Hi Leonid, On Mon, Sep 15, 2014 at 10:42 PM, Leonid Isaev <lisaev@xxxxxxxxxxxx> wrote: > On Mon, Sep 15, 2014 at 09:37:40PM +0200, Tobias Hunger wrote: >> Well, I do not put the secret keyring into the images, so everything >> should be fine. > > So, you never run pacman from within an image, or have sig. validation disabled > in pacman.conf? I never run pacman -S ever. /usr is read-only anyway, so it would fail without remounting it first:-) >> Pacman can still validate images, so everything is well. > Do you mean packages in an image? Yes. pacman -Qo, -Ql and co. are immensely useful. >> Local installs are not possible anyway. > > What's a local install? Sorry, I meant "pacman -S whatever". > I mean, if you treat images atomically, why do you need pacman (and associated > DB) at all? You should have it only on the buildhost that generates the images > (I couldn't find details in your previous emails in this thread). Yes, I *could* strip the package DB. I could also strip lots of other things that make no sense, but then I am not pressed for disk space. So I prefer keeping the convenience of keeping pacman around. It is so nice to be able to do a quick check which version of the packages are installed, which package a file belongs to, etc. > But those do not usually provide sane defaults, e.g. smartd.conf, dnsmasq.conf, > syslog-ng.conf, wpa_supplicant.conf, and must be edited anyway. True. I just copy /etc over to /usr/lib/factory/etc on the buildhost and then make sure the /etc on the host gets wiped during early boot and replaced with the contents of /usr/lib/factory/etc. Yes, I have a pretty special use-case. It works already, so arch is flexible enough to accommodate even wierdos like me. It would still be nice to get some of the hard things I had to configure around into arch to make things easier for other wierdos;-) Best Regards, Tobias
