From 89f87a713c738ebb9f3b5cb1244345580db0c75c Mon Sep 17 00:00:00 2001
From: Wonderfall <wonderfall@protonmail.com>
Date: Fri, 14 May 2021 19:53:14 +0200
Subject: [PATCH] verify hmalloc

---
 Dockerfile | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0421a3d..2daf878 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -26,10 +26,11 @@ FROM alpine:${ALPINE_VERSION} as build-malloc
 
 ARG HARDENED_MALLOC_VERSION
 
-RUN apk --no-cache add build-base && cd /tmp \
- && wget -q https://github.com/GrapheneOS/hardened_malloc/archive/refs/tags/${HARDENED_MALLOC_VERSION}.tar.gz \
- && mkdir hardened_malloc && tar xf ${HARDENED_MALLOC_VERSION}.tar.gz -C hardened_malloc --strip-components 1 \
- && cd hardened_malloc && make
+RUN apk --no-cache add build-base git gnupg && cd /tmp \
+ && wget -q https://github.com/thestinger.gpg && gpg --import thestinger.gpg \
+ && git clone --depth 1 --branch ${HARDENED_MALLOC_VERSION} https://github.com/GrapheneOS/hardened_malloc \
+ && cd hardened_malloc && git verify-tag $(git describe --tags) \
+ && make
 
 
 ### Build GNU Libiconv (needed for nokogiri)