From 514d0b900c85d8a54ec27c96c13b59fda9f53efb Mon Sep 17 00:00:00 2001 From: Breadway Date: Wed, 17 Jun 2026 18:49:55 +0800 Subject: [PATCH] Initialise the pacman keyring during install MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fresh installs couldn't update — the live medium's /etc/pacman.d/gnupg doesn't reliably carry to the target, so the first `pacman -Syu` failed with "keyring is not writable / required key missing from keyring". Run pacman-key --init + --populate archlinux in post-install so signature verification works out of the box. ([breadway] is SigLevel=Never, so no extra key needed.) --- iso/airootfs/etc/calamares/post-install.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/iso/airootfs/etc/calamares/post-install.sh b/iso/airootfs/etc/calamares/post-install.sh index e318ed1..82e7dba 100644 --- a/iso/airootfs/etc/calamares/post-install.sh +++ b/iso/airootfs/etc/calamares/post-install.sh @@ -23,6 +23,19 @@ userdel -r liveuser 2>/dev/null || true # Root used a passwordless entry on the live medium; lock it (sudo model). passwd -l root || true +# --------------------------------------------------------------------------- +# Pacman keyring. The live medium's /etc/pacman.d/gnupg doesn't reliably carry +# over to the target (unpackfs may skip it / perms differ), leaving the installed +# system unable to verify package signatures — the first `pacman -Syu` then dies +# with "keyring is not writable / required key missing". Initialise it here so a +# fresh install can update out of the box. archlinux-keyring is already present; +# [breadway] is SigLevel=Never so it needs no key. +# --------------------------------------------------------------------------- +if command -v pacman-key &>/dev/null; then + pacman-key --init || echo "WARN: pacman-key --init failed" + pacman-key --populate archlinux || echo "WARN: pacman-key --populate failed" +fi + # --------------------------------------------------------------------------- # Boot splash (Plymouth) — BOS logo + spinner instead of kernel text. Done # BEFORE grub so grub.cfg picks up the new cmdline and the rebuilt initramfs.