- updated to support new centos 7.9 image

- added comments
- updated checkit_tiff version
- updated pcre version
- reenabled certificate update
- added support for deltarpms
- added hardening flags

deploy_checkit_tiff/centos7/Dockerfile

-FROM centos:centos7.8.2003
+# ensure to choose right CENTOS version, because some images are outdated
+# and replaced by newer one, for example centos 7.8.2003 was superceeded by 7.9.2009
+# also ensure, you have run "docker pull --platform linux/amd64 centos:centos7" first!
+FROM --platform=linux/amd64 centos:centos7
 MAINTAINER Andreas Romeyke <romeyke@slub-dresden.de>
 # current could be 0.3.1 or 0.4.0, because 0.4.0 is bugfixed version of
 # checkit_tiff with rules compatible to 0.3.1 based on Handreichung TIFF v1.2
@@ -6,8 +9,8 @@ MAINTAINER Andreas Romeyke <romeyke@slub-dresden.de>
 ENV checkit_tiff_current_version=v1.0.3
 ENV checkit_tiff_upcoming_version=v1.0.3
 # ENV checkit_tiff_gitrepository=https://github.com/SLUB-digitalpreservation/checkit_tiff.git
-ENV checkit_tiff_gitrepository=http://art1pirat.spdns.org/art1/checkit_tiff.git
-ENV pcre_version=8.41
+ENV checkit_tiff_gitrepository=https://art1pirat.spdns.org/art1/checkit_tiff.git
+ENV pcre_version=8.45
 ENV PATCH="\
 --- a/src/CMakeLists.txt\n\
 +++ b/src/CMakeLists.txt\n\
@@ -23,18 +26,20 @@ ENV PATCH="\
 
 # THIS IS A BAD IDEA!!! ONLY SKIP CERTIFICATE VALIDATION IF THERE'S NO OTHER
 # ALTERNATIVE!!!
-ENV GIT_SSL_NO_VERIFY=true
-
-#RUN yum install -y ca-certificates wget git
-#RUN mkdir -p /usr/local/share/ca-certificates/cacert.org
-#RUN wget -P /usr/local/share/ca-certificates/cacert.org http://www.cacert.org/certs/root.crt http://www.cacert.org/certs/class3.crt
-#RUN update-ca-trust
-#RUN git config --global http.sslCAinfo /etc/ssl/certs/ca-certificates.crt
+#ENV GIT_SSL_NO_VERIFY=true
+RUN yum install -y deltarpm
+RUN yum install -y ca-certificates wget git
+RUN mkdir -p /usr/local/share/ca-certificates/cacert.org
+RUN wget -P /usr/local/share/ca-certificates/cacert.org http://www.cacert.org/certs/root.crt http://www.cacert.org/certs/class3.crt && update-ca-trust
+RUN git config --global http.sslCAinfo /etc/ssl/certs/ca-certificates.crt
 
 # based on https://hub.docker.com/r/rpmbuild/centos6/
 ## install base environment
-RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-RUN yum install -y \
+#RUN yum install -y wget
+#RUN cd /tmp && wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+#RUN cd /tmp && ls /tmp/ && yum install -y epel-release-latest-7.noarch.rpm
+#RUN yum install -y epel-release
+RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && yum install -y \
                    git \
                    libtool libtool-ltdl \
                    make cmake3 \
@@ -48,16 +53,16 @@ RUN yum install -y \
 # git [devtools-2] (1.8.4) for "rev-list --count" feature, git [centos6] (1.7.1) too old
 #RUN yum install -y devtoolset-2-git
 #RUN ln -s /opt/rh/devtoolset-2/root/usr/bin/git /usr/bin/git
-
+#RUN yum --enablerepo=extras
+# Hint: only work in architecure linux/amd64
 # Doku: https://wiki.centos.org/AdditionalResources/Repositories/SCL#head-9c6aea9c13b921d5258446c4c5e5886571bdb741
-RUN yum --enablerepo=extras install -y centos-release-scl
-RUN yum install -y \
+RUN yum --enablerepo=extras install -y centos-release-scl && yum --enablerepo=extras install -y \
                    devtoolset-8-gcc \
                    devtoolset-8-binutils \
                    devtoolset-8-gcc-c++ \
                    devtoolset-8-libstdc++-devel \
-                   devtoolset-8-toolchain
-RUN scl enable devtoolset-8 bash
+                   devtoolset-8-toolchain && scl enable devtoolset-8 bash
+
 
 ## add user environment
 RUN useradd builder -u 1000 -m -G users,wheel && \
@@ -79,8 +84,8 @@ CMD /srv/pkg
 WORKDIR /home/builder/
 
 # get and compile libpcre (v8)
-RUN wget -np https://ftp.pcre.org/pub/pcre/pcre-${pcre_version}.tar.bz2
-RUN tar xfj pcre-${pcre_version}.tar.bz2
+RUN wget -np https://ftp.pcre.org/pub/pcre/pcre-${pcre_version}.tar.gz
+RUN tar xfz pcre-${pcre_version}.tar.gz
 WORKDIR /home/builder/pcre-${pcre_version}/
 RUN ./configure --disable-shared -enable-static && /usr/bin/make -j
 USER root
@@ -106,11 +111,10 @@ RUN cat -n src/CMakeLists.txt
 RUN mkdir build_stable
 WORKDIR /home/builder/checkit_tiff/build_stable
 RUN cmake3 -DCMAKE_INSTALL_PREFIX=/tmp/checkit_tiff_stable/ \
+  -DCMAKE_C_FLAGS="-W -Wall -Wextra -ansi -pedantic -O3 -flto -Wno-unused-function -fstack-check -fstack-protector-strong -Wformat -Werror=format-security" \
   -DBUILD_BRANCH=${checkit_tiff_current_version} \
   -DPCRE_LIBRARY=../../pcre-${pcre_version}/.libs/libpcre.a \
-  -DPCRE_INCLUDE_DIR=../../pcre-${pcre_version}/ ../src
-RUN make && make install
-#RUN make && make package
+  -DPCRE_INCLUDE_DIR=../../pcre-${pcre_version}/ ../src && make && make install
 
 # compile checkit_tiff development
 WORKDIR /home/builder/checkit_tiff
@@ -128,14 +132,12 @@ RUN cat -n src/CMakeLists.txt
 RUN mkdir build_development
 WORKDIR /home/builder/checkit_tiff/build_development
 RUN cmake3 -DCMAKE_INSTALL_PREFIX=/tmp/checkit_tiff_development/ \
+  -DCMAKE_C_FLAGS="-W -Wall -Wextra -ansi -pedantic -O3 -flto -Wno-unused-function -fstack-check -fstack-protector-strong -Wformat -Werror=format-security" \
   -DBUILD_BRANCH=${checkit_tiff_upcoming_version} \
   -DPCRE_LIBRARY=../../pcre-${pcre_version}/.libs/libpcre.a \
-  -DPCRE_INCLUDE_DIR=../../pcre-${pcre_version}/ ../src
-RUN make && make install
-#RUN make && make package
+  -DPCRE_INCLUDE_DIR=../../pcre-${pcre_version}/ ../src && make && make install
 
 # create tar-balls
 WORKDIR /tmp/
 RUN tar cfz checkit_tiff_current.tgz checkit_tiff_stable/
 RUN tar cfz checkit_tiff_upcoming.tgz checkit_tiff_development/
-