[SOLVED] Need help with learning about mirrorlists and keyrings

MAYBL8 · Yesterday 11:43:05

I am desperately looking for help on this. I have tried everything and keep getting the same errors.
I am trying to build my own iso .
The step I am in is providing my own keyring and mirrorlist.
I am really really trying to learn this but keep having the same issue over and over.
I have done all the steps of receiving keys , locally signing keys . I have ran every pacman-key command but when I go to build my iso I keep getting this message:

(911/952) installing mylastarch-keyring                                                                  [--------------------------------------------------------------] 100%
error: config file /etc/pacman.d/mylastarch-mirrorlist could not be read: No such file or directory
error parsing '/etc/pacman.conf'
mkdir: cannot create directory ‘’: No such file or directory

I will post whatever command you want me to run to try to solve my issue.
I am about to abandon this and just not use the keyring and mirrorlist if you guys can't help me.
Thanks
Dan

Edit 1:
If I do this I see:

[demo@kiro mylastarch-keyring]$ sudo pacman-key --populate
[sudo] password for demo:
==> Appending keys from archlinux.gpg...
==> Appending keys from carli.gpg...
==> Appending keys from chaotic.gpg...
==> Appending keys from mylastarch.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signed 1 key.
==> Importing owner trust values...
==> Updating trust database...
gpg: next trustdb check due at 2026-10-21

[demo@kiro mylastarch-keyring]$ sudo pacman-key --recv-keys C8B25E49B0428123
gpg: key C8B25E49B0428123: "mylastarch iso <mylastarch@dccathome.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

[demo@kiro mylastarch-keyring]$ sudo pacman-key --finger C8B25E49B0428123
pub   rsa3072 2026-05-14 [SC] [expires: 2028-05-13]
      97EF D435 2896 2710 B9E6  ED2E C8B2 5E49 B042 8123
uid           [  full  ] mylastarch iso <mylastarch@dccathome.com>
sub   rsa3072 2026-05-14 [E] [expires: 2028-05-13]

[demo@kiro mylastarch-keyring]$ sudo pacman-key --lsign-key C8B25E49B0428123
  -> Locally signed 1 key.
==> Updating trust database...
gpg: next trustdb check due at 2026-10-21

Sorry I just noticed there was more to the errors:

error: config file /etc/pacman.d/mylastarch-mirrorlist could not be read: No such file or directory
error parsing '/etc/pacman.conf'
mkdir: cannot create directory ‘’: No such file or directory
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
chmod: cannot access '/trustdb.gpg': No such file or directory
gpg: WARNING: unsafe permissions on homedir '/root/.gnupg'
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/AD3E0BBC36FD70D68ED1DD907A44A1162C6A5485.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
error: config file /etc/pacman.d/mylastarch-mirrorlist could not be read: No such file or directory
error parsing '/etc/pacman.conf'
==> ERROR: You do not have sufficient permissions to read the pacman keyring.
==> Use 'pacman-key --init' to correct the keyring permissions.
error: config file /etc/pacman.d/mylastarch-mirrorlist could not be read: No such file or directory
error parsing '/etc/pacman.conf'
==> ERROR: You do not have sufficient permissions to read the pacman keyring.
==> Use 'pacman-key --init' to correct the keyring permissions.
error: config file /etc/pacman.d/mylastarch-mirrorlist could not be read: No such file or directory
error parsing '/etc/pacman.conf'
==> ERROR: You do not have sufficient permissions to read the pacman keyring.
==> Use 'pacman-key --init' to correct the keyring permissions.
error: command failed to execute correctly

Please don't shun me for using other repositories. I am just trying to learn about this.

Last edited by MAYBL8 (Today 12:45:52)

seth · Yesterday 13:20:00

stat /etc/pacman.d/mylastarch-mirrorlist
pacman -Qo /etc/pacman.d/mylastarch-mirrorlist
pacman-conf

Why is anything there fudging around in the root's $HOME?
Also post the PKGBUILD for mylastarch-keyring and/or the package itself.

MAYBL8 · Yesterday 13:35:49

stat /etc/pacman.d/mylastarch-mirrorlist
pacman -Qo /etc/pacman.d/mylastarch-mirrorlist
pacman-conf

Doesn't the mirrorlist go there?

pkgbase=mylastarch-keyring
pkgname=mylastarch-keyring
destdir=/usr/share/pacman/keyrings
pkgver=1
pkgrel=5
pkgdesc="mylastarch keyring"
arch=('x86_64')
url="https://github.com/mylastarch"
license=('GPL3')
source=('mylastarch-keyring.install'
        'mylastarch.gpg')
sha256sums=('SKIP'
            'SKIP')        

install=${pkgname}.install
package() {
  mkdir -p ${pkgdir}/$destdir
  cd ..
  cp mylastarch.gpg ${pkgdir}/$destdir
  install -dm 755 "${pkgdir}/$destdir"
}

Right now I don't have the sha256sums because I trying to figure out how to get them.
I hope that is not the problem.

seth · Yesterday 13:52:19

Doesn't the mirrorlist go there?

What mirrorlist? It seems you're trying to include that file but it cannot be read/doesn't exist.

What is mylastarch-keyring.install (contents of the file)?
(Doesn't have to be in the source array, btw)

Do you mean

package() {
install -dm 755 "${pkgdir}/$destdir"
install "${srcdir}/mylastarch.gpg" "${pkgdir}/$destdir"
}

I hope that is not the problem.

No.

Please also provide the output of the three commands in #2

MAYBL8 · Yesterday 13:58:53

Sorry I thought you were just showing me something
Here it is:

[root@kiro mylastarch-keyring]# stat /etc/pacman.d/mylastarch-mirrorlist
  File: /etc/pacman.d/mylastarch-mirrorlist
  Size: 148       	Blocks: 8          IO Block: 4096   regular file
Device: 8,2	Inode: 1311372     Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2026-05-19 23:32:07.078989258 -0400
Modify: 2026-05-17 20:19:00.232568833 -0400
Change: 2026-05-19 23:32:07.082773973 -0400
 Birth: 2026-05-19 23:32:07.078989258 -0400

[root@kiro mylastarch-keyring]# pacman -Qo /etc/pacman.d/mylastarch-mirrorlist
error: No package owns /etc/pacman.d/mylastarch-mirrorlist

[root@kiro mylastarch-keyring]# pacman-conf
[options]
RootDir = /
DBPath = /var/lib/pacman/
CacheDir = /var/cache/pacman/pkg/
HookDir = /etc/pacman.d/hooks/
GPGDir = /etc/pacman.d/gnupg/
LogFile = /var/log/pacman.log
HoldPkg = pacman
HoldPkg = glibc
Architecture = x86_64
Color
CheckSpace
VerbosePkgLists
DisableDownloadTimeout
ILoveCandy
ParallelDownloads = 12
CleanMethod = KeepInstalled
SigLevel = PackageRequired
SigLevel = PackageTrustedOnly
SigLevel = DatabaseOptional
SigLevel = DatabaseTrustedOnly
LocalFileSigLevel = PackageOptional
LocalFileSigLevel = PackageTrustedOnly
[mylastarch_repo]
Usage = All
SigLevel = PackageOptional
SigLevel = PackageTrustedOnly
SigLevel = DatabaseOptional
SigLevel = DatabaseTrustedOnly
Server = https://mylastarch.github.io/mylastarch_repo/x86_64
Server = https://gitlab.com/mylastarch/mylastarch_repo/-/raw/master/x86_64
Server = https://mylastarch.github.io/mylastarch_repo/x86_64
[core]
Usage = All
Server = https://geo.mirror.pkgbuild.com/core/os/x86_64
Server = http://mirror.rackspace.com/archlinux/core/os/x86_64
Server = https://mirror.rackspace.com/archlinux/core/os/x86_64
Server = https://mirrors.kernel.org/archlinux/core/os/x86_64
Server = https://mirror.osbeck.com/archlinux/core/os/x86_64
Server = http://mirror.osbeck.com/archlinux/core/os/x86_64
[extra]
Usage = All
Server = https://geo.mirror.pkgbuild.com/extra/os/x86_64
Server = http://mirror.rackspace.com/archlinux/extra/os/x86_64
Server = https://mirror.rackspace.com/archlinux/extra/os/x86_64
Server = https://mirrors.kernel.org/archlinux/extra/os/x86_64
Server = https://mirror.osbeck.com/archlinux/extra/os/x86_64
Server = http://mirror.osbeck.com/archlinux/extra/os/x86_64
[multilib]
Usage = All
Server = https://geo.mirror.pkgbuild.com/multilib/os/x86_64
Server = http://mirror.rackspace.com/archlinux/multilib/os/x86_64
Server = https://mirror.rackspace.com/archlinux/multilib/os/x86_64
Server = https://mirrors.kernel.org/archlinux/multilib/os/x86_64
Server = https://mirror.osbeck.com/archlinux/multilib/os/x86_64
Server = http://mirror.osbeck.com/archlinux/multilib/os/x86_64

post_install() {
	pacman-key --init
	pacman-key --add /usr/share/pacman/keyrings/mylastarch.gpg
	pacman-key --lsign-key 97EFD43528962710B9E6ED2EC8B25E49B0428123
	pacman-key --populate
}


post_upgrade() {
	pacman-key --init
	pacman-key --add /usr/share/pacman/keyrings/mylastarch.gpg
	pacman-key --lsign-key 97EFD43528962710B9E6ED2EC8B25E49B0428123
	pacman-key --populate
}

I think that is everything you asked.
Thanks for helping

seth · Yesterday 14:08:31

https://wiki.archlinux.org/title/Pacman … icial_keys - drop init and populate.

So the mirrorlist file exists and is world readable, post it and /etc/pacman.conf and then the actual package you're currently trying to install and the complete output of "pacman --debug …" for the installation attempt.

MAYBL8 · Yesterday 14:17:46

seth wrote:

https://wiki.archlinux.org/title/Pacman … icial_keys - drop init and populate.
So the mirrorlist file exists and is world readable, post it and /etc/pacman.conf and then the actual package you're currently trying to install and the complete output of "pacman --debug …" for the installation attempt.

OK I previously have read that and ran all the commands in there.

# Mylastarch Mirror list
Server = https://mylastarch.github.io/$repo/$arch

# Gitlab
Server = https://gitlab.com/mylastarch/$repo/-/raw/master/$arch



# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives

#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir     = /
#DBPath      = /var/lib/pacman/
#CacheDir    = /var/cache/pacman/pkg/
#LogFile     = /var/log/pacman.log
#GPGDir      = /etc/pacman.d/gnupg/
#HookDir     = /etc/pacman.d/hooks/
HoldPkg      = pacman glibc
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto

# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
#IgnorePkg   =
#IgnoreGroup =

#NoUpgrade   =
#NoExtract   =

# Misc options
#UseSyslog
Color
#NoProgressBar
CheckSpace
VerbosePkgLists
ParallelDownloads = 12
#DownloadUser = alpm
#DisableSandbox
ILoveCandy
DisableDownloadTimeout

# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required

# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.

#
# REPOSITORIES
#   - can be defined here or included from another file
#   - pacman will search repositories in the order defined here
#   - local/custom mirrors can be added here or in separate files
#   - repositories listed first will take precedence when packages
#     have identical names, regardless of version number
#   - URLs will have $repo replaced by the name of the current repo
#   - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
#       [repo-name]
#       Server = ServerName
#       Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#

# The testing repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.

# customrepo
[mylastarch_repo]
SigLevel = Optional TrustedOnly
#SigLevel = Never
Include = /etc/pacman.d/mylastarch-mirrorlist
Server = https://mylastarch.github.io/$repo/$arch

#[core-testing]
#Include = /etc/pacman.d/mirrorlist

[core]
Include = /etc/pacman.d/mirrorlist

#[extra-testing]
#Include = /etc/pacman.d/mirrorlist

[extra]
Include = /etc/pacman.d/mirrorlist

# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repositories as required here.

#[multilib-testing]
#Include = /etc/pacman.d/mirrorlist

[multilib]
Include = /etc/pacman.d/mirrorlist

# An example of a custom package repository.  See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

#[nemesis_repo]
#SigLevel = Never
#Server = https://erikdubois.github.io/$repo/$arch

#[chaotic-aur]
#SigLevel = Required DatabaseOptional
#Include = /etc/pacman.d/chaotic-mirrorlist

[root@kiro mylastarch-keyring]# pacman --debug
debug: pacman v7.1.0 - libalpm v16.0.1
debug: config: new section 'options'
debug: config: HoldPkg: pacman
debug: config: HoldPkg: glibc
debug: config: Architecture: auto
debug: config: arch: x86_64
debug: config: verbosepkglists
debug: config: chomp
debug: config: SigLevel: Required
debug: config: SigLevel: DatabaseOptional
debug: config: LocalFileSigLevel: Optional
debug: config: new section 'mylastarch_repo'
debug: config: SigLevel: Optional
debug: config: SigLevel: TrustedOnly
debug: config file /etc/pacman.conf, line 80: including /etc/pacman.d/mylastarch-mirrorlist
debug: config: new section 'core'
debug: config file /etc/pacman.conf, line 87: including /etc/pacman.d/mirrorlist
debug: config: new section 'extra'
debug: config file /etc/pacman.conf, line 93: including /etc/pacman.d/mirrorlist
debug: config: new section 'multilib'
debug: config file /etc/pacman.conf, line 102: including /etc/pacman.d/mirrorlist
debug: config: finished parsing /etc/pacman.conf
debug: setup_libalpm called
debug: option 'logfile' = /var/log/pacman.log
debug: option 'gpgdir' = /etc/pacman.d/gnupg/
debug: option 'hookdir' = /etc/pacman.d/hooks/
debug: option 'cachedir' = /var/cache/pacman/pkg/
debug: registering sync database 'mylastarch_repo'
debug: database path for tree mylastarch_repo set to /var/lib/pacman/sync/mylastarch_repo.db
debug: GPGME version: 2.1.0
debug: GPGME engine info: file=/usr/bin/gpg, home=/etc/pacman.d/gnupg/
debug: checking signature for /var/lib/pacman/sync/mylastarch_repo.db
debug: 1 signatures returned
debug: fingerprint: 97EFD43528962710B9E6ED2EC8B25E49B0428123
debug: summary: valid
debug: summary: green
debug: status: Success
debug: timestamp: 1779234245
debug: exp_timestamp: 0
debug: validity: full; reason: Success
debug: key: 97EFD43528962710B9E6ED2EC8B25E49B0428123, mylastarch iso <mylastarch@dccathome.com>, owner_trust unknown, disabled 0
debug: signature is valid
debug: signature is fully trusted
debug: setting usage of 15 for mylastarch_repo repository
debug: adding new server URL to database 'mylastarch_repo': https://mylastarch.github.io/mylastarch_repo/x86_64
debug: adding new server URL to database 'mylastarch_repo': https://gitlab.com/mylastarch/mylastarch_repo/-/raw/master/x86_64
debug: adding new server URL to database 'mylastarch_repo': https://mylastarch.github.io/mylastarch_repo/x86_64
debug: registering sync database 'core'
debug: database path for tree core set to /var/lib/pacman/sync/core.db
debug: "/var/lib/pacman/sync/core.db.sig" is not readable: No such file or directory
debug: sig path /var/lib/pacman/sync/core.db.sig could not be opened
debug: got error 43 at _alpm_gpgme_checksig (../lib/libalpm/signing.c: 565) : missing PGP signature
debug: missing optional signature
debug: setting usage of 15 for core repository
debug: adding new server URL to database 'core': https://geo.mirror.pkgbuild.com/core/os/x86_64
debug: adding new server URL to database 'core': http://mirror.rackspace.com/archlinux/core/os/x86_64
debug: adding new server URL to database 'core': https://mirror.rackspace.com/archlinux/core/os/x86_64
debug: adding new server URL to database 'core': https://mirrors.kernel.org/archlinux/core/os/x86_64
debug: adding new server URL to database 'core': https://mirror.osbeck.com/archlinux/core/os/x86_64
debug: adding new server URL to database 'core': http://mirror.osbeck.com/archlinux/core/os/x86_64
debug: registering sync database 'extra'
debug: database path for tree extra set to /var/lib/pacman/sync/extra.db
debug: "/var/lib/pacman/sync/extra.db.sig" is not readable: No such file or directory
debug: sig path /var/lib/pacman/sync/extra.db.sig could not be opened
debug: got error 43 at _alpm_gpgme_checksig (../lib/libalpm/signing.c: 565) : missing PGP signature
debug: missing optional signature
debug: setting usage of 15 for extra repository
debug: adding new server URL to database 'extra': https://geo.mirror.pkgbuild.com/extra/os/x86_64
debug: adding new server URL to database 'extra': http://mirror.rackspace.com/archlinux/extra/os/x86_64
debug: adding new server URL to database 'extra': https://mirror.rackspace.com/archlinux/extra/os/x86_64
debug: adding new server URL to database 'extra': https://mirrors.kernel.org/archlinux/extra/os/x86_64
debug: adding new server URL to database 'extra': https://mirror.osbeck.com/archlinux/extra/os/x86_64
debug: adding new server URL to database 'extra': http://mirror.osbeck.com/archlinux/extra/os/x86_64
debug: registering sync database 'multilib'
debug: database path for tree multilib set to /var/lib/pacman/sync/multilib.db
debug: "/var/lib/pacman/sync/multilib.db.sig" is not readable: No such file or directory
debug: sig path /var/lib/pacman/sync/multilib.db.sig could not be opened
debug: got error 43 at _alpm_gpgme_checksig (../lib/libalpm/signing.c: 565) : missing PGP signature
debug: missing optional signature
debug: setting usage of 15 for multilib repository
debug: adding new server URL to database 'multilib': https://geo.mirror.pkgbuild.com/multilib/os/x86_64
debug: adding new server URL to database 'multilib': http://mirror.rackspace.com/archlinux/multilib/os/x86_64
debug: adding new server URL to database 'multilib': https://mirror.rackspace.com/archlinux/multilib/os/x86_64
debug: adding new server URL to database 'multilib': https://mirrors.kernel.org/archlinux/multilib/os/x86_64
debug: adding new server URL to database 'multilib': https://mirror.osbeck.com/archlinux/multilib/os/x86_64
debug: adding new server URL to database 'multilib': http://mirror.osbeck.com/archlinux/multilib/os/x86_64
debug: option 'sandboxuser' = (null)
error: no operation specified (use -h for help)
debug: unregistering database 'local'
debug: unregistering database 'mylastarch_repo'
debug: unregistering database 'core'
debug: unregistering database 'extra'
debug: unregistering database 'multilib'

I am not trying to install a package. I am trying to build the .iso and it is creating the errors when what it looks like running the keyring commands.

Edit :
I keep getting this pacman -Sy error and I can't figure out where to put the command to make it work in the archiso .

[mkarchiso] INFO: Copying /etc/skel/* to user homes...
[mkarchiso] INFO: Done!
[mkarchiso] INFO: Creating a list of installed packages on live-enviroment...
warning: Public keyring not found; have you run 'pacman-key --init'?
error: mylastarch_repo: key "97EFD43528962710B9E6ED2EC8B25E49B0428123" is unknown
error: keyring is not writable
warning: database file for 'multilib' does not exist (use '-Sy' to download)
[mkarchiso] INFO: Done!
[mkarchiso] INFO: Initramfs file does not contain microcode update files. External microcode initramfs images will be copied.

Last edited by MAYBL8 (Yesterday 15:54:43)

seth · Yesterday 18:29:15

I am trying to build the .iso

Ah, the file most likely doesn't exist in the airootfs, https://wiki.archlinux.org/title/Archis … s_to_image

Though I don't understand what you repo and package have to do with that.
Are you trying to do https://wiki.archlinux.org/title/Archis … repository ?

MAYBL8 · Yesterday 19:18:53

seth wrote:

I am trying to build the .iso
Ah, the file most likely doesn't exist in the airootfs, https://wiki.archlinux.org/title/Archis … s_to_image
Though I don't understand what you repo and package have to do with that.
Are you trying to do https://wiki.archlinux.org/title/Archis … repository ?

What file are you referring to?

I see this part but I don't know how to make the trusted file it talks about. Do I make up the numbers that go in there or does some command create it?

f the repository also uses a key, place the key in archlive/airootfs/usr/share/pacman/keyrings/. The key file name must end with .gpg. Additionally, the key must be trusted. This can be accomplished by creating a GnuPG exported trust file in the same directory. The file name must end with -trusted. The first field is the key fingerprint, and the second is the trust. You can reference /usr/share/pacman/keyrings/archlinux-trusted for an example.

I had a file in the keyrings folder but it said there already was a file there during the build process so I deleted it.

seth · Yesterday 19:30:01

What file are you referring to?

Your mirrorlist that's apparently missing.

Post the https://man.archlinux.org/man/tree.1 of your airootfs and the commands you're running to build the iso and the complete output that produces.
You do not have to install any package providing the key, you just put it and the trust file into the airootfs

MAYBL8 · Yesterday 20:13:50

[demo@kiro airootfs]$ tree
.
├── etc
│   ├── default
│   │   └── grub
│   ├── dev-rel
│   ├── group
│   ├── gshadow
│   ├── hostname
│   ├── locale.conf
│   ├── localtime -> /usr/share/zoneinfo/UTC
│   ├── mkinitcpio.conf
│   ├── mkinitcpio.d
│   │   ├── linux.preset
│   │   └── mylastarch
│   ├── modprobe.d
│   │   └── broadcom-wl.conf
│   ├── motd
│   ├── mylastarch-release
│   ├── pacman.conf
│   ├── pacman.d
│   │   ├── hooks
│   │   │   ├── 40-locale-gen.hook
│   │   │   ├── uncomment-mirrors.hook
│   │   │   └── zzzz99-remove-custom-hooks-from-airootfs.hook
│   │   ├── mirrorlist
│   │   └── mylastarch-mirrorlist
│   ├── passwd
│   ├── polkit-1
│   │   └── rules.d
│   │       └── 49-nopasswd_global.rules
│   ├── sddm.conf
│   ├── shadow
│   ├── skel
│   ├── ssh
│   │   └── sshd_config
│   ├── sudoers.d
│   │   └── g_wheel
│   ├── systemd
│   │   ├── journald.conf.d
│   │   │   └── volatile-storage.conf
│   │   ├── logind.conf.d
│   │   │   └── do-not-suspend.conf
│   │   ├── network
│   │   │   ├── 20-ethernet.network
│   │   │   ├── 20-wlan.network
│   │   │   └── 20-wwan.network
│   │   └── system
│   │       ├── choose-mirror.service
│   │       ├── cloud-init.target.wants
│   │       │   ├── cloud-config.service -> /usr/lib/systemd/system/cloud-config.service
│   │       │   ├── cloud-final.service -> /usr/lib/systemd/system/cloud-final.service
│   │       │   ├── cloud-init-local.service -> /usr/lib/systemd/system/cloud-init-local.service
│   │       │   └── cloud-init.service -> /usr/lib/systemd/system/cloud-init.service
│   │       ├── dbus-org.freedesktop.ModemManager1.service -> /usr/lib/systemd/system/ModemManager.service
│   │       ├── dbus-org.freedesktop.network1.service -> /usr/lib/systemd/system/systemd-networkd.service
│   │       ├── dbus-org.freedesktop.resolve1.service -> /usr/lib/systemd/system/systemd-resolved.service
│   │       ├── default.target -> /usr/lib/systemd/system/graphical.target
│   │       ├── display-manager.service -> /usr/lib/systemd/system/sddm.service
│   │       ├── etc-pacman.d-gnupg.mount
│   │       ├── getty@tty1.service.d
│   │       │   └── autologin.conf
│   │       ├── livecd-alsa-unmuter.service
│   │       ├── livecd-talk.service
│   │       ├── multi-user.target.wants
│   │       │   ├── choose-mirror.service -> ../choose-mirror.service
│   │       │   ├── iwd.service -> /usr/lib/systemd/system/iwd.service
│   │       │   ├── livecd-talk.service -> /etc/systemd/system/livecd-talk.service
│   │       │   ├── ModemManager.service -> /usr/lib/systemd/system/ModemManager.service
│   │       │   ├── NetworkManager.service -> /usr/lib/systemd/system/NetworkManager.service
│   │       │   ├── pacman-init.service -> ../pacman-init.service
│   │       │   ├── qemu-guest-agent.service -> /usr/lib/systemd/system/qemu-guest-agent.service
│   │       │   ├── reflector.service -> /usr/lib/systemd/system/reflector.service
│   │       │   ├── sshd.service -> /usr/lib/systemd/system/sshd.service
│   │       │   ├── systemd-networkd.service -> /usr/lib/systemd/system/systemd-networkd.service
│   │       │   ├── systemd-resolved.service -> /usr/lib/systemd/system/systemd-resolved.service
│   │       │   └── vboxservice.service -> /usr/lib/systemd/system/vboxservice.service
│   │       ├── network-online.target.wants
│   │       │   └── systemd-networkd-wait-online.service -> /usr/lib/systemd/system/systemd-networkd-wait-online.service
│   │       ├── pacman-init.service
│   │       ├── reflector.service.d
│   │       │   └── archiso.conf
│   │       ├── sockets.target.wants
│   │       │   └── systemd-networkd.socket -> /usr/lib/systemd/system/systemd-networkd.socket
│   │       ├── sound.target.wants
│   │       │   └── livecd-alsa-unmuter.service -> ../livecd-alsa-unmuter.service
│   │       └── systemd-networkd-wait-online.service.d
│   │           └── wait-for-only-one-interface.conf
│   └── xdg
│       └── reflector
│           └── reflector.conf
├── root
└── usr
    ├── local
    │   ├── bin
    │   │   ├── choose-mirror
    │   │   ├── Installation_guide
    │   │   ├── livecd-sound
    │   │   ├── mylastarch-before
    │   │   └── mylastarch-final
    │   └── share
    │       └── livecd-sound
    │           └── asound.conf.in
    └── share
        └── pacman
            └── keyrings

36 directories, 69 files

You do not have to install any package providing the key, you just put it and the trust file into the airootfs

The problem is I don't know how to create the "trust" files. The instructions show an example but don't show how the example is made.

I use a script that I modified from someone else to build the iso.
The results it produces is quite allot of lines. I don't think it will allow me to post all of that here.

https://limewire.com/d/IJYqx#EmRN5TOFvI

Last edited by MAYBL8 (Yesterday 20:25:30)

WorMzy · Yesterday 20:41:08

MAYBL8 wrote:

The problem is I don't know how to create the "trust" files. The instructions show an example but don't show how the example is made.

What part of

The file name must end with -trusted. The first field is the key fingerprint, and the second is the trust. You can reference /usr/share/pacman/keyrings/archlinux-trusted for an example.

is unclear?

MAYBL8 · Yesterday 20:46:57

WorMzy wrote:

MAYBL8 wrote:
The problem is I don't know how to create the "trust" files. The instructions show an example but don't show how the example is made.
What part of
The file name must end with -trusted. The first field is the key fingerprint, and the second is the trust. You can reference /usr/share/pacman/keyrings/archlinux-trusted for an example.
is unclear?

In the example file
Where do these numbers come from:

2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E:4:
3572FA2A1B067F22C58AF155F8B821B42A6FDCD7:4:
69E6471E3AE065297529832E6BA0F5A2037F4F41:4:
99B6618472A3B3B814185BAED7D3D823B88BDB9B:4:
D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C:4:

seth · Yesterday 20:58:27

Please see the first link below, limewire isn't exactly great for these purposes.

I use a script that I modified from someone else to build the iso.

… what script?

(911/978) installing mylastarch-keyring [--------------------------------------------------------------] 100%

Why?

When quoting the wiki you wrote:

If the repository also uses a key, place the key in archlive/airootfs/usr/share/pacman/keyrings/. The key file name must end with .gpg. Additionally, the key must be trusted. This can be accomplished by creating a GnuPG exported trust file in the same directory. The file name must end with -trusted. The first field is the key fingerprint, and the second is the trust. You can reference /usr/share/pacman/keyrings/archlinux-trusted for an example.

The instructions show an example but don't show how the example is made.

Probably some text editor.

Where do these numbers come from:

Somebodies "gpg --export-ownertrust".

while read key; do pacman-key -l ${key%%:*}; done < /usr/share/pacman/keyrings/archlinux-trusted

You're supposed to add the fingerprint of your key.

MAYBL8 · Yesterday 21:05:19

Ok try this
https://paste.c-net.org/SidekickSlacker

I will add the script in a minute.

Here is the script

#!/bin/bash
#set -e
##################################################################################################################
#
#   DO NOT JUST RUN THIS. EXAMINE AND JUDGE. RUN AT YOUR OWN RISK.
#
##################################################################################################################
echo
echo "################################################################## "
tput setaf 2
echo "Phase 1 : "
echo "- Setting General parameters"
tput sgr0
echo "################################################################## "
echo

	#Let us set the desktop"
	#First letter of desktop is small letter

	desktop="plasma"
	dmDesktop="plasma"

	mylastarchVersion=26.05.19

	isoLabel='mylastarch-'$mylastarchVersion'-x86_64.iso'

	# setting of the general parameters
	archisoRequiredVersion="archiso 88-1"
	buildFolder=$HOME"/mylastarch-build"
	outFolder=$HOME"/mylastarch-Out"
	archisoVersion=$(sudo pacman -Q archiso)

	echo "################################################################## "
	echo "Building the desktop                   : "$desktop
	echo "Building version                       : "$mylastarchVersion
	echo "Iso label                              : "$isoLabel
	echo "Do you have the right archiso version? : "$archisoVersion
	echo "What is the required archiso version?  : "$archisoRequiredVersion
	echo "Build folder                           : "$buildFolder
	echo "Out folder                             : "$outFolder
	echo "################################################################## "

	if [ "$archisoVersion" == "$archisoRequiredVersion" ]; then
		tput setaf 2
		echo "##################################################################"
		echo "Archiso has the correct version. Continuing ..."
		echo "##################################################################"
		tput sgr0
	else
	tput setaf 1
	echo "###################################################################################################"
	echo "You need to install the correct version of Archiso"
	echo "Use 'sudo downgrade archiso' to do that"
	echo "or update your system"
	echo "###################################################################################################"
	tput sgr0
	fi

echo
echo "################################################################## "
tput setaf 2
echo "Phase 2 :"
echo "- Checking if archiso is installed"
echo "- Saving current archiso version to readme"
echo "- Making mkarchiso verbose"
tput sgr0
echo "################################################################## "
echo

	package="archiso"

	#----------------------------------------------------------------------------------

	#checking if application is already installed or else install with aur helpers
	if pacman -Qi $package &> /dev/null; then

			echo "Archiso is already installed"

	else

		#checking which helper is installed
		if pacman -Qi yay &> /dev/null; then

			echo "################################################################"
			echo "######### Installing with yay"
			echo "################################################################"
			yay -S --noconfirm $package

		elif pacman -Qi trizen &> /dev/null; then

			echo "################################################################"
			echo "######### Installing with trizen"
			echo "################################################################"
			trizen -S --noconfirm --needed --noedit $package

		fi

		# Just checking if installation was successful
		if pacman -Qi $package &> /dev/null; then

			echo "################################################################"
			echo "#########  "$package" has been installed"
			echo "################################################################"

		else

			echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
			echo "!!!!!!!!!  "$package" has NOT been installed"
			echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
			exit 1
		fi

	fi

	echo
	echo "Saving current archiso version to readme"
	sudo sed -i "s/\(^archiso-version=\).*/\1$archisoVersion/" ../archiso.readme
	echo
	echo "Making mkarchiso verbose"
	sudo sed -i 's/quiet="y"/quiet="n"/g' /usr/bin/mkarchiso

echo
echo "################################################################## "
tput setaf 2
echo "Phase 3 :"
echo "- Deleting the build folder if one exists"
echo "- Copying the Archiso folder to build folder"
tput sgr0
echo "################################################################## "
echo

	echo "Deleting the build folder if one exists - takes some time"
	[ -d $buildFolder ] && sudo rm -rf $buildFolder
	echo
	echo "Copying the Archiso folder to build work"
	echo
	mkdir $buildFolder
	cp -r ../archiso $buildFolder/archiso

echo
echo "################################################################## "
tput setaf 2
echo "Phase 4 :"
#echo "- Deleting any files in /etc/skel"
#echo "- Getting the last version of bashrc in /etc/skel"
echo "- Removing the old packages.x86_64 file from build folder"
echo "- Copying the new packages.x86_64 file to the build folder"
echo "- Changing group for polkit folder"
tput sgr0
echo "################################################################## "
echo

	#echo "Deleting any files in /etc/skel"
	#rm -rf $buildFolder/archiso/airootfs/etc/skel/.* 2> /dev/null
	#echo

	#echo "Getting the last version of bashrc in /etc/skel"
	#echo
	#wget https://raw.githubusercontent.com/arcolinux/arcolinux-root/master/etc/skel/.bashrc-latest -O $buildFolder/archiso/airootfs/etc/skel/.bashrc

	echo "Removing the old packages.x86_64 file from build folder"
	rm $buildFolder/archiso/packages.x86_64
	echo
	echo "Copying the new packages.x86_64 file to the build folder"
	cp -f ../archiso/packages.x86_64 $buildFolder/archiso/packages.x86_64
	echo
	#echo "Changing group for polkit folder"
	#sudo chgrp polkitd $buildFolder/archiso/airootfs/etc/polkit-1/rules.d
	#is not working so fixing this during calamares installation

echo
echo "################################################################## "
tput setaf 2
echo "Phase 5 : "
echo "- Changing all references"
echo "- Adding time to /etc/dev-rel"
tput sgr0
echo "################################################################## "
echo

	#Setting variables

	#profiledef.sh
	oldname1='iso_name="mylastarch'
	newname1='iso_name="mylastarch'

	oldname2='iso_label="mylastarch'
	newname2='iso_label="mylastarch'

	oldname3='mylastarch'
	newname3='mylastarch'

	#hostname
	oldname4='mylastarch'
	newname4='mylastarch'

	#sddm.conf user-session
	oldname5='Session=plasma'
	newname5='Session='$dmDesktop

	echo "Changing all references"
	echo
	sed -i 's/'$oldname1'/'$newname1'/g' $buildFolder/archiso/profiledef.sh
	sed -i 's/'$oldname2'/'$newname2'/g' $buildFolder/archiso/profiledef.sh
	sed -i 's/'$oldname3'/'$newname3'/g' $buildFolder/archiso/airootfs/etc/dev-rel
	sed -i 's/'$oldname4'/'$newname4'/g' $buildFolder/archiso/airootfs/etc/hostname
	sed -i 's/'$oldname5'/'$newname5'/g' $buildFolder/archiso/airootfs/etc/sddm.conf

	echo "Adding time to /etc/dev-rel"
	date_build=$(date -d now)
	echo "Iso build on : "$date_build
	sudo sed -i "s/\(^ISO_BUILD=\).*/\1$date_build/" $buildFolder/archiso/airootfs/etc/dev-rel


echo
echo "###########################################################"
tput setaf 2
echo "Phase 6 :"
echo "- Cleaning the cache from /var/cache/pacman/pkg/"
tput sgr0
echo "###########################################################"
echo

	echo "Cleaning the cache from /var/cache/pacman/pkg/"
	yes | sudo pacman -Scc

echo
echo "################################################################## "
tput setaf 2
echo "Phase 7 :"
echo "- Building the iso - this can take a while - be patient"
tput sgr0
echo "################################################################## "
echo

	[ -d $outFolder ] || mkdir $outFolder
	cd $buildFolder/archiso/
	sudo mkarchiso -v -w $buildFolder -o $outFolder $buildFolder/archiso/



echo
echo "###################################################################"
tput setaf 2
echo "Phase 8 :"
echo "- Creating checksums"
echo "- Copying pgklist"
tput sgr0
echo "###################################################################"
echo

	cd $outFolder

	echo "Creating checksums for : "$isoLabel
	echo "##################################################################"
	echo
	echo "Building sha1sum"
	echo "########################"
	sha1sum $isoLabel | tee $isoLabel.sha1
	echo "Building sha256sum"
	echo "########################"
	sha256sum $isoLabel | tee $isoLabel.sha256
	echo "Building md5sum"
	echo "########################"
	md5sum $isoLabel | tee $isoLabel.md5
	echo
	echo "Moving pkglist.x86_64.txt"
	echo "########################"
	cp $buildFolder/iso/arch/pkglist.x86_64.txt  $outFolder/$isoLabel".pkglist.txt"
	
echo
echo "##################################################################"
tput setaf 2
echo "Phase 9 :"
echo "- Making sure we start with a clean slate next time"
tput sgr0
echo "################################################################## "
echo

	echo "Deleting the build folder if one exists - takes some time"
	[ -d $buildFolder ] && sudo rm -rf $buildFolder

echo
echo "##################################################################"
tput setaf 2
echo "DONE"
echo "- Check your out folder :"$outFolder
tput sgr0
echo "################################################################## "
echo

(911/978) installing mylastarch-keyring [--------------------------------------------------------------] 100%
Why?

So should I not use keyring?

Last edited by MAYBL8 (Yesterday 21:09:18)

seth · Today 07:45:36

So should I not use keyring?

You're supposed to put the key into the airootfs, not install it via a package, no.

MAYBL8 · Today 12:45:16

Ok
I removed the keyring from trying to be installed. Don't know why I thought it need to be installed.
I need to back through and do some more reading about package signatures and keyrings and my repo.
Thanks for the help
I am going to mark this as solved.
I am sure I will have more issues.

Arch Linux

#1 Yesterday 11:43:05

[SOLVED] Need help with learning about mirrorlists and keyrings

#2 Yesterday 13:20:00

Re: [SOLVED] Need help with learning about mirrorlists and keyrings

#3 Yesterday 13:35:49

Re: [SOLVED] Need help with learning about mirrorlists and keyrings

#4 Yesterday 13:52:19

Re: [SOLVED] Need help with learning about mirrorlists and keyrings

#5 Yesterday 13:58:53

Re: [SOLVED] Need help with learning about mirrorlists and keyrings

#6 Yesterday 14:08:31

Re: [SOLVED] Need help with learning about mirrorlists and keyrings

#7 Yesterday 14:17:46

Re: [SOLVED] Need help with learning about mirrorlists and keyrings

#8 Yesterday 18:29:15

Re: [SOLVED] Need help with learning about mirrorlists and keyrings

#9 Yesterday 19:18:53

Re: [SOLVED] Need help with learning about mirrorlists and keyrings

#10 Yesterday 19:30:01

Re: [SOLVED] Need help with learning about mirrorlists and keyrings

#11 Yesterday 20:13:50

Re: [SOLVED] Need help with learning about mirrorlists and keyrings

#12 Yesterday 20:41:08

Re: [SOLVED] Need help with learning about mirrorlists and keyrings

#13 Yesterday 20:46:57

Re: [SOLVED] Need help with learning about mirrorlists and keyrings

#14 Yesterday 20:58:27

Re: [SOLVED] Need help with learning about mirrorlists and keyrings

#15 Yesterday 21:05:19

Re: [SOLVED] Need help with learning about mirrorlists and keyrings

#16 Today 07:45:36

Re: [SOLVED] Need help with learning about mirrorlists and keyrings

#17 Today 12:45:16

Re: [SOLVED] Need help with learning about mirrorlists and keyrings

Board footer