Updating Arch the right way - Please critique my practices
Hello. Please critique how I'm updating / maintaining my new Arch installation so I can fix anything I'm doing wrong. This is mostly what I could gather from the Arch wiki tailored to my system. I think I know what I'm doing - but as I've often learned, it's easy to misunderstand or overlook some things.
Step 1: perform an incremental full system backup so I have something to restore if the update borks anything. I've chosen to use the rsync command as laid out on the wiki:
I have a large hdd mounted as a secondary drive under /media/linuxhdd. It is configured to automatically mount from fstab using uuid. Both my root drive and that hdd are formatted ext4. I'm not using the -S option because I don't think I'll be using virtual machines (I have other hard drives I can make bootable). --delete is used so I maintain one current set of files for restore purposes. This keeps the copying and transfer time to a minimum. (I maintain disk images offline with a different tool - this is simply one local copy for easy restoration purposes)
Step 2: Check the Arch wiki - follow instructions for any manual steps
Step 3: once every 1-2 months, update the mirror list using reflector
I have an alias in bashrc called upgrade. It runs reflector looking for the fastest of the newest 10 near me. Then it upgrades the keyring, then yay -syu and then paccache -r.
I have the journal limited to 100mb so I don't ever bother cleaning house on that.
I probably don't review pacman logs as often as I should, but stuff rarely breaks and is normally pretty easy for me to figure out what when it does.
So I have a note written down that says "keyring" It's unclear to me if that's something I should do regularly, or just if I have a problem. If I'm not mistaken, it is possible for a package to need the updated keyring even if you do pacman -Syu regularly. But I also think it just pitches an error on that package, which will fail to update. Then you can just update the keyring, then rerun pacman -Syu and everything will be fine?
The archlinux-keyring package holds they gpg signatures used for signing the packages and if you go too long between upgrades it's possible you won't have a signature or an outdated one and a normal -syu will fail because of it. So I just upgrade keyring first and it gets ahead of that issue.
On hardware that I don't update often, the problem happens to me and this is the route I normally use. What I'm wondering is why the Arch guys don't implement this "automatically"... for example if the keyring is in the packages to be updated, we update it first and then the rest of the packages.