Shared posts

17 Dec 10:19

GnuPG-2.1 and the pacman keyring

by Gaetan Bisson

The upgrade to gnupg-2.1 ported the pacman keyring to a new upstream format but in the process rendered the local master key unable to sign other keys. This is only an issue if you ever intend to customize your pacman keyring. We nevertheless recommend all users fix this by generating a fresh keyring.

In addition, we recommend installing haveged, a daemon that generates system entropy; this speeds up critical operations in cryptographic programs such as gnupg (including the generation of new keyrings).

To do all the above, run as root:

pacman -Syu haveged
systemctl start haveged
systemctl enable haveged

rm -fr /etc/pacman.d/gnupg
pacman-key --init
pacman-key --populate archlinux