From bec29e632b8c33d35a7629ac2127c4a9c1465377 Mon Sep 17 00:00:00 2001
From: Eli Schwartz <eschwartz@archlinux.org>
Date: Mon, 6 May 2019 14:51:28 -0400
Subject: [PATCH] arch-nspawn: unshare the gpg namespace to prevent zombie
 processes

gpg-agent is really annoying and leaves useless copies of itself around.
Using unshare ensures that all such processes are killed as soon as the
main gpg process dies.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
---
 arch-nspawn.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch-nspawn.in b/arch-nspawn.in
index 8a87b96..5817143 100644
--- a/arch-nspawn.in
+++ b/arch-nspawn.in
@@ -97,7 +97,7 @@ build_mount_args() {
 }
 
 copy_hostconf () {
-	gpg --homedir "$working_dir"/etc/pacman.d/gnupg/ --no-permission-warning --quiet --batch --import --import-options import-local-sigs "$(pacman-conf GpgDir)"/pubring.gpg >/dev/null 2>&1
+	unshare --fork --pid gpg --homedir "$working_dir"/etc/pacman.d/gnupg/ --no-permission-warning --quiet --batch --import --import-options import-local-sigs "$(pacman-conf GpgDir)"/pubring.gpg >/dev/null 2>&1
 	pacman-key --gpgdir "$working_dir"/etc/pacman.d/gnupg/ --import-trustdb "$(pacman-conf GpgDir)" >/dev/null 2>&1
 	printf 'Server = %s\n' "${host_mirrors[@]}" >"$working_dir/etc/pacman.d/mirrorlist"