On 9/21/23 02:38, Lone_Wolf wrote:
Did you have keyring issues before the archlinux-keyring package was created/added ?
If not , you can disable the timer - like I have done - by executing (as root)
sysctl mask archlinux-keyring-wkd-sync.timer
No, I didn't have any issues with the keyring or keys. The only reason it got my attention was checking the journal looking for a mail message, dhcp handout or named zone transfer and finding thousands and thousands of lines of archlinux-keyring-wkd-sync timeouts. Genes fix for related, established connections solve the problem, but that just got me thinking there has to be a better way than having the user stumble across the issue if they have it and then fumble around looking for a fix. Having archlinux-keyring-wkd-sync check connectivity before looping over each key seemed reasonable. I want the sync to run. I think it is a good idea. It just saves having to do pacman -Sy --needed archlinux-keyring when a key issue surfaces. If it is worth adding a check for connectivity, it shouldn't be that hard to do, if not, well at least the smart folks thought about it and decided it wasn't needed. Adding a note to the wiki would be a good fix as well. At least a note that addresses the event of a connection failure due to firewall config and suggests adding the related, established rule to whatever firewall you are running with a short example for nftables and iptables could be done in about 6 lines. I'll drop the idea in the talk page. -- David C. Rankin, J.D.,P.E.