Fix docker-compose checksum verification, bump buildkit

The upstream docker/compose checksums.txt includes entries for all
platforms. Filter to linux-x86_64 only since that's all we download.
The fork's checksums.txt only had the files it published, so this
wasn't an issue before.

Also bump buildkit from v0.20.1-gitpod.5 to v0.20.1-gitpod.6 to
pick up grpc fix for GHSA-p77j-4mvh-x3m3.

Co-authored-by: Ona <no-reply@ona.com>

Author: 2 people

components/docker-up/dependencies.sh

@@ -13,6 +13,8 @@ curl -o docker.tgz      -fsSL "https://download.docker.com/linux/static/stable/x
 curl -o docker-compose  -fsSL "https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-linux-x86_64"
 curl -o docker-compose-linux-x86_64.provenance.json -fsSL "https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-linux-x86_64.provenance.json"
 curl -o docker-compose-linux-x86_64.sbom.json -fsSL "https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-linux-x86_64.sbom.json"
-curl -o checksums.txt  -fsSL "https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/checksums.txt"
+# Filter checksums to only the linux-x86_64 files we downloaded
+curl -fsSL "https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/checksums.txt" \
+  | grep "linux-x86_64" > checksums.txt
 
 curl -o runc            -fsSL "https://github.com/opencontainers/runc/releases/download/${RUNC_VERSION}/runc.amd64"

components/image-builder-bob/leeway.Dockerfile

@@ -2,7 +2,7 @@
 # Licensed under the GNU Affero General Public License (AGPL).
 # See License.AGPL.txt in the project root for license information.
 
-FROM ghcr.io/gitpod-io/buildkit:v0.20.1-gitpod.5
+FROM ghcr.io/gitpod-io/buildkit:v0.20.1-gitpod.6
 
 USER root
 RUN apk --no-cache add sudo bash \