[lxc-devel] [PATCH] lxc-alpine: download statically compiled package manager if not available on host
Natanael Copa
ncopa at alpinelinux.org
Thu May 16 14:16:27 UTC 2013
On Wed, 15 May 2013 13:10:06 -0500
Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> Quoting Kaarle Ritvanen (kaarle.ritvanen at datakunkku.fi):
> ...
> > + wget="wget -O - $repository/x86"
> ..
> > + $wget/apk-tools-static-$apk_version.apk | \
> > + tar -Oxz sbin/apk.static > $apk || return 1
> > + chmod u+x $apk
> > +
> > + apk_opts="$apk_opts --allow-untrusted"
> > + fi
> > +
> > + $apk add -U --initdb --root $rootfs $apk_opts "$@" alpine-base
>
> Boy does that scare me though.
We could inline the public key(s) in the script so we could remove the
'--allow-intrusted' above. But verifying the sig for the static binary
might be tricky without having apk-tools installed already.
I suppose you could always ask your distro to ship a proper
apk-tools.deb/rpm.
Or maybe throw an error:
Error: no apk binary was found. You can automatically download a static
apk with: --allow-untrusted-static-apk
Then you'll not by mistake download and execute an untrusted static
binary.
-nc
More information about the lxc-devel
mailing list