On Mon Dec 1, 2025 at 3:55 PM CET, Ariadna Vigo wrote:
Hi everyone, For a couple of weeks now, I have been noticing that archlinux-keyring-wkd-sync.service fails every single time it is fired up by its accompanying timer. Restarts are attempted, but fail nonetheless. The reason why is that many keys are not retrievable via WKD, I imagine because they are not set up to be so by their respective owners. I have waited enough to confirm that it wasn't some network error on my side before sending this message.
Journal info on the failing keys is available at [1]. All other keys are correctly retrieved via WKD and refreshed if that's the case, so this isn't a critical issue.
However, if some key isn't available via WKD, maybe should it be silently dropped, so that errors are reserved to something bad happening to keys that are available via the protocol? Keys that aren't available via WKD will get updated via regular updates to the archlinux-keyring package in any case.
The thing is that I find having a service failing this way (with a timer that is enabled by default) avoidable. That 'systemctl status' shows a degraded status every week because of this false positive makes it harder to detect when something else might have gone wrong that could require proper attention.
Best, Ariadna
[1]: https://paste.sr.ht/~ariadna/0f509b0c5823ab225523c989617967820db07a3a
Following up on this, after several tests: 1. Changing DNS servers doesn't fix the issue, as neither does changing the resolver (from NetworkManager to systemd-resolved). 2. Resetting the keyring (deleting /etc/pacman.d/gnupg) and afterwards calling the pacman-key --init, pacman-key --populate combo doesn't work either. 3. Connecting to a *different* network whatsoever doesn't fix this either. My observation is that only keys under the archlinux.org domain fail, but not all of them. Keys under other domains never fail, on the other hand. Any ideas? -- Ariadna Vigo https://ariadnavigo.xyz gpg 0xC948873069856D6D