From b542008646b8150b059786cc60e21c9603256f80 Mon Sep 17 00:00:00 2001
From: Christian Heusel <christian@heusel.eu>
Date: Thu, 9 Jan 2025 12:04:27 +0100
Subject: [PATCH] Revert to explicit list of gpg keys

---
 1.39/apache/Dockerfile     | 9 ++++++++-
 1.39/fpm-alpine/Dockerfile | 9 ++++++++-
 1.39/fpm/Dockerfile        | 9 ++++++++-
 1.42/apache/Dockerfile     | 9 ++++++++-
 1.42/fpm-alpine/Dockerfile | 9 ++++++++-
 1.42/fpm/Dockerfile        | 9 ++++++++-
 1.43/apache/Dockerfile     | 9 ++++++++-
 1.43/fpm-alpine/Dockerfile | 9 ++++++++-
 1.43/fpm/Dockerfile        | 9 ++++++++-
 Dockerfile-alpine.template | 9 ++++++++-
 Dockerfile-debian.template | 9 ++++++++-
 11 files changed, 88 insertions(+), 11 deletions(-)

diff --git a/1.39/apache/Dockerfile b/1.39/apache/Dockerfile
index 33f6fb6..20a9f1f 100644
--- a/1.39/apache/Dockerfile
+++ b/1.39/apache/Dockerfile
@@ -101,7 +101,14 @@ RUN set -eux; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz" -o mediawiki.tar.gz; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz.sig" -o mediawiki.tar.gz.sig; \
 	export GNUPGHOME="$(mktemp -d)"; \
-	gpg --fetch-keys "https://www.mediawiki.org/keys/keys.txt"; \
+	# gpg key from https://www.mediawiki.org/keys/keys.txt
+	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \
+		D7D6767D135A514BEB86E9BA75682B08E8A3FEC4 \
+		441276E9CCD15F44F6D97D18C119E1A64D70938E \
+		F7F780D82EBFB8A56556E7EE82403E59F9F8CD79 \
+		1D98867E82982C8FE0ABC25F9B69B3109D3BB7B0 \
+		E059C034E7A430583C252F4AA8F734246D73B586 \
+	; \
 	gpg --batch --verify mediawiki.tar.gz.sig mediawiki.tar.gz; \
 	tar -x --strip-components=1 -f mediawiki.tar.gz; \
 	[ 1.39.11 = "1.42.4" ] && \
diff --git a/1.39/fpm-alpine/Dockerfile b/1.39/fpm-alpine/Dockerfile
index 0c9b461..bfa4d68 100644
--- a/1.39/fpm-alpine/Dockerfile
+++ b/1.39/fpm-alpine/Dockerfile
@@ -74,7 +74,14 @@ RUN set -eux; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz" -o mediawiki.tar.gz; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz.sig" -o mediawiki.tar.gz.sig; \
 	export GNUPGHOME="$(mktemp -d)"; \
-	gpg --fetch-keys "https://www.mediawiki.org/keys/keys.txt"; \
+	# gpg key from https://www.mediawiki.org/keys/keys.txt
+	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \
+		D7D6767D135A514BEB86E9BA75682B08E8A3FEC4 \
+		441276E9CCD15F44F6D97D18C119E1A64D70938E \
+		F7F780D82EBFB8A56556E7EE82403E59F9F8CD79 \
+		1D98867E82982C8FE0ABC25F9B69B3109D3BB7B0 \
+		E059C034E7A430583C252F4AA8F734246D73B586 \
+	; \
 	gpg --batch --verify mediawiki.tar.gz.sig mediawiki.tar.gz; \
 	tar -x --strip-components=1 -f mediawiki.tar.gz; \
 	[ 1.39.11 = "1.42.4" ] && \
diff --git a/1.39/fpm/Dockerfile b/1.39/fpm/Dockerfile
index 316a53f..888ff4f 100644
--- a/1.39/fpm/Dockerfile
+++ b/1.39/fpm/Dockerfile
@@ -86,7 +86,14 @@ RUN set -eux; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz" -o mediawiki.tar.gz; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz.sig" -o mediawiki.tar.gz.sig; \
 	export GNUPGHOME="$(mktemp -d)"; \
-	gpg --fetch-keys "https://www.mediawiki.org/keys/keys.txt"; \
+	# gpg key from https://www.mediawiki.org/keys/keys.txt
+	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \
+		D7D6767D135A514BEB86E9BA75682B08E8A3FEC4 \
+		441276E9CCD15F44F6D97D18C119E1A64D70938E \
+		F7F780D82EBFB8A56556E7EE82403E59F9F8CD79 \
+		1D98867E82982C8FE0ABC25F9B69B3109D3BB7B0 \
+		E059C034E7A430583C252F4AA8F734246D73B586 \
+	; \
 	gpg --batch --verify mediawiki.tar.gz.sig mediawiki.tar.gz; \
 	tar -x --strip-components=1 -f mediawiki.tar.gz; \
 	[ 1.39.11 = "1.42.4" ] && \
diff --git a/1.42/apache/Dockerfile b/1.42/apache/Dockerfile
index 54e98e0..41d950d 100644
--- a/1.42/apache/Dockerfile
+++ b/1.42/apache/Dockerfile
@@ -101,7 +101,14 @@ RUN set -eux; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz" -o mediawiki.tar.gz; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz.sig" -o mediawiki.tar.gz.sig; \
 	export GNUPGHOME="$(mktemp -d)"; \
-	gpg --fetch-keys "https://www.mediawiki.org/keys/keys.txt"; \
+	# gpg key from https://www.mediawiki.org/keys/keys.txt
+	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \
+		D7D6767D135A514BEB86E9BA75682B08E8A3FEC4 \
+		441276E9CCD15F44F6D97D18C119E1A64D70938E \
+		F7F780D82EBFB8A56556E7EE82403E59F9F8CD79 \
+		1D98867E82982C8FE0ABC25F9B69B3109D3BB7B0 \
+		E059C034E7A430583C252F4AA8F734246D73B586 \
+	; \
 	gpg --batch --verify mediawiki.tar.gz.sig mediawiki.tar.gz; \
 	tar -x --strip-components=1 -f mediawiki.tar.gz; \
 	[ 1.42.4 = "1.42.4" ] && \
diff --git a/1.42/fpm-alpine/Dockerfile b/1.42/fpm-alpine/Dockerfile
index 6f6a7b3..45497a8 100644
--- a/1.42/fpm-alpine/Dockerfile
+++ b/1.42/fpm-alpine/Dockerfile
@@ -74,7 +74,14 @@ RUN set -eux; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz" -o mediawiki.tar.gz; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz.sig" -o mediawiki.tar.gz.sig; \
 	export GNUPGHOME="$(mktemp -d)"; \
-	gpg --fetch-keys "https://www.mediawiki.org/keys/keys.txt"; \
+	# gpg key from https://www.mediawiki.org/keys/keys.txt
+	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \
+		D7D6767D135A514BEB86E9BA75682B08E8A3FEC4 \
+		441276E9CCD15F44F6D97D18C119E1A64D70938E \
+		F7F780D82EBFB8A56556E7EE82403E59F9F8CD79 \
+		1D98867E82982C8FE0ABC25F9B69B3109D3BB7B0 \
+		E059C034E7A430583C252F4AA8F734246D73B586 \
+	; \
 	gpg --batch --verify mediawiki.tar.gz.sig mediawiki.tar.gz; \
 	tar -x --strip-components=1 -f mediawiki.tar.gz; \
 	[ 1.42.4 = "1.42.4" ] && \
diff --git a/1.42/fpm/Dockerfile b/1.42/fpm/Dockerfile
index 4ca76e9..a0bbf14 100644
--- a/1.42/fpm/Dockerfile
+++ b/1.42/fpm/Dockerfile
@@ -86,7 +86,14 @@ RUN set -eux; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz" -o mediawiki.tar.gz; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz.sig" -o mediawiki.tar.gz.sig; \
 	export GNUPGHOME="$(mktemp -d)"; \
-	gpg --fetch-keys "https://www.mediawiki.org/keys/keys.txt"; \
+	# gpg key from https://www.mediawiki.org/keys/keys.txt
+	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \
+		D7D6767D135A514BEB86E9BA75682B08E8A3FEC4 \
+		441276E9CCD15F44F6D97D18C119E1A64D70938E \
+		F7F780D82EBFB8A56556E7EE82403E59F9F8CD79 \
+		1D98867E82982C8FE0ABC25F9B69B3109D3BB7B0 \
+		E059C034E7A430583C252F4AA8F734246D73B586 \
+	; \
 	gpg --batch --verify mediawiki.tar.gz.sig mediawiki.tar.gz; \
 	tar -x --strip-components=1 -f mediawiki.tar.gz; \
 	[ 1.42.4 = "1.42.4" ] && \
diff --git a/1.43/apache/Dockerfile b/1.43/apache/Dockerfile
index 7690a44..0e4b87c 100644
--- a/1.43/apache/Dockerfile
+++ b/1.43/apache/Dockerfile
@@ -101,7 +101,14 @@ RUN set -eux; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz" -o mediawiki.tar.gz; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz.sig" -o mediawiki.tar.gz.sig; \
 	export GNUPGHOME="$(mktemp -d)"; \
-	gpg --fetch-keys "https://www.mediawiki.org/keys/keys.txt"; \
+	# gpg key from https://www.mediawiki.org/keys/keys.txt
+	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \
+		D7D6767D135A514BEB86E9BA75682B08E8A3FEC4 \
+		441276E9CCD15F44F6D97D18C119E1A64D70938E \
+		F7F780D82EBFB8A56556E7EE82403E59F9F8CD79 \
+		1D98867E82982C8FE0ABC25F9B69B3109D3BB7B0 \
+		E059C034E7A430583C252F4AA8F734246D73B586 \
+	; \
 	gpg --batch --verify mediawiki.tar.gz.sig mediawiki.tar.gz; \
 	tar -x --strip-components=1 -f mediawiki.tar.gz; \
 	[ 1.43.0 = "1.42.4" ] && \
diff --git a/1.43/fpm-alpine/Dockerfile b/1.43/fpm-alpine/Dockerfile
index 440efdb..00036c2 100644
--- a/1.43/fpm-alpine/Dockerfile
+++ b/1.43/fpm-alpine/Dockerfile
@@ -74,7 +74,14 @@ RUN set -eux; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz" -o mediawiki.tar.gz; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz.sig" -o mediawiki.tar.gz.sig; \
 	export GNUPGHOME="$(mktemp -d)"; \
-	gpg --fetch-keys "https://www.mediawiki.org/keys/keys.txt"; \
+	# gpg key from https://www.mediawiki.org/keys/keys.txt
+	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \
+		D7D6767D135A514BEB86E9BA75682B08E8A3FEC4 \
+		441276E9CCD15F44F6D97D18C119E1A64D70938E \
+		F7F780D82EBFB8A56556E7EE82403E59F9F8CD79 \
+		1D98867E82982C8FE0ABC25F9B69B3109D3BB7B0 \
+		E059C034E7A430583C252F4AA8F734246D73B586 \
+	; \
 	gpg --batch --verify mediawiki.tar.gz.sig mediawiki.tar.gz; \
 	tar -x --strip-components=1 -f mediawiki.tar.gz; \
 	[ 1.43.0 = "1.42.4" ] && \
diff --git a/1.43/fpm/Dockerfile b/1.43/fpm/Dockerfile
index a4a1dc7..8143e60 100644
--- a/1.43/fpm/Dockerfile
+++ b/1.43/fpm/Dockerfile
@@ -86,7 +86,14 @@ RUN set -eux; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz" -o mediawiki.tar.gz; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz.sig" -o mediawiki.tar.gz.sig; \
 	export GNUPGHOME="$(mktemp -d)"; \
-	gpg --fetch-keys "https://www.mediawiki.org/keys/keys.txt"; \
+	# gpg key from https://www.mediawiki.org/keys/keys.txt
+	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \
+		D7D6767D135A514BEB86E9BA75682B08E8A3FEC4 \
+		441276E9CCD15F44F6D97D18C119E1A64D70938E \
+		F7F780D82EBFB8A56556E7EE82403E59F9F8CD79 \
+		1D98867E82982C8FE0ABC25F9B69B3109D3BB7B0 \
+		E059C034E7A430583C252F4AA8F734246D73B586 \
+	; \
 	gpg --batch --verify mediawiki.tar.gz.sig mediawiki.tar.gz; \
 	tar -x --strip-components=1 -f mediawiki.tar.gz; \
 	[ 1.43.0 = "1.42.4" ] && \
diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template
index 4d6787a..df70498 100644
--- a/Dockerfile-alpine.template
+++ b/Dockerfile-alpine.template
@@ -74,7 +74,14 @@ RUN set -eux; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz" -o mediawiki.tar.gz; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz.sig" -o mediawiki.tar.gz.sig; \
 	export GNUPGHOME="$(mktemp -d)"; \
-	gpg --fetch-keys "https://www.mediawiki.org/keys/keys.txt"; \
+	# gpg key from https://www.mediawiki.org/keys/keys.txt
+	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \
+		D7D6767D135A514BEB86E9BA75682B08E8A3FEC4 \
+		441276E9CCD15F44F6D97D18C119E1A64D70938E \
+		F7F780D82EBFB8A56556E7EE82403E59F9F8CD79 \
+		1D98867E82982C8FE0ABC25F9B69B3109D3BB7B0 \
+		E059C034E7A430583C252F4AA8F734246D73B586 \
+	; \
 	gpg --batch --verify mediawiki.tar.gz.sig mediawiki.tar.gz; \
 	tar -x --strip-components=1 -f mediawiki.tar.gz; \
 	[ %%MEDIAWIKI_VERSION%% = "1.42.4" ] && \
diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template
index 73fb77d..c5baefd 100644
--- a/Dockerfile-debian.template
+++ b/Dockerfile-debian.template
@@ -86,7 +86,14 @@ RUN set -eux; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz" -o mediawiki.tar.gz; \
 	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz.sig" -o mediawiki.tar.gz.sig; \
 	export GNUPGHOME="$(mktemp -d)"; \
-	gpg --fetch-keys "https://www.mediawiki.org/keys/keys.txt"; \
+	# gpg key from https://www.mediawiki.org/keys/keys.txt
+	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \
+		D7D6767D135A514BEB86E9BA75682B08E8A3FEC4 \
+		441276E9CCD15F44F6D97D18C119E1A64D70938E \
+		F7F780D82EBFB8A56556E7EE82403E59F9F8CD79 \
+		1D98867E82982C8FE0ABC25F9B69B3109D3BB7B0 \
+		E059C034E7A430583C252F4AA8F734246D73B586 \
+	; \
 	gpg --batch --verify mediawiki.tar.gz.sig mediawiki.tar.gz; \
 	tar -x --strip-components=1 -f mediawiki.tar.gz; \
 	[ %%MEDIAWIKI_VERSION%% = "1.42.4" ] && \