On 06/14/2016 09:26 AM, Greg Olsen wrote:
On 2016-06-13 01:28, Simon Walter wrote:
[snip]
> > This might be a bit surprising but I actually wrote lxc-devuan with
> > *non-Devuan* OS's in mind. To not discourage people from running
Devuan,
> > it automatically downloads and uses the Devuan keyring. Without that
> > capability it won't get past square one on a non-Devuan OS, and the
user
> > is likely to mumble some not so nice things about Devuan. Something to
> > be avoided if at all possible.
>
> It seems to be fine with the 'auto' sub domain maybe because the keys
> are registered for that domain name. Are you saying that those keys are
> pre-installed on the image? If that's the case, I think we should make
> two versions, that are based on the same source - an include or
> something. One to be used on Devuan, one to be used by other distros
> that want to run Devuan containers.
The issue isn't the domain and there's no pre-installed image. It's a
chicken and egg problem to bootstrap the keyring to validate the signed
packages.
Well, maybe I didn't say it correctly. Is there already a devuan-keyring
package on the iso-image? If so, that would explain why it works fine
when the "host" is a Devuan installation.
My personal opinion is that keys should not be automatically downloaded
and installed. But I am a bit paranoid.
Assume install on a foreign OS. The foreign OS probably won't have a
Devuan keyring. When running debootstrap, among the packages it will
download is the keyring package. When it goes to validate the download
(which includes the keyring package), it doesn't have a key to validate,
so it fails with "Release signed by unknown key".
Yes. So, perhaps we have one script maintained for the Devuan OS and
another for non-Devaun OSes, and they have most things in common.
[snip]
> I've made an account on git.devuan.org (user: smwltr) How do you want to
> do this? Shall I fork your repo and apply a patch and then send you a
> pull request? After a look maybe the solution will present itself. I
> guess the .conf files too.
Hi Simon,
For now we can work it that way.
I just pushed an update that adds support for LXC <= 1.0.8.
The README is updated to use ./config-1.0.8 for LXC <= 1.0.8
The existing ./config directory is for LXC >= 1.1.0
It'll be great if you'll test again.
So if you've already forked, please fetch and rebase.
Nice. Sure thing. I will be testing it out soon.
Kind regards,
Simon
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
