archlinux: Create per-container pacman host key

Do not copy the pacman master key from the host, as this opens it to
attacks; generate a new secret hostkey.

Signed-off-by: Leonid Isaev <lisaev@umail.iu.edu>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/templates/lxc-archlinux.in b/templates/lxc-archlinux.in
index b3bc99e92a9cdda1977cc432077c27c5aa3a324f..b01ccfe50b62473acdd6d7547ad83fe7024b1cf5 100644 (file)
--- a/templates/lxc-archlinux.in
+++ b/templates/lxc-archlinux.in
@@ -107,6 +107,9 @@ ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket
 ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount
 # set default systemd target
 ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+# initialize pacman keyring
+pacman-key --init
+pacman-key --populate archlinux
 EOF
     return 0
 }
@@ -172,7 +175,8 @@ install_arch() {
         pacman_config="${container_pacman_config}"
     fi
 
-    if ! pacstrap -dcC "${pacman_config}" "${rootfs_path}" ${base_packages[@]}; then
+    if ! pacstrap -dcGC "${pacman_config}" "${rootfs_path}" \
+           ${base_packages[@]}; then
         echo "Failed to install container packages"
         return 1
     fi