[英]Official Python GPG Signing Key - Where is it? - gpg: using RSA key FC624643487034E5
[英]Why do the official docker python images include a GPG_KEY environment variable?
为什么包括在内? 在从该图像继承的图像中取消设置是否有任何危害?
如果您只是从图像继承,即FROM python:3.5
则无需担心GPG_KEY
变量。
如果要自定义Python映像的官方dockerfile,请不要取消设置或重置这些值,因为这会破坏映像的构建。
它被包括在内,以便可以将已下载的Python源档案存档验证为真实。
通常在构建映像时使用它,因此,当您使用特定版本标记它时,将在构建之前下载并验证该版本。
该值在update.sh
脚本中设置:
declare -A gpgKeys=(
# gpg: key 18ADD4FF: public key "Benjamin Peterson <benjamin@python.org>" imported
[2.7]='C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF'
# https://www.python.org/dev/peps/pep-0373/#release-manager-and-crew
# gpg: key F73C700D: public key "Larry Hastings <larry@hastings.org>" imported
[3.4]='97FC712E4C024BBEA48A61ED3A5CA953F73C700D'
# https://www.python.org/dev/peps/pep-0429/#release-manager-and-crew
# gpg: key F73C700D: public key "Larry Hastings <larry@hastings.org>" imported
[3.5]='97FC712E4C024BBEA48A61ED3A5CA953F73C700D'
# https://www.python.org/dev/peps/pep-0478/#release-manager-and-crew
# gpg: key AA65421D: public key "Ned Deily (Python release signing key) <nad@acm.org>" imported
[3.6]='0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D'
# https://www.python.org/dev/peps/pep-0494/#release-manager-and-crew
# gpg: key AA65421D: public key "Ned Deily (Python release signing key) <nad@acm.org>" imported
[3.7]='0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D'
# https://www.python.org/dev/peps/pep-0494/#release-manager-and-crew
)
然后,该脚本会更新各种单独的泊坞窗文件,最后将它们用于构建实际映像。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.