From 17977a701a44352fff50db8ba23bf9f80f2630be Mon Sep 17 00:00:00 2001
From: slipher <slipher@protonmail.com>
Date: Wed, 22 Oct 2025 20:01:13 -0500
Subject: [PATCH] Use fully qualified remote Docker image names

Avoids package squatting vulnerabilities in the presence of multiple
registries a la
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610.
---
 Dockerfile                                    | 2 +-
 docker/unvanquished-chown-system.Dockerfile   | 2 +-
 docker/unvanquished-darling-system.Dockerfile | 2 +-
 docker/unvanquished-linux-system.Dockerfile   | 2 +-
 docker/unvanquished-mingw-system.Dockerfile   | 2 +-
 docker/unvanquished-unizip-system.Dockerfile  | 2 +-
 docker/unvanquished-vm-system.Dockerfile      | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ad13bda..6d48a33 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye-slim
+FROM docker.io/debian:bullseye-slim
 
 # Toolchain dependencies for Unvanquished, Daemon, external_deps, or build-release
 ENV TOOLCHAIN_DEPS=' \
diff --git a/docker/unvanquished-chown-system.Dockerfile b/docker/unvanquished-chown-system.Dockerfile
index 0070c62..e9e0b78 100644
--- a/docker/unvanquished-chown-system.Dockerfile
+++ b/docker/unvanquished-chown-system.Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:trixie-slim
+FROM docker.io/debian:trixie-slim
 
 RUN mkdir /docker
 COPY docker/common.sh /docker
diff --git a/docker/unvanquished-darling-system.Dockerfile b/docker/unvanquished-darling-system.Dockerfile
index 1a1615c..c8fd449 100644
--- a/docker/unvanquished-darling-system.Dockerfile
+++ b/docker/unvanquished-darling-system.Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:focal
+FROM docker.io/ubuntu:focal
 
 ARG build_macos=true
 
diff --git a/docker/unvanquished-linux-system.Dockerfile b/docker/unvanquished-linux-system.Dockerfile
index 51a09a9..7759071 100644
--- a/docker/unvanquished-linux-system.Dockerfile
+++ b/docker/unvanquished-linux-system.Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye-slim
+FROM docker.io/debian:bullseye-slim
 
 ARG build_linux=true
 
diff --git a/docker/unvanquished-mingw-system.Dockerfile b/docker/unvanquished-mingw-system.Dockerfile
index 268d1cc..6b76a18 100644
--- a/docker/unvanquished-mingw-system.Dockerfile
+++ b/docker/unvanquished-mingw-system.Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:trixie-slim
+FROM docker.io/debian:trixie-slim
 
 ARG build_windows=true
 
diff --git a/docker/unvanquished-unizip-system.Dockerfile b/docker/unvanquished-unizip-system.Dockerfile
index daf4554..cf776de 100644
--- a/docker/unvanquished-unizip-system.Dockerfile
+++ b/docker/unvanquished-unizip-system.Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:trixie-slim
+FROM docker.io/debian:trixie-slim
 
 RUN mkdir /docker
 COPY docker/common.sh /docker
diff --git a/docker/unvanquished-vm-system.Dockerfile b/docker/unvanquished-vm-system.Dockerfile
index 30ae116..92dd522 100644
--- a/docker/unvanquished-vm-system.Dockerfile
+++ b/docker/unvanquished-vm-system.Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:trixie-slim
+FROM docker.io/debian:trixie-slim
 
 ARG build_vm=true