:: Re: [DNG] LXC template for Devuan
Top Page
Delete this message
Reply to this message
Author: Simon Walter
Date:  
To: dng
Subject: Re: [DNG] LXC template for Devuan


On 06/14/2016 09:26 AM, Greg Olsen wrote:
> On 2016-06-13 01:28, Simon Walter wrote:
>     [snip]
>  > > This might be a bit surprising but I actually wrote lxc-devuan with
>  > > *non-Devuan* OS's in mind. To not discourage people from running
> Devuan,
>  > > it automatically downloads and uses the Devuan keyring. Without that
>  > > capability it won't get past square one on a non-Devuan OS, and the
> user
>  > > is likely to mumble some not so nice things about Devuan. Something to
>  > > be avoided if at all possible.

> >
> > It seems to be fine with the 'auto' sub domain maybe because the keys
> > are registered for that domain name. Are you saying that those keys are
> > pre-installed on the image? If that's the case, I think we should make
> > two versions, that are based on the same source - an include or
> > something. One to be used on Devuan, one to be used by other distros
> > that want to run Devuan containers.
>
> The issue isn't the domain and there's no pre-installed image. It's a
> chicken and egg problem to bootstrap the keyring to validate the signed
> packages.


Well, maybe I didn't say it correctly. Is there already a devuan-keyring
package on the iso-image? If so, that would explain why it works fine
when the "host" is a Devuan installation.

My personal opinion is that keys should not be automatically downloaded
and installed. But I am a bit paranoid.

>
> Assume install on a foreign OS. The foreign OS probably won't have a
> Devuan keyring. When running debootstrap, among the packages it will
> download is the keyring package. When it goes to validate the download
> (which includes the keyring package), it doesn't have a key to validate,
> so it fails with "Release signed by unknown key".


Yes. So, perhaps we have one script maintained for the Devuan OS and
another for non-Devaun OSes, and they have most things in common.

>
>     [snip]
>  > I've made an account on git.devuan.org (user: smwltr) How do you want to
>  > do this? Shall I fork your repo and apply a patch and then send you a
>  > pull request? After a look maybe the solution will present itself. I
>  > guess the .conf files too.

>
> Hi Simon,
>
> For now we can work it that way.
>
> I just pushed an update that adds support for LXC <= 1.0.8.
>
> The README is updated to use ./config-1.0.8 for LXC <= 1.0.8
> The existing ./config directory is for LXC >= 1.1.0
>
> It'll be great if you'll test again.
>
> So if you've already forked, please fetch and rebase.


Nice. Sure thing. I will be testing it out soon.

Kind regards,

Simon