[arch-announce] GnuPG-2.1 and the pacman keyring

Arch Linux: Recent news updates: Gaetan Bisson announce at archlinux.org
Mon Dec 8 03:01:01 UTC 2014

The upgrade to gnupg-2.1 ported the pacman keyring to a new upstream format but
in the process rendered the local master key unable to sign other keys. This is
only an issue if you ever intend to customize your pacman keyring. We
nevertheless recommend all users fix this by generating a fresh keyring.

In addition, we recommend installing haveged, a daemon that generates system
entropy; this speeds up critical operations in cryptographic programs such as
gnupg (including the generation of new keyrings).

To do all the above, run as root:

    pacman -Syu haveged

    systemctl start haveged

    systemctl enable haveged

    rm -fr /etc/pacman.d/gnupg

    pacman-key --init

    pacman-key --populate archlinux

URL: https://www.archlinux.org/news/gnupg-21-and-the-pacman-keyring/

More information about the arch-announce mailing list