Question regarding recent archlinux-keyring news

Greetings lovely community,

There was a recent update post to the Arch Linux Monthly blog reports here that I was curious about:

From part of that post they mention an upcoming change that will impact archlinux-keyring:

archlinux-keyring ##

The archlinux-keyring package gained a systemd service and timer unit which updates existing PGP keys used by pacman on user systems by default on a weekly basis from Arch Linux’s web key directory (WKD)[0]. This service is meant to remove the necessity for most cases of “first upgrade your archlinux-keyring and then do a system upgrade” until pacman itself will be able to deal with this scenario natively.

A new main signing key 75BD80E4D834509F6E740257B1B73B02CC52A02A was added to the keyring. Efforts to sign all active packager keys with it are ongoing, currently around 85% of the existing keys have been signed already.

I know the archlinux-keyring is sometimes an issue with system installations and/or updates from time to time. These issues aren’t major, but they typically require some searching for a workaround that’s not always obvious to the less seasoned Arch-based users. My assumption is this new systemd-timer will be able to mitigate these headaches, but I don’t know the underlying mechanics to be certain.

My question is what will this look like when the update is released? Will EndeavourOS have to tweak anything for future installs and enable this timer by default or leave it all up to the user? Will users here need to manually add the systemd-timer if they so choose? It seems like a service I’d want to enable for my system once it’s available. Are there any potential drawbacks to be aware of if it’s used? I’m aware I might’ve answered some of my own questions, but I figure it never hurts to ask and learn a bit more. My understanding is it’s not in the current package yet, so I’m curious if anyone can shed a bit of light into this I’d appreciate it very much, thank you.

Edit: Also found this r/archlinux thread, but discussion is quite small.

You can find some discussion about it here.

It’s seems they (Arch) are going to enable it by default with the next update of archlinux-keyring

1 Like

It sounds like a good idea. Currently I have been using a different update alias when it has been more than a couple of days to mitigate the possibility… it runs a pacman -Sy archlinux-keyring before the standard update…

This happens too often with all the different builds I have active… definitely cutting down! (main EnOS build gets nearly all my time now!)

1 Like

and if it is enabled by default there is nothing to do… it will come in with the update and run automatically…
Systemd timer handle this and if it is set as vendor default to enabled it will be enabled if installed …

1 Like