You are not logged in.
Dear all
Since about two months (maybe longer), whenever I try to update my system I get a keyring is not writable error
I have tried various ways to fix it such as
Arch Wiki Resetting the keys
as well as previously deleting /etc/pacman.d/gnupg and /root/.gnupg folders out of a chrooted system livecd described in the manjaro forums.
I can't delete those folders directly from my running system as then i get:
rm: cannot remove '/etc/pacman.d/gnupg/': Device or resource busy
After running all the re-initialisation I can usually upgrade once, but after a reboot i get again the error during the update process.
warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
Do you have any hints how to fix this permanently ?
[BTW: My system has been affected by the xz backdoor, but i guess this has nothing to do with it]
Last edited by boomshalek (2024-05-01 08:24:19)
Offline
mount
sudo lsattr -R /etc/pacman.d/gnupg
sudo lsof | grep 'etc/pacman.d/gnupg'
Offline
mount sudo lsattr -R /etc/pacman.d/gnupg sudo lsof | grep 'etc/pacman.d/gnupg'
I ran those commands during my system is doing pacman-key --refresh-keys as it is trying to complete this step for 3 hours now under quite some load ... Pastebin
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sys on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
dev on /dev type devtmpfs (rw,nosuid,relatime,size=4061456k,nr_inodes=1015364,mode=755,inode64)
run on /run type tmpfs (rw,nosuid,nodev,relatime,mode=755,inode64)
/dev/sda1 on / type ext4 (rw,noatime,discard)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,inode64)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
none on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=33,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=18585)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,nosuid,nodev,relatime,pagesize=2M)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /etc/pacman.d/gnupg type tmpfs (rw,relatime,mode=755,inode64)
/dev/sda3 on /mnt/bunsen type ext4 (rw,noatime,discard)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,nr_inodes=1048576,inode64)
/dev/sdb1 on /media/daten type xfs (rw,noatime,attr2,inode64,allocsize=65536k,logbufs=8,logbsize=32k,noquota)
/dev/sdb2 on /media/daten/yavdrmedia type ext4 (rw,noatime,discard)
/dev/sdc1 on /media/daten/filme type xfs (rw,noatime,attr2,inode64,logbufs=8,logbsize=32k,noquota)
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=814132k,nr_inodes=203533,mode=700,uid=1000,gid=100,inode64)
gvfsd-fuse on /run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=100)
portal on /run/user/1000/doc type fuse.portal (rw,nosuid,nodev,relatime,user_id=1000,group_id=100)
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/pubring.gpg
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/pubring.gpg~
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/crls.d
/etc/pacman.d/gnupg/crls.d:
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/crls.d/DIR.txt
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/tofu.db
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/openpgp-revocs.d
/etc/pacman.d/gnupg/openpgp-revocs.d:
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/openpgp-revocs.d/F335967BEFD7D07C7CEBA9F9957F6EC75C6A0FBC.rev
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/private-keys-v1.d
/etc/pacman.d/gnupg/private-keys-v1.d:
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/private-keys-v1.d/C9A66A3469F16587F78926172F4DF89254119A34.key
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/gpg-agent.conf
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/gpg.conf
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/trustdb.gpg
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/secring.gpg
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/S.keyboxd
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/S.gpg-agent
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/S.gpg-agent.ssh
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/S.gpg-agent.extra
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/S.gpg-agent.browser
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/S.dirmngr
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
Output information may be incomplete.
lsof: WARNING: can't stat() fuse.portal file system /run/user/1000/doc
Output information may be incomplete.
systemd 1 root 154u unix 0x00000000ecbcd6a8 0t0 20081 /etc/pacman.d/gnupg/S.dirmngr type=STREAM (LISTEN)
systemd 1 root 158u unix 0x0000000081c33728 0t0 20082 /etc/pacman.d/gnupg/S.gpg-agent.browser type=STREAM (LISTEN)
systemd 1 root 167u unix 0x000000006c4e89ec 0t0 20085 /etc/pacman.d/gnupg/S.gpg-agent type=STREAM (LISTEN)
systemd 1 root 168u unix 0x00000000e96fc734 0t0 20083 /etc/pacman.d/gnupg/S.gpg-agent.extra type=STREAM (LISTEN)
systemd 1 root 200u unix 0x00000000952cf615 0t0 20084 /etc/pacman.d/gnupg/S.gpg-agent.ssh type=STREAM (LISTEN)
systemd 1 root 208u unix 0x00000000e883788a 0t0 20086 /etc/pacman.d/gnupg/S.keyboxd type=STREAM (LISTEN)
gpg-agent 1496 root 3u unix 0x000000006c4e89ec 0t0 20085 /etc/pacman.d/gnupg/S.gpg-agent type=STREAM (LISTEN)
gpg-agent 1496 root 4u unix 0x00000000e96fc734 0t0 20083 /etc/pacman.d/gnupg/S.gpg-agent.extra type=STREAM (LISTEN)
gpg-agent 1496 root 5u unix 0x0000000081c33728 0t0 20082 /etc/pacman.d/gnupg/S.gpg-agent.browser type=STREAM (LISTEN)
gpg-agent 1496 root 6u unix 0x00000000952cf615 0t0 20084 /etc/pacman.d/gnupg/S.gpg-agent.ssh type=STREAM (LISTEN)
dirmngr 2142 root 3u unix 0x00000000ecbcd6a8 0t0 20081 /etc/pacman.d/gnupg/S.dirmngr type=STREAM (LISTEN)
dirmngr 2142 root 5u unix 0x00000000fb9e49f4 0t0 52036 /etc/pacman.d/gnupg/S.dirmngr type=STREAM (CONNECTED)
dirmngr 2142 4144 conn\x20f root 3u unix 0x00000000ecbcd6a8 0t0 20081 /etc/pacman.d/gnupg/S.dirmngr type=STREAM (LISTEN)
dirmngr 2142 4144 conn\x20f root 5u unix 0x00000000fb9e49f4 0t0 52036 /etc/pacman.d/gnupg/S.dirmngr type=STREAM (CONNECTED)
gpg 4143 root 3u REG 0,34 15760 11 /etc/pacman.d/gnupg/trustdb.gpg
Offline
I ran those commands during my system is doing pacman-key --refresh-keys as it is trying to complete this step for 3 hours now under quite some load ... Pastebin
There's a timer that runs that, and if you run pacman while it's running, it'll trash your keyring. Mask archlinux-keyring-wkd-sync.timer and your problem will likely go away.
Online
tmpfs on /etc/pacman.d/gnupg type tmpfs (rw,relatime,mode=755,inode64)
Why is that on a volatile filesystem?
but after a reboot i get again the error during the update process
Because after the reboot that directory is completely empty again.
Offline
Oh, I missed that. Sounds like they copied a bunch of things over from the ISO for some reason.
Online
tmpfs on /etc/pacman.d/gnupg type tmpfs (rw,relatime,mode=755,inode64)
Why is that on a volatile filesystem?
but after a reboot i get again the error during the update process
Because after the reboot that directory is completely empty again.
Oh my stupid me! Thank you very much. Indeed I had quoted out the tmpfs entry in fstab (if I remember correctly to compile a large package) and left it like this.
So sorry my bad. But very nicely diagnosed !
Fixed, Sorry.
Offline
Hello again
Apparently I did no fully understand the concept here.
I get the error again. My /etc/pacman.d/gnupg still seems to reside on a volatile file system.
How can I change that?
In order to speed up compilations of large packages I have put this in my /etc/fstab (System has 8GB of RAM). But TMHO this is not related to gnupg, right?
# By default, a tmpfs partition has its maximum size set to half of the available RAM, however it is possible to overrule this value.
tmpfs /tmp tmpfs rw,nodev,nosuid,size=4G 0 0
# The tmpfs can also be temporarily resized without the need to reboot, for example when a large compile job needs to run soon. In this case, run in a console:
## mount -o remount,size=5G,noatime /tmp
Offline
Please post your complete /etc/fstab , the full output of mount and the url shown after running (as root) journalctl -b | curl -F 'file=@-' 0x0.st
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
(A works at time B) && (time C > time B ) ≠ (A works at time C)
Offline