From 665cc44094981a57f2223076903773c72aa1429e Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 11 Nov 2025 21:46:34 -0800
Subject: [PATCH] Explicitly drop `apt-get clean` and use `dist-clean`

The former is a no-op in the base images (https://github.com/debuerreotype/debuerreotype/blob/45491f2c5c8ac76630e1e2d27503528ca29e1f6f/scripts/debuerreotype-minimizing-config#L87-L109), and `apt-get dist-clean` is a safer/better version of the `rm -rf /var/lib/apt/lists/*` that keeps the cryptographic bits that help prevent downgrade attacks.
---
 Dockerfile.integration | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Dockerfile.integration b/Dockerfile.integration
index 72becdf9..c02223ff 100644
--- a/Dockerfile.integration
+++ b/Dockerfile.integration
@@ -8,8 +8,7 @@ ENV GOPATH /go
 WORKDIR /go/src/headscale
 
 RUN apt-get --update install --no-install-recommends --yes less jq sqlite3 dnsutils \
-  && rm -rf /var/lib/apt/lists/* \
-  && apt-get clean
+  && apt-get dist-clean
 RUN mkdir -p /var/run/headscale
 
 # Install delve debugger