Verified Commit 73a2590a authored by Dan Johansen's avatar Dan Johansen
Browse files

[buildarmimg] remove generated pacman keyrings, fixing #33

For security reasons, the default local signing key for pacman should not be the same on all images.

So remove the /etc/pacman.d/gnupg folder and make resize-fs (in manjaro-system package) recreate it on first boot.

Thanks for @ashleynewson

 for pointing this out.
Signed-off-by: Dan Johansen's avatarDan Johansen <strit@manjaro.org>
parent 8b69e6a0
...@@ -441,6 +441,7 @@ create_rootfs_img() { ...@@ -441,6 +441,7 @@ create_rootfs_img() {
rm -rf $ROOTFS_IMG/rootfs_$ARCH/etc/*.pacnew rm -rf $ROOTFS_IMG/rootfs_$ARCH/etc/*.pacnew
rm -rf $ROOTFS_IMG/rootfs_$ARCH/usr/lib/systemd/system/systemd-firstboot.service rm -rf $ROOTFS_IMG/rootfs_$ARCH/usr/lib/systemd/system/systemd-firstboot.service
rm -rf $ROOTFS_IMG/rootfs_$ARCH/etc/machine-id rm -rf $ROOTFS_IMG/rootfs_$ARCH/etc/machine-id
rm -rf $ROOTFS_IMG/rootfs_$ARCH/etc/pacman.d/gnupg
msg "Creating package list: [$IMGDIR/$IMGNAME-pkgs.txt]" msg "Creating package list: [$IMGDIR/$IMGNAME-pkgs.txt]"
pacman -Qr "$ROOTFS_IMG/rootfs_$ARCH/" > "$IMGDIR/$IMGNAME-pkgs.txt" 2>/dev/null pacman -Qr "$ROOTFS_IMG/rootfs_$ARCH/" > "$IMGDIR/$IMGNAME-pkgs.txt" 2>/dev/null
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment