aab/PVE at f29113a862339c8abd8d5a21587154666a898e9e - aab

History

Thomas Lamprecht f29113a862 caching: cache signatures but ignore outer verify errors new pacman (6.0) doesn't downloads the <pkg>.sig files if SigLevel is set to `Never`, an understandable optimization in general but for our use case an issue. We cache packages on the host, where we have internet but do not have an archlinux trusted keyring setup, we then verify the non-bootstrap packages (i.e., all but pacman and the keyring) in the bootstrapping container itself This is somewhat ugly, but one of the simpler options, an possible alternative on the long run could be to package archlinux-keyring for debian and have that as dependency for aab, then we could populate a local directory (pacman gas a `--gpgdir` option) and fully verify all that.. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>	2021-12-02 16:43:01 +01:00
..
AAB.pm	caching: cache signatures but ignore outer verify errors	2021-12-02 16:43:01 +01:00

Thomas Lamprecht f29113a862 caching: cache signatures but ignore outer verify errors

new pacman (6.0) doesn't downloads the <pkg>.sig files if SigLevel is
set to `Never`, an understandable optimization in general but for our
use case an issue.

We cache packages on the host, where we have internet but do not have
an archlinux trusted keyring setup, we then verify the non-bootstrap
packages (i.e., all but pacman and the keyring) in the bootstrapping
container itself

This is somewhat ugly, but one of the simpler options, an possible
alternative on the long run could be to package archlinux-keyring for
debian and have that as dependency for aab, then we could populate a
local directory (pacman gas a `--gpgdir` option) and fully verify all
that..

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

2021-12-02 16:43:01 +01:00

AAB.pm

caching: cache signatures but ignore outer verify errors

2021-12-02 16:43:01 +01:00