archlinux: Create per-container pacman host key

Do not copy the pacman master key from the host, as this opens it to attacks; generate a new secret hostkey. Signed-off-by: Leonid Isaev <lisaev@umail.iu.edu> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

archlinux: Create per-container pacman host key
25c3f422 · Leonid Isaev · Stéphane Graber · 12cd132a · 25c3f422
Commit 25c3f422 authored Mar 31, 2014 by Leonid Isaev Committed by Stéphane Graber Apr 04, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletion

lxc-archlinux.in templates/lxc-archlinux.in +5 -1

No files found.
--- a/templates/lxc-archlinux.in
+++ b/templates/lxc-archlinux.in
@@ -107,6 +107,9 @@ ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket
 ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount
 # set default systemd target
 ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+# initialize pacman keyring
+pacman-key --init
+pacman-key --populate archlinux
 EOF
    return 0
 }
@@ -172,7 +175,8 @@ install_arch() {
        pacman_config="${container_pacman_config}"
    fi

-    if ! pacstrap -dcC "${pacman_config}" "${rootfs_path}" ${base_packages[@]}; then
+    if ! pacstrap -dcGC "${pacman_config}" "${rootfs_path}" \
+	    ${base_packages[@]}; then
        echo "Failed to install container packages"
        return 1
    fi