gpg-agent not killed after unshare support was added

Years ago a change was implemented forcing the chroot to run in its own PID namespace (https://github.com/archlinux/arch-install-scripts/commit/2be79c6259cfbf9ebcd258a68fea3ec79f532e32), this was done to ensure the gpg-agent (often started by pacman-key or pacman) was killed before exiting the chroot. Without this change you could risk getting a umount: /mnt/dev: target is busy error when existing the chroot due to the agent keeping /dev/{u,}random open (AFAIU).

With the newest release of arch-install-scripts, there are reports indicating that gpg-agent isn't killed anymore before exiting the chroot. As reported on our bug tracker and reddit.

Looking into the biggest change in the latest release (https://github.com/archlinux/arch-install-scripts/pull/14). AFAIU the chroot setup and teardown is now done inside the PID namespace, where before it was done outside the PID namespace. Which means gpg-agent is first killed after the chroot teardown.

This following patch seems to fix arch-chroot (pacstrap is still broken):

diff --git a/arch-chroot.in b/arch-chroot.in
index bcb38df..fdae328 100644
--- a/arch-chroot.in
+++ b/arch-chroot.in
@@ -116,7 +116,7 @@ arch-chroot() {
   chroot_args=()
   [[ $userspec ]] && chroot_args+=(--userspec "$userspec")
 
-  SHELL=/bin/bash chroot "${chroot_args[@]}" -- "$chrootdir" "${args[@]}"
+  SHELL=/bin/bash unshare --fork --pid chroot "${chroot_args[@]}" -- "$chrootdir" "${args[@]}"
 }
 
 args=("$@")

I'm unsure if it is the best way to fix the issue tho.

@forty-bot do you want to chime in? :)