Hardens mongodb key repository download.

DarkGhostHunter · DarkGhostHunter · commit 9e60b546a705 · 2026-03-18T01:08:59.000-03:00
diff --git a/fixes/install_repositories_and_packages.sh b/fixes/install_repositories_and_packages.sh
@@ -162,10 +162,30 @@ PACKAGES="${PACKAGES:+$PACKAGES }$POSTGRESQL_CLIENT"
 if [ -z "$MONGODB_VERSION" ]; then
     echo "No MongoDB version found for ${CURRENT_OS_CODENAME}, nothing to add."
 else
-    echo "Adding MongoDB Repository" > /dev/stdout
-    curl -fsSL https://www.mongodb.org/static/pgp/server-${MONGODB_VERSION}.asc | gpg --dearmor -o /usr/share/keyrings/mongodb.gpg
-    echo "deb [signed-by=/usr/share/keyrings/mongodb.gpg] http://repo.mongodb.org/apt/debian ${CURRENT_OS_CODENAME}/mongodb-org/${MONGODB_VERSION} main" > /etc/apt/sources.list.d/mongodb.list
-    PACKAGES="${PACKAGES:+$PACKAGES }mongocli"
+    if [[ $MONGODB_VERSION =~ ^([0-9]+)\.([0-9]+) ]]; then
+        MAJOR=${BASH_REMATCH[1]}
+        MINOR=${BASH_REMATCH[2]}
+
+        # Loop backwards from the current Minor version to 0
+        while [ $MINOR -ge 0 ]; do
+            CURRENT_VER="${MAJOR}.${MINOR}"
+            echo "Adding MongoDB Repository v${CURRENT_VER}..."
+
+            if curl -fsSL "https://pgp.mongodb.com/server-${CURRENT_VER}.asc" | gpg --dearmor -o /usr/share/keyrings/mongodb.gpg 2>/dev/null; then
+                echo "deb [signed-by=/usr/share/keyrings/mongodb.gpg] http://repo.mongodb.org/apt/debian ${CURRENT_OS_CODENAME}/mongodb-org/${CURRENT_VER} main" > /etc/apt/sources.list.d/mongodb.list
+                PACKAGES="${PACKAGES:+$PACKAGES }mongocli"
+                break # Exit loop once a valid version is found and configured
+            else
+                echo "Not found, retrying."
+            fi
+            ((MINOR--))
+        done
+    fi
+
+    if [ ! -f /etc/apt/sources.list.d/mongodb.list ]; then
+        echo "No valid MongoDB repository found."
+        exit 1
+    fi
 fi
 
 echo "Installing Database Clients: $PACKAGES" > /dev/stdout
