pacman - Update archlinux-keyring before updating the system

[skidunion]

When doing a full system upgrade (pacman -Syu) with pacman, some packages may fail to update because they have an invalid GPG signature. Typically, archlinux-keyring is listed as upgradeable alongside other packages.

Topgrade should first update the keys - pacman -Sy archlinux-keyring --needed, then start the system upgrade. This should also be applied to yay if it's ran instead of pacman.

Distribution-specific keyring packages (e.g. artix-keyring) should also be updated.

I've recently encountered this issue with libinih. This fix is suggested on Arch Wiki.

[Akeshihiro]

Well, I've also run into that kind of problems some times now and such a convenience feature in topgrade would be nice, but from my point of view this is an issue caused by pacman itselfs, isn't it? It would be nice, if topgrade would have such a feature, just for convenience, but the root cause here is the pacman tooling and therefore I would say that this issue should be filed in the pacman repo so that the pacman devs can fix it.

In my eyes this also applies to other similar cases like with the artix-keyring. Just my view on that.

[Akeshihiro]

I still think that this is an issue related to the Arch Linux community (and its derivates). But on the other hand I somehow like the idea that topgrade could solve this issue for topgrade users because I've ran multiple times into this issue and I am sure this is true for way more people.

So I hacked around a little bit, just to try to solve this. And for me as an Arch Linux user, the solution is actually pretty simple as I only would have to upgrade the archlinux-keyring package beforehand. But it turns out, there are some Arch Linux derivates and some of them do maintain their own keyring packages besides the archlinux-keyring package, e.g. artix-keyring or manjaro-keyring. So I think the solution to this might not be as trivial as it looks in the first place, because multiple Arch Linux based distributions have to be handled properly, at least the distributions officially supported by topgrade at this point. As I am not familiar with topgrade's code base, my current attempt ended up in some sort of spaghetti code :D But maybe there is a somewhat elegant solution for this.

[r-darwish]

Thanks for everyone who contributed to the discussion. After thinking about this I decided that this is a won't do. This is mainly due to the fact that upgrading the keyring package, while considered safe, isn't the recommended thing to do with pacman on a daily basis. In addition to that, as @Akeshihiro, different arch-based distributions have different keyring packages. In addition to that, we have to add support for all supported arch package manager, which will make this a big change, so I don't think it's worth the trouble.