diff --git a/Dockerfile.dapper b/Dockerfile.dapper
index 1fe513e..14a14c9 100644
--- a/Dockerfile.dapper
+++ b/Dockerfile.dapper
@@ -3,23 +3,32 @@ FROM registry.suse.com/bci/golang:1.25.7
 ARG DAPPER_HOST_ARCH
 ENV ARCH $DAPPER_HOST_ARCH
 
-RUN zypper -n install tar gzip bash git gcc docker vim less file curl wget ca-certificates
+RUN zypper -n install tar gzip bash git gcc docker docker-buildx vim less file curl wget ca-certificates
 
 RUN zypper addrepo http://download.opensuse.org/distribution/leap/15.3/repo/oss/ oss && \
     zypper --gpg-auto-import-keys refresh && \
     zypper in -y qemu-x86 qemu-tools
 
+# Get checksums at https://github.com/kubernetes-sigs/controller-tools/blob/main/envtest-releases.yaml
 RUN export K8S_VERSION=1.24.2 && \
-    curl -sSfLO "https://github.com/kubernetes-sigs/controller-tools/releases/download/envtest-v${K8S_VERSION}/envtest-v${K8S_VERSION}-$(go env GOOS)-$(go env GOARCH).tar.gz" && \
+    export OS=$(go env GOOS) && \
+    export ARCH=$(go env GOARCH) && \
+    case "${OS}-${ARCH}" in \
+        darwin-amd64) EXPECTED_HASH="8d0a73308daafbb65ed97449bce81e09d249045d4594ce4e4050cc8c5f2aa3147bf4a4fbda6b73a18b0a0cba4f88a01a4e0b9f66c371eba924e3bb36fe9860d5" ;; \
+        darwin-arm64) EXPECTED_HASH="f2eb57ac07a0eeb97d6a8e36bc397eb0b5bcaa432ccadb5a574d5684dd482d2121a193f3dfdf1ee04b4df7cdead8d899c5a57e753283ea406bad560063dbabb7" ;; \
+        linux-amd64) EXPECTED_HASH="2b330c1802f7fd858a8a6e97141b07a4260eec135712c8913d36bb8e48f8dbfa45a8e5b13c15e7c20127a55d75bfda5007bf018e853cf156e3ac2b019d492892" ;; \
+        linux-arm64) EXPECTED_HASH="5cda1ba1f734a067e8b823130fca9c6bec151106aa1d32856ef7524afdfdd733e6c5c87b1b8d41c293083fd64ac668db8b74dca26554e0c99e0120e6f99f9e21" ;; \
+        windows-amd64) EXPECTED_HASH="b9708002e6265eb72ee3ba8a229624dbb1328881f08e53855b2d22fb334d6b40af3de11b9598f3a4c6829bbb6c787aa4556479855354eda1e899df34a2e93a5c" ;; \
+        *) echo "Unsupported architecture: ${OS}-${ARCH}" && exit 1 ;; \
+    esac && \
+    curl -sSfL -o envtest-bins.tar.gz "https://github.com/kubernetes-sigs/controller-tools/releases/download/envtest-v${K8S_VERSION}/envtest-v${K8S_VERSION}-${OS}-${ARCH}.tar.gz" && \
+    echo "${EXPECTED_HASH}  envtest-bins.tar.gz" | sha512sum -c - && \
     mkdir -p /usr/local/kubebuilder/bin && \
-    tar -C /usr/local/kubebuilder/bin --strip-components=2 -zvxf envtest-v${K8S_VERSION}-$(go env GOOS)-$(go env GOARCH).tar.gz
+    tar -C /usr/local/kubebuilder/bin --strip-components=2 -zvxf envtest-bins.tar.gz && \
+    rm envtest-bins.tar.gz
 
-RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s latest
-
-# The docker version in dapper is too old to have buildx. Install it manually.
-RUN curl -sSfL https://github.com/docker/buildx/releases/download/v0.13.1/buildx-v0.13.1.linux-${ARCH} -o buildx-v0.13.1.linux-${ARCH} && \
-    chmod +x buildx-v0.13.1.linux-${ARCH} && \
-    mv buildx-v0.13.1.linux-${ARCH} /usr/local/bin/buildx
+COPY --from=golangci/golangci-lint:v2.11.4-alpine@sha256:72bcd68512b4e27540dd3a778a1b7afd45759d8145cfb3c089f1d7af53e718e9 \
+    /usr/bin/golangci-lint /usr/local/bin/golangci-lint
 
 ENV DAPPER_ENV REPO TAG DRONE_TAG CROSS
 ENV DAPPER_SOURCE /go/src/github.com/harvester/vm-import-controller
diff --git a/Makefile b/Makefile
index 34c7969..3588fa6 100644
--- a/Makefile
+++ b/Makefile
@@ -1,9 +1,20 @@
 TARGETS := $(shell ls scripts)
 
+SHA512SUM_Linux_aarch64 := 781951b31e5ff018a04e755c6da7163b31a81edda61f1bed4def8d0e24229865c58a3d26aa0cc4184058d91ebcae300ead2cad16d3c46ccb1098419e3e41a016
+SHA512SUM_Linux_x86_64 := d2ec27ecf9362e2fafd27d76d85a5c5b92b53aefe07cffa76bf9887db6bee07b1023cca8fc32a2c9bdd2ecfadaee71397066b41bd37c9ebbbbce09913f0884d4
+SHA512SUM_Darwin_arm64 := 8a356c89ad32af1698ae8615a6e303773a8ac58b114368454d59965ec2aa8282e780d1e228d37c301ce6f87596f68bfe7f204eb5f4c019c386a58dd94153ddcf
+SHA512SUM_Darwin_x86_64 := dbab05de04dda26793f4ae7875d0fba96ee54b0228e192fd40c0b2116ed345b5444047fc2e0c90cb481f28cbe0e0452bcecb268c8d074cd8615eb2f5463c30b6
+SHA512SUM_Windows_x86_64 := 807aee2f68b6da35cb0885558f5cbc9a6c8747a56c7a200f0e1fcac9e2fd0da570cbb39e48b3192bd1a71805f2ab38fd19d77faebba97a89e5d9a8b430ee429e
+
 .dapper:
 	@echo Downloading dapper
-	@curl -sL https://releases.rancher.com/dapper/latest/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp
-	@@chmod +x .dapper.tmp
+	@curl -sSfL https://releases.rancher.com/dapper/v0.6.0/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp
+	@CHECKSUM=$$(shasum -a 512 .dapper.tmp | awk '{print $$1}'); \
+	if [ "$$CHECKSUM" != "$(SHA512SUM_$(shell uname -s)_$(shell uname -m))" ]; then \
+		echo "Checksum verification failed!"; \
+		exit 1; \
+	fi
+	@chmod +x .dapper.tmp
 	@./.dapper.tmp -v
 	@mv .dapper.tmp .dapper
 
@@ -12,4 +23,4 @@ $(TARGETS): .dapper
 
 .DEFAULT_GOAL := default
 
-.PHONY: $(TARGETS)
\ No newline at end of file
+.PHONY: $(TARGETS)
diff --git a/scripts/package b/scripts/package
index 0b30c05..5b10ac4 100755
--- a/scripts/package
+++ b/scripts/package
@@ -7,7 +7,7 @@ cd $(dirname $0)/..
 IMAGE=${REPO}/harvester-vm-import-controller:${TAG}
 DOCKERFILE=package/Dockerfile
 
-buildx build --load \
+docker buildx build --load \
   -f ${DOCKERFILE} -t ${IMAGE} .
 
 echo Built ${IMAGE}