From 2fa88ef54ec41415331b8806b8efeac0dcc4f8bb Mon Sep 17 00:00:00 2001
From: Xenia <xenia.fischer@stackable.tech>
Date: Wed, 2 Apr 2025 09:23:24 +0200
Subject: [PATCH] fix: Add `--locked` flag to cargo install commands (#1044)

* fix: Add  flag to cargo install commands

* add changelog entry
---
 CHANGELOG.md                 | 6 ++++++
 ubi8-rust-builder/Dockerfile | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5577c7f84..b8be6aeee 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+### Fixed
+
+- cherry-pick: Add `--locked` flag to `cargo install` commands for reproducible builds ([#1044]).
+
+[#1044]: https://github.com/stackabletech/docker-images/pull/1044
+
 ## [24.3.0] - 2024-03-20
 
 ### Added
diff --git a/ubi8-rust-builder/Dockerfile b/ubi8-rust-builder/Dockerfile
index e7d73e448..806d257bf 100644
--- a/ubi8-rust-builder/Dockerfile
+++ b/ubi8-rust-builder/Dockerfile
@@ -26,7 +26,7 @@ WORKDIR /
 # property in operator-templating/repositories.yaml
 # hadolint ignore=SC1091
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain 1.76.0 \
- && . "$HOME/.cargo/env" && cargo install cargo-cyclonedx@0.4.0 cargo-auditable@0.6.1
+ && . "$HOME/.cargo/env" && cargo install --locked cargo-cyclonedx@0.4.0 cargo-auditable@0.6.1
 
 # Build artifacts will be available in /app.
 RUN mkdir /app