Use new CentOS 7 Docker container for Linux builds

... in order to add SHA-256 payload digests to the official
libjpeg-turbo RPMS, for FIPS compliance.

- Update README.md to reflect that the official Linux binaries now
  require GLIBC 2.17+ across the board.

- Update rpmsign to use the gpg --passphrase option, which eliminates
  the need to use expect.

- Remove the detailed Linux build environment description from
  README.md.  At this point, the Docker recipe is too complex to
  perfectly describe in plain English, and since the recipe is open
  source, such a description is unnecessary.

Author: dcommander

README.md

@@ -2,7 +2,7 @@ DRC's libjpeg-turbo Build Scripts
 =================================
 
 These scripts are used to build the "official" libjpeg-turbo binaries, which
-work on any Linux platform with GLIBC 2.12 and later, as well as Windows XP and
+work on any Linux platform with GLIBC 2.17 and later, as well as Windows XP and
 later and OS X/macOS 10.7 and later.
 
 See **BUILDING.md** in the libjpeg-turbo source for basic build requirements.
@@ -12,27 +12,10 @@ Additional build requirements for these scripts are listed below.
 Build Environment: Linux
 ------------------------
 
-Recommended distro:  Red Hat or CentOS Enterprise Linux 6 x86-64
+Recommended distro:  Red Hat or CentOS Enterprise Linux 7 x86-64
 
-Both x86-64 and i386 JDKs should be installed.  The x86-64 version should be in
-your `PATH`, and the directory containing the i386 version should be symlinked
-to **/usr/java/default32**.
-
-Install a compatible x86-64 Linux hosted/AArch64 Linux target toolchain
-(available at
-<https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-a/downloads>)
-under **/opt/gcc.arm64**.  Note that 9.2-2019.12 is the latest toolchain that
-will run on RHEL 6.
-
-Install OpenJDK 8 for Linux/AArch64 (available at
-<https://adoptium.net/releases.html?variant=openjdk8>) under
-**/opt/openjdk.arm64**.
-
-Install all other software necessary to build an i386 and an x86-64 version of
-libjpeg-turbo (refer to **BUILDING.md**.)
-
-For convenience, a Docker recipe is available at
-<https://github.com/libjpeg-turbo/docker>.
+Complete Linux build environment requirements are best understood by examining
+the official Docker recipe at <https://github.com/libjpeg-turbo/docker>.
 
 
 Build Environment: macOS

buildljt

@@ -243,8 +243,7 @@ if [ $NOSRC = 0 ]; then
 		popd
 		mv $DIR/libjpeg-turbo-official-$VERSION.src.rpm $OUTDIR/files/
 		if [ -f $SCRIPTDIR/gpgsign ]; then
-			. $SCRIPTDIR/gpgsign
-			expect $SCRIPTDIR/rpmsign "$GPG_KEY_PASS" "$GPG_KEY_NAME" $OUTDIR/files/libjpeg-turbo-official-$VERSION.src.rpm
+			$SCRIPTDIR/rpmsign $OUTDIR/files/libjpeg-turbo-official-$VERSION.src.rpm
 			rpm --checksig -v $OUTDIR/files/libjpeg-turbo-official-$VERSION.src.rpm
 		fi
 	fi

buildljt.linux

@@ -70,8 +70,7 @@ rm -rf ./opt
 rm -rf rpmbuild
 
 if [ -f $SCRIPTDIR/gpgsign ]; then
-	. $SCRIPTDIR/gpgsign
-	expect $SCRIPTDIR/rpmsign "$GPG_KEY_PASS" "$GPG_KEY_NAME" $OUTDIR/files/libjpeg-turbo-official-$VERSION.$RPM64.rpm
+	$SCRIPTDIR/rpmsign $OUTDIR/files/libjpeg-turbo-official-$VERSION.$RPM64.rpm
 	rpm --checksig -v $OUTDIR/files/libjpeg-turbo-official-$VERSION.$RPM64.rpm
 fi
 
@@ -96,7 +95,7 @@ fi
 VERSION=`rpm -q -p libjpeg-turbo-official-[0-9]*.$RPM32.rpm | cut -f4 -d-`
 mv libjpeg-turbo-official-[0-9]*.$RPM32.rpm $OUTDIR/files/libjpeg-turbo-official-$VERSION.$RPM32.rpm
 if [ -f $SCRIPTDIR/gpgsign ]; then
-	expect $SCRIPTDIR/rpmsign "$GPG_KEY_PASS" "$GPG_KEY_NAME" $OUTDIR/files/libjpeg-turbo-official-$VERSION.$RPM32.rpm
+	$SCRIPTDIR/rpmsign $OUTDIR/files/libjpeg-turbo-official-$VERSION.$RPM32.rpm
 	rpm --checksig -v $OUTDIR/files/libjpeg-turbo-official-$VERSION.$RPM32.rpm
 fi
 rpm2cpio $OUTDIR/files/libjpeg-turbo-official-$VERSION.$RPM32.rpm | cpio -idv ./opt/libjpeg-turbo/lib32/libturbojpeg.so*
@@ -114,6 +113,7 @@ make test
 #make tjtest
 mv libjpeg-turbo-official_[0-9]*_$DEB64.deb $OUTDIR/files/
 if [ -f $SCRIPTDIR/gpgsign ]; then
+	. $SCRIPTDIR/gpgsign
 	expect $SCRIPTDIR/debsign "$GPG_KEY_PASS" "$GPG_KEY_ID" $OUTDIR/files/libjpeg-turbo-official_[0-9]*_$DEB64.deb
 fi
 popd
@@ -151,7 +151,7 @@ if [ "$RPM64" != "$RPMA64" -a "$DEB64" != "$DEBA64" ]; then
 	VERSION=`rpm -q -p libjpeg-turbo-official-[0-9]*.$RPMA64.rpm | cut -f4 -d-`
 	mv libjpeg-turbo-official-[0-9]*.$RPMA64.rpm $OUTDIR/files/libjpeg-turbo-official-$VERSION.$RPMA64.rpm
 	if [ -f $SCRIPTDIR/gpgsign ]; then
-		expect $SCRIPTDIR/rpmsign "$GPG_KEY_PASS" "$GPG_KEY_NAME" $OUTDIR/files/libjpeg-turbo-official-$VERSION.$RPMA64.rpm
+		$SCRIPTDIR/rpmsign $OUTDIR/files/libjpeg-turbo-official-$VERSION.$RPMA64.rpm
 		rpm --checksig -v $OUTDIR/files/libjpeg-turbo-official-$VERSION.$RPMA64.rpm
 	fi
 	make deb

rpmsign

@@ -1,16 +1,10 @@
-#!/usr/bin/expect -f
+set -u
+set -e
 
-set password [lindex $argv 0]
-set key [lindex $argv 1]
-set files [lrange $argv 2 2 ]
+SCRIPTDIR=`dirname $0`
 
-spawn rpm --define "%_gpg_name $key" \
-    --define "%__gpg_sign_cmd %{__gpg} gpg --digest-algo sha256 --batch --no-verbose --no-armor --passphrase-fd 3 --no-secmem-warning -u \"%{_gpg_name}\" -sbo %{__signature_filename} %{__plaintext_filename}" \
-    --addsign $files
-expect "Enter pass phrase:"
-send -- "$password\r"
+. $SCRIPTDIR/gpgsign
 
-expect {
-    "Pass phrase check failed"  { exit 1 }
-    eof
-}
+rpm --define "%_gpg_name $GPG_KEY_NAME" \
+    --define "%__gpg_sign_cmd %{__gpg} gpg --digest-algo sha256 --batch --no-verbose --no-armor --passphrase $GPG_KEY_PASS --no-secmem-warning -u \"%{_gpg_name}\" -sbo %{__signature_filename} %{__plaintext_filename}" \
+    --addsign ${1+"$@"}