diff --git a/Dockerfile b/Dockerfile
index 90dbf13..d9bb1d4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 FROM debian
 
-# TODO(hkjn): Use hkjn/arch as base.
+# TODO(hkjn): Use alpine as base.
 
 MAINTAINER Henrik Jonsson <me@hkjn.me>
 
@@ -9,7 +9,7 @@ ENV LANG C.UTF-8
 ENV RELEASE_FILE tor-browser-linux64-${TOR_VERSION}_ALL.tar.xz
 ENV RELEASE_KEY 0x4E2C6E8793298290
 ENV CHECKSUMS_FILE sha256sums-unsigned-build.txt
-ENV CHECKSUMS_URL https://dist.torproject.org/torbrowser/${TOR_VERSION}/${CHECKSUMS_FILE}
+
 ENV RELEASE_URL https://dist.torproject.org/torbrowser/${TOR_VERSION}/${RELEASE_FILE}
 
 RUN apt-get update && \
@@ -29,14 +29,13 @@ RUN useradd --create-home --home-dir $HOME user && \
     chown -R user:user $HOME
 
 WORKDIR /usr/local/bin
-# TODO(hkjn): Actually check ${CHECKSUMS_FILE}.asc against release binary.
+
+COPY $CHECKSUMS_FILE .
 RUN gpg --keyserver pgp.mit.edu --recv-keys $RELEASE_KEY
 RUN curl --fail -O -sSL ${RELEASE_URL} && \
     curl --fail -O -sSL ${RELEASE_URL}.asc && \
-    curl --fail -O -sSL ${CHECKSUMS_URL} && \
-    curl --fail -O -sSL ${CHECKSUMS_URL}.asc && \
     gpg --verify ${RELEASE_FILE}.asc && \
-    gpg --verify ${CHECKSUMS_FILE}.asc && \
+    sha256sum -c sha256sums-unsigned-build.txt && \
     tar --strip-components=1 -vxJf ${RELEASE_FILE} && \
     rm -v ${RELEASE_FILE}*
 
diff --git a/sha256sums-unsigned-build.txt b/sha256sums-unsigned-build.txt
new file mode 100644
index 0000000..3ec35c0
--- /dev/null
+++ b/sha256sums-unsigned-build.txt
@@ -0,0 +1 @@
+f5224c78c3f0da2df4286a6e33a4afec3339a9d6848ff9b6480a42214b8bed8c  tor-browser-linux64-6.0a4-hardened_ALL.tar.xz