Verify checksums of downloaded files in Dockerfile + remove curl -k flag in jq download

adobe-apiplatform / apigateway

A Performant API Gateway based on NGINX and Openresty

MIT License

300 stars 57 forks source link

Verify checksums of downloaded files in Dockerfile + remove curl -k flag in jq download #71

Closed moritzraho closed 5 years ago

moritzraho commented 6 years ago

Hi, This is a simple PR to verify the integrity of downloaded code and binaries in the Dockerfile, also remove uneeded usage of insecure curl -k flag.

moritzraho commented 6 years ago

Ok yes thanks for the comment this makes sense. But I guess same applies to the versions right? I prefer to not separate version and sha to keep it clear that both must be updated when upgrading to a higher version

moritzraho commented 6 years ago

I've pushed the change, but cannot build the image because of #72 . Any ideas how to solve this ?

moritzraho commented 6 years ago

Solved #72 in #74. This must be merged after #74