commit 14d338e19a45a3bf962904a2cdba61803781d2fc
author Jon Hermansen <jon@jh86.org> Sat Mar 04 07:26:56 2017 -0800
committer Jon Hermansen <jon@jh86.org> Sat Mar 04 07:26:56 2017 -0800
tree 7e01d915f7822fa3218cecccd53843f0e20855e8
parent ef7d4ef34e7a996efc78f17642ef78b0d9c4b277

Use SHA-256 instead of SHA-1 to verify the jenkins.war file

Dockerfile

diff --git a/Dockerfile b/Dockerfile
index f70cba0..6c04a9e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -39,7 +39,7 @@
 ENV JENKINS_VERSION ${JENKINS_VERSION:-2.32.3}
 
 # jenkins.war checksum, download will be validated using it
-ARG JENKINS_SHA=a25b9a314ca9e76f9673da7309e1882e32674223
+ARG JENKINS_SHA=3eb599dd78ecf00e5f177ec5c4b1ba4274be4e5f63236da6ac92401a66fa91e8
 
 # Can be used to customize where jenkins.war get downloaded from
 ARG JENKINS_URL=https://repo.jenkins-ci.org/public/org/jenkins-ci/main/jenkins-war/${JENKINS_VERSION}/jenkins-war-${JENKINS_VERSION}.war
@@ -47,7 +47,7 @@
 # could use ADD but this one does not check Last-Modified header neither does it allow to control checksum 
 # see https://github.com/docker/docker/issues/8331
 RUN curl -fsSL ${JENKINS_URL} -o /usr/share/jenkins/jenkins.war \
-  && echo "${JENKINS_SHA}  /usr/share/jenkins/jenkins.war" | sha1sum -c -
+  && echo "${JENKINS_SHA}  /usr/share/jenkins/jenkins.war" | sha256sum -c -
 
 ENV JENKINS_UC https://updates.jenkins.io
 RUN chown -R ${user} "$JENKINS_HOME" /usr/share/jenkins/ref