From: Leonid Isaev <lisaev@umail.iu.edu>
Date: Mon, 31 Mar 2014 21:11:58 +0000 (-0400)
Subject: archlinux: Create per-container pacman host key
X-Git-Tag: lxc-1.1.0.alpha1~164
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=44b036309bd11ecde9ddbfa05ee74070e7456d6c;p=thirdparty%2Flxc.git

archlinux: Create per-container pacman host key

Do not copy the pacman master key from the host, as this opens it to
attacks; generate a new secret hostkey.

Signed-off-by: Leonid Isaev <lisaev@umail.iu.edu>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/templates/lxc-archlinux.in b/templates/lxc-archlinux.in
index b3bc99e92..b01ccfe50 100644
--- a/templates/lxc-archlinux.in
+++ b/templates/lxc-archlinux.in
@@ -107,6 +107,9 @@ ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket
 ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount
 # set default systemd target
 ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+# initialize pacman keyring
+pacman-key --init
+pacman-key --populate archlinux
 EOF
     return 0
 }
@@ -172,7 +175,8 @@ install_arch() {
         pacman_config="${container_pacman_config}"
     fi
 
-    if ! pacstrap -dcC "${pacman_config}" "${rootfs_path}" ${base_packages[@]}; then
+    if ! pacstrap -dcGC "${pacman_config}" "${rootfs_path}" \
+	    ${base_packages[@]}; then
         echo "Failed to install container packages"
         return 1
     fi