Hi Leonid, On Mon, Sep 15, 2014 at 10:42 PM, Leonid Isaev <lisaev@umail.iu.edu> wrote:
On Mon, Sep 15, 2014 at 09:37:40PM +0200, Tobias Hunger wrote:
Well, I do not put the secret keyring into the images, so everything should be fine.
So, you never run pacman from within an image, or have sig. validation disabled in pacman.conf?
I never run pacman -S ever. /usr is read-only anyway, so it would fail without remounting it first:-)
Pacman can still validate images, so everything is well.
Do you mean packages in an image?
Yes. pacman -Qo, -Ql and co. are immensely useful.
Local installs are not possible anyway.
What's a local install?
Sorry, I meant "pacman -S whatever".
I mean, if you treat images atomically, why do you need pacman (and associated DB) at all? You should have it only on the buildhost that generates the images (I couldn't find details in your previous emails in this thread).
Yes, I *could* strip the package DB. I could also strip lots of other things that make no sense, but then I am not pressed for disk space. So I prefer keeping the convenience of keeping pacman around. It is so nice to be able to do a quick check which version of the packages are installed, which package a file belongs to, etc.
But those do not usually provide sane defaults, e.g. smartd.conf, dnsmasq.conf, syslog-ng.conf, wpa_supplicant.conf, and must be edited anyway.
True. I just copy /etc over to /usr/lib/factory/etc on the buildhost and then make sure the /etc on the host gets wiped during early boot and replaced with the contents of /usr/lib/factory/etc. Yes, I have a pretty special use-case. It works already, so arch is flexible enough to accommodate even wierdos like me. It would still be nice to get some of the hard things I had to configure around into arch to make things easier for other wierdos;-) Best Regards, Tobias