diff --git a/docker/build_scripts/build.sh b/docker/build_scripts/build.sh
index b3e2aec10..5ca973032 100644
--- a/docker/build_scripts/build.sh
+++ b/docker/build_scripts/build.sh
@@ -11,6 +11,9 @@ CPYTHON_VERSIONS="2.6.9 2.7.11 3.3.6 3.4.4 3.5.1"
 # archive
 OPENSSL_ROOT=openssl-1.0.2g
 OPENSSL_HASH=b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33
+EPEL_RPM_HASH=0dcc89f9bf67a2a515bad64569b7a9615edc5e018f676a578d5fd0f17d3c81d4
+DEVTOOLS_HASH=a8ebeb4bed624700f727179e6ef771dafe47651131a00a78b342251415646acc
+PATCHELF_HASH=d9afdff4baeacfbc64861454f368b7f2c15c44d245293f7587bbf726bfe722fb
 
 # Dependencies for compiling Python that we want to remove from
 # the final image after compiling Python
@@ -26,8 +29,12 @@ source $MY_DIR/build_utils.sh
 # EPEL support
 yum -y install wget curl
 curl -sLO https://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
+check_sha256sum epel-release-5-4.noarch.rpm $EPEL_RPM_HASH
+
 # Dev toolset (for LLVM and other projects requiring C++11 support)
-curl -sL http://people.centos.org/tru/devtools-2/devtools-2.repo > /etc/yum.repos.d/devtools-2.repo
+curl -sLO http://people.centos.org/tru/devtools-2/devtools-2.repo
+check_sha256sum devtools-2.repo $DEVTOOLS_HASH
+mv devtools-2.repo /etc/yum.repos.d/devtools-2.repo
 rpm -Uvh --replacepkgs epel-release-5*.rpm
 rm -f epel-release-5*.rpm
 
@@ -48,11 +55,12 @@ mkdir -p /opt/python
 build_cpythons $CPYTHON_VERSIONS
 rm -rf /usr/local/ssl
 
-# Install patchelf and auditwheel (latest)
-curl -sLO http://nixos.org/releases/patchelf/patchelf-0.9/patchelf-0.9.tar.gz
-tar -xzf patchelf-0.9.tar.gz
-(cd patchelf-0.9 && ./configure && make && make install)
-rm -rf patchelf-0.9.tar.gz patchelf-0.9
+# Install patchelf and auditwheel (latest with unreleased bug fixes)
+curl -sLO https://nipy.bic.berkeley.edu/manylinux/patchelf-0.9njs2.tar.gz
+check_sha256sum patchelf-0.9njs2.tar.gz $PATCHELF_HASH
+tar -xzf patchelf-0.9njs2.tar.gz
+(cd patchelf-0.9njs2 && ./configure && make && make install)
+rm -rf patchelf-0.9njs2.tar.gz patchelf-0.9njs2
 
 PY35_BIN=/opt/python/cp35-cp35m/bin
 $PY35_BIN/pip install auditwheel
diff --git a/docker/build_scripts/build_utils.sh b/docker/build_scripts/build_utils.sh
index d671fa2d5..c5c9f53a4 100755
--- a/docker/build_scripts/build_utils.sh
+++ b/docker/build_scripts/build_utils.sh
@@ -89,16 +89,27 @@ function do_openssl_build {
 }
 
 
+function check_sha256sum {
+    local fname=$1
+    check_var ${fname}
+    local sha256=$2
+    check_var ${sha256}
+
+    echo "${sha256}  ${fname}" > ${fname}.sha256
+    sha256sum -c ${fname}.sha256
+    rm ${fname}.sha256
+}
+
+
 function build_openssl {
     local openssl_fname=$1
-    check_var $openssl_fname
+    check_var ${openssl_fname}
     local openssl_sha256=$2
-    check_var $openssl_sha256
-    check_var $OPENSSL_DOWNLOAD_URL
-    echo "${openssl_sha256}  ${openssl_fname}.tar.gz" > ${openssl_fname}.tar.gz.sha256
-    curl -sLO $OPENSSL_DOWNLOAD_URL/${openssl_fname}.tar.gz
-    sha256sum -c ${openssl_fname}.tar.gz.sha256
+    check_var ${openssl_sha256}
+    check_var ${OPENSSL_DOWNLOAD_URL}
+    curl -sLO ${OPENSSL_DOWNLOAD_URL}/${openssl_fname}.tar.gz
+    check_sha256sum ${openssl_fname}.tar.gz ${openssl_sha256}
     tar -xzf ${openssl_fname}.tar.gz
     (cd ${openssl_fname} && do_openssl_build)
-    rm -rf ${openssl_fname} ${openssl_fname}.tar.gz ${openssl_fname}.tar.gz.sha256
+    rm -rf ${openssl_fname} ${openssl_fname}.tar.gz
 }