[Reopend] Pacman: error: keyring is not writable (returning error)

boomshalek · 2024-04-13 13:40:34

Dear all
Since about two months (maybe longer), whenever I try to update my system I get a keyring is not writable error
I have tried various ways to fix it such as
Arch Wiki Resetting the keys
as well as previously deleting /etc/pacman.d/gnupg and /root/.gnupg folders out of a chrooted system livecd described in the manjaro forums.
I can't delete those folders directly from my running system as then i get:

rm: cannot remove '/etc/pacman.d/gnupg/': Device or resource busy

After running all the re-initialisation I can usually upgrade once, but after a reboot i get again the error during the update process.

warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.

Do you have any hints how to fix this permanently ?

[BTW: My system has been affected by the xz backdoor, but i guess this has nothing to do with it]

Last edited by boomshalek (2024-05-01 08:24:19)

seth · 2024-04-13 14:49:08

mount
sudo lsattr -R /etc/pacman.d/gnupg
sudo lsof | grep 'etc/pacman.d/gnupg'

boomshalek · 2024-04-13 21:54:28

seth wrote:

mount
sudo lsattr -R /etc/pacman.d/gnupg
sudo lsof | grep 'etc/pacman.d/gnupg'

I ran those commands during my system is doing pacman-key --refresh-keys as it is trying to complete this step for 3 hours now under quite some load ... Pastebin

proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sys on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
dev on /dev type devtmpfs (rw,nosuid,relatime,size=4061456k,nr_inodes=1015364,mode=755,inode64)
run on /run type tmpfs (rw,nosuid,nodev,relatime,mode=755,inode64)
/dev/sda1 on / type ext4 (rw,noatime,discard)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,inode64)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
none on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=33,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=18585)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,nosuid,nodev,relatime,pagesize=2M)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /etc/pacman.d/gnupg type tmpfs (rw,relatime,mode=755,inode64)
/dev/sda3 on /mnt/bunsen type ext4 (rw,noatime,discard)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,nr_inodes=1048576,inode64)
/dev/sdb1 on /media/daten type xfs (rw,noatime,attr2,inode64,allocsize=65536k,logbufs=8,logbsize=32k,noquota)
/dev/sdb2 on /media/daten/yavdrmedia type ext4 (rw,noatime,discard)
/dev/sdc1 on /media/daten/filme type xfs (rw,noatime,attr2,inode64,logbufs=8,logbsize=32k,noquota)
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=814132k,nr_inodes=203533,mode=700,uid=1000,gid=100,inode64)
gvfsd-fuse on /run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=100)
portal on /run/user/1000/doc type fuse.portal (rw,nosuid,nodev,relatime,user_id=1000,group_id=100)

lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/pubring.gpg
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/pubring.gpg~
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/crls.d

/etc/pacman.d/gnupg/crls.d:
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/crls.d/DIR.txt

lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/tofu.db
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/openpgp-revocs.d

/etc/pacman.d/gnupg/openpgp-revocs.d:
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/openpgp-revocs.d/F335967BEFD7D07C7CEBA9F9957F6EC75C6A0FBC.rev

lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/private-keys-v1.d

/etc/pacman.d/gnupg/private-keys-v1.d:
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/private-keys-v1.d/C9A66A3469F16587F78926172F4DF89254119A34.key

lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/gpg-agent.conf
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/gpg.conf
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/trustdb.gpg
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/secring.gpg
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/S.keyboxd
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/S.gpg-agent
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/S.gpg-agent.ssh
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/S.gpg-agent.extra
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/S.gpg-agent.browser
lsattr: Operation not supported While reading flags on /etc/pacman.d/gnupg/S.dirmngr

lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
      Output information may be incomplete.
lsof: WARNING: can't stat() fuse.portal file system /run/user/1000/doc
      Output information may be incomplete.
systemd       1                       root 154u     unix 0x00000000ecbcd6a8       0t0      20081 /etc/pacman.d/gnupg/S.dirmngr type=STREAM (LISTEN)
systemd       1                       root 158u     unix 0x0000000081c33728       0t0      20082 /etc/pacman.d/gnupg/S.gpg-agent.browser type=STREAM (LISTEN)
systemd       1                       root 167u     unix 0x000000006c4e89ec       0t0      20085 /etc/pacman.d/gnupg/S.gpg-agent type=STREAM (LISTEN)
systemd       1                       root 168u     unix 0x00000000e96fc734       0t0      20083 /etc/pacman.d/gnupg/S.gpg-agent.extra type=STREAM (LISTEN)
systemd       1                       root 200u     unix 0x00000000952cf615       0t0      20084 /etc/pacman.d/gnupg/S.gpg-agent.ssh type=STREAM (LISTEN)
systemd       1                       root 208u     unix 0x00000000e883788a       0t0      20086 /etc/pacman.d/gnupg/S.keyboxd type=STREAM (LISTEN)
gpg-agent  1496                       root   3u     unix 0x000000006c4e89ec       0t0      20085 /etc/pacman.d/gnupg/S.gpg-agent type=STREAM (LISTEN)
gpg-agent  1496                       root   4u     unix 0x00000000e96fc734       0t0      20083 /etc/pacman.d/gnupg/S.gpg-agent.extra type=STREAM (LISTEN)
gpg-agent  1496                       root   5u     unix 0x0000000081c33728       0t0      20082 /etc/pacman.d/gnupg/S.gpg-agent.browser type=STREAM (LISTEN)
gpg-agent  1496                       root   6u     unix 0x00000000952cf615       0t0      20084 /etc/pacman.d/gnupg/S.gpg-agent.ssh type=STREAM (LISTEN)
dirmngr    2142                       root   3u     unix 0x00000000ecbcd6a8       0t0      20081 /etc/pacman.d/gnupg/S.dirmngr type=STREAM (LISTEN)
dirmngr    2142                       root   5u     unix 0x00000000fb9e49f4       0t0      52036 /etc/pacman.d/gnupg/S.dirmngr type=STREAM (CONNECTED)
dirmngr    2142  4144 conn\x20f       root   3u     unix 0x00000000ecbcd6a8       0t0      20081 /etc/pacman.d/gnupg/S.dirmngr type=STREAM (LISTEN)
dirmngr    2142  4144 conn\x20f       root   5u     unix 0x00000000fb9e49f4       0t0      52036 /etc/pacman.d/gnupg/S.dirmngr type=STREAM (CONNECTED)
gpg        4143                       root   3u      REG               0,34     15760         11 /etc/pacman.d/gnupg/trustdb.gpg

Scimmia · 2024-04-13 21:57:21

boomshalek wrote:

I ran those commands during my system is doing pacman-key --refresh-keys as it is trying to complete this step for 3 hours now under quite some load ... Pastebin

There's a timer that runs that, and if you run pacman while it's running, it'll trash your keyring. Mask archlinux-keyring-wkd-sync.timer and your problem will likely go away.

seth · 2024-04-13 22:03:27

tmpfs on /etc/pacman.d/gnupg type tmpfs (rw,relatime,mode=755,inode64)

Why is that on a volatile filesystem?

but after a reboot i get again the error during the update process

Because after the reboot that directory is completely empty again.

Scimmia · 2024-04-13 22:55:13

Oh, I missed that. Sounds like they copied a bunch of things over from the ISO for some reason.

boomshalek · 2024-04-16 16:04:56

seth wrote:

tmpfs on /etc/pacman.d/gnupg type tmpfs (rw,relatime,mode=755,inode64)
Why is that on a volatile filesystem?
but after a reboot i get again the error during the update process
Because after the reboot that directory is completely empty again.

Oh my stupid me! Thank you very much. Indeed I had quoted out the tmpfs entry in fstab (if I remember correctly to compile a large package) and left it like this.
So sorry my bad. But very nicely diagnosed !

Fixed, Sorry.

boomshalek · 2024-05-01 08:28:40

Hello again

Apparently I did no fully understand the concept here.
I get the error again. My /etc/pacman.d/gnupg still seems to reside on a volatile file system.
How can I change that?

In order to speed up compilations of large packages I have put this in my /etc/fstab (System has 8GB of RAM). But TMHO this is not related to gnupg, right?

# By default, a tmpfs partition has its maximum size set to half of the available RAM, however it is possible to overrule this value.

tmpfs   /tmp         tmpfs   rw,nodev,nosuid,size=4G          0  0

# The tmpfs can also be temporarily resized without the need to reboot, for example when a large compile job needs to run soon. In this case, run in a console:
## mount -o remount,size=5G,noatime /tmp

Lone_Wolf · 2024-05-01 10:43:37

Please post your complete /etc/fstab , the full output of mount and the url shown after running (as root) journalctl -b | curl -F 'file=@-' 0x0.st

Arch Linux

#1 2024-04-13 13:40:34

[Reopend] Pacman: error: keyring is not writable (returning error)

#2 2024-04-13 14:49:08

Re: [Reopend] Pacman: error: keyring is not writable (returning error)

#3 2024-04-13 21:54:28

Re: [Reopend] Pacman: error: keyring is not writable (returning error)

#4 2024-04-13 21:57:21

Re: [Reopend] Pacman: error: keyring is not writable (returning error)

#5 2024-04-13 22:03:27

Re: [Reopend] Pacman: error: keyring is not writable (returning error)

#6 2024-04-13 22:55:13

Re: [Reopend] Pacman: error: keyring is not writable (returning error)

#7 2024-04-16 16:04:56

Re: [Reopend] Pacman: error: keyring is not writable (returning error)

#8 2024-05-01 08:28:40

Re: [Reopend] Pacman: error: keyring is not writable (returning error)

#9 2024-05-01 10:43:37

Re: [Reopend] Pacman: error: keyring is not writable (returning error)

Board footer