Warn the user about security implications of the current image build process as-is

author: zer0def 2020-11-05 10:38:49 +0100
committer: zer0def 2020-11-05 10:38:49 +0100
commit: 99c1affb4a768a7e49abc275f01a7c918a75ab8f (patch)
tree: aee39e5a4f0d85a3f97a6482b1f2981ad0272512 /kata-containers-guest.install
parent: 161ad664a34245d74f4f676cd0ce93c129f670c2 (diff)
download: aur-99c1affb4a768a7e49abc275f01a7c918a75ab8f.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/kata-containers-guest.install b/kata-containers-guest.install
new file mode 100644
index 000000000000..66c817eb97ca
--- /dev/null
+++ b/kata-containers-guest.install
@@ -0,0 +1,17 @@
+post_install() {
+  cat <<EOF
+
+Due to backflips made to be able to build the Kata guest image (not initrd!)
+without root account access, rootfs has uid:gid of the builer's user account.
+
+This might have subtle security implications and if that's not acceptable,
+the user could do one of the following:
+
+- alter the build process to use upstream's \`image_builder.sh\` to build
+  the image from rootfs created via \`pacman\`, with root priviledges
+- use the \`-bin\`-suffixed package, containing upstream-built images
+
+By installing this package as-is, the user acknowledges this warning.
+
+EOF
+}
author	zer0def	2020-11-05 10:38:49 +0100
committer	zer0def	2020-11-05 10:38:49 +0100
commit	99c1affb4a768a7e49abc275f01a7c918a75ab8f (patch)
tree	aee39e5a4f0d85a3f97a6482b1f2981ad0272512 /kata-containers-guest.install
parent	161ad664a34245d74f4f676cd0ce93c129f670c2 (diff)
download	aur-99c1affb4a768a7e49abc275f01a7c918a75ab8f.tar.gz