Docker Build Maintenance

Get your Quay account squared away

The container that performs builds of Debian packages is version controlled in a docker repository at There are tight restrictions over who can make edits here. If you have permissions to do so, you’ll need to make sure your local docker client has credentials to push.

  • First login into your account via the web-portal at
  • Drill into your Account settings via the upper right drop-down (where your username is)
  • Click Generate Encrypted Password
  • From a command-line prompt type docker login with your username and credentials obtained from the previous step.
  • Proceed with update instructions

Performing container updates

If one of the dependencies requires security updates, the build may fail at test_ensure_no_updates_avail . If you have access rights to push to, here is the process to build and push a new container:

cd molecule/builder/
# Build a new container
make build-container

Once the container is built, you can push the container to the registry.

make push-container

You can now test the container by going back to the SecureDrop repository root:

cd ../..
make build-debs

Assuming no errors here, commit the changes in molecule/builder/image_hash in a branch containing the prefix update-builder-.