Refactor update.php

[J0WI]

The "update.php" should be refactored to adress the following issues:

• CURLOPT_SSL_VERIFYPEER is disabled, which is insecure
• SHA1 checksum is also insecure and should be replaced by somewhat stronger (current API does only provide MD5 and SHA1)
• I think a shell script is preferable over PHP

[mbabker]

CURLOPT_SSL_VERIFYPEER is disabled, which is insecure

I think that was me just being in a rush or tooling on my system being outdated, definitely no excuse for that other than bad developer.

SHA1 checksum is also insecure and should be replaced by somewhat stronger (current API does only provide MD5 and SHA1)

Our downloads platform is a modified version of Akeeba Release System which only supports those hashing methods. Pending acceptance of joomla/joomla-cms#17619 it'll need to be updated anyway to support the hash mechanisms used in that PR (sha256, sha384, and sha512). Once that's all in place then we can use stronger hashes for checksum.

I think a shell script is preferable over PHP

Agreed. But, I'm not as well versed with shell scripts as I am PHP so I went with what I knew (admittedly a lot of the shell scripting in place now is copy/paste from other resources with modifications for the workflow used here).

[mbabker]

The other point on a PHP script is I do more of the maintenance work on this repo from a MacBook and that causes some issues compared to other Linux platforms (I have to run the generate-stackbrew-library.sh file to generate the info to update the official images repo while tunneled into a Linux system because the readlink function throws errors on Mac).

[J0WI]

I removed CURLOPT_SSL_VERIFYPEER in #46

[J0WI]

PHP is replaced by shell in #63.