Confused about pacman signing.

olive · 2018-01-08 19:55:35

I have read the wiki but I am still confused. The wiki seems to say that I have to run "pacman-key --init" but I have never done such thing and nevertheless, it seems that it works. The install wiki does not mention it. Has it been run implicitly by one of the install scripts initially?

On one occasion, pacman asked me to import a developer key. Does it not normally happen automatically?

Last edited by olive (2018-01-08 19:59:30)

Lone_Wolf · 2018-01-09 13:28:02

Has it been run implicitly by one of the install scripts initially?

A keyring is normally added to the livecd during the creation of the installation iso.
When you run pacstrap from the installation iso, it will copy the installation iso keyring to to the target if the target doesn't have one.

Last edited by Lone_Wolf (2018-01-09 13:29:02)

WorMzy · 2018-01-09 13:49:04

On one occasion, pacman asked me to import a developer key. Does it not normally happen automatically?

There is often a race condition between the archlinux-keyring package and packages signed by new keys (often from a new TU). Because the archlinux-keyring is a core package, it needs to go through testing, but other packages (particularly in community) can be pushed straight into the live repos. When one of these new-key signed packages reaches your system before the new keyring is installed, pacman will explicitly ask you to import the key. Since the key is trusted by the web-of-trust, no other action is needed. If the key isn't trusted by the web-of-trust, then there is a problem and pacman will refuse to install the packages signed by that key (unless you've configured pacman to behave otherwise).

Arch Linux

#1 2018-01-08 19:55:35

Confused about pacman signing.

#2 2018-01-09 13:28:02

Re: Confused about pacman signing.

#3 2018-01-09 13:49:04

Re: Confused about pacman signing.

Board footer