On 9/21/23 02:38, Lone_Wolf wrote:
Did you have keyring issues before the archlinux-keyring package was
created/added ?
If not , you can disable the timer - like I have done - by executing (as root)
sysctl mask archlinux-keyring-wkd-sync.timer
No,
I didn't have any issues with the keyring or keys. The only reason it got
my attention was checking the journal looking for a mail message, dhcp handout
or named zone transfer and finding thousands and thousands of lines of
archlinux-keyring-wkd-sync timeouts.
Genes fix for related, established connections solve the problem, but that
just got me thinking there has to be a better way than having the user stumble
across the issue if they have it and then fumble around looking for a fix.
Having archlinux-keyring-wkd-sync check connectivity before looping over each
key seemed reasonable.
I want the sync to run. I think it is a good idea. It just saves having to
do pacman -Sy --needed archlinux-keyring when a key issue surfaces. If it is
worth adding a check for connectivity, it shouldn't be that hard to do, if
not, well at least the smart folks thought about it and decided it wasn't needed.
Adding a note to the wiki would be a good fix as well. At least a note that
addresses the event of a connection failure due to firewall config and
suggests adding the related, established rule to whatever firewall you are
running with a short example for nftables and iptables could be done in about
6 lines. I'll drop the idea in the talk page.
--
David C. Rankin, J.D.,P.E.
