Adjust chroot environment vars and add --allow-unathuenticated for apt-get

andsens / bootstrap-vz

Bootstrap Debian images for virtualized environments

http://bootstrap-vz.readthedocs.io/

Other

263 stars 145 forks source link

Adjust chroot environment vars and add --allow-unathuenticated for apt-get #489

Closed feroda closed 5 years ago

feroda commented 5 years ago

I have used the software in ArchLinux and I have experienced some problems during the building of a new image.

They were mainly given by the two arguments in topic.

I added also logging of the env vars in log_call.

I have succeeded in creating my custom vagrant box.

leegarrett commented 5 years ago

I don't understand why you want to allow unauthenticated package installation. That would break the trust chain, and allow MITM attacks on the build. Surely that's not what you intended?

andsens commented 5 years ago

Allowing installation of unauthenticated packages is a really bad idea, you should check out how to sign your packages with GPG keys instead.
Logging the environment with each process invocation will create way too much noise, so I'm not super motivated to merge that either.

Closing.