You are not logged in.
What is the difference between
pacman-key --refresh-keys
and
archlinux-keyring-wkd-sync
?
After looking at the scripts it seems that both look up the same keys.
Then pacman-key first tries to locate the keys in a WKD and then potentially to refresh them while the wkd-sync script only tries WKD.
Is there any substantial difference that I need to care about as an enduser?
In the same vein I'm wondering if
sudo pacman -Sy archlinux-keyring
would be equivalent to the other options or whether this maybe only includes some official keys?
Last edited by toastbrot97 (2023-10-29 10:10:32)
Offline
"sudo pacman -Sy archlinux-keyring" updates the database and sets up up for a partial update, the other one is https://gitlab.archlinux.org/archlinux/ … issues/187
archlinux-keyring-wkd-sync is mostly meant to be invoked by the timer so users won't run into signature errors when updating after toomuch™ delay (ie. when a new key became hot since the last update, there was a phase where this caused frequent issues)
Offline
Thanks for linking the issue. I guess I can conclude from this that I don't need to worry about outdated keys as long as the systemd timer invoking archlinux-keyring-wkd-sync regularly is active (as it is by default). So I hopefully never need to use the other commands or in fact run any of them manually anyway.
Ideally pacman will at some point update existing keys on its own.
Offline