docker-library
/
docs
mirror of https://github.com/docker-library/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Arch Linux: Add note on lsign-key 

Related Issue:
https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/18
This commit is contained in:
Justin Kromlinger 2021-05-02 16:37:31 +02:00
parent 98b49cc277
commit b374b7e3e6
No known key found for this signature in database
GPG Key ID: 69EF6D9E49A64EB8
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
archlinux/content.md
View File

@ -21,6 +21,8 @@ This image is intended to serve the following goals:
- `pacman` needs to work out of the box
- All installed packages have to be kept unmodified
> ⚠️⚠️⚠️ NOTE: For Security Reasons, these images strip the pacman lsign key. This is because the same key would be spread to all containers of the same image, allowing for malicious actors to inject packages (via, for example, a man-in-the-middle). In order to create an lsign-key run `pacman-key --init` on the first execution, but be careful to not redistribute that key. ⚠️⚠️⚠️
## Availability
Root filesystem tarballs are [provided by our GitLab](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/releases) for at least two months.