1. Home
  3. Arch
  5. How to Update Keyring on Arch Linux?

How to Update Keyring on Arch Linux?

Arch Linux keyring is a collection of OpenPGP keys that make sure the official repositories downloaded packages are authentic. The keyring is managed by the pacman-key command. Using the keyring command you can add, remove, and update keys.

This article will cover the concept of OpenPGP keys and why they are necessary for any package you install on Arch Linux.

Contents:

What is Keyring in Arch Linux?

Arch Linux uses a web of trust model to verify the authenticity of packages. The keyring is a collection of OpenPGP keys used to sign packages and databases.

You need OpenPGP keys to check if the packages you get from the official repositories are genuine. These keys are stored in the Arch Linux keyring. You can use the pacman-key command to change the keys in the keyring.

To list the available keys, run this command:

pacman-key -l

Similarly, you can perform other operations related to keys using these options:

  • -a, –add: Add the specified keys (empty for stdin)
  • -d, –delete: Remove the specified keyids
  • -e, –export: Export the specified or all keyids
  • -f, –finger: List fingerprint for specified or all keyids
  • -l, –list-keys: List the specified or all keys
  • -r, –recv-keys: Fetch the specified keyids
  • -u, –updatedb: Update the trustdb of pacman
  • -v, –verify: Verify the file(s) specified by the signature(s)

Type this command to get detailed information about keyring options on Arch Linux:

pacman-key -h

Updating Keyring Using Pacman

To update the keyring, you need to install the latest version of the archlinux-keyring package, which contains the current master keys and developers’ keys.

First, start by clearing the package cache:

sudo pacman -Scc

Now force refresh the package database:

sudo pacman -Syy

A screenshot of a computer Description automatically generated

Next, you have to update the archlinux-keyring package:

sudo pacman -S archlinux-keyring

A screenshot of a computer Description automatically generated

This will synchronize the package databases and install the archlinux-keyring package.

Now run the given command to initialize the Pacman keyring:

sudo pacman-key --init

The above command will ensure that the keyring is properly initialized and has the required access permissions. It also generates a unique OpenPGP key for the user. This key will verify the keys on the web of trust model.

To populate the keyring with the master keys and your key, run this command:

sudo pacman-key --populate archlinux

A screenshot of a computer Description automatically generated

The –populate command will reload the default keys from the keyrings in /usr/share/pacman/keyrings. This includes the master signing keys that are used to co-sign all other packager’s keys.

Adding Other Keys to Arch Linux Keyring

You can also add other keys to the keyring, such as those of unofficial package maintainers or custom packages. To do this, first import the keys from the keyserver or a file. For example, to import a key from a keyserver, you can run:

sudo pacman-key --recv-keys keyid

Here, keyid is the identifier of the key you want to import. You can find the keyid from the key owner or a keyserver.

Now we will import the public key with the ID 0x6C897266 from a keyserver into Pacman’s keyring. The developer Alexander Epaneshnikov maintains this key ID:

sudo pacman-key --recv-keys 0x6C897266

To get all other master keys, you can visit the Arch Linux Master Keys page. These keys are like the official stamps of approval for distribution. Different developers have different keys, and they can cancel each other’s keys if needed. That way, no single developer can control everything by themselves.

To import a key from a file, you can run:

sudo pacman-key --add /path/to/keyfile

Where /path/to/keyfile is the location of the downloaded keyfile. You can also use the keyringctl script to manage the keyring, which is available on GitHub.

Why You Need to Update Arch Linux Keyring?

You need to update the Arch Linux Keyring because these keys are not permanent and can expire or be replaced over time. Therefore, if you have an outdated system, you may encounter errors when trying to update or install new packages. These errors are usually invalid or corrupted packages or unknown trust. This is because your system does not recognize the new or updated keys that are used to sign the packages. To fix these errors, update the arch-keyring package first. This will download the latest keys for your system and verify the packages correctly.

Conclusion

Keyring in Arch Linux makes sure that the packages you install from the official repositories are secured. It contains a collection of OpenPGP keys. These keys are used for signing and verifying the packages and databases. You need to update the keyring regularly. This will avoid any system update errors. To update the keyring in Arch Linux, you can use the pacman-key command. This command will import and update the new keyrings if available.

 

Print Friendly, PDF & Email
Categories