diff --git a/image/base/install-gifsicle b/image/base/install-gifsicle index 4d3f0e2..8813eff 100755 --- a/image/base/install-gifsicle +++ b/image/base/install-gifsicle @@ -1,8 +1,15 @@ #!/bin/bash set -e + +# version check: https://www.lcdf.org/gifsicle/ VERSION=1.92 +HASH="5ab556c01d65fddf980749e3ccf50b7fd40de738b6df679999294cc5fabfce65" + cd /tmp curl -O http://www.lcdf.org/gifsicle/gifsicle-$VERSION.tar.gz +sha256sum gifsicle-$VERSION.tar.gz +echo "$HASH gifsicle-$VERSION.tar.gz" | sha256sum -c + tar zxf gifsicle-$VERSION.tar.gz cd gifsicle-$VERSION ./configure diff --git a/image/base/install-imagemagick b/image/base/install-imagemagick index 0be7111..e8debe0 100755 --- a/image/base/install-imagemagick +++ b/image/base/install-imagemagick @@ -1,8 +1,13 @@ #!/bin/bash -set -o errexit +set -e +# version check: https://github.com/ImageMagick/ImageMagick/releases IMAGE_MAGICK_VERSION="7.0.10-6" +IMAGE_MAGICK_HASH="37d36f4d736eb16e0dd43c50302e1d01d1bb1125165333df8273508a22f8a64d" + +# version check: https://libpng.sourceforge.io/index.html LIBPNG_VERSION="1.6.37" +LIBPNG_HASH="daeb2620d829575513e35fecc83f0d3791a620b9b93d800b763542ece9390fb4" PREFIX=/usr/local WDIR=/tmp/imagemagick @@ -11,12 +16,13 @@ WDIR=/tmp/imagemagick apt -y -q remove imagemagick apt -y -q install ghostscript gsfonts pkg-config autoconf libbz2-dev libjpeg-dev libtiff-dev libfreetype6-dev - mkdir -p $WDIR cd $WDIR # Build and install libpng wget -O $WDIR/libpng.tar.gz https://prdownloads.sourceforge.net/libpng/libpng-$LIBPNG_VERSION.tar.gz?download +sha256sum $WDIR/libpng.tar.gz +echo "$LIBPNG_HASH $WDIR/libpng.tar.gz" | sha256sum -c tar -xzvf $WDIR/libpng.tar.gz cd $WDIR/libpng-$LIBPNG_VERSION @@ -26,6 +32,8 @@ make all && make install # Build and install ImageMagick wget -O $WDIR/ImageMagick.tar.gz "https://github.com/ImageMagick/ImageMagick/archive/$IMAGE_MAGICK_VERSION.tar.gz" +sha256sum $WDIR/ImageMagick.tar.gz +echo "$IMAGE_MAGICK_HASH $WDIR/ImageMagick.tar.gz" | sha256sum -c IMDIR=$WDIR/$(tar tzf $WDIR/ImageMagick.tar.gz --wildcards "ImageMagick-*/configure" |cut -d/ -f1) tar zxf $WDIR/ImageMagick.tar.gz -C $WDIR cd $IMDIR diff --git a/image/base/install-nginx b/image/base/install-nginx index 0d2b63e..0211234 100755 --- a/image/base/install-nginx +++ b/image/base/install-nginx @@ -1,11 +1,13 @@ #!/bin/bash set -e -cd /tmp + +# version check: https://nginx.org/en/download.html +VERSION=1.17.9 +HASH="7dd65d405c753c41b7fdab9415cfb4bdbaf093ec6d9f7432072d52cb7bcbb689" apt install -y autoconf -VERSION=1.17.9 - +cd /tmp git clone https://github.com/bagder/libbrotli cd libbrotli ./autogen.sh @@ -13,21 +15,23 @@ cd libbrotli make install cd /tmp - - -# this is the reason we are compiling by hand... -git clone https://github.com/google/ngx_brotli.git - curl -O https://nginx.org/download/nginx-$VERSION.tar.gz +sha256sum nginx-$VERSION.tar.gz +echo "$HASH nginx-$VERSION.tar.gz" | sha256sum -c tar zxf nginx-$VERSION.tar.gz cd nginx-$VERSION # nginx-common for boilerplate files etc. apt install -y nginx-common libpcre3 libpcre3-dev zlib1g zlib1g-dev +cd /tmp +# this is the reason we are compiling by hand... +git clone https://github.com/google/ngx_brotli.git # now ngx_brotli has brotli as a submodule -cd /tmp/ngx_brotli && git submodule update --init && cd /tmp/nginx-$VERSION +cd /tmp/ngx_brotli +git submodule update --init +cd /tmp/nginx-$VERSION # ignoring depracations with -Wno-deprecated-declarations while we wait for this https://github.com/google/ngx_brotli/issues/39#issuecomment-254093378 ./configure --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_v2_module --with-http_sub_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads --add-module=/tmp/ngx_brotli diff --git a/image/base/install-pngcrush b/image/base/install-pngcrush index a08b2b6..40b8349 100755 --- a/image/base/install-pngcrush +++ b/image/base/install-pngcrush @@ -1,8 +1,15 @@ #!/bin/bash set -e + +# version check: https://sourceforge.net/projects/pmt/files/pngcrush/ PNGCRUSH_VERSION=1.8.13 +PNGCRUSH_HASH="bac37d4b2be88d7e88aadcde9661beb3a513a90e7d26784f906c1e2da8ba332e" + cd /tmp wget https://sourceforge.net/projects/pmt/files/pngcrush/$PNGCRUSH_VERSION/pngcrush-$PNGCRUSH_VERSION.tar.gz/download -O pngcrush-$PNGCRUSH_VERSION.tar.gz +sha256sum pngcrush-$PNGCRUSH_VERSION.tar.gz +echo "$PNGCRUSH_HASH pngcrush-$PNGCRUSH_VERSION.tar.gz" | sha256sum -c + tar zxf pngcrush-$PNGCRUSH_VERSION.tar.gz cd pngcrush-$PNGCRUSH_VERSION make && cp -f pngcrush /usr/local/bin diff --git a/image/base/install-pngquant b/image/base/install-pngquant index 415648f..ec7bd06 100755 --- a/image/base/install-pngquant +++ b/image/base/install-pngquant @@ -1,5 +1,9 @@ #!/bin/bash +set -e + +# version check: https://pngquant.org/ VERSION=2.12.5 + cd /tmp git clone -b $VERSION --single-branch https://github.com/pornel/pngquant cd pngquant diff --git a/image/base/install-redis b/image/base/install-redis index d6affb3..329dfbd 100755 --- a/image/base/install-redis +++ b/image/base/install-redis @@ -1,13 +1,16 @@ #!/bin/bash set -e + +# version check: https://redis.io/ REDIS_VERSION=5.0.5 REDIS_HASH="2139009799d21d8ff94fc40b7f36ac46699b9e1254086299f8d3b223ca54a375" cd /tmp - # Prepare Redis source. wget http://download.redis.io/releases/redis-$REDIS_VERSION.tar.gz +sha256sum redis-$REDIS_VERSION.tar.gz echo "$REDIS_HASH redis-$REDIS_VERSION.tar.gz" | sha256sum -c + tar zxf redis-$REDIS_VERSION.tar.gz cd redis-$REDIS_VERSION