Verified Commit 73a2590a authored by Dan Johansen's avatar Dan Johansen
Browse files

[buildarmimg] remove generated pacman keyrings, fixing #33

For security reasons, the default local signing key for pacman should not be the same on all images.

So remove the /etc/pacman.d/gnupg folder and make resize-fs (in manjaro-system package) recreate it on first boot.

Thanks for @ashleynewson

 for pointing this out.

Signed-off-by: Dan Johansen's avatarDan Johansen <>
parent 8b69e6a0
......@@ -441,6 +441,7 @@ create_rootfs_img() {
rm -rf $ROOTFS_IMG/rootfs_$ARCH/etc/*.pacnew
rm -rf $ROOTFS_IMG/rootfs_$ARCH/usr/lib/systemd/system/systemd-firstboot.service
rm -rf $ROOTFS_IMG/rootfs_$ARCH/etc/machine-id
rm -rf $ROOTFS_IMG/rootfs_$ARCH/etc/pacman.d/gnupg
msg "Creating package list: [$IMGDIR/$IMGNAME-pkgs.txt]"
pacman -Qr "$ROOTFS_IMG/rootfs_$ARCH/" > "$IMGDIR/$IMGNAME-pkgs.txt" 2>/dev/null
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment