updated and .gitlab-ci.yml

Dockerfile

@@ -1,12 +1,10 @@
 FROM debian:sid
 
-ENV TOR_VERSION=8.5a12
-ENV LANGTOR=es-ES
+ENV TOR_VERSION=13.5
 # Via https://dist.torproject.org/torbrowser/$TOR_VERSION/sha256sums-signed-build.txt
-ENV SHA256_CHECKSUM=0467158996ebdd0b653691a98704219ed14be2f09912a2ebd3d4520319d72cca
-ENV LANG=es-ES.UTF-8
-ENV RELEASE_FILE=tor-browser-linux64-${TOR_VERSION}_$LANGTOR.tar.xz
-ENV RELEASE_KEY=0xEB774491D9FF06E2
+ENV SHA256_CHECKSUM=9e9aab1b20b0a8c799f09b2c47f129bc30a590b4372b4c447c4d7d7c79fe183b
+ENV RELEASE_FILE=tor-browser-linux-x86_64-${TOR_VERSION}.tar.xz
+ENV RELEASE_KEY=0x4E2C6E8793298290
 ENV RELEASE_URL=https://dist.torproject.org/torbrowser/${TOR_VERSION}/${RELEASE_FILE}
 ENV PATH=$PATH:/usr/local/bin/Browser
 
@@ -32,11 +30,11 @@ WORKDIR /usr/local/bin
 # can figure out why it's flaky and commonly gives "keys: key
 # 4E2C6E8793298290 can't be retrieved, gpg: no valid OpenPGP data
 # found."
-RUN gpg --keyserver pool.sks-keyservers.net --recv-keys ${RELEASE_KEY}
+RUN gpg --keyserver keys.openpgp.org --recv-keys ${RELEASE_KEY}
 
 RUN curl --fail -O -sSL ${RELEASE_URL} && \
     curl --fail -O -sSL ${RELEASE_URL}.asc && \
-    gpg --verify ${RELEASE_FILE}.asc && \
+    gpgv --keyring /root/.gnupg/pubring.kbx ./${RELEASE_FILE}.asc ${RELEASE_FILE} && \
     echo "$SHA256_CHECKSUM $RELEASE_FILE" > sha256sums.txt && \
     sha256sum -c sha256sums.txt && \
     tar --strip-components=1 -vxJf ${RELEASE_FILE} && \