diff --git a/.github/container/aarch64-unknown-linux-gnu/Dockerfile b/.github/container/aarch64-unknown-linux-gnu/Dockerfile
index 178e43f..2a058d7 100644
--- a/.github/container/aarch64-unknown-linux-gnu/Dockerfile
+++ b/.github/container/aarch64-unknown-linux-gnu/Dockerfile
@@ -32,4 +32,7 @@ ENV CARGO_BUILD_TARGET="$RUST_TARGET" \
 
 USER builder
 
+ARG SOURCE_REV=nogit
+
 LABEL org.opencontainers.image.description="A Debian-based Rust cross-compiling environment."
+LABEL org.opencontainers.image.revision="$SOURCE_REV"
diff --git a/.github/container/armv7-unknown-linux-gnueabihf/Dockerfile b/.github/container/armv7-unknown-linux-gnueabihf/Dockerfile
index 5740d43..c05d78b 100644
--- a/.github/container/armv7-unknown-linux-gnueabihf/Dockerfile
+++ b/.github/container/armv7-unknown-linux-gnueabihf/Dockerfile
@@ -32,4 +32,7 @@ ENV CARGO_BUILD_TARGET="$RUST_TARGET" \
 
 USER builder
 
+ARG SOURCE_REV=nogit
+
 LABEL org.opencontainers.image.description="A Debian-based Rust cross-compiling environment."
+LABEL org.opencontainers.image.revision="$SOURCE_REV"
diff --git a/.github/container/build.sh b/.github/container/build.sh
index 55f1844..71894da 100755
--- a/.github/container/build.sh
+++ b/.github/container/build.sh
@@ -18,13 +18,13 @@ usage() {
 Usage: $0 [--push]
 
 Build container images for the CI environment. To select
-a particular container platform tool like podman, set
+a particular container platform tool like buildah, set
 
-    BUILDER=podman
+    BUILDER=buildah
 
 Prior to pushing, make sure to
 
-    podman login "$CONTAINER_PREFIX"
+    buildah login "$CONTAINER_PREFIX"
 
 or equivalent.
 EOF
@@ -45,7 +45,7 @@ container_builder() {
     command -v "${BUILDER}"
   else
     {
-      command -v podman || \
+      command -v buildah || \
       command -v docker
     } 2>/dev/null || {
       echo >&2 "FATAL: container platform tools not found"
@@ -67,16 +67,17 @@ buildcontainer() {
   # Run the $BUILDER to build a container image. Some standardized
   # arguments are passed to every build.
 
-  if [[ $BUILDER =~ podman$ ]]; then
+  if [[ $BUILDER =~ buildah$ ]]; then
     run "$BUILDER" build \
-      --build-arg SOURCE_DATE_EPOCH="$SOURCE_DATE_EPOCH" \
+      --identity-label=false \
+      --build-arg=SOURCE_DATE_EPOCH="$SOURCE_DATE_EPOCH" \
       --timestamp "$SOURCE_DATE_EPOCH" \
       ${NO_CACHE:+--no-cache} \
       "$@"
   else
     # docker mode; 100% untested
     run "$BUILDER" buildx build \
-      --build-arg SOURCE_DATE_EPOCH="$SOURCE_DATE_EPOCH" \
+      --build-arg=SOURCE_DATE_EPOCH="$SOURCE_DATE_EPOCH" \
 			--output type=docker,rewrite-timestamp=true \
       ${NO_CACHE:+--no-cache} \
       "$@"
@@ -109,7 +110,8 @@ pushall() {
 
   local tag
   for tag in "$@"; do
-    run "$BUILDER" push "${prefix}:${tag}"
+    run "$BUILDER" push --retry 3 "${prefix}:${tag}"
+    sleep 2
   done
 }
 
@@ -144,6 +146,9 @@ selfdir="$(dirname "$(realpath -e "${0?}")")"
 SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:-$(git log -1 --pretty=%ct -- "$selfdir" || date +%s)}"
 export SOURCE_DATE_EPOCH
 
+# set git revision
+SOURCE_REV="$(git log -1 --format='%H' -- "$selfdir" || echo "nogit")"
+
 # tag with "latest" and SOURCE_DATE_EPOCH
 CONTAINER_TAGS=("latest" "$(date --date '@'"$SOURCE_DATE_EPOCH" +'%Y-%m-%d')")
 
@@ -151,7 +156,8 @@ CONTAINER_TAGS=("latest" "$(date --date '@'"$SOURCE_DATE_EPOCH" +'%Y-%m-%d')")
 base_tag="$(container_name base):${CONTAINER_TAGS[0]}"
 
 buildcontainer \
-  --build-arg DEBIAN_TAG="$DEBIAN_TAG" \
+  --build-arg=DEBIAN_TAG="$DEBIAN_TAG" \
+  --pull=missing \
   --tag "$base_tag" \
   "${selfdir?}/base"
 
@@ -160,7 +166,8 @@ rust_tag="$(container_name rust):${CONTAINER_TAGS[0]}"
 
 buildcontainer \
   --from "$base_tag" \
-  --build-arg RUST_VERSIONS="${RUST_VERSIONS[*]}" \
+  --pull=false \
+  --build-arg=RUST_VERSIONS="${RUST_VERSIONS[*]}" \
   --tag "$rust_tag" \
   "${selfdir?}/rust"
 
@@ -173,6 +180,8 @@ for containerdir in "${selfdir?}/"*-*-*; do
 
   buildcontainer \
     --from "$rust_tag" \
+    --pull=false \
+    --build-arg=SOURCE_REV="$SOURCE_REV" \
     --tag "${cur_tag}" \
     "${containerdir}"
 done
diff --git a/.github/container/i686-unknown-linux-gnu/Dockerfile b/.github/container/i686-unknown-linux-gnu/Dockerfile
index 0ac2347..0e11164 100644
--- a/.github/container/i686-unknown-linux-gnu/Dockerfile
+++ b/.github/container/i686-unknown-linux-gnu/Dockerfile
@@ -32,4 +32,7 @@ ENV CARGO_BUILD_TARGET="$RUST_TARGET" \
 
 USER builder
 
+ARG SOURCE_REV=nogit
+
 LABEL org.opencontainers.image.description="A Debian-based Rust cross-compiling environment."
+LABEL org.opencontainers.image.revision="$SOURCE_REV"
diff --git a/.github/container/rust/Dockerfile b/.github/container/rust/Dockerfile
index 59f6a98..650beac 100644
--- a/.github/container/rust/Dockerfile
+++ b/.github/container/rust/Dockerfile
@@ -37,7 +37,9 @@ ENV PATH=/install/bin:/usr/local/cargo/bin:$PATH \
 
 # Instructions adapted from official Docker image
 # <https://github.com/rust-lang/docker-rust/blob/master/Dockerfile-slim.template>
-RUN set -eux; \
+RUN --mount=type=bind,src=./rootfiles,dst=/rootfiles,ro \
+    set -eux; \
+    install --mode=0755 -t /usr/local/bin /rootfiles/qemu-run-maybe; \
     export CARGO_HOME=/usr/local/cargo; \
     [ -n "${RUSTUP_URL:-}" ] || RUSTUP_URL="https://static.rust-lang.org/rustup/archive/${RUSTUP_VERSION}/${RUSTUP_ARCH}/rustup-init"; \
     curl -O -sSf "$RUSTUP_URL"; \
@@ -54,7 +56,4 @@ RUN set -eux; \
     rustup component add --toolchain "$default_rust" rustfmt; \
     (umask 022 && echo "$RUSTUP_ARCH" >/etc/rust-native-arch)
 
-# Install scripts
-COPY rootfiles /
-
 LABEL org.opencontainers.image.description="A pinned Rust toolchain with rustup."
diff --git a/.github/container/rust/rootfiles/usr/local/bin/qemu-run-maybe b/.github/container/rust/rootfiles/qemu-run-maybe
similarity index 100%
rename from .github/container/rust/rootfiles/usr/local/bin/qemu-run-maybe
rename to .github/container/rust/rootfiles/qemu-run-maybe
diff --git a/.github/container/x86_64-unknown-linux-gnu/Dockerfile b/.github/container/x86_64-unknown-linux-gnu/Dockerfile
index 0d003d2..65c6036 100644
--- a/.github/container/x86_64-unknown-linux-gnu/Dockerfile
+++ b/.github/container/x86_64-unknown-linux-gnu/Dockerfile
@@ -32,4 +32,7 @@ ENV CARGO_BUILD_TARGET="$RUST_TARGET" \
 
 USER builder
 
+ARG SOURCE_REV=nogit
+
 LABEL org.opencontainers.image.description="A Debian-based Rust cross-compiling environment."
+LABEL org.opencontainers.image.revision="$SOURCE_REV"
diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 17b8f48..6ca4ebf 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -13,6 +13,8 @@ jobs:
 
     steps:
     - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
 
     - name: Log in to Github Container Registry
       run: buildah login ghcr.io/cbs228 --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }}