[arch-dev-public] pacman root key issue with gnupg-2.1
Gaetan Bisson
bisson at archlinux.org
Sun Dec 7 22:51:39 UTC 2014
[2014-12-08 08:18:29 +1000] Allan McRae:
> My only comment is to add a comment about using haveged. I have not
> successfully generated a key without it running lately...
Good idea. Here is an updated proposal:
The upgrade to gnupg-2.1 tampered with the pacman keyring in a
way that rendered the local master key unable to sign other
keys. This is only an issue if you ever intend to customize your
pacman keyring. We nevertheless recommend all users fix this by
generating a fresh keyring.
In addition, we recommend installing haveged, a daemon that
generates system entropy; this speeds up critical operations in
cryptographic programs such as gnupg (including the generation
of new keyrings).
To do all the above, run as root:
pacman -Syu haveged
systemctl start haveged
systemctl enable haveged
rm -fr /etc/pacman.d/gnupg
pacman-key --init
pacman-key --populate archlinux
Cheers.
--
Gaetan
More information about the arch-dev-public
mailing list