Commit 18322514 authored by hashworks's avatar hashworks
Browse files

Merge branch 'add-warning-on-lsign-key' into 'master'

README: add note on lsign-key

Closes #18

See merge request !58
parents 96bb688f be068a16
Pipeline #8216 passed with stages
in 4 minutes and 40 seconds
......@@ -16,6 +16,15 @@ While the images are regularly kept up to date it is strongly recommended runnin
* `pacman` needs to work out of the box
* All installed packages have to be kept unmodified
⚠️⚠️⚠️ NOTE: For Security Reasons, these images strip the pacman lsign key.
This is because the same key would be spread to all containers of the same
image, allowing for malicious actors to inject packages (via, for example,
a man-in-the-middle). In order to create an lsign-key run `pacman-key
--init` on the first execution, but be careful to not redistribute that
## Building your own image
[This repository]( contains all scripts and files needed to create a Docker image for Arch Linux.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment