Unverified Commit 8ec23bfb authored by Santiago Torres-Arias's avatar Santiago Torres-Arias
Browse files

README: add note on lsign-key

parent 96bb688f
{::options parse_block_html="true" /}
# Arch Linux Docker Image
[![pipeline status](https://gitlab.archlinux.org/archlinux/archlinux-docker/badges/master/pipeline.svg)](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/commits/master)
......@@ -16,6 +17,16 @@ While the images are regularly kept up to date it is strongly recommended runnin
* `pacman` needs to work out of the box
* All installed packages have to be kept unmodified
<div class="panel panel-info">
**Note**
{: .panel-heading}
<div class="panel-body">
For Security Reason, these images strip the pacman lsign key. This is because the same key would be spread to all containers of the same image, allowing for malicious actors to inject packages (via, for example, a man-in-the-middle). In order to create an lsign-key run `pacman-key --init` on the first execution, but be careful to not redistribute that key.
</div>
</div>
## Building your own image
[This repository](https://gitlab.archlinux.org/archlinux/archlinux-docker) contains all scripts and files needed to create a Docker image for Arch Linux.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment