-swtpm:sx2025.02.0@sha256:a13468396caeba89123a414500364967ac90af9541bf01b84821db487d7c7cc9 AS user-swtpm
-FROM stagex/zlib:sx2024.09.0@sha256:96b4100550760026065dac57148d99e20a03d17e5ee20d6b32cbacd61125dbb6 AS zlib
+FROM stagex/user-syslinux:sx2025.02.0@sha256:b5e74e7384e6b1f21641296e5188073b65761724a91ae55ecaba9b7164de8c3a AS user-syslinux
+FROM stagex/user-tpm2-tools:sx2025.02.0@sha256:bf5d0c4b62dda736043843a5c59d1ed7c7aaf5e50cbcdb3976025e03384eb709 AS user-tpm2-tools
+FROM stagex/user-tpm2-tss:sx2025.02.0@sha256:816caefc95cadd4b0eaeccd0c2ee45a6093ff49ca8fa49dd3970284629523fd7 AS user-tpm2-tss
+FROM stagex/user-util-linux:sx2025.02.0@sha256:bf03b1aaa92a3877f2d2a35d2c27cf453f95545bc7c355b7d4971b58eddbf7a3 AS user-util-linux
+FROM stagex/user-xorriso:sx2025.02.0@sha256:f3b9f1eebdbc6f2e62a9d4345abb87ea81219fc4afdbdc0412a8a2110282a1a1 AS user-xorriso
+FROM stagex/core-xz:sx2025.02.0@sha256:34824f16967f6bd8ecf24c320e36dfc9cd58d5746d3c524e1b896ebdf5a2e760 AS core-xz
+FROM stagex/user-yq:sx2025.02.0@sha256:9aba3b01cc7d78bc78853121cdcd430a67f543eebae30220f233659039ce6e54 AS user-yq
+FROM stagex/core-zlib:sx2025.02.0@sha256:15860e0789afa0f3ed1bd4e9d771ecb34fbab399064f6aa69c05e71cb8822156 AS core-zlib
 
 FROM scratch AS base
 ARG VERSION development
@@ -58,72 +65,80 @@ ARG GIT_TIMESTAMP null
 ARG GIT_AUTHOR null
 ARG GIT_REF null
 ARG GIT_PUBKEY null
-COPY --from=busybox . /
+COPY --from=core-busybox . /
-COPY --from=musl . /
+COPY --from=core-musl . /
-COPY --from=xorriso . /
+COPY --from=core-xz . /
-COPY --from=cpio . /
+COPY --from=user-xorriso . /
-COPY --from=mtools . /
+COPY --from=user-cpio . /
-COPY --from=xz . /
+COPY --from=user-mtools . /
-COPY --from=grub . /
+COPY --from=user-grub . /
 
 FROM base as dev
-COPY --from=gcc . /
+COPY --from=core-gcc . /
-COPY --from=glib . /
+COPY --from=core-zlib . /
-COPY --from=alsa-lib . /
+COPY --from=user-glib . /
-COPY --from=lzo . /
+COPY --from=user-alsa-lib . /
-COPY --from=dtc . /
+COPY --from=user-lzo . /
-COPY --from=zlib . /
+COPY --from=user-dtc . /
-COPY --from=numactl . /
+COPY --from=user-numactl . /
-COPY --from=libaio . /
+COPY --from=user-libaio . /
-COPY --from=libseccomp . /
+COPY --from=user-libseccomp . /
-COPY --from=libffi . /
+COPY --from=core-libffi . /
-COPY --from=libzstd . /
+COPY --from=core-libzstd . /
-COPY --from=libslirp . /
+COPY --from=user-libslirp . /
-COPY --from=seabios . /
+COPY --from=user-seabios . /
-COPY --from=ipxe . /
+COPY --from=user-ipxe . /
-COPY --from=qemu . /
+COPY --from=user-qemu . /
-COPY --from=swtpm . /
+COPY --from=user-canokey-qemu . /
-COPY --from=openssl . /
+COPY --from=user-swtpm . /
-COPY --from=curl . /
+COPY --from=core-openssl . /
-COPY --from=libtpms . /
+COPY --from=core-curl . /
-COPY --from=tpm2-tss . /
+COPY --from=user-libtpms . /
-COPY --from=tpm2-tools . /
+COPY --from=user-tpm2-tss . /
+COPY --from=user-tpm2-tools . /
 
 FROM base AS build
 
 ## Kernel
-COPY --from=linux-airgap /bzImage iso/boot/vmlinuz
+COPY --from=user-linux-airgap /bzImage iso/boot/vmlinuz
 
 ## Initramfs
-COPY --from=busybox . initramfs
+COPY --from=core-busybox . initramfs
-COPY --from=eudev . initramfs
+COPY --from=user-eudev . initramfs
-COPY --from=musl . initramfs
+COPY --from=core-musl . initramfs
-COPY --from=zlib . initramfs
+COPY --from=core-zlib . initramfs
-COPY --from=npth . initramfs
+COPY --from=user-npth . initramfs
-COPY --from=libksba . initramfs
+COPY --from=user-libksba . initramfs
-COPY --from=libgpg-error . initramfs
+COPY --from=user-libgpg-error . initramfs
-COPY --from=libassuan . initramfs
+COPY --from=user-libassuan . initramfs
-COPY --from=libgcrypt . initramfs
+COPY --from=user-libgcrypt . initramfs
-COPY --from=keyfork . initramfs
+COPY --from=core-bash . initramfs
-COPY --from=bash . initramfs
+COPY --from=user-gpg . initramfs
-COPY --from=gpg . initramfs
+COPY --from=user-jq . initramfs
-COPY --from=jq . initramfs
+COPY --from=user-yq . initramfs
-COPY --from=yq . initramfs
+COPY --from=core-bc . initramfs
-COPY --from=bc . initramfs
+COPY --from=user-flashtools . initramfs
-COPY --from=flashtools . initramfs
+COPY --from=core-curl . initramfs
-COPY --from=curl . initramfs
+COPY --from=user-tpm2-tools . initramfs
-COPY --from=tpm2-tools . initramfs
+COPY --from=user-tpm2-tss . initramfs
-COPY --from=tpm2-tss . initramfs
+COPY --from=core-openssl . initramfs
-COPY --from=openssl . initramfs
+COPY --from=user-libusb . initramfs
-COPY --from=libusb . initramfs
+COPY --from=user-ccid . initramfs
-COPY --from=ccid . initramfs
+COPY --from=user-pcsc-lite . initramfs
-COPY --from=pcsc-lite . initramfs
+COPY --from=user-pcsc-tools . initramfs
-COPY --from=pcsc-tools . initramfs
+COPY --from=user-libqrencode . initramfs
-COPY --from=openpgp-card-tools . initramfs
+COPY --from=core-gmp . initramfs
-COPY --from=libqrencode . initramfs
+COPY --from=core-libunwind . initramfs
-COPY --from=opensc . initramfs
+COPY --from=user-nettle . initramfs
-COPY --from=util-linux . initramfs
+COPY --from=user-opensc . initramfs
-COPY --from=sops . initramfs
+COPY --from=user-util-linux . initramfs
+COPY --from=user-sops . initramfs
+COPY --from=core-gcc /usr/lib/libgcc* initramfs/usr/lib/
+COPY --from=user-openpgp-card-tools . initramfs
+COPY --from=user-sequoia-sq . initramfs
+COPY --from=user-sequoia-sq-wot . initramfs
+COPY --from=user-keyfork . initramfs
+COPY --from=user-icepick . initramfs
 COPY rootfs/ initramfs
 COPY <<-EOF initramfs/etc/environment
     export VERSION="$VERSION"
@@ -183,7 +198,7 @@ EOF
 
 ## Syslinux (BIOS Boot)
 COPY config/syslinux.cfg iso/boot/syslinux/
-COPY --from=syslinux \
+COPY --from=user-syslinux \
     /usr/share/syslinux/isohdpfx.bin \
     /usr/share/syslinux/isolinux.bin \
     /usr/share/syslinux/ldlinux.c32 \

Makefile

@@ -58,14 +58,15 @@ vm: out/dev-shell.digest out/airgap.iso out/sdcard.img
 			-m 4G \
 			-machine pc \
 			-chardev socket,id=chrtpm,path=vtpm-sock \
+			-usb -device canokey,file=/out/canokey-file \
 			-tpmdev emulator,id=tpm0,chardev=chrtpm \
 			-device tpm-tis,tpmdev=tpm0 \
 			-usb \
 			-device sdhci-pci \
 			-device sd-card,drive=external \
 			-drive id=external,if=none,format=raw,file=out/sdcard.img \
-    	    -device usb-storage,drive=usbdrive \
+			-device usb-storage,drive=usbdrive \
-    	    -drive id=usbdrive,if=none,format=raw,file=out/airgap.iso \
+			-drive id=usbdrive,if=none,format=raw,file=out/airgap.iso \
 			-boot order=c \
 			-nographic; \
 		"
@@ -76,6 +77,10 @@ vm: out/dev-shell.digest out/airgap.iso out/sdcard.img
 clean:
 	rm -rf out
 
+.PHONY: update
+update:
+	python3 src/update.py
+
 .PHONY: release
 release: clean
 	$(MAKE) NOCACHE=1 VERSION=$(VERSION)

src/update.py

@@ -0,0 +1,29 @@
+#!/usr/bin/env python3
+from requests import Session
+from fileinput import FileInput
+
+target = "Containerfile"
+source = "https://codeberg.org/stagex/stagex/raw/branch/main/digests/"
+stages = ["core","user","bootstrap"]
+
+digests = {}
+for stage in stages:
+    response = Session().get(f"{source}{stage}.txt")
+    for line in response.iter_lines():
+        if not line:
+            continue
+        digest,name = line.decode("utf-8").split(" ")
+        digests[name] = digest
+
+with FileInput(target, inplace=True, backup='.bak') as f:
+    for line in f:
+        if line.startswith("FROM stagex/"):
+            name = line.split("/")[1].split(":")[0]
+            tag = line.split(":")[1].split("@")[0]
+            if name not in digests:
+                for stage in stages:
+                    if f"{stage}-{name}" in digests:
+                        name = f"{stage}-{name}"
+            print(f"FROM stagex/{name}:{tag}@sha256:{digests[name]} AS {name}")
+        else:
+            print(line,end='')