Refresh archlinux-keyring for old keyrings #2213
Comments
|
There's an automated key-ring-update-service called archlinux-keyring-wkd-symc.service on the Arch ISO as of a couple of months ago. The issue is the race condition of network not being up during it's first execution, delaying the update but a substantial amount. The best way forward would be to stop monkey-patching Instead, there's two things that should happen (from a personal perspective):
|
|
When I initially made this comment I was working with the 2023.06 image and thought that it was basically my fault for using an old image, so it seemed like it would be simple to add a check but as I have learned more (with your comments as well) its clear this is much more complicated and I agree with you as to the approach. I updated to 2023.11.01 and found that I could not get the archinstall script to work at all and I ended up having to redownload the 2023.06 to get it working again and before running archinstall I manually ran All this to say I agree that the main solution should probably be making the keyring init and update process bulletproof, which is out of the responsibility of this project. |
|
The one thing I want to convey, and I truly mean this, I understand the frustration! And I agree that this is an issue - and I am pushing for change to get this fixed. Throughout the years we've done everything from And one of them is that the signing keys expire before there's a new one in place, the second being that the auto-update feature is a good step in the right direction - but it's incomplete. And I'll do what I can to push fixes for them. Sadly that takes time away from |
|
Well I must also convey my thanks that you volunteer to do this at all. I get a free operating system for nothing. I am not sure if this would be possible to know in advance, but I wonder if it would be possible to have something like a way to know right as you call That of course would depend on the script being able to know in advance that there is a problem with the keyring, which may be just as complicated as the cat and mouse game you are trying to avoid. |
|
Why is |
Just hit this and popped over to see if there was already an issue tracking this ... and manually installing |
Since archinstall is included on the default archlinux installation media, it would be common for arch uses to keep an old usb drive with arch installation media on hand for emergency recovery. Also with tools like ventoy it is more popular to keep a usb drive full of isos as a toolkit.
As these Arch isos age, the keyrings they come with expire leading to failures to install packages in the middle of the archinstall script - after destructive steps like disk partitioning and filesystem creation have been completed. The simplest solution is to reboot into the arch install media, run
pacman -S archlinux-keyring, then run archinstall, but new users might not know this and the user might not have access to a secondary device to easily look up commands.Archinstall could prevent this problem by refreshing the archlinux-keyring early in the script, or at least to offer the option to refresh the keyring before a point of no return.
The text was updated successfully, but these errors were encountered: