Verify checksums of downloaded files in Dockerfile + remove curl -k flag in jq download

[moritzraho]

Hi,
This is a simple PR to verify the integrity of downloaded code and binaries in the Dockerfile, also remove uneeded usage of insecure curl -k flag.

[atrifan]

you can use plain variables for sha and don't store them as env variables in the final image. Do you plan to use the env variables later on?

[moritzraho]

Ok yes thanks for the comment this makes sense. But I guess same applies to the versions right? I prefer to not separate version and sha to keep it clear that both must be updated when upgrading to a higher version

[moritzraho]

I've pushed the change, but cannot build the image because of #72 . Any ideas how to solve this ?

[moritzraho]

Solved #72 in #74. This must be merged after #74

[ddragosd]

If we want to complete this docker layer here, I'd clean it up too:

Suggested change

	&& make install
	&& apk del g++ gcc make \
	&& rm -rf /var/cache/apk/* \
	&& rm -rf /tmp/api-gateway

[moritzraho]

pushed the change

[ddragosd]

for consistency, should we move OPENRESTY_VERSION here as well, instead of having it as an ENV ? B/c the SHA and the ENV must be changed together when updating a version.

[moritzraho]

Yes I agree but OPENRESTY_VERSION is used in other layers.