[Ubuntu] Add checksum validation for Aliyun CLI, CMake, Docker Compose v2 (#8612)

* Add checksums for Aliyun, CMake, Docker Compose v2

* After review changes

* Download Aliyun CLI from github release

images/linux/scripts/installers/cmake.sh

@@ -2,6 +2,7 @@
 ################################################################################
 ##  File:  cmake.sh
 ##  Desc:  Installs CMake
+##  Supply chain security: CMake - checksum validation
 ################################################################################
 
 # Source the helpers for use with the script
@@ -12,9 +13,15 @@ echo "Checking to see if the installer script has already been run"
 if command -v cmake; then
     echo "cmake is already installed"
 else
-	downloadUrl=$(get_github_package_download_url "Kitware/CMake" "endswith(\"inux-x86_64.sh\")")
-	curl -fsSL ${downloadUrl} -o cmakeinstall.sh \
-	&& chmod +x cmakeinstall.sh \
+	# Download script to install CMake
+	download_url=$(get_github_package_download_url "Kitware/CMake" "endswith(\"inux-x86_64.sh\")")
+	curl -fsSL "${download_url}" -o cmakeinstall.sh
+	# Supply chain security - CMake
+	hash_url=$(get_github_package_download_url "Kitware/CMake" "endswith(\"SHA-256.txt\")")
+	external_hash=$(get_hash_from_remote_file "$hash_url" "linux-x86_64.sh")
+	use_checksum_comparison "cmakeinstall.sh" "$external_hash"
+	# Install CMake and remove the install script
+	chmod +x cmakeinstall.sh \
 	&& ./cmakeinstall.sh --prefix=/usr/local --exclude-subdir \
 	&& rm cmakeinstall.sh
 fi