f29113a862
new pacman (6.0) doesn't downloads the <pkg>.sig files if SigLevel is set to `Never`, an understandable optimization in general but for our use case an issue. We cache packages on the host, where we have internet but do not have an archlinux trusted keyring setup, we then verify the non-bootstrap packages (i.e., all but pacman and the keyring) in the bootstrapping container itself This is somewhat ugly, but one of the simpler options, an possible alternative on the long run could be to package archlinux-keyring for debian and have that as dependency for aab, then we could populate a local directory (pacman gas a `--gpgdir` option) and fully verify all that.. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> |
||
|---|---|---|
| PVE | ||
| scripts | ||
| .gitignore | ||
| COPYING | ||
| Makefile | ||
| README | ||
| aab | ||
README
Usage example: 1) Create an aab.conf file describing your template. --- Example aab.conf: Name: base Version: 2015-08-21-1 Section: optional Maintainer: Your Name Headline: ArchLinux base image. Architecture: x86_64 Source: http://archlinux.cu.be/$repo/os/$arch --- End of example 2) Run as root: # ./aab init # ./aab bootstrap 3) Maybe install additional packages # ./aab install base-devel 4) Create the archive and clean up: # ./aab finalize # ./aab cleanup