gitlab_runner: Initial the keyring in the base image for faster boot

"Disabling revoked keys in keyring" when running "pacman-key --populate"
is very slow (easily +20 seconds), in our case the boot is now ~27
seconds faster (tested on secure-runner1). The pacman master private key
is removed to prevent malicious actors from injecting packages, a new
key is generated by pacman-init.service on boot.

roles/gitlab_runner/files/libvirt-executor

@@ -28,7 +28,7 @@ vm_ip() {
 }
 
 wait_for_ssh() {
-  for _ in {1..60}; do
+  for _ in {1..30}; do
     if ! ip="$(vm_ip "${1}")"; then
       echo "Waiting for network"
       sleep 1
@@ -42,7 +42,7 @@ wait_for_ssh() {
     printf "%s" "${ip}"
     return 0
   done
-  echo 'Waited 60 seconds for VM to start, exiting...'
+  echo 'Waited 30 seconds for VM to start, exiting...'
   exit "${SYSTEM_FAILURE_EXIT_CODE:-1}"
 }
 

roles/gitlab_runner/files/libvirt-executor-update-base-image

@@ -26,7 +26,9 @@ qemu-img convert -f qcow2 -O raw Arch-Linux-x86_64-basic.qcow2 Arch-Linux-x86_64
 
 loopdev="$(losetup --find --partscan --show "${image}")"
 mount --mkdir "${loopdev}p2" mnt
-mount --mkdir --bind -o ro /etc/pacman.d/gnupg mnt/etc/pacman.d/gnupg
+
+arch-chroot mnt pacman-key --init
+arch-chroot mnt pacman-key --populate
 
 # shellcheck disable=SC2016
 printf 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' > mnt/etc/pacman.d/mirrorlist
@@ -41,8 +43,8 @@ rm -f mnt/etc/machine-id
 
 cp -a mnt/boot/{initramfs-linux-fallback.img,initramfs-linux.img}
 
-umount mnt/etc/pacman.d/gnupg
-rmdir mnt/etc/pacman.d/gnupg
+rm -r mnt/etc/pacman.d/gnupg/{openpgp-revocs.d,private-keys-v1.d}/
+arch-chroot mnt pacman-key --delete pacman@localhost
 umount mnt
 losetup -d "${loopdev}"
 loopdev=""