![](/img/trans.png)
[英]Official Python GPG Signing Key - Where is it? - gpg: using RSA key FC624643487034E5
[英]Why do the official docker python images include a GPG_KEY environment variable?
為什么包括在內? 在從該圖像繼承的圖像中取消設置是否有任何危害?
如果您只是從圖像繼承,即FROM python:3.5
則無需擔心GPG_KEY
變量。
如果要自定義Python映像的官方dockerfile,請不要取消設置或重置這些值,因為這會破壞映像的構建。
它被包括在內,以便可以將已下載的Python源檔案存檔驗證為真實。
通常在構建映像時使用它,因此,當您使用特定版本標記它時,將在構建之前下載並驗證該版本。
該值在update.sh
腳本中設置:
declare -A gpgKeys=(
# gpg: key 18ADD4FF: public key "Benjamin Peterson <benjamin@python.org>" imported
[2.7]='C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF'
# https://www.python.org/dev/peps/pep-0373/#release-manager-and-crew
# gpg: key F73C700D: public key "Larry Hastings <larry@hastings.org>" imported
[3.4]='97FC712E4C024BBEA48A61ED3A5CA953F73C700D'
# https://www.python.org/dev/peps/pep-0429/#release-manager-and-crew
# gpg: key F73C700D: public key "Larry Hastings <larry@hastings.org>" imported
[3.5]='97FC712E4C024BBEA48A61ED3A5CA953F73C700D'
# https://www.python.org/dev/peps/pep-0478/#release-manager-and-crew
# gpg: key AA65421D: public key "Ned Deily (Python release signing key) <nad@acm.org>" imported
[3.6]='0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D'
# https://www.python.org/dev/peps/pep-0494/#release-manager-and-crew
# gpg: key AA65421D: public key "Ned Deily (Python release signing key) <nad@acm.org>" imported
[3.7]='0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D'
# https://www.python.org/dev/peps/pep-0494/#release-manager-and-crew
)
然后,該腳本會更新各種單獨的泊塢窗文件,最后將它們用於構建實際映像。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.