From 106411085f5856fb73f6e9df107577cc6d226c53 Mon Sep 17 00:00:00 2001
From: Alf Eaton <alf.eaton@overleaf.com>
Date: Thu, 21 Jul 2022 09:28:32 +0100
Subject: [PATCH] Merge pull request #8930 from overleaf/ae-verify-texlive

Verify the TeX Live installer

GitOrigin-RevId: 8b6ce1820930da4250e69d5b857c41a3cb55442c
---
 server-ce/Dockerfile-base | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/server-ce/Dockerfile-base b/server-ce/Dockerfile-base
index c5f1a8b2b6..db02f0c5d5 100644
--- a/server-ce/Dockerfile-base
+++ b/server-ce/Dockerfile-base
@@ -34,19 +34,25 @@ RUN chmod +x /usr/bin/envsubst
 
 # Install TexLive
 # ---------------
-# CTAN mirrors occasionally fail, in that case install TexLive against an
-# specific server, for example http://ctan.crest.fr
+# CTAN mirrors occasionally fail, in that case install TexLive using a
+# different server, for example https://ctan.crest.fr
 #
 # # docker build \
-#     --build-arg TEXLIVE_MIRROR=http://ctan.crest.fr/tex-archive/systems/texlive/tlnet \
+#     --build-arg TEXLIVE_MIRROR=https://ctan.crest.fr/tex-archive/systems/texlive/tlnet \
 #     -f Dockerfile-base -t sharelatex/sharelatex-base .
-ARG TEXLIVE_MIRROR=http://mirror.ctan.org/systems/texlive/tlnet
+ARG TEXLIVE_MIRROR=https://mirror.ox.ac.uk/sites/ctan.org/systems/texlive/tlnet
 
 RUN mkdir /install-tl-unx \
-&&  curl -sSL \
-      ${TEXLIVE_MIRROR}/install-tl-unx.tar.gz \
-    | tar -xzC /install-tl-unx --strip-components=1 \
-    \
+&&  wget --quiet https://tug.org/texlive/files/texlive.asc \
+&&  gpg --import texlive.asc \
+&&  rm texlive.asc \
+&&  wget --quiet ${TEXLIVE_MIRROR}/install-tl-unx.tar.gz \
+&&  wget --quiet ${TEXLIVE_MIRROR}/install-tl-unx.tar.gz.sha512 \
+&&  wget --quiet ${TEXLIVE_MIRROR}/install-tl-unx.tar.gz.sha512.asc \
+&&  gpg --verify install-tl-unx.tar.gz.sha512.asc \
+&&  sha512sum -c install-tl-unx.tar.gz.sha512 \
+&&  tar -xz -C /install-tl-unx --strip-components=1 -f install-tl-unx.tar.gz \
+&&  rm install-tl-unx.tar.gz* \
 &&  echo "tlpdbopt_autobackup 0" >> /install-tl-unx/texlive.profile \
 &&  echo "tlpdbopt_install_docfiles 0" >> /install-tl-unx/texlive.profile \
 &&  echo "tlpdbopt_install_srcfiles 0" >> /install-tl-unx/texlive.profile \