Switch to SSL and add SHA1 checking

Author: tianon

Dockerfile

@@ -14,9 +14,13 @@ VOLUME /var/www/html
 
 ENV WORDPRESS_VERSION 4.0.0
 ENV WORDPRESS_UPSTREAM_VERSION 4.0
+ENV WORDPRESS_SHA1 73449bbc015e3d1858f13f56f3289202bd756654
 
 # upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress
-RUN curl -SL http://wordpress.org/wordpress-${WORDPRESS_UPSTREAM_VERSION}.tar.gz | tar -xzC /usr/src/
+RUN curl -o wordpress.tar.gz -SL https://wordpress.org/wordpress-${WORDPRESS_UPSTREAM_VERSION}.tar.gz \
+	&& echo "$WORDPRESS_SHA1 *wordpress.tar.gz" | sha1sum -c - \
+	&& tar -xzf wordpress.tar.gz -C /usr/src/ \
+	&& rm wordpress.tar.gz
 
 COPY docker-entrypoint.sh /entrypoint.sh
 

update.sh

@@ -9,8 +9,11 @@ if [[ "$current" != *.*.* ]]; then
 	current+='.0'
 fi
 
+sha1="$(curl -sSL "https://wordpress.org/wordpress-$upstream.tar.gz.sha1")"
+
 set -x
 sed -ri '
 	s/^(ENV WORDPRESS_VERSION) .*/\1 '"$current"'/;
 	s/^(ENV WORDPRESS_UPSTREAM_VERSION) .*/\1 '"$upstream"'/;
+	s/^(ENV WORDPRESS_SHA1) .*/\1 '"$sha1"'/;
 ' Dockerfile