From bf2f54e921b45ed79686b84e791ab01db3a700c8 Mon Sep 17 00:00:00 2001
From: pierwill <pierwill@users.noreply.github.com>
Date: Fri, 4 Feb 2022 14:15:11 -0600
Subject: [PATCH] build: Verify checksum of `rustup-init`

---
 Dockerfile | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index cdad7d48a..d32b94242 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,7 +14,11 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
 
 # Install the currently pinned toolchain with rustup
 COPY rust-toolchain /tmp/
-RUN curl https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init >/tmp/rustup-init && \
+ENV RUSTUP_VERSION="1.24.3"
+ENV RUSTUP_TRIPLE="x86_64-unknown-linux-gnu"
+ENV RUSTUP_SHA="3dc5ef50861ee18657f9db2eeb7392f9c2a6c95c90ab41e45ab4ca71476b4338"
+RUN curl "https://static.rust-lang.org/rustup/archive/${RUSTUP_VERSION}/${RUSTUP_TRIPLE}/rustup-init" >/tmp/rustup-init && \
+    echo "${RUSTUP_SHA}  /tmp/rustup-init" | sha256sum --check && \
     chmod +x /tmp/rustup-init && \
     /tmp/rustup-init -y --no-modify-path --default-toolchain $(cat /tmp/rust-toolchain)
 ENV PATH=/root/.cargo/bin:$PATH