configs: common: add pacman-init for initialising keyrings

Based on https://gitlab.archlinux.org/archlinux/archiso/-/blob/master/configs/releng/airootfs/etc/systemd/system/pacman-init.service

builder/component/pacman.py

@@ -151,6 +151,9 @@ class Pacman:
 				if ret != 0: raise OSError(f"wget failed with {ret}")
 				self.pacman_key(["--add", keypath])
 				self.lsign_key(repo.keyid)
+			elif repo.keyid is not None:
+				self.recv_keys(repo.keyid)
+				self.lsign_key(repo.keyid)
 
 	def init_config(self):
 		"""
@@ -302,9 +305,6 @@ class Pacman:
 			if "publickey" in repo and "keyid" not in repo:
 				raise ArchBuilderConfigError("publickey is provided without keyid")
 
-			if "keyid" in repo and "publickey" not in repo:
-				raise ArchBuilderConfigError("keyid is provided without publickey")
-
 			if "publickey" in repo:
 				pacman_repo.publickey = repo["publickey"]
 

configs/common/pacman-init.yaml

@@ -0,0 +1,17 @@
+filesystem:
+  files:
+  - path: /etc/systemd/system/wait-addresses@.service
+    content: |
+      [Unit]
+      Description=Initializes Pacman keyring
+      Requires=etc-pacman.d-gnupg.mount
+      After=etc-pacman.d-gnupg.mount time-sync.target
+      BindsTo=etc-pacman.d-gnupg.mount
+      Before=archlinux-keyring-wkd-sync.service
+      [Service]
+      Type=oneshot
+      RemainAfterExit=yes
+      ExecStart=/usr/bin/pacman-key --init
+      ExecStart=/usr/bin/pacman-key --populate
+      [Install]
+      WantedBy=multi-user.target