From 343c73422b8e04c3779334f4ee9ffe48b6f84822 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 16 May 2019 16:33:51 -0700
Subject: [PATCH] Switch from MD5 to SHA256

---
 7/apache/Dockerfile        |  4 ++--
 7/fpm-alpine/Dockerfile    |  4 ++--
 7/fpm/Dockerfile           |  4 ++--
 8.6/apache/Dockerfile      |  4 ++--
 8.6/fpm-alpine/Dockerfile  |  4 ++--
 8.6/fpm/Dockerfile         |  4 ++--
 8.7/apache/Dockerfile      |  4 ++--
 8.7/fpm-alpine/Dockerfile  |  4 ++--
 8.7/fpm/Dockerfile         |  4 ++--
 Dockerfile-alpine.template |  4 ++--
 Dockerfile-debian.template |  4 ++--
 update.sh                  | 10 ++++++++--
 12 files changed, 30 insertions(+), 24 deletions(-)

diff --git a/7/apache/Dockerfile b/7/apache/Dockerfile
index be08873a4..ea98707d2 100644
--- a/7/apache/Dockerfile
+++ b/7/apache/Dockerfile
@@ -56,10 +56,10 @@ WORKDIR /var/www/html
 
 # https://www.drupal.org/node/3060/release
 ENV DRUPAL_VERSION 7.67
-ENV DRUPAL_MD5 78b1814e55fdaf40e753fd523d059f8d
+ENV DRUPAL_SHA256 a1a9f48eb2e89ce52f16729201ad2efbee7e802ab0c19118cbf9e4938f847af1
 
 RUN curl -fSL "https://ftp.drupal.org/files/projects/drupal-${DRUPAL_VERSION}.tar.gz" -o drupal.tar.gz \
-	&& echo "${DRUPAL_MD5} *drupal.tar.gz" | md5sum -c - \
+	&& echo "${DRUPAL_SHA256} *drupal.tar.gz" | sha256sum -c - \
 	&& tar -xz --strip-components=1 -f drupal.tar.gz \
 	&& rm drupal.tar.gz \
 	&& chown -R www-data:www-data sites modules themes
diff --git a/7/fpm-alpine/Dockerfile b/7/fpm-alpine/Dockerfile
index 5a7f86c44..03ecd1264 100644
--- a/7/fpm-alpine/Dockerfile
+++ b/7/fpm-alpine/Dockerfile
@@ -45,10 +45,10 @@ WORKDIR /var/www/html
 
 # https://www.drupal.org/node/3060/release
 ENV DRUPAL_VERSION 7.67
-ENV DRUPAL_MD5 78b1814e55fdaf40e753fd523d059f8d
+ENV DRUPAL_SHA256 a1a9f48eb2e89ce52f16729201ad2efbee7e802ab0c19118cbf9e4938f847af1
 
 RUN curl -fSL "https://ftp.drupal.org/files/projects/drupal-${DRUPAL_VERSION}.tar.gz" -o drupal.tar.gz \
-	&& echo "${DRUPAL_MD5} *drupal.tar.gz" | md5sum -c - \
+	&& echo "${DRUPAL_SHA256} *drupal.tar.gz" | sha256sum -c - \
 	&& tar -xz --strip-components=1 -f drupal.tar.gz \
 	&& rm drupal.tar.gz \
 	&& chown -R www-data:www-data sites modules themes
diff --git a/7/fpm/Dockerfile b/7/fpm/Dockerfile
index 399d2873c..ba4a036c9 100644
--- a/7/fpm/Dockerfile
+++ b/7/fpm/Dockerfile
@@ -56,10 +56,10 @@ WORKDIR /var/www/html
 
 # https://www.drupal.org/node/3060/release
 ENV DRUPAL_VERSION 7.67
-ENV DRUPAL_MD5 78b1814e55fdaf40e753fd523d059f8d
+ENV DRUPAL_SHA256 a1a9f48eb2e89ce52f16729201ad2efbee7e802ab0c19118cbf9e4938f847af1
 
 RUN curl -fSL "https://ftp.drupal.org/files/projects/drupal-${DRUPAL_VERSION}.tar.gz" -o drupal.tar.gz \
-	&& echo "${DRUPAL_MD5} *drupal.tar.gz" | md5sum -c - \
+	&& echo "${DRUPAL_SHA256} *drupal.tar.gz" | sha256sum -c - \
 	&& tar -xz --strip-components=1 -f drupal.tar.gz \
 	&& rm drupal.tar.gz \
 	&& chown -R www-data:www-data sites modules themes
diff --git a/8.6/apache/Dockerfile b/8.6/apache/Dockerfile
index c4d7940c4..bc674cc45 100644
--- a/8.6/apache/Dockerfile
+++ b/8.6/apache/Dockerfile
@@ -56,10 +56,10 @@ WORKDIR /var/www/html
 
 # https://www.drupal.org/node/3060/release
 ENV DRUPAL_VERSION 8.6.16
-ENV DRUPAL_MD5 a0683ae0b0ea99845a6bf45383671cb9
+ENV DRUPAL_SHA256 96de86424df1347c0c70ce58687f9dfece4215fab69710378764d789f82eafcb
 
 RUN curl -fSL "https://ftp.drupal.org/files/projects/drupal-${DRUPAL_VERSION}.tar.gz" -o drupal.tar.gz \
-	&& echo "${DRUPAL_MD5} *drupal.tar.gz" | md5sum -c - \
+	&& echo "${DRUPAL_SHA256} *drupal.tar.gz" | sha256sum -c - \
 	&& tar -xz --strip-components=1 -f drupal.tar.gz \
 	&& rm drupal.tar.gz \
 	&& chown -R www-data:www-data sites modules themes
diff --git a/8.6/fpm-alpine/Dockerfile b/8.6/fpm-alpine/Dockerfile
index e4d323d9d..48d839740 100644
--- a/8.6/fpm-alpine/Dockerfile
+++ b/8.6/fpm-alpine/Dockerfile
@@ -45,10 +45,10 @@ WORKDIR /var/www/html
 
 # https://www.drupal.org/node/3060/release
 ENV DRUPAL_VERSION 8.6.16
-ENV DRUPAL_MD5 a0683ae0b0ea99845a6bf45383671cb9
+ENV DRUPAL_SHA256 96de86424df1347c0c70ce58687f9dfece4215fab69710378764d789f82eafcb
 
 RUN curl -fSL "https://ftp.drupal.org/files/projects/drupal-${DRUPAL_VERSION}.tar.gz" -o drupal.tar.gz \
-	&& echo "${DRUPAL_MD5} *drupal.tar.gz" | md5sum -c - \
+	&& echo "${DRUPAL_SHA256} *drupal.tar.gz" | sha256sum -c - \
 	&& tar -xz --strip-components=1 -f drupal.tar.gz \
 	&& rm drupal.tar.gz \
 	&& chown -R www-data:www-data sites modules themes
diff --git a/8.6/fpm/Dockerfile b/8.6/fpm/Dockerfile
index 0c141c00f..11890dd9b 100644
--- a/8.6/fpm/Dockerfile
+++ b/8.6/fpm/Dockerfile
@@ -56,10 +56,10 @@ WORKDIR /var/www/html
 
 # https://www.drupal.org/node/3060/release
 ENV DRUPAL_VERSION 8.6.16
-ENV DRUPAL_MD5 a0683ae0b0ea99845a6bf45383671cb9
+ENV DRUPAL_SHA256 96de86424df1347c0c70ce58687f9dfece4215fab69710378764d789f82eafcb
 
 RUN curl -fSL "https://ftp.drupal.org/files/projects/drupal-${DRUPAL_VERSION}.tar.gz" -o drupal.tar.gz \
-	&& echo "${DRUPAL_MD5} *drupal.tar.gz" | md5sum -c - \
+	&& echo "${DRUPAL_SHA256} *drupal.tar.gz" | sha256sum -c - \
 	&& tar -xz --strip-components=1 -f drupal.tar.gz \
 	&& rm drupal.tar.gz \
 	&& chown -R www-data:www-data sites modules themes
diff --git a/8.7/apache/Dockerfile b/8.7/apache/Dockerfile
index 16da7e5d6..7bbb28921 100644
--- a/8.7/apache/Dockerfile
+++ b/8.7/apache/Dockerfile
@@ -56,10 +56,10 @@ WORKDIR /var/www/html
 
 # https://www.drupal.org/node/3060/release
 ENV DRUPAL_VERSION 8.7.1
-ENV DRUPAL_MD5 2cf2a1c93ea785c6ff91d29aebef2697
+ENV DRUPAL_SHA256 0740de22a7a415b3892f2942b5023e3f570601b428c43e0302a075027b704570
 
 RUN curl -fSL "https://ftp.drupal.org/files/projects/drupal-${DRUPAL_VERSION}.tar.gz" -o drupal.tar.gz \
-	&& echo "${DRUPAL_MD5} *drupal.tar.gz" | md5sum -c - \
+	&& echo "${DRUPAL_SHA256} *drupal.tar.gz" | sha256sum -c - \
 	&& tar -xz --strip-components=1 -f drupal.tar.gz \
 	&& rm drupal.tar.gz \
 	&& chown -R www-data:www-data sites modules themes
diff --git a/8.7/fpm-alpine/Dockerfile b/8.7/fpm-alpine/Dockerfile
index cbd2fc15c..7bff1fb92 100644
--- a/8.7/fpm-alpine/Dockerfile
+++ b/8.7/fpm-alpine/Dockerfile
@@ -45,10 +45,10 @@ WORKDIR /var/www/html
 
 # https://www.drupal.org/node/3060/release
 ENV DRUPAL_VERSION 8.7.1
-ENV DRUPAL_MD5 2cf2a1c93ea785c6ff91d29aebef2697
+ENV DRUPAL_SHA256 0740de22a7a415b3892f2942b5023e3f570601b428c43e0302a075027b704570
 
 RUN curl -fSL "https://ftp.drupal.org/files/projects/drupal-${DRUPAL_VERSION}.tar.gz" -o drupal.tar.gz \
-	&& echo "${DRUPAL_MD5} *drupal.tar.gz" | md5sum -c - \
+	&& echo "${DRUPAL_SHA256} *drupal.tar.gz" | sha256sum -c - \
 	&& tar -xz --strip-components=1 -f drupal.tar.gz \
 	&& rm drupal.tar.gz \
 	&& chown -R www-data:www-data sites modules themes
diff --git a/8.7/fpm/Dockerfile b/8.7/fpm/Dockerfile
index 4b1b870f5..ae9a91e71 100644
--- a/8.7/fpm/Dockerfile
+++ b/8.7/fpm/Dockerfile
@@ -56,10 +56,10 @@ WORKDIR /var/www/html
 
 # https://www.drupal.org/node/3060/release
 ENV DRUPAL_VERSION 8.7.1
-ENV DRUPAL_MD5 2cf2a1c93ea785c6ff91d29aebef2697
+ENV DRUPAL_SHA256 0740de22a7a415b3892f2942b5023e3f570601b428c43e0302a075027b704570
 
 RUN curl -fSL "https://ftp.drupal.org/files/projects/drupal-${DRUPAL_VERSION}.tar.gz" -o drupal.tar.gz \
-	&& echo "${DRUPAL_MD5} *drupal.tar.gz" | md5sum -c - \
+	&& echo "${DRUPAL_SHA256} *drupal.tar.gz" | sha256sum -c - \
 	&& tar -xz --strip-components=1 -f drupal.tar.gz \
 	&& rm drupal.tar.gz \
 	&& chown -R www-data:www-data sites modules themes
diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template
index 39e4d70cb..56d1c13ba 100644
--- a/Dockerfile-alpine.template
+++ b/Dockerfile-alpine.template
@@ -45,10 +45,10 @@ WORKDIR /var/www/html
 
 # https://www.drupal.org/node/3060/release
 ENV DRUPAL_VERSION %%VERSION%%
-ENV DRUPAL_MD5 %%MD5%%
+ENV DRUPAL_SHA256 %%SHA256%%
 
 RUN curl -fSL "https://ftp.drupal.org/files/projects/drupal-${DRUPAL_VERSION}.tar.gz" -o drupal.tar.gz \
-	&& echo "${DRUPAL_MD5} *drupal.tar.gz" | md5sum -c - \
+	&& echo "${DRUPAL_SHA256} *drupal.tar.gz" | sha256sum -c - \
 	&& tar -xz --strip-components=1 -f drupal.tar.gz \
 	&& rm drupal.tar.gz \
 	&& chown -R www-data:www-data sites modules themes
diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template
index ca4acdafd..7048b5832 100644
--- a/Dockerfile-debian.template
+++ b/Dockerfile-debian.template
@@ -56,10 +56,10 @@ WORKDIR /var/www/html
 
 # https://www.drupal.org/node/3060/release
 ENV DRUPAL_VERSION %%VERSION%%
-ENV DRUPAL_MD5 %%MD5%%
+ENV DRUPAL_SHA256 %%SHA256%%
 
 RUN curl -fSL "https://ftp.drupal.org/files/projects/drupal-${DRUPAL_VERSION}.tar.gz" -o drupal.tar.gz \
-	&& echo "${DRUPAL_MD5} *drupal.tar.gz" | md5sum -c - \
+	&& echo "${DRUPAL_SHA256} *drupal.tar.gz" | sha256sum -c - \
 	&& tar -xz --strip-components=1 -f drupal.tar.gz \
 	&& rm drupal.tar.gz \
 	&& chown -R www-data:www-data sites modules themes
diff --git a/update.sh b/update.sh
index bf0a8f620..6b05f7e30 100755
--- a/update.sh
+++ b/update.sh
@@ -42,7 +42,13 @@ for version in "${versions[@]}"; do
 	md5="${fullVersion##* }"
 	fullVersion="${fullVersion% $md5}"
 
-	echo "$version: $fullVersion ($md5)"
+	sha256="$(
+		wget -qO- "https://www.drupal.org/project/drupal/releases/$fullVersion" \
+			| tac|tac \
+			| grep -m1 'SHA-256:' | grep -oE '[0-9a-f]{64}'
+	)"
+
+	echo "$version: $fullVersion ($sha256)"
 
 	for variant in fpm-alpine fpm apache; do
 		dist='debian'
@@ -54,7 +60,7 @@ for version in "${versions[@]}"; do
 			-e 's/%%PHP_VERSION%%/'"${phpVersions[$version]:-$defaultPhpVersion}"'/' \
 			-e 's/%%VARIANT%%/'"$variant"'/' \
 			-e 's/%%VERSION%%/'"$fullVersion"'/' \
-			-e 's/%%MD5%%/'"$md5"'/' \
+			-e 's/%%SHA256%%/'"$sha256"'/' \
 		"./Dockerfile-$dist.template" > "$version/$variant/Dockerfile"
 
 		travisEnv='\n  - VERSION='"$version"' VARIANT='"$variant$travisEnv"