Menu
Why is this included? Is there any harm in unsetting it in images that inherit from this one?
981
If you are just inheriting from the image, ie FROM python:3.5 then you don't need to worry about the GPG_KEY variable.
If you are customizing the Python image's official dockerfile, then do not unset or reset these values, as it will break the building of the image.
It is included so that the downloaded archives for Python source can be verified as genuine.
It is normally used when building the image, so that when you tag it with a specific version, that version is downloaded and verified before being built.
The value are set in the update.sh script:
declare -A gpgKeys=(
# gpg: key 18ADD4FF: public key "Benjamin Peterson <[email protected]>" imported
[2.7]='C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF'
# https://www.python.org/dev/peps/pep-0373/#release-manager-and-crew
# gpg: key F73C700D: public key "Larry Hastings <[email protected]>" imported
[3.4]='97FC712E4C024BBEA48A61ED3A5CA953F73C700D'
# https://www.python.org/dev/peps/pep-0429/#release-manager-and-crew
# gpg: key F73C700D: public key "Larry Hastings <[email protected]>" imported
[3.5]='97FC712E4C024BBEA48A61ED3A5CA953F73C700D'
# https://www.python.org/dev/peps/pep-0478/#release-manager-and-crew
# gpg: key AA65421D: public key "Ned Deily (Python release signing key) <[email protected]>" imported
[3.6]='0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D'
# https://www.python.org/dev/peps/pep-0494/#release-manager-and-crew
# gpg: key AA65421D: public key "Ned Deily (Python release signing key) <[email protected]>" imported
[3.7]='0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D'
# https://www.python.org/dev/peps/pep-0494/#release-manager-and-crew
)
This script then updates the various individual dockerfiles that in the end are used to build the actual image.
193
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
