On 06/14/2016 09:26 AM, Greg Olsen wrote:
> On 2016-06-13 01:28, Simon Walter wrote:
> [snip]
> > > This might be a bit surprising but I actually wrote lxc-devuan with
> > > *non-Devuan* OS's in mind. To not discourage people from running
> Devuan,
> > > it automatically downloads and uses the Devuan keyring. Without that
> > > capability it won't get past square one on a non-Devuan OS, and the
> user
> > > is likely to mumble some not so nice things about Devuan. Something to
> > > be avoided if at all possible.
> >
> > It seems to be fine with the 'auto' sub domain maybe because the keys
> > are registered for that domain name. Are you saying that those keys are
> > pre-installed on the image? If that's the case, I think we should make
> > two versions, that are based on the same source - an include or
> > something. One to be used on Devuan, one to be used by other distros
> > that want to run Devuan containers.
>
> The issue isn't the domain and there's no pre-installed image. It's a
> chicken and egg problem to bootstrap the keyring to validate the signed
> packages.
Well, maybe I didn't say it correctly. Is there already a devuan-keyring
package on the iso-image? If so, that would explain why it works fine
when the "host" is a Devuan installation.
My personal opinion is that keys should not be automatically downloaded
and installed. But I am a bit paranoid.
>
> Assume install on a foreign OS. The foreign OS probably won't have a
> Devuan keyring. When running debootstrap, among the packages it will
> download is the keyring package. When it goes to validate the download
> (which includes the keyring package), it doesn't have a key to validate,
> so it fails with "Release signed by unknown key".
Yes. So, perhaps we have one script maintained for the Devuan OS and
another for non-Devaun OSes, and they have most things in common.
>
> [snip]
> > I've made an account on git.devuan.org (user: smwltr) How do you want to
> > do this? Shall I fork your repo and apply a patch and then send you a
> > pull request? After a look maybe the solution will present itself. I
> > guess the .conf files too.
>
> Hi Simon,
>
> For now we can work it that way.
>
> I just pushed an update that adds support for LXC <= 1.0.8.
>
> The README is updated to use ./config-1.0.8 for LXC <= 1.0.8
> The existing ./config directory is for LXC >= 1.1.0
>
> It'll be great if you'll test again.
>
> So if you've already forked, please fetch and rebase.
Nice. Sure thing. I will be testing it out soon.
Kind regards,
Simon
::
Re: [DNG] LXC template for Devuan
