Old archlinux-keyring in core


Now, this is my first time posting and I don’t know if this is the correct place, so please be gentle.

Recently I have been having problems updating my system due to signature check failures. I has also been preventing me from installing new software with pacman. When I checked the archlinux-keyring version provided by the mirrors vs. what is in archlinux packages (Arch Linux - archlinux-keyring 20240609-1 (any)), the one in arch linux packages is newer than the one available in manjaro core.

After I did some (rather scary) file removals:

rm /usr/bin/archlinux-keyring-wkd-sync /usr/lib/systemd/system/archlinux-keyring-wkd-sync.service /usr/lib/systemd/system/archlinux-keyring-wkd-sync.timer /usr/lib/systemd/system/timers.target.wants/archlinux-keyring-wkd-sync.timer /usr/share/pacman/keyrings/archlinux-revoked /usr/share/pacman/keyrings/archlinux-trusted /usr/share/pacman/keyrings/archlinux.gpg

I was able to manually install the new keyring packages I downloaded:

pacman -U archlinux-keyring-20240609-1-any.pkg.tar.zst

After that, when I ran

pacman -Syu

Everything worked without a hitch.

My question is probably, is this a known issue and is it just me or are there some wider problems with this? Is the keyring really older than it should in the core database?

Don’t Do That!™

Seriously, don’t. Never attempt to change anything under /usr unless you absolutely know what you’re doing.

I cannot tell you why this happened, but several of us have been bitten by this as well a few updates ago, while others were not.

I myself had key ring problems as well, and this was after I had refreshed my mirrors, which suggests that it must have been a problem at the mirrors, and strangely enough, one that should not have happened after refreshing the mirror list.

Either way, the solution is a lot easier than how you did it… :point_down:

sudo pacman-key --init
sudo pacman -S manjaro-keyring archlinux-keyring
sudo pacman-key --populate manjaro archlinux

See Pacman troubleshooting - Manjaro. :wink:

The archlinux-keyring usually matches the packages in the repo.

Please be aware of the flow between stable ← testing ← unstable ← upstream and the obvious difference between upstream and Manjaro stable branch.


@Aragorn I know that the file removal was far from safe, I just was running out of options. The solution offered here simply did not work for me.

An update for archlinux-keyring to 20240609-1 has just popped up, so I guess either your problem has been silently solved or a Manjaro maintainer has noticed it too. Or maybe it was just a coincidence?