Skip to content

Draft: Remove pacman-init.service from releng

nl6720 requested to merge rm-pacman-init.service into master

pacman-init.service causes more problems than it's worth.

Due to archlinux-keyring bloat, it takes too long to finish making it possible to corrupt the keyring if pacman or pacstrap is used before pacman-init.service is done.

If the timezone is in UTC+X, gpg as run by pacman-key will create and sign the keys with a future timestamp causing issues when updating the pacman keyring.

The solutions were to either:

  • Automate more. Enable systemd-timesyncd.service and systemd-time-wait-sync.service. Order pacman-init.service after time-sync.target.
  • Automate less. Get rid of pacman-init.service entirely.

"Automating more" just means more automagic that makes the releng profile differ from a newly installed system. Which in turn gives false expectations for those installing Arch.

This change will require that users manually initialize the pacman keyring and populate the keys in the live environment. I.e. these commands will now need to be run manually:

# pacman-key --init
# pacman-key --populate

Alternatively, using the latest Arch Linux keyring from the repos:

# pacman-key --init
# pacman -Sy archlinux-keyring

Regardless of the chosen commands, they should be run after the system time is synced via NTP.

Fixes #190 (closed) Fixes #191 (closed)

Edited by nl6720

Merge request reports

Loading