Add gpg verification for python3 versions

daghack · daghack · commit 5fd6bac86b94 · 2015-01-26T17:16:33.000-07:00
diff --git a/2.7/Dockerfile b/2.7/Dockerfile
@@ -22,8 +22,8 @@ RUN gpg --keyserver pool.sks-keyservers.net --recv-keys \
 	C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF \
 	CBC547978A3964D14B9AB36A6AF053F07D9DC8D2 \
 	DBBF2EEBF925FAADCF1F3FFFD9866941EA5BBD71 \
-	7123BC13ED9D77D5
 #Short version of the key, due to the fact that HKP keyservers do not support v3 fingerprints
+	7123BC13ED9D77D5
 
 RUN set -x \
 	&& mkdir -p /usr/src/python \
diff --git a/3.3/Dockerfile b/3.3/Dockerfile
@@ -9,10 +9,29 @@ ENV LANG C.UTF-8
 
 ENV PYTHON_VERSION 3.3.6
 
+#Keys from https://www.python.org/downloads/
+RUN gpg --keyserver pool.sks-keyservers.net --recv-keys \
+	0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D \
+	12EF3DC38047DA382D18A5B999CDEA9DA4135B38 \
+	26DEA9D4613391EF3E25C9FF0A5B101836580288 \
+	2BA0DB82515BBB9EFFAC71C5C9BE28DEE6DF025C \
+	531F072D39700991925FED0C0EDDC5F26A45C816 \
+	8417157EDBE73D9EAC1E539B126EB563A74B06BF \
+	97FC712E4C024BBEA48A61ED3A5CA953F73C700D \
+	C9B104B3DD3AA72D7CCB1066FB9921286F5E1540 \
+	C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF \
+	CBC547978A3964D14B9AB36A6AF053F07D9DC8D2 \
+	DBBF2EEBF925FAADCF1F3FFFD9866941EA5BBD71 \
+#Short version of the key, due to the fact that HKP keyservers do not support v3 fingerprints
+	7123BC13ED9D77D5
+
 RUN set -x \
 	&& mkdir -p /usr/src/python \
-	&& curl -SL "https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSION.tar.xz" \
-		| tar -xJC /usr/src/python --strip-components=1 \
+	&& curl -SL "https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSION.tar.xz" -o "Python-$PYTHON_VERSION.tar.xz" \
+	&& curl -SL "https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSION.tar.xz.asc" -o "Python-$PYTHON_VERSION.tar.xz.asc" \
+	&& gpg --verify "Python-$PYTHON_VERSION.tar.xz.asc" \
+	&& tar -xJC /usr/src/python --strip-components=1 -f "Python-$PYTHON_VERSION.tar.xz" \
+	&& rm "Python-$PYTHON_VERSION.tar.xz"* \
 	&& cd /usr/src/python \
 	&& ./configure --enable-shared \
 	&& make -j$(nproc) \
diff --git a/3.4/Dockerfile b/3.4/Dockerfile
@@ -9,10 +9,29 @@ ENV LANG C.UTF-8
 
 ENV PYTHON_VERSION 3.4.2
 
+#Keys from https://www.python.org/downloads/
+RUN gpg --keyserver pool.sks-keyservers.net --recv-keys \
+	0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D \
+	12EF3DC38047DA382D18A5B999CDEA9DA4135B38 \
+	26DEA9D4613391EF3E25C9FF0A5B101836580288 \
+	2BA0DB82515BBB9EFFAC71C5C9BE28DEE6DF025C \
+	531F072D39700991925FED0C0EDDC5F26A45C816 \
+	8417157EDBE73D9EAC1E539B126EB563A74B06BF \
+	97FC712E4C024BBEA48A61ED3A5CA953F73C700D \
+	C9B104B3DD3AA72D7CCB1066FB9921286F5E1540 \
+	C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF \
+	CBC547978A3964D14B9AB36A6AF053F07D9DC8D2 \
+	DBBF2EEBF925FAADCF1F3FFFD9866941EA5BBD71 \
+#Short version of the key, due to the fact that HKP keyservers do not support v3 fingerprints
+	7123BC13ED9D77D5
+
 RUN set -x \
 	&& mkdir -p /usr/src/python \
-	&& curl -SL "https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSION.tar.xz" \
-		| tar -xJC /usr/src/python --strip-components=1 \
+	&& curl -SL "https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSION.tar.xz" -o "Python-$PYTHON_VERSION.tar.xz" \
+	&& curl -SL "https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSION.tar.xz.asc" -o "Python-$PYTHON_VERSION.tar.xz.asc" \
+	&& gpg --verify "Python-$PYTHON_VERSION.tar.xz.asc" \
+	&& tar -xJC /usr/src/python --strip-components=1 -f "Python-$PYTHON_VERSION.tar.xz" \
+	&& rm "Python-$PYTHON_VERSION.tar.xz"* \
 	&& cd /usr/src/python \
 	&& ./configure --enable-shared \
 	&& make -j$(nproc) \
