Do you still need to update archlinux-keyring before pacman -Syu?
For some time pacman used to have a problem where:
- Occasionally Arch maintainers introduce new GPG keys
- They start signing packages with the keys
- Your local pacman doesn't receive these until you update
- When you do a full system update, some new packages are signed with new keys
- Pacman attempts to validate everything before updating the keyring, which means the new packages fail
- The system update fails
- Keyring is not updated because it was part of the system update
The solution was to do something like
pacman -Sy archlinux-keyring && pacman -Su and I've had it in my update script for a while.
Is this issue still the case? I noticed some systemd services about updating the keyring recently, but I have no idea if it's doing what I think.