dbsystel / postgresql-partman-container

Thank you for this project!

When downloading packages from a website, one should check their hashsums to verify integrity and authenticity.

So e.g. the sha256sum should be an ARG in the Dockerfile and later be checked after the download and before the install. Here are some examples.

postgresql-partman-container/Dockerfile

Lines 4 to 8 in f59548a

    
           ARG PARTMAN_VERSION="v4.7.3" 
        
           USER root 
        
           RUN install_packages wget gcc make build-essential 
        
           RUN cd /tmp \ 
        
               && wget "https://github.com/pgpartman/pg_partman/archive/refs/tags/${PARTMAN_VERSION}.tar.gz" \

	ARG PARTMAN_VERSION="v4.7.3"
	USER root
	RUN install_packages wget gcc make build-essential
	RUN cd /tmp \
	&& wget "https://github.com/pgpartman/pg_partman/archive/refs/tags/${PARTMAN_VERSION}.tar.gz" \

Check hashsum of partman download