The subject basically says it all. I've never set up a server from the ground up before, and I would like to put lighttpd and mysql in a chroot jail. How should I go about doing it? Ideally, I would like to be able to update the entire chroot environment via pacman. Would pacman --root install a sane (and updatable) enviroment in the alternate installation root?
I was thinking about almost the same issue in july-august, last year. Then after I read about some chroot security problems, I decided to try something totally different. I started to use Linux-vservers.
They are almost like chroot because although they are virtual servers, they actually are very close to kernel and have almost zero resource usage by themselves. So only things that take the resources are your servers inside the vservers. Check Free Software Magazine 's article and the same magazine has some comparisons between different virtualization solutions. The vservers are pretty much similar to FreeBSD jails.
This far I have liked my vserver solution very much. I have used them for testing new things, making packages that might mess up things and setting up CMS systems. And the great thing about them is that you can even use hard, immutable links to quickly clone vservers and make the new ones take very low amount of disk space (like 55 megs for a total install, with CMS system, mysql,lighttpd and php-cgi all in one vserver). For this I used vskel script I slightly modified to fit.
You can get the needed packages and info from the wiki I have updated at vserver site. The newest Arch kernel is very easily patched - just add the needed lines after all the other patches at ABS and compile. Then just pacman -U the current kernel.
About the updating: if you are using the vskel, then it has a command to "join" the vserver skeleton into updatable vserver. Then after updating just make a script to back up /var,/etc,/home,/root for each vserver and re-create them with the updated skeleton and finally copy the backed up dirs back to vservers.