archlinux: Create per-container pacman host key

Do not copy the pacman master key from the host, as this opens it to attacks; generate a new secret hostkey. Signed-off-by: Leonid Isaev <lisaev@umail.iu.edu> Acked-by: Stéphane Graber <stgraber@ubuntu.com>
2025-07-24 22:56:47 +00:00 · 2014-03-31 17:11:58 -04:00 · 2014-03-31 17:11:58 -04:00 · 44b036309b
commit 44b036309b
parent b7b7d3884e
1 changed files with 5 additions and 1 deletions
--- a/templates/lxc-archlinux.in
+++ b/templates/lxc-archlinux.in
@ -107,6 +107,9 @@ ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket
 ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount
 # set default systemd target
 ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+# initialize pacman keyring
+pacman-key --init
+pacman-key --populate archlinux
 EOF
    return 0
 }
@ -172,7 +175,8 @@ install_arch() {
        pacman_config="${container_pacman_config}"
    fi

-    if ! pacstrap -dcC "${pacman_config}" "${rootfs_path}" ${base_packages[@]}; then
+    if ! pacstrap -dcGC "${pacman_config}" "${rootfs_path}" \
+	    ${base_packages[@]}; then
        echo "Failed to install container packages"
        return 1
    fi