I forgot about the keyring for sublimetext repo. So I downloaded the keyring and when executing pacman-key to add it
$ sudo pacman-key --add sublimehq-pub.gpg
==> ERROR: You do not have sufficient permissions to read the pacman keyring.
==> Use 'pacman-key --init' to correct the keyring permissions.
As of just now - running
sudo pacman -Syu
[...]
(23/23) checking keys in keyring [------------------------------------] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
Then
08:26:29 ○ [fh@tiger] ~
$ sudo pacman-key --init
[sudo] password for fh:
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/2EDA04FF2292B86C1A9677A7CAD923AD7ADDB8CE.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
08:30:39 ○ [fh@tiger] ~
$ sudo pacman-key --add sublimehq-pub.gpg
==> Updating trust database...
gpg: no need for a trustdb check
08:31:12 ○ [fh@tiger] ~
$ sudo pacman-key --populate archlinux manjaro
==> Appending keys from archlinux.gpg...
==> Appending keys from manjaro.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signed 23 keys.
==> Importing owner trust values...
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: inserting ownertrust of 4
gpg: setting ownertrust to 4
gpg: inserting ownertrust of 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: inserting ownertrust of 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: inserting ownertrust of 4
==> Disabling revoked keys in keyring...
-> Disabled 52 keys.
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 20 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 20 signed: 98 trust: 0-, 0q, 0n, 20m, 0f, 0u
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: (use option "--allow-weak-key-signatures" to override)
gpg: depth: 2 valid: 74 signed: 22 trust: 74-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2024-04-10
After this the sync worked as expected
signing the sublime text gpg key locally
08:33:27 ○ [fh@tiger] ~
$ sudo pacman-key --lsign-key 8a8f901a
-> Locally signed 1 keys.
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 21 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 21 signed: 98 trust: 1-, 0q, 0n, 20m, 0f, 0u
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: (use option "--allow-weak-key-signatures" to override)
gpg: depth: 2 valid: 74 signed: 22 trust: 74-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2024-04-10
Checking sublime text repo for update
$ sudo pacman -Syu
:: Synchronizing package databases...
core is up to date
extra is up to date
multilib is up to date
sublime-text 1841,0 B 5,04 KiB/s 00:00 [------------------------------------] 100%
:: Starting full system upgrade...
there is nothing to do
The file tree /etc/pacman.d
/etc/pacman.d
├── gnupg
│ ├── gpg-agent.conf
│ ├── gpg.conf
│ ├── openpgp-revocs.d
│ │ └── 2EDA04FF2292B86C1A9677A7CAD923AD7ADDB8CE.rev
│ ├── private-keys-v1.d
│ │ └── 4A30CAB81F184FDA1E2D21E6B38A137EBF2CEA7D.key
│ ├── pubring.gpg
│ ├── pubring.kbx
│ ├── pubring.kbx~
│ ├── S.dirmngr
│ ├── secring.gpg
│ ├── S.gpg-agent
│ ├── S.gpg-agent.browser
│ ├── S.gpg-agent.extra
│ ├── S.gpg-agent.ssh
│ ├── S.keyboxd
│ ├── tofu.db
│ └── trustdb.gpg
├── mesa-nonfree.pre.repo.conf
└── mirrorlist
4 directories, 18 files
A reboot invalidates the keyring
09:03:12 ○ [fh@tiger] ~
$ uptime
09:03:39 up 14 min, 1 user, load average: 0,48, 0,38, 0,20
09:03:39 ○ [fh@tiger] ~
$ sudo pacman -Syu
warning: Public keyring not found; have you run 'pacman-key --init'?
error: sublime-text: key "F57D4F59BD3DF454" is unknown
error: keyring is not writable
:: Synchronizing package databases...
core is up to date
extra is up to date
multilib is up to date
sublime-text 1841,0 B 5,18 KiB/s 00:00 [------------------------------------] 100%
error: sublime-text: key "F57D4F59BD3DF454" is unknown
error: keyring is not writable
error: failed to synchronize all databases (invalid or corrupted database (PGP signature))
The file tree /etc/pacman.d is now
09:04:55 ○ [fh@tiger] ~
$ tree /etc/pacman.d
/etc/pacman.d
├── gnupg
│ ├── pubring.kbx
│ ├── S.dirmngr
│ ├── S.gpg-agent
│ ├── S.gpg-agent.browser
│ ├── S.gpg-agent.extra
│ ├── S.gpg-agent.ssh
│ ├── S.keyboxd
│ └── trustdb.gpg
├── mesa-nonfree.pre.repo.conf
└── mirrorlist
2 directories, 10 files
That folder is not something I check on a regular base - but there is a lot of sockets now - I am not sure I have seen them before