Use the appropriate APIs to gather information about releases _and_ pre-releases, and verify as much information about the downloads as is available

Dockerfile-alpine.template

@@ -34,24 +34,39 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ENV GPG_KEYS %%GPG_KEYS%%
 
 ENV PHP_VERSION %%PHP_VERSION%%
-ENV PHP_FILENAME %%PHP_FILENAME%%
-ENV PHP_SHA256 %%PHP_SHA256%%
+ENV PHP_URL="%%PHP_URL%%" PHP_ASC_URL="%%PHP_ASC_URL%%"
+ENV PHP_SHA256="%%PHP_SHA256%%" PHP_MD5="%%PHP_MD5%%"
 
-RUN set -xe \
-	&& apk add --no-cache --virtual .fetch-deps \
+RUN set -xe; \
+	\
+	apk add --no-cache --virtual .fetch-deps \
 		gnupg \
-	&& mkdir -p /usr/src \
-	&& cd /usr/src \
-	&& curl -fSL "https://secure.php.net/get/$PHP_FILENAME/from/this/mirror" -o php.tar.xz \
-	&& echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c - \
-	&& curl -fSL "https://secure.php.net/get/$PHP_FILENAME.asc/from/this/mirror" -o php.tar.xz.asc \
-	&& export GNUPGHOME="$(mktemp -d)" \
-	&& for key in $GPG_KEYS; do \
-		gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
-	done \
-	&& gpg --batch --verify php.tar.xz.asc php.tar.xz \
-	&& rm -r "$GNUPGHOME" \
-	&& apk del .fetch-deps
+		openssl \
+	; \
+	\
+	mkdir -p /usr/src; \
+	cd /usr/src; \
+	\
+	wget -O php.tar.xz "$PHP_URL"; \
+	\
+	if [ -n "$PHP_SHA256" ]; then \
+		echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \
+	fi; \
+	if [ -n "$PHP_MD5" ]; then \
+		echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \
+	fi; \
+	\
+	if [ -n "$PHP_ASC_URL" ]; then \
+		wget -O php.tar.xz.asc "$PHP_ASC_URL"; \
+		export GNUPGHOME="$(mktemp -d)"; \
+		for key in $GPG_KEYS; do \
+			gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
+		done; \
+		gpg --batch --verify php.tar.xz.asc php.tar.xz; \
+		rm -r "$GNUPGHOME"; \
+	fi; \
+	\
+	apk del .fetch-deps
 
 COPY docker-php-source /usr/local/bin/
 
@@ -85,7 +100,7 @@ RUN set -xe \
 		--with-zlib \
 		\
 		$PHP_EXTRA_CONFIGURE_ARGS \
-	&& make -j"$(getconf _NPROCESSORS_ONLN)" \
+	&& make -j "$(getconf _NPROCESSORS_ONLN)" \
 	&& make install \
 	&& { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; } \
 	&& make clean \

Dockerfile-debian.template

@@ -29,20 +29,41 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ENV GPG_KEYS %%GPG_KEYS%%
 
 ENV PHP_VERSION %%PHP_VERSION%%
-ENV PHP_FILENAME %%PHP_FILENAME%%
-ENV PHP_SHA256 %%PHP_SHA256%%
+ENV PHP_URL="%%PHP_URL%%" PHP_ASC_URL="%%PHP_ASC_URL%%"
+ENV PHP_SHA256="%%PHP_SHA256%%" PHP_MD5="%%PHP_MD5%%"
 
-RUN set -xe \
-	&& cd /usr/src \
-	&& curl -fSL "https://secure.php.net/get/$PHP_FILENAME/from/this/mirror" -o php.tar.xz \
-	&& echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c - \
-	&& curl -fSL "https://secure.php.net/get/$PHP_FILENAME.asc/from/this/mirror" -o php.tar.xz.asc \
-	&& export GNUPGHOME="$(mktemp -d)" \
-	&& for key in $GPG_KEYS; do \
-		gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
-	done \
-	&& gpg --batch --verify php.tar.xz.asc php.tar.xz \
-	&& rm -r "$GNUPGHOME"
+RUN set -xe; \
+	\
+	fetchDeps=' \
+		wget \
+	'; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends $fetchDeps; \
+	rm -rf /var/lib/apt/lists/*; \
+	\
+	mkdir -p /usr/src; \
+	cd /usr/src; \
+	\
+	wget -O php.tar.xz "$PHP_URL"; \
+	\
+	if [ -n "$PHP_SHA256" ]; then \
+		echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \
+	fi; \
+	if [ -n "$PHP_MD5" ]; then \
+		echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \
+	fi; \
+	\
+	if [ -n "$PHP_ASC_URL" ]; then \
+		wget -O php.tar.xz.asc "$PHP_ASC_URL"; \
+		export GNUPGHOME="$(mktemp -d)"; \
+		for key in $GPG_KEYS; do \
+			gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
+		done; \
+		gpg --batch --verify php.tar.xz.asc php.tar.xz; \
+		rm -r "$GNUPGHOME"; \
+	fi; \
+	\
+	apt-get purge -y --auto-remove $fetchDeps
 
 COPY docker-php-source /usr/local/bin/
 
@@ -78,7 +99,7 @@ RUN set -xe \
 		--with-zlib \
 		\
 		$PHP_EXTRA_CONFIGURE_ARGS \
-	&& make -j"$(nproc)" \
+	&& make -j "$(nproc)" \
 	&& make install \
 	&& { find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true; } \
 	&& make clean \

generate-stackbrew-library.sh

@@ -4,6 +4,7 @@ set -eu
 declare -A aliases=(
 	[5.6]='5'
 	[7.0]='7 latest'
+	[7.1-rc]='rc'
 )
 
 self="$(basename "$BASH_SOURCE")"

update.sh

@@ -35,49 +35,63 @@ generated_warning() {
 	EOH
 }
 
-jsonSh="$(curl -fsSL 'https://raw.githubusercontent.com/dominictarr/JSON.sh/ed3f9dd285ebd4183934adb54ea5a2fda6b25a98/JSON.sh')"
-
 travisEnv=
 for version in "${versions[@]}"; do
-	packagesJson="$(curl -fsSL "https://secure.php.net/releases/index.php?json&max=100&version=${version%%.*}" | bash -- <(echo "$jsonSh") -l)"
-	fullVersion=
-	filename=
-	sha256=
-	for comp in xz bz2 gz; do
-		fullVersion="$(
-			echo "$packagesJson" \
-				| grep '^\["'"$version"'[."].*,"filename"\].*\.'"$comp"'"' \
-				| cut -d'"' -f2 \
-				| head -1
-		)"
-		if [ "$fullVersion" ]; then
-			sourceNumber="$(
-				echo "$packagesJson" \
-					| grep '^\["'"$fullVersion"'","source",.*,"filename"\].*\.'"$comp"'"' \
-					| cut -d, -f3
-			)"
-			filename="$(
-				echo "$packagesJson" \
-					| grep '^\["'"$fullVersion"'","source",'"$sourceNumber"',"filename"\]' \
-					| cut -d$'\t' -f2 | cut -d'"' -f2
-			)"
-			sha256="$(
-				echo "$packagesJson" \
-					| grep '^\["'"$fullVersion"'","source",'"$sourceNumber"',"sha256"\]' \
-					| cut -d$'\t' -f2 | cut -d'"' -f2
-			)"
-			break
-		fi
-	done
+	rcVersion="${version%-rc}"
 
-	if [ -z "$fullVersion" ]; then
+	# scrape the relevant API based on whether we're looking for pre-releases
+	apiUrl="https://secure.php.net/releases/index.php?json&max=100&version=${rcVersion%%.*}"
+	apiJqExpr='
+		(keys[] | select(startswith("'"$rcVersion"'."))) as $version
+		| [ $version, (
+			.[$version].source[]
+			| select(.filename | endswith(".xz"))
+			|
+				"https://secure.php.net/get/" + .filename + "/from/this/mirror",
+				"https://secure.php.net/get/" + .filename + ".asc/from/this/mirror",
+				.sha256 // "",
+				.md5 // ""
+		) ]
+	'
+	if [ "$rcVersion" != "$version" ]; then
+		apiUrl='https://qa.php.net/api.php?type=qa-releases&format=json'
+		apiJqExpr='
+			.releases[]
+			| select(.version | startswith("7.1."))
+			| [
+				.version,
+				.files.xz.path // "",
+				"",
+				.files.xz.sha256 // "",
+				.files.xz.md5 // ""
+			]
+		'
+	fi
+	IFS=$'\n'
+	possibles=( $(
+		curl -fsSL "$apiUrl" \
+			| jq --raw-output "$apiJqExpr | @sh" \
+			| sort -rV
+	) )
+	unset IFS
+
+	if [ "${#possibles[@]}" -eq 0 ]; then
 		echo >&2
-		echo >&2 "warning: missing full version for $version; skipping"
+		echo >&2 "error: unable to determine available releases of $version"
 		echo >&2
-		continue
+		exit 1
 	fi
 
-	gpgKey="${gpgKeys[$version]}"
+	# format of "possibles" array entries is "VERSION URL.TAR.XZ URL.TAR.XZ.ASC SHA256 MD5" (each value shell quoted)
+	#   see the "apiJqExpr" values above for more details
+	eval "possi=( ${possibles[0]} )"
+	fullVersion="${possi[0]}"
+	url="${possi[1]}"
+	ascUrl="${possi[2]}"
+	sha256="${possi[3]}"
+	md5="${possi[4]}"
+
+	gpgKey="${gpgKeys[$rcVersion]}"
 	if [ -z "$gpgKey" ]; then
 		echo >&2 "ERROR: missing GPG key fingerprint for $version"
 		echo >&2 "  try looking on https://secure.php.net/downloads.php#gpg-$version"
@@ -126,12 +140,14 @@ for version in "${versions[@]}"; do
 
 	(
 		set -x
-		sed -ri '
-			s!%%PHP_VERSION%%!'"$fullVersion"'!;
-			s!%%PHP_FILENAME%%!'"$filename"'!;
-			s!%%PHP_SHA256%%!'"$sha256"'!;
-			s!%%GPG_KEYS%%!'"$gpgKey"'!;
-		' "${dockerfiles[@]}"
+		sed -ri \
+			-e 's!%%PHP_VERSION%%!'"$fullVersion"'!' \
+			-e 's!%%GPG_KEYS%%!'"$gpgKey"'!' \
+			-e 's!%%PHP_URL%%!'"$url"'!' \
+			-e 's!%%PHP_ASC_URL%%!'"$ascUrl"'!' \
+			-e 's!%%PHP_SHA256%%!'"$sha256"'!' \
+			-e 's!%%PHP_MD5%%!'"$md5"'!' \
+			"${dockerfiles[@]}"
 	)
 
 	newTravisEnv=