Possible issue of keyring renew algorithm

The Pacman troubleshooting - Manjaro article tells:

1. Remove old (and possibly broken) keys by entering this command:
sudo rm -r /etc/pacman.d/gnupg

2. Reinstall keyrings including the latest keys:
sudo pacman -Sy gnupg archlinux-keyring manjaro-keyring

The question is:
if to remove all keys in step 1, then in the next step 2 how a package manager could verify any package signature if has no any local keys (at least trusted keys)?
Also at that moment local keyring is not initialized (to make a query of packager keys to).


The issue was meet by 2 people: Unable to update (key issues / corrupted packages) - #12 by saintjules
Also it was mentioned 2.5 years ago: How to solve keyring issues in Manjaro - Tutorials - Manjaro Linux Forum

You found the bootstrapping problem.

At least for arch, there are Master Signing Keys: Arch Linux - Master Signing Keys which are probably hardcoded into Pacman, so that at least the keyring packages can be downloaded and installed.

tracing the issue
~/Desktop ❯ pacman-mirrors -G
unstable
~/Desktop ❯ sudo pacman -Syu 
:: Synchronising package databases...
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
 chaotic-aur is up to date
:: Starting full system upgrade...
 there is nothing to do
~/Desktop ❯ sudo pacman -S gnupg archlinux-keyring manjaro-keyring
warning: gnupg-2.2.32-2 is up to date -- reinstalling
warning: archlinux-keyring-20211028-1 is up to date -- reinstalling
warning: manjaro-keyring-20210910-2 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Package (3)             Old Version  New Version  Net Change  Download Size

core/archlinux-keyring  20211028-1   20211028-1     0.00 MiB       0.96 MiB
core/gnupg              2.2.32-2     2.2.32-2       0.00 MiB       2.38 MiB
core/manjaro-keyring    20210910-2   20210910-2     0.00 MiB       0.14 MiB

Total Download Size:    3.47 MiB
Total Installed Size:  11.49 MiB
Net Upgrade Size:       0.00 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
 manjaro-keyring-20210910-2-any                                                       141.6 KiB   332 KiB/s 00:00 [####################################################################] 100%
 archlinux-keyring-20211028-1-any                                                     979.1 KiB  1293 KiB/s 00:01 [####################################################################] 100%
 gnupg-2.2.32-2-x86_64                                                                  2.4 MiB  2.03 MiB/s 00:01 [####################################################################] 100%
 Total (3/3)                                                                            3.5 MiB  2.85 MiB/s 00:01 [####################################################################] 100%
(3/3) checking keys in keyring                                                                                    [####################################################################] 100%
(3/3) checking package integrity                                                                                  [####################################################################] 100%
(3/3) loading package files                                                                                       [####################################################################] 100%
(3/3) checking for file conflicts                                                                                 [####################################################################] 100%
(3/3) checking available disk space                                                                               [####################################################################] 100%
:: Processing package changes...
(1/3) reinstalling gnupg                                                                                          [####################################################################] 100%
(2/3) reinstalling archlinux-keyring                                                                              [####################################################################] 100%
==> Appending keys from archlinux.gpg...
==> Updating trust database...
gpg: next trustdb check due at 2022-01-20
==> Updating trust database...
gpg: next trustdb check due at 2022-01-20
(3/3) reinstalling manjaro-keyring                                                                                [####################################################################] 100%
==> Appending keys from manjaro.gpg...
gpg: error reading key: No public key
gpg: error reading key: No public key
==> Disabling revoked keys in keyring...
  -> Disabled 2 keys.
==> Updating trust database...
gpg: next trustdb check due at 2022-01-20
:: Running post-transaction hooks...
(1/3) Arming ConditionNeedsUpdate...
(2/3) Refreshing PackageKit...
(3/3) Updating the info directory file...
~/Desktop ❯ ls -A1 /etc/pacman.d/gnupg 
crls.d
gpg-agent.conf
gpg.conf
.gpg-v21-migrated
openpgp-revocs.d
private-keys-v1.d
pubring.gpg
pubring.gpg~
S.dirmngr
secring.gpg
S.gpg-agent
S.gpg-agent.browser
S.gpg-agent.extra
S.gpg-agent.ssh
tofu.db
trustdb.gpg
~/Desktop ❯ ls ~/.gnupg                                           
ls: cannot access '/home/m/.gnupg': No such file or directory
~/Desktop ❯ sudo pacman-key -l | wc -l 
1060
~/Desktop ❯ sudo rm -r /etc/pacman.d/gnupg 
~/Desktop ❯ sudo rm -r /etc/pacman.d/gnupg
rm: cannot remove '/etc/pacman.d/gnupg': No such file or directory
~/Desktop ❯ ls -A1 /etc/pacman.d/gnupg    
ls: cannot access '/etc/pacman.d/gnupg': No such file or directory
~/Desktop ❯ sudo pacman-key -l | wc -l    
==> ERROR: You do not have sufficient permissions to read the pacman keyring.
1
~/Desktop ❯ sudo pacman -Sy gnupg archlinux-keyring manjaro-keyring
:: Synchronising package databases...
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
 chaotic-aur is up to date
warning: gnupg-2.2.32-2 is up to date -- reinstalling
warning: archlinux-keyring-20211028-1 is up to date -- reinstalling
warning: manjaro-keyring-20210910-2 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Package (3)             Old Version  New Version  Net Change

core/archlinux-keyring  20211028-1   20211028-1     0.00 MiB
core/gnupg              2.2.32-2     2.2.32-2       0.00 MiB
core/manjaro-keyring    20210910-2   20210910-2     0.00 MiB

Total Installed Size:  11.49 MiB
Net Upgrade Size:       0.00 MiB

:: Proceed with installation? [Y/n] 
(3/3) checking keys in keyring                                                                                    [####################################################################] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
~/Desktop ❯ sudo pacman-key --init                                 
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: key D511D8FDEE74B7D5 marked as ultimately trusted
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/506FBFEE53605BD8F059F8CCD511D8FDEE74B7D5.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
~/Desktop ❯ sudo pacman -Sy gnupg archlinux-keyring manjaro-keyring
:: Synchronising package databases...
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
 chaotic-aur is up to date
warning: gnupg-2.2.32-2 is up to date -- reinstalling
warning: archlinux-keyring-20211028-1 is up to date -- reinstalling
warning: manjaro-keyring-20210910-2 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Package (3)             Old Version  New Version  Net Change

core/archlinux-keyring  20211028-1   20211028-1     0.00 MiB
core/gnupg              2.2.32-2     2.2.32-2       0.00 MiB
core/manjaro-keyring    20210910-2   20210910-2     0.00 MiB

Total Installed Size:  11.49 MiB
Net Upgrade Size:       0.00 MiB

:: Proceed with installation? [Y/n] 
(3/3) checking keys in keyring                                                                                    [####################################################################] 100%
downloading required keys...
:: Import PGP key 51E8B148A9999C34, "Evangelos Foutras <foutrelis@archlinux.org>"? [Y/n] y
:: Import PGP key 6D42BDD116E0068F, "Christian Hesse <arch@eworm.de>"? [Y/n] y
:: Import PGP key DAD3B211663CA268, "Bernhard Landauer <oberon@manjaro.org>"? [Y/n] y
(3/3) checking package integrity                                                                                  [####################################################################] 100%
error: gnupg: signature from "Evangelos Foutras <foutrelis@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/gnupg-2.2.32-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: archlinux-keyring: signature from "Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20211028-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: manjaro-keyring: signature from "Bernhard Landauer <bernhard@manjaro.org>" is unknown trust
:: File /var/cache/pacman/pkg/manjaro-keyring-20210910-2-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
~/Desktop ❯ sudo pacman -Sy gnupg archlinux-keyring manjaro-keyring
:: Synchronising package databases...
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
 chaotic-aur is up to date
warning: gnupg-2.2.32-2 is up to date -- reinstalling
warning: archlinux-keyring-20211028-1 is up to date -- reinstalling
warning: manjaro-keyring-20210910-2 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Package (3)             Old Version  New Version  Net Change  Download Size

core/archlinux-keyring  20211028-1   20211028-1     0.00 MiB       0.96 MiB
core/gnupg              2.2.32-2     2.2.32-2       0.00 MiB       2.38 MiB
core/manjaro-keyring    20210910-2   20210910-2     0.00 MiB       0.14 MiB

Total Download Size:    3.47 MiB
Total Installed Size:  11.49 MiB
Net Upgrade Size:       0.00 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
 manjaro-keyring-20210910-2-any                                                       141.6 KiB   605 KiB/s 00:00 [####################################################################] 100%
 archlinux-keyring-20211028-1-any                                                     979.1 KiB  1316 KiB/s 00:01 [####################################################################] 100%
 gnupg-2.2.32-2-x86_64                                                                  2.4 MiB  1652 KiB/s 00:01 [####################################################################] 100%
 Total (3/3)                                                                            3.5 MiB  2.28 MiB/s 00:02 [####################################################################] 100%
(3/3) checking keys in keyring                                                                                    [####################################################################] 100%
(3/3) checking package integrity                                                                                  [####################################################################] 100%
error: gnupg: signature from "Evangelos Foutras <foutrelis@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/gnupg-2.2.32-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: archlinux-keyring: signature from "Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20211028-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: manjaro-keyring: signature from "Bernhard Landauer <bernhard@manjaro.org>" is unknown trust
:: File /var/cache/pacman/pkg/manjaro-keyring-20210910-2-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
~/Desktop ❯ sudo pacman-key --init                                 
~/Desktop ❯ sudo pacman-key -l | wc -l                             
25
~/Desktop ❯ sudo pacman-key -l        
/etc/pacman.d/gnupg/pubring.gpg
-------------------------------
pub   rsa4096 2021-11-29 [SC]
      506FBFEE53605BD8F059F8CCD511D8FDEE74B7D5
uid           [ultimate] Pacman Keyring Master Key <pacman@localhost>

pub   rsa2048 2010-11-12 [SC]
      86CFFCA918CF3AF47147588051E8B148A9999C34
uid           [ unknown] Evangelos Foutras <foutrelis@archlinux.org>
sub   rsa2048 2010-11-12 [E]

pub   rsa2048 2011-08-12 [SC]
      02FD1C7A934E614545849F19A6234074498E9CEE
uid           [ unknown] Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>
sub   rsa2048 2011-08-12 [E]
sub   ed25519 2019-08-29 [S]
sub   cv25519 2019-08-29 [E]

pub   rsa2048 2015-07-12 [SC]
      39F0EC1AE50B37E5F3196F09DAD3B211663CA268
uid           [ unknown] Bernhard Landauer <bernhard@manjaro.org>
uid           [ unknown] Bernhard Landauer <oberon@manjaro.org>
sub   dsa2048 2015-10-01 [S]
sub   rsa2048 2015-07-12 [E]

~/Desktop ❯