hyperpolymath · hyperpolymath · May 15, 2026 · May 15, 2026
diff --git a/container-stack/cerro-torre/Containerfile b/container-stack/cerro-torre/Containerfile
@@ -33,11 +33,16 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 # embed the version (alr-X.Y.Z-bin-...), so a hardcoded version in the URL
 # silently breaks the moment a new Alire release ships.
 ARG ALIRE_VERSION=2.1.0
+# The release zip lays the binary out as `bin/alr` (not a bare `alr` at the
+# archive root), so unzip into /tmp and install the located binary. This is
+# robust to either layout and avoids the `chmod /usr/local/bin/alr: No such
+# file or directory` failure that the naive `unzip -d /usr/local/bin` form hits.
 RUN curl -fsSL "https://github.com/alire-project/alire/releases/download/v${ALIRE_VERSION}/alr-${ALIRE_VERSION}-bin-x86_64-linux.zip" \
         -o /tmp/alr.zip \
-    && unzip /tmp/alr.zip -d /usr/local/bin \
-    && rm /tmp/alr.zip \
-    && chmod +x /usr/local/bin/alr
+    && unzip /tmp/alr.zip -d /tmp/alr-extract \
+    && install -m 0755 "$(find /tmp/alr-extract -type f -name alr | head -n 1)" \
+        /usr/local/bin/alr \
+    && rm -rf /tmp/alr.zip /tmp/alr-extract
 
 # Install Rust toolchain (minimal, stable)
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \
@@ -48,12 +53,19 @@ ENV PATH="/root/.cargo/bin:${PATH}"
 WORKDIR /build
 COPY alire.toml cerro_torre.gpr ./
 COPY src/ src/
+# tests/ is a Source_Dir of cerro_torre.gpr for every Feature_Set (it holds
+# the ct_test_* mains), so the project does not build without it.
+COPY tests/ tests/
 
 # config/ is intentionally NOT copied: Alire generates
 # config/cerro_torre_config.gpr (referenced by cerro_torre.gpr) during
 # `alr build`. The directory is gitignored and absent on a clean checkout,
 # so `COPY config/ config/` broke builds from a fresh clone (stapeln#17).
-RUN alr build
+#
+# -n keeps the build non-interactive: with no prior settings Alire would
+# otherwise prompt for a toolchain; -n auto-selects the default gnat_native
+# + gprbuild and provisions them without blocking on stdin.
+RUN alr -n build
 
 # Build the Rust signing utility
 COPY Cargo.toml Cargo.lock ./

diff --git a/container-stack/cerro-torre/alire.toml b/container-stack/cerro-torre/alire.toml
@@ -17,23 +17,30 @@ tags = ["security", "supply-chain", "linux", "containers", "provenance"]
 # CLI binary is named "ct" (short for Cerro Torre)
 executables = ["ct"]
 
-# Dependencies - start minimal, add as needed
-# Pin to gnatcoll 25 due to project file resolution issue in 26
-[[depends-on]]
-gnatcoll = "~25.0.0"
-
-# For TOML parsing (manifest files)
-[[depends-on]]
-ada_toml = "*"
-
-# For JSON handling (provenance, SBOM output)
-[[depends-on]]
-json = "*"
+# Dependencies - start minimal, add as needed.
+#
+# gnatcoll / ada_toml / json are currently NOT referenced by any source
+# (the code uses the in-tree CT_JSON package; nothing `with`s GNATCOLL,
+# TOML or JSON). Resolving them dragged in libgpr/xmlada, which fail to
+# compile against the build toolchain and broke the full container build
+# (stapeln#17 canary). They are disabled until actually consumed; re-enable
+# the relevant block when the corresponding `with` is introduced.
+#
+# [[depends-on]]
+# gnatcoll = "~25.0.0"
+#
+# [[depends-on]]
+# ada_toml = "*"
+#
+# [[depends-on]]
+# json = "*"
 
 # For formally verified primitives (registry parsing, digest ops, HTTP utils)
-# Version omitted - using local pin (see [[pins]] section below)
-[[depends-on]]
-proven = "*"
+# Temporarily disabled: the upstream `proven` library is not yet vendored
+# into this repo, all `with Proven.*` uses are commented out, and the local
+# pin below pointed at a path absent from a clean checkout (stapeln#17 canary).
+# [[depends-on]]
+# proven = "*"
 
 # For HTTP client (source fetching, registry, transparency) - v0.2
 # Temporarily disabled due to dependency conflicts with gnatcoll 25
@@ -51,6 +58,5 @@ CERRO_BUILD_MODE = ["Development", "Release", "Proof"]
 [gpr-set-externals]
 CERRO_BUILD_MODE = "Development"
 
-# Pin proven to local path (formally verified primitives)
-[[pins]]
-proven = { path = "../proven/bindings/ada" }
+# Pin for proven removed alongside the disabled dependency above; restore
+# both together once the upstream `proven` library is vendored.
diff --git a/container-stack/cerro-torre/src/cli/cerro_cli.adb b/container-stack/cerro-torre/src/cli/cerro_cli.adb
@@ -949,7 +949,10 @@ package body Cerro_CLI is
          --  available on PATH.
          declare
             use GNAT.OS_Lib;
-            CT_Sign_Path : String_Access :=
+            --  Qualify String_Access: both GNAT.OS_Lib and the unit-level
+            --  use of Ada.Strings.Unbounded make it use-visible here, which
+            --  is an ambiguity error under GNAT 14/15.
+            CT_Sign_Path : GNAT.OS_Lib.String_Access :=
                Locate_Exec_On_Path ("ct-sign");
          begin
             if CT_Sign_Path /= null then

diff --git a/container-stack/cerro-torre/src/exporters/oci/cerro_export_oci.adb b/container-stack/cerro-torre/src/exporters/oci/cerro_export_oci.adb
@@ -90,7 +90,7 @@ package body Cerro_Export_OCI is
       Config_Digest : Unbounded_String;
 
       function Execute_Command (Cmd : String; Args : Argument_List) return Boolean is
-         Exe_Path : String_Access := Locate_Exec_On_Path (Cmd);
+         Exe_Path : GNAT.OS_Lib.String_Access := Locate_Exec_On_Path (Cmd);
          Exit_Status : Integer;
       begin
          if Exe_Path = null then
@@ -228,7 +228,7 @@ package body Cerro_Export_OCI is
          LF : constant Character := Character'Val (10);
          Manifest : Unbounded_String;
          Image_Name : constant String := To_String (M.Metadata.Name);
-         Image_Version : constant String := To_String (M.Metadata.Version);
+         Image_Version : constant String := To_String (M.Metadata.Version.Upstream);
          Config_File : constant String := To_String (Config_Digest) (8 .. Length (Config_Digest)) & ".json";
       begin
          Append (Manifest, "[" & LF);
@@ -293,7 +293,7 @@ package body Cerro_Export_OCI is
       --  Populate result
       Result.Status := Success;
       Result.Image_Ref := To_Unbounded_String (
-         "cerro-torre/" & To_String (M.Metadata.Name) & ":" & To_String (M.Metadata.Version));
+         "cerro-torre/" & To_String (M.Metadata.Name) & ":" & To_String (M.Metadata.Version.Upstream));
       Result.Digest := Config_Digest;
       Result.Layers := 1;
 
@@ -373,7 +373,8 @@ package body Cerro_Export_OCI is
             (Cmd : String; Args : GNAT.OS_Lib.Argument_List) return Boolean
          is
             use GNAT.OS_Lib;
-            Exe_Path    : String_Access := Locate_Exec_On_Path (Cmd);
+            Exe_Path    : GNAT.OS_Lib.String_Access :=
+               Locate_Exec_On_Path (Cmd);
             Exit_Status : Integer;
          begin
             if Exe_Path = null then
@@ -647,7 +648,7 @@ package body Cerro_Export_OCI is
          Create (Marker_File, Out_File, Marker_Path);
          Put_Line (Marker_File, "# Cerro Torre rootfs");
          Put_Line (Marker_File, "# Package: " & To_String (M.Metadata.Name));
-         Put_Line (Marker_File, "# Version: " & To_String (M.Metadata.Version));
+         Put_Line (Marker_File, "# Version: " & To_String (M.Metadata.Version.Upstream));
          Close (Marker_File);
       end;
 
@@ -757,7 +758,9 @@ package body Cerro_Export_OCI is
 
       --  Extract source hash as hex string for the attestation
       Source_Digest_Hex : constant String :=
-         Cerro_Crypto.Bytes_To_Hex (M.Provenance.Upstream_Hash.Digest);
+         To_String (M.Provenance.Upstream_Hash.Digest);
+         --  Upstream_Hash.Digest is stored already hex-encoded (see
+         --  Cerro_Manifest.Hash_Value); it is not a raw SHA256_Digest.
 
       --  Compute manifest content hash for the subject
       Manifest_Content : constant String := Cerro_Manifest.To_String (M);
@@ -892,7 +895,9 @@ package body Cerro_Export_OCI is
 
       --  Upstream source hash
       Source_Hash_Hex : constant String :=
-         Cerro_Crypto.Bytes_To_Hex (M.Provenance.Upstream_Hash.Digest);
+         To_String (M.Provenance.Upstream_Hash.Digest);
+         --  Upstream_Hash.Digest is stored already hex-encoded (see
+         --  Cerro_Manifest.Hash_Value); it is not a raw SHA256_Digest.
 
       File : File_Type;
 

diff --git a/container-stack/cerro-torre/src/importers/debian/cerro_import_debian.adb b/container-stack/cerro-torre/src/importers/debian/cerro_import_debian.adb
@@ -183,7 +183,7 @@ package body Cerro_Import_Debian is
 
             --  Add to result if non-empty
             if Length (Pkg_Name) > 0 then
-               Result.Append ((
+               Result.Append (Dependency_Reference'(
                   Name       => Pkg_Name,
                   Constraint => (Kind => Any)));
             end if;
@@ -722,7 +722,8 @@ package body Cerro_Import_Debian is
          --  Decompress Sources.gz
          declare
             use GNAT.OS_Lib;
-            Gunzip : String_Access := Locate_Exec_On_Path ("gunzip");
+            Gunzip : GNAT.OS_Lib.String_Access :=
+               Locate_Exec_On_Path ("gunzip");
             Args : Argument_List := (new String'("-f"), new String'(Sources_GZ));
             Exit_Status : Integer;
          begin