You are not logged in.
- Topics: Active | Unanswered
#1 2018-01-27 00:32:37
- Malvineous
- Member
- From: Brisbane, Australia
- Registered: 2011-02-03
- Posts: 190
- Website
Why does archlinux-keyring need to be upgraded manually?
Just running another pacman -Syu, and of course it asks me whether I want to import some PGP keys. I forgot to first run pacman -S archlinux-keyring. After doing so, the pacman -Su works just fine.
It got me wondering - is there a reason why pacman doesn't prioritise this package and upgrade it first, so that the rest of the packages can be upgraded without worrying about any PGP keys?
I always forget about this package so my upgrades are always three steps - attempt full upgrade, cancel and upgrade the keyring, then attempt full upgrade again. I was just thinking it'd be nice if it could all be done as one step instead, with pacman handling the dependencies. I had a look at the Package signing wiki page but can't see anything there about prioritising packages.
Offline
#2 2018-01-27 00:36:36
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 11,614
Re: Why does archlinux-keyring need to be upgraded manually?
It doesn't. Just let pacman import the key.
Offline
#3 2018-01-27 01:36:18
- Malvineous
- Member
- From: Brisbane, Australia
- Registered: 2011-02-03
- Posts: 190
- Website
Re: Why does archlinux-keyring need to be upgraded manually?
Is there a way to have this done automatically? It's just a pain that if you start your upgrade and go away for an hour to let it run, when you come back it's sitting there waiting for you to press Y a dozen times and then you have to wait even longer for it to finish. If it asked you right at the start it wouldn't be so bad, but it makes an unattended upgrade take even longer.
Offline
#4 2018-01-27 02:25:14
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 29,576
- Website
Re: Why does archlinux-keyring need to be upgraded manually?
Is there a way to have this done automatically?
If only there were some sort of manual that would answer such qestions...
It's just a pain that if you start your upgrade and go away for an hour ...
Simple solution: don't do that. For so many reasons.
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
#5 2018-01-27 23:41:26
- eschwartz
- Fellow
- Registered: 2014-08-08
- Posts: 4,097
Re: Why does archlinux-keyring need to be upgraded manually?
There used to be a feature to have certain "SyncFirst" packages in pacman.conf, but it was an unholy broken mess so the feature was removed. It shouldn't really be an issue, as pacman is fully capable of downloading the new keys from public keyservers, and the PGP web of trust is used to mark them as trusted via being signed by the master keys...
Of course, if your pacman-key configuration is broken and cannot connect to the server, this won't work. And, if you want totally unattended upgrades I'm not sure we want to support that use-case (but feel free to YOLO your install via `yes y | pacman -Syu`, it probably won't usually break).
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline