[arch-dev-public] pacman root key issue with gnupg-2.1

Allan McRae allan at archlinux.org
Mon Dec 1 02:14:34 UTC 2014

Hi all,

With GnuPG 2.1, they have tightened up on keys without a passphrase.  We
don't have a passphrase on the root key in the pacman keyring...  This
means that things like adding keys (pacman-key --recv-key <keyid>) now fail.

The pacman-4.1.2-7 has a patch to pacman-key that adds an option when
creating the initial key that allows passphraseless keys to work.  The
only solution I can see to this problem is having everyone regenerate
their pacman root key.

make sure you have pacman >= 4.1.2-7 installed
rm -r /etc/pacman.d/gnupg
pacman-key --init
pacman-key --populate archlinux
readd any other keys you need

Of course, the original key generation will take a very, very, very long
time.  So we will also have to encourage users to install haveged and
run it.

Or can a gnupg expert point out another way to deal with this change?


More information about the arch-dev-public mailing list