From e03bfc52954a82819cbf8544d783c2b6dca7fc0b Mon Sep 17 00:00:00 2001
From: Carl Kittelberger <icedream@icedream.pw>
Date: Fri, 27 Jan 2017 20:20:51 +0100
Subject: [PATCH] Docker: Run a SHA-512 check on the downloaded archive.

This ensures that our Docker image is 100% reproducibly built with the tested and intended version of the Factorio headless binary package.
---
 Dockerfile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 62d5fe1..ddab88f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,10 +2,14 @@ FROM debian:jessie-slim
 
 ARG FACTORIO_VERSION=0.14.21
 ARG FACTORIO_HEADLESS_URL=https://www.factorio.com/get-download/${FACTORIO_VERSION}/headless/linux64
+ARG FACTORIO_HEADLESS_SHA512=8a7f1e1214b1bbe79e34abadefcc6083be3830822dbe4570ce7fd96d26c6188460c134a0d53207b4e144022792adf1ff6514caf22d7f01ab106cf2d1c01bc2b1
 
 # Unpack and reconfigure Factorio
 ADD ${FACTORIO_HEADLESS_URL} /var/tmp/factorio.tar.gz
 RUN \
+	echo "${FACTORIO_HEADLESS_SHA512} /var/tmp/factorio.tar.gz" |\
+		sha512sum -c --strict - &&\
+	\
 	mkdir -p /opt &&\
 	tar vxf /var/tmp/*.tar* -C /opt/ &&\
 	rm -rf /var/tmp/* /tmp/* &&\