如何修复dockerfile中的“public key for centos-release-7-9.2009.1.el7.centos.x86_64.rpm is not installed”?

bxgwgixi  于 2023-05-06  发布在  Docker
关注(0)|答案(2)|浏览(168)

我正在使用以下dockerfile试用centos 7官方基础镜像:

FROM centos:7

RUN yum -y update && yum clean all

在构建镜像时,我会收到一个关于丢失公钥的警告:

warning: /var/cache/yum/x86_64/7/updates/packages/centos-release-7-9.2009.1.el7.centos.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for centos-release-7-9.2009.1.el7.centos.x86_64.rpm is not installed
--------------------------------------------------------------------------------
Total                                               26 MB/s |  40 MB  00:01     
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-9.2009.0.el7.centos.x86_64 (@CentOS)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded

我怎样才能摆脱那个警告呢?

fhity93d

fhity93d1#

正如您在警告下面看到的,密钥是基础映像的一部分文件。你只需要在yum抛出警告之前导入它并自己这样做。
以下Dockerfile在构建过程中不会抛出警告:

FROM centos:7

RUN rpmkeys --import file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 && \
    yum -y update && \
    yum clean all
am46iovg

am46iovg2#

考虑到CentOS 7它接近reach the EOL,但是我将分享一个关于我如何解决这个问题的例子。

Dockerfile:

FROM quay.io/centos/centos:centos7

# Add the gpg key for CentOS 7 and install  (fake) packages required for the image.
RUN gpg --quiet --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 && \
    yum update --assumeyes && \
    yum install --assumeyes package-a package-b

可以随意使用这个Dockerfile示例并附加correct packages names以生成有效的图像。

相关问题