Reconsider archlinux-keyring-wkd-sync's enabled by default

I've been seeing a lot of keyring failures (broken gpg store) since the decision of enabling archlinux-keyring-wkd-sync.timer by default. GPG isn't handling multitasking very well, and the key store's easily corrupted if you update the archlinux-keyring package while archlinux-keyring-wkd-sync.service is running. This is especially commonly seen in the Chinese community because we often have very poor internet connection to Arch's wkd server. The service does't have a timeout setting too, which allows it to be constantly running for days, and makes it very easy to collide with an -Syu.

Please reconsider the timer and maybe don't enable it by default. It's very frustrating to handle broken keyrings every week, which involves killing any running gpg-agent/dirmngr processes that people often forget to, and the error messages are cryptic.

Just wondering... Those suffering the problem still have lock-never in pacman's gpg.conf?

pacman/pacman@1d1bb6fa

Are they only applied on newly generated gnupg dir? That would make sense...

Hmm, to possibly solve this once and forever... How about adding a small command to the install script?

sed -i '/^lock-never$/d' /etc/pacman.d/gnupg/gpg.conf

But not sure we should mess with user's configuration.

Or maybe worth a news item to ask the user do it? But either is fine for me :)

closed

Pushed archlinux-keyring 20240709-2, let's see if that improves the situation.