On Sat, Aug 17, 2013 at 05:44:27PM +0200, Daniel Buch wrote: > I run with SigLevel = Required DatabaseOptional. And i guess that's > recommended. Have you tried pacman-key --init before you --populate > archlinux?
Pacman has it's own `pacman-key` command that interfaces with gpg to manipulate its keys. What you're probably going to want to do is what Daniel said, initialize the keyring. This just takes a bunch of entropy but things will (by default) be put in /etc/pacman.d/gnupg/. Having this all set up will let you populate it. Here's an example workflow: # yum install pacman # $EDITOR /etc/pacman.conf #[1] # pacman-key --init # you may need to do things while this happens [1]: The SigLevel should be fine at `Required DatabaseOptional`. You may want to set GPGDir to something else, though the default shouldn't conflict with anything. Now to do the --populate archlinux, you need to have an archlinux keyring in /usr/share/pacman/keyrings/. If you look at the `archlinux-keyring` package in arch, that should give you some ideas. Then, finally, you can run: # pacman-key --populate archlinux And this last step isn't really needed, but I usually do it anyway: # pacman-key --refresh-keys Doing that just makes sure that the keys are all fully up to date. This should be enough to run 'pacman' to create containers. > 2013/8/17 Zbigniew Jędrzejewski-Szmek <zbys...@in.waw.pl> > > > Hi, > > > > I was trying to get the arch installation example in systemd-spawn > > to work on Fedora. My intent is to package pacman and pacstrap for > > Fedora, to make it easy to play with distributions. Fedora already > > has alien and dpkg/apt-get, so adding pacman seems kind of nice. > > > > The packaging process is going well, but the intallation is not > > as easy, because of gpg key issues. It's possible that I made some > > error, I tried both to add SigLevel=TrustAll in (host's) /etc/pacman.conf, > > and to to import gpg keys with 'pacman-key --populate archlinux'. > > The second solution didn't seem to work, and both have downsides: > > - disabling checking is bad because of security issues, > > and it also seems to mess up the trust database inside the container, > > - importing the trust database in the host (assuming that I'd get it > > to work), would require either also packaging the keys for Fedora, > > or telling the user to trust keys blindly and download them from > > the internet... > > > > So before I go further, I'd like your opinion on what is the best > > approach to using the Arch trust mechanism on a non-Arch system. > > > > Zbyszek > > > > Packaging tickets: > > https://bugzilla.redhat.com/show_bug.cgi?id=998125, > > https://bugzilla.redhat.com/show_bug.cgi?id=998127. Thanks, -- William Giokas | KaiSforza | http://kaictl.net/ GnuPG Key: 0x73CD09CF Fingerprint: F73F 50EF BBE2 9846 8306 E6B8 6902 06D8 73CD 09CF
pgp5Hku_0hEMe.pgp
Description: PGP signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
