Closed feroda closed 5 years ago
I don't understand why you want to allow unauthenticated package installation. That would break the trust chain, and allow MITM attacks on the build. Surely that's not what you intended?
Allowing installation of unauthenticated packages is a really bad idea, you should check out how to sign your packages with GPG keys instead.
Logging the environment with each process invocation will create way too much noise, so I'm not super motivated to merge that either.
Closing.
I have used the software in ArchLinux and I have experienced some problems during the building of a new image.
They were mainly given by the two arguments in topic.
I added also logging of the env vars in
log_call
.I have succeeded in creating my custom vagrant box.