Skip to main content

Supported Releases


Dockerfile

Replace both occurrences of bookworm with your target release codename.

Build


How It Works

  1. gnupg and ca-certificates are installed from the upstream Debian registry first.
  2. Root.io’s GPG key is imported to /etc/apt/keyrings/rootio.gpg for package signature verification.
  3. The API key is written to /etc/apt/auth.conf.d/rootio.conf - APT reads it automatically and it never appears in the source URL.
  4. For each package, apt-cache show rootio-<pkg> checks if a Root-patched version exists. If yes, the patched version is installed; if not, the standard upstream package is used.
  5. The auth file is removed in the same RUN layer, so credentials are never persisted in the image.

CI/CD Integration


Troubleshooting