From fac97e1185e058adf913b7667b418ca8d184369d Mon Sep 17 00:00:00 2001
From: Damian Mee <spam@meedamian.com>
Date: Sat, 11 May 2019 14:49:49 +0700
Subject: [PATCH] download signed hashes from different source than source code

---
 0.18/source/Dockerfile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/0.18/source/Dockerfile b/0.18/source/Dockerfile
index 91de542..0834d62 100644
--- a/0.18/source/Dockerfile
+++ b/0.18/source/Dockerfile
@@ -37,7 +37,10 @@ RUN set -ex \
 ENV BITCOIN_VERSION=0.18.0
 ENV BITCOIN_PREFIX=/opt/bitcoin-${BITCOIN_VERSION}
 
-RUN wget https://bitcoin.org/bin/bitcoin-core-${BITCOIN_VERSION}/SHA256SUMS.asc
+# Download checksums (intentionally different source than source code)
+RUN wget https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION}/SHA256SUMS.asc
+
+# Download source code (intentionally different source than checksums)
 RUN wget https://bitcoin.org/bin/bitcoin-core-${BITCOIN_VERSION}/bitcoin-${BITCOIN_VERSION}.tar.gz
 
 # Verify that hashes are signed with the previously imported key