From 40b1c79c97b5e5f68ffd5f5360235d68581b0ae1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Thu, 23 Jun 2022 13:47:43 +0200
Subject: [PATCH] agent: Pin a specific version of image-rs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Let's pin a specific version of image-rs, one that pins a specific
version of ocicrypt-rs on their side, and ensure we don't fall into
issues by consuming the content from main on those repos, and also
helping to ensure reproducible builds from our side.

Fixes: #4517

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 src/agent/Cargo.lock | 4 ++--
 src/agent/Cargo.toml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock
index 24eae3b5d..858de77d2 100644
--- a/src/agent/Cargo.lock
+++ b/src/agent/Cargo.lock
@@ -1487,7 +1487,7 @@ dependencies = [
 [[package]]
 name = "image-rs"
 version = "0.1.0"
-source = "git+https://github.com/confidential-containers/image-rs#ec5f7c53f1860e64c883828ec4c84b03d9b7d123"
+source = "git+https://github.com/confidential-containers/image-rs?rev=ec5f7c53f1860e64c883828ec4c84b03d9b7d123#ec5f7c53f1860e64c883828ec4c84b03d9b7d123"
 dependencies = [
  "anyhow",
  "flate2",
@@ -3304,7 +3304,7 @@ dependencies = [
 [[package]]
 name = "signature"
 version = "0.1.0"
-source = "git+https://github.com/confidential-containers/image-rs#ec5f7c53f1860e64c883828ec4c84b03d9b7d123"
+source = "git+https://github.com/confidential-containers/image-rs?rev=ec5f7c53f1860e64c883828ec4c84b03d9b7d123#ec5f7c53f1860e64c883828ec4c84b03d9b7d123"
 dependencies = [
  "anyhow",
  "base64",
diff --git a/src/agent/Cargo.toml b/src/agent/Cargo.toml
index 8934cad37..4cd2d6f85 100644
--- a/src/agent/Cargo.toml
+++ b/src/agent/Cargo.toml
@@ -65,7 +65,7 @@ toml = "0.5.8"
 clap = { version = "3.0.1", features = ["derive"] }
 
 # Image pull/decrypt
-image-rs = { git = "https://github.com/confidential-containers/image-rs" }
+image-rs = { git = "https://github.com/confidential-containers/image-rs", rev = "ec5f7c53f1860e64c883828ec4c84b03d9b7d123" }
 # "vendored" feature for openssl is required by musl build
 openssl = { version = "0.10.38", features = ["vendored"] }