[arch-dev-public] pacman root key issue with gnupg-2.1

Gaetan Bisson bisson at archlinux.org
Sun Dec 7 22:51:39 UTC 2014

[2014-12-08 08:18:29 +1000] Allan McRae:
> My only comment is to add a comment about using haveged.  I have not
> successfully generated a key without it running lately...

Good idea. Here is an updated proposal:

	The upgrade to gnupg-2.1 tampered with the pacman keyring in a
	way that rendered the local master key unable to sign other
	keys. This is only an issue if you ever intend to customize your
	pacman keyring. We nevertheless recommend all users fix this by
	generating a fresh keyring.

	In addition, we recommend installing haveged, a daemon that
	generates system entropy; this speeds up critical operations in
	cryptographic programs such as gnupg (including the generation
	of new keyrings).

	To do all the above, run as root:

		pacman -Syu haveged
		systemctl start haveged
		systemctl enable haveged

		rm -fr /etc/pacman.d/gnupg
		pacman-key --init
		pacman-key --populate archlinux



More information about the arch-dev-public mailing list