如果您只是从图像继承,即FROM python:3.5您无需担心GPG_KEY变量。
如果您要自定义 Python 映像的官方 dockerfile,请不要取消设置或重置这些值,因为这会破坏映像的构建。
它包含在内,以便可以验证下载的 Python 源档案是否为正版。
它通常在构建映像时使用,因此当您使用特定版本标记它时,会在构建之前下载并验证该版本。
该值在update.sh脚本中设置:
declare -A gpgKeys=(
# gpg: key 18ADD4FF: public key "Benjamin Peterson <benjamin@python.org>" imported
[2.7]='C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF'
# https://www.python.org/dev/peps/pep-0373/#release-manager-and-crew
# gpg: key F73C700D: public key "Larry Hastings <larry@hastings.org>" imported
[3.4]='97FC712E4C024BBEA48A61ED3A5CA953F73C700D'
# https://www.python.org/dev/peps/pep-0429/#release-manager-and-crew
# gpg: key F73C700D: public key "Larry Hastings <larry@hastings.org>" imported
[3.5]='97FC712E4C024BBEA48A61ED3A5CA953F73C700D'
# https://www.python.org/dev/peps/pep-0478/#release-manager-and-crew
# gpg: key AA65421D: public key "Ned Deily (Python release signing key) <nad@acm.org>" imported
[3.6]='0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D'
# https://www.python.org/dev/peps/pep-0494/#release-manager-and-crew
# gpg: key AA65421D: public key "Ned Deily (Python release signing key) <nad@acm.org>" imported
[3.7]='0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D'
# https://www.python.org/dev/peps/pep-0494/#release-manager-and-crew
)
然后,此脚本更新最终用于构建实际映像的各种单独的 dockerfile。