Supported Releases
Dockerfile
bookworm with your target release codename.
Build
How It Works
gnupgandca-certificatesare installed from the upstream Debian registry first.- Root.io’s GPG key is imported to
/etc/apt/keyrings/rootio.gpgfor package signature verification. - The API key is written to
/etc/apt/auth.conf.d/rootio.conf- APT reads it automatically and it never appears in the source URL. - For each package,
apt-cache show rootio-<pkg>checks if a Root-patched version exists. If yes, the patched version is installed; if not, the standard upstream package is used. - The auth file is removed in the same
RUNlayer, so credentials are never persisted in the image.
CI/CD Integration
- GitHub Actions
- GitLab CI