Planet Arch Linux & News
65 members
18 links
Planet Arch Linux is a window into the world, work and lives of Arch Linux hackers and developers.
Also we have the latest news from the Arch Linux development staff.

Recently updated packages: @archlinux_updates

Inline ArchWiki search: @archewikibot
Download Telegram
to view and join the conversation
Arch monthly May

Pacman release
Finally! A new pacman release, this version adds some critical bits for reproducible builds and the pacman repository has been shed of misc tools which are now in pacman-contrib. More details in the changelog and on reddit

BUILDINFO Rebuild
For reproducible builds, every package in the repository build on a users system should create exactly the same package as the repository package. To be able to achieve this the packages which where installed in build chroot are recorded in a BUILDINFO file (man BUILDINFO) which is added in the .pkg.tar.xz package. BUILDINFO files where added a while ago in pacman, but not every package contains them yet! Interestingly enough even a rolling release distro contains packages from 2013, these are now being rebuild! This also ties in to the cleanup of archive.archlinux.org, since the archive server is almost full and the 2013/2014/2015 directories will be removed. If you have a good network connection and want to mirror the archive, reach out!

pkgconf replaces pkg-config
As can be read on the mailing list, pkgconf has now replaced pkg-config.

GCC 8 in [core]
The latest version of GCC 8 lands in [core], this enables more warnings by default so older packages might fail to build if they enable -Werror.

http://vdwaa.nl/arch/monthly/may/news/monthly-may/

via @planetarch
Jelle Van der Waa: Arch Linux at FrOSCon

Yet another shoutout for FrOSCon, which will be held 25th and 26th of August. Arch Linux will have a devroom with talks so far about Linux Pro Audio and our general Infrastructure / Reproducible build.Thanks to Stickermule there will be Arch Linux sticker to hand out. Stickermule

https://vdwaa.nl/arch-linux-froscon.html

via @planetarch
libutf8proc>=2.1.1-3 update requires manual intervention

The libutf8proc package prior to version 2.1.1-3 had an incorrect soname link. This has been fixed in 2.1.1-3, so the upgrade will need to overwrite the untracked soname link created by ldconfig. If you get an error
libutf8proc: /usr/lib/libutf8proc.so.2 exists in filesystem
when updating, use
pacman -Suy --overwrite usr/lib/libutf8proc.so.2
to perform the upgrade.

https://www.archlinux.org/news/libutf8proc211-3-update-requires-manual-intervention/
Jelle Van der Waa: Arch monthly July

Archweb updates
The Arch Linux website has been updated and it's search functionality was expanded to make it able to find the 'archlinux-keyring' by searching for 'archlinux keyring'. This was contributed by an external!. Another small visual improvement was made by removing some empty spaces in provides.

AURpublish
AURpublish was added to [community] by eschwartz, a tool to manage your AUR packages.

Dropping luxrender packages
Lukas proposed dropping luxrays, luxrender and luxblend25 packages from [community]. The proposal went through without opposition and embree2 was also dropped in the process.

Python 3.7 in [testing]
Python 3.7 finally landed in [testing] after a painful rebuild period with many packages requiring fixes due to the async keyword or C ABI/Compiler changes.

Enforcing 2FA on Github
This does not impact Arch, but the Github repo used for the development of the Arch security Tracker, website and some mirroring now enforces 2FA in light of the recent Gentoo Github repo incident

Removal of openjdk 9, phasing out Java 7
Anthraxx removed openjdk 9 from the repos since it is EOL and nothing depends on it. Java 7 will be phased out as well soon.

New TU
Filipe Laíns has been accepted as a new TU, read his proposal and results here.

New TU applicant
A new application has arrived, voting is currently underway.

Acroread package compromised
The acroread package was compromised by a user who took over the orphan package and uploaded a new version with

aurweb 4.7.0
A new version of the AUR is deployed with new features and bugfixes.

Linux package source moved
Linux package source moved to github along with changes in the PKGBUILD.

Pacman 5.1.1 release
Pacman 5.1.1 was released containing several bugfixes.

via @planetarch
Jelle Van der Waa: Arch User Magazine

A blast from the past, the Arch User Magazine

It's almost 10 years ago that Ghost1227 created the Arch User Magazine and this week I got reminded about it's existence. I found that the original domain where the magazine was hosted was no longer owned by Ghost1227, but by using the way back machine I was able to retrieve two of the three editions of the magazine.

The original forum thread about the first magazine can be found here and the first and second magazine. There should be a third edition, but I couldn't find it via the way back machine.

Enjoy reading this part of Arch history and I hope someone recreates the user magazine!

via @planetarch
Forum Announcements: packer renamed to packer-aur

The famous AUR helper `packer` has been renamed to `packer-aur` in favor of the Hashicorp image builder `packer` (community/packer)

https://bbs.archlinux.org/viewtopic.php?id=239570

via @planetarch
Forum Announcements: archlinux-keyring update required before December 1 2018

archlinux-keyring 20181018-1 re-enables my PGP key for packaging. As any package updates on my behalf requires this version (or greater) to proceed without errors, users should update archlinux-keyring before December 1 2018.Prior to this date, there will be no new packages signed by my key. The list of affected packages:https://www.archlinux.org/packages/?sor … ainer=Alad

Alad

https://bbs.archlinux.org/viewtopic.php?id=241313

via @planetarch
Jelle Van der Waa: Arch Linux ARM on the Allwinner NanoPi A64

Arch Linux ARM on a NanoPi A64I've obtained two NanoPi A64's a long while ago and recently thought of setting them up as a HA cluster as an exercise. Since setting it up with real hardware is a lot more fun then with VM's or containers. And I wanted to try out aarch64 and see how well that fares on mainline Linux.The first part of setting it up created the partitions and rootfs on the sd card. For this I've just followed the "Generic AArch64 Installation". The more challenging part was setting up U-boot, clone it and follow the 64 bit board instructions. All that is required now is to install a boot.scr file in /boot on the sdcard, download the boot.cmd file and create a boot.scr with mkimage from uboot-tools with mkimage -C none -A arm64 -T script -d boot.cmd boot.scr.That should get the NanoPi A64 booting, note that 4.20 is required for the ethernet controller to work, luckily Arch Linux ARM offers an linux-rc package since as of writing this article 4.20 is still not released yet.

https://vdwaa.nl/nanopi-a64-arch.html

via @planetarch
Jelle Van der Waa: Arch Linux @ Reproducible Build Summit Paris

Write up of the reproducible summitThree members of the Arch Linux team attended the Reproducible Build Summit 2018 in Paris this week to work together with the reproducible ecosystem to work on reproducible build issues. The other participants where from a lot of different projects and companies such as Debian, NixOS, Guix, Alpine, openSUSE, OpenWrt, Google, Microsoft and many more. The summit was organized by letting attendees work with a small subset of the attendees on issues which they are interested in and trying to find solutions and discuss ideas. At the end of the day there time for hacking together on solutions. The event was very open and there was a lot of collaboration between projects which have different goals!The Arch Team has worked on the following topics:Packaging & updating more reproducible build tools in our repos, disorderfs was updated to the latest version and disorderfs was updated after a pytest fix from Chris Lamb for diffoscope. Reprotest, the tool to test if something is reproducible has been added to [community].A note has been made that we should investigate if the Arch ISO is reproducible. At least one possible issue is that squashfs images are not reproducible and Arch should consider switching to squashfskit which creates reproducible squashfs images.Discussed adding a JSON endpoint for fetching the reproducible build status of Arch Linux packages on tests.reproducible-builds.org.Sharing reproducible build issues cross distros.Discussed how to rebuild Arch Linux packages and test if they are reproducible.Discussed how to verify before installing a package if a package is reproducible.Debian's Kernel is reproducible, but Arch's isn't. We started investigating why ours isn't reproducible, as one goal is to get [core] reproducible as first repo.Investigate PGO (profile guided optimisation) reproducibility issues for Firefox and Python.And much more! It has left us with a lot of "homework" to continue making Arch Linux more reproducible!A huge thanks to the organizers and sponsors of the Reproducible build summit!

https://vdwaa.nl/arch-reproducible-build-summit-18.html

via @planetarch
Forum Announcements: Bug Day 2019

Hey all. 🙂

We will be holding a bug day on the weekend of January 5th and 6th, to start off the year with a cleaned up bugtracker.

The community is encouraged to canvass the bugtracker and find old bugs, figure out which ones are still valid, track down fixes and suchlike.🙂

Feel free to join #archlinux-bugs at that time in order to reach a bug wrangler and get more input on a bug. Or just post to the bug tracker.

Links:https://lists.archlinux.org/pipermail/a … 29410.html
Open bugs, sorted by last edit date: core/extra and community

https://bbs.archlinux.org/viewtopic.php?id=243073

via @planetarch
Adrian Caval: My new hobby

A few years ago, sitting in an emergency room, I realized I'm not getting any younger and if I want to enjoy some highly physical outdoor activities for grownups these are the very best years I have left to go and do them. Instead of aggravating my RSI with further repetitive motions on the weekends (i.e. trying to learn how to suck less at programming) I mostly wrench on an old BMW coupe and drive it to the mountains (documenting that journey, and the discovery of German engineering failures, was best left to social media and enthusiast forums).

Around the same time I switched jobs, and the most interesting stuff I encounter that I could write about I can't really write about, because it would disclose too much about our infrastructure. If you are interested in HAProxy for the enterprise you can follow development on the official blog.

http://sysphere.org/~anrxc/j/archives/2019/03/06/my_new_hobby/index.html

via @planetarch
Jelle Van der Waa: Arch signoff

Arch sign off toolSince some time Arch has been letting users become testers which can sign off packages in [testing] repository's. The idea behind allowing users and not only the Arch team sign off packages as known good is that packages can be moved earlier or bugs and issues found earlier. To sign off a package you need to login into Arch Linux's website and go to the sign off page to sign off a package. Haavard created a tool to be able to sign off packages from the command line which makes it easier to sign off by doing it interatively.This tool has now been adopted by Arch as the official sign off tool and has been packaged in the extra repository. Issues can be reported here.If you want to become an Arch Linux tester, feel free to apply here. A special thanks goes out to the current testing team and haavard for creating this awesome tool!

https://vdwaa.nl/arch-signoff.html

via @planetarch
Andrea Scarpino: Automated phone backup with Syncthing

How do you backup your phones? Do you?I use to perform a copy of all the photos and videos from my and my wife’s phone to my PC monthly and then I copy them to an external HDD attached to a Raspberry Pi.However, it’s a tedious job mainly because: - I cannot really use the phones during this process; - MTP works one in 3 times - often I have to fallback to ADB; - I have to unmount the SD cards to speed up the copy; - after I copy the files, I have to rsync everything to the external HDD.The Syncthing waySyncthing describes itself as:Syncthing replaces proprietary sync and cloud services with something open, trustworthy and decentralized.I installed it to our Android phones and on the Raspberry Pi. On the Raspberry Pi I also enabled remote access.I started the Syncthing application on the Android phones and I’ve chosen the folders (you can also select the whole Internal memory) to backup. Then, I shared them with the Raspberry Pi only and I set the folder type to “Send Only” because I don’t want the Android phone to retrieve any file from the Raspberry Pi.On the Raspberry Pi, I accepted the sharing request from the Android phones, but I also changed the folder type to “Receive Only” because I don’t want the Raspberry Pi to send any file to the Android phones.All done? Not yet.Syncthing main purpose is to sync, not to backup. This means that, by default, if I delete a photo from my phone, that photo is gone from the Raspberry Pi too and this isn’t what I do need nor what I do want.However, Syncthing supports File Versioning and best yet it does support a “trash can”-like file versioning which moves your deleted files into a .stversions subfolder, but if this isn’t enough yet you can also write your own file versioning script.All done? Yes! Whenever I do connect to my own WiFi my photos are backed up!

https://scarpino.dev/posts/automated-phone-backup-with-syncthing.html

via @planetarch
Andrea Scarpino: External encrypted disk on LibreELEC

Last year I replaced, on the Raspberry Pi, the ArchLinux ARM with just Kodi installed with LibreELEC.Today I plugged an external disk encrypted with dm-crypt, but to my full surprise this isn’t supported.Luckily the project is open source and sky42 already provides a LibreELEC version with dm-crypt built-in support.Once I flashed sky42’s version, I setup automated mount at startup via the autostart.sh script and the corresponding umount via shutdown.sh this way:
// copy your keyfile into /storage via SSH$ cat /storage/.config/autostart.shcryptsetup luksOpen /dev/sda1 disk1 --key-file /storage/keyfilemount /dev/mapper/disk1 /media$ cat /storage/.config/shutdown.shumount /mediacryptsetup luksClose disk1
Reboot it and voilà!AutomountIf you want to automatically mount the disk whenever you plug it, then create the following udev rule:
// Find out ID_VENDOR_ID and ID_MODEL_ID for your drive by using `udevadm info`$ cat /storage/.config/udev.rules.d/99-automount.rulesACTION=="add", SUBSYSTEM=="usb", SUBSYSTEM=="block", ENV{ID_VENDOR_ID}=="0000", ENV{ID_MODEL_ID}=="9999", RUN+="cryptsetup luksOpen $env{DEVNAME} disk1 --key-file /storage/keyfile", RUN+="mount /dev/mapper/disk1 /media"


https://scarpino.dev/posts/external-encrypted-disk-on-libreelec.html

via @planetarch
Jelle Van der Waa: Mini DebConf Hamburg 2019

The reproducible builds project was invited to join the mini DebConf Hamburg sprints and conference part. I attended with the intention to get together to work on Arch Linux reproducible test setup improvements, reproducing more packages and comparing results.The first improvement was adding JSON status output for Arch Linux and coincidently also OpenSUSE and in the future Alpine the commit can be viewed here. The result was deployed and the Arch Linux JSON results are live.The next day, I investigated why Arch Linux's kernel is not reproducible. The packaging requires a few changes for partial reproducibility:
export KBUILD_BUILD_HOST="arch"export KBUILD_BUILD_TIMESTAMP=$(date -d@"$SOURCE_DATE_EPOCH" +%Y-%m-%d)
One of the remaining issue is CONFIG_MODULE_SIG_ALL which signs all kernel modules to allow loading of only signed kernel modules. If there is no private key specified a key will be generated which is always non-reproducible. A solution for this problem hasn't been found, as providing a key in the repository might also be non-optimal. Apart from this issue, the vmlinuz-linux image is also non-reproducible which needs to be further investigated.Further packages where investigated which currently do not reproduce in our test framework.s-nail due to recording of MAKEFLAGS which is under investigation for fixing.keyutils was fixed for embedding the build date in it's binary with this patchnspr has been made reproducible in Arch Linux with the following change.Plans where made to extend the reproducible builds test framework for Arch Linux and start reproducing real repository packages on the test framework. Pacman was also packaged for Debian inclusion so that it's easier to bootstrap Arch containers/chroots from a Debian install.A big thanks to all the organizers of mini DebConf Hamburg for organizing the event!

https://vdwaa.nl/mini-debconf-hamburg-2019.html

via @planetarch
Official News: mariadb 10.4.x update requires manual intervention

The update to mariadb 10.4.6-1 and later changes configuration layout as recommended by upstream.The main configuration file moved from /etc/mysql/my.cnf (and its include directory /etc/mysql/my.cnf.d/) to /etc/my.cnf (and /etc/my.cnf.d/). Make sure to move your configuration.Instantiated services (like mariadb@foo.service) are no longer configured in separate files (like /etc/mysql/myfoo.cnf). Instead move your configuration to configuration blocks with group suffix in main configuration file, one for each service. A block should look something like this:
[mysqld.foo]datadir = /var/lib/mysql-foosocket = /run/mysqld/mysqld-foo.sock...
Like every mariadb feature update this requires the data directory to be updated. With the new configuration in place run:
systemctl restart mariadb.service && mariadb-upgrade -u root -p


https://www.archlinux.org/news/mariadb-104x-update-requires-manual-intervention/

via @planetarch
Jelle Van der Waa: Reproducing Arch [core] repository packages

As Arch Linux we are working on reproducible builds for a while and have a continuous test framework rebuilding package updated in our repositories. This test does an asp checkout of a package and builds it twice in a schroot, we do not try to reproduce actual repository packages yet. In the end this is however what we want to achieve, giving users the ability to verify a repository package by rebuilding it on their own hardware.repro was created to achieve this goal, it creates a build chroot with the packages installed during build (from the .BUILDINFO file), sets SOURCE_DATE_EPOCH accordingly, fetches the correct PKGBUILD and then builds the package. This tool however does not run in a CI environment yet, so a bash script was hacked together to build all our [core] (232) packages one by one leading to 0% reproducibility with the following issues:makepkg options differed, these options are recorded in BUILDINFO but not set yet by repro.Packages where not reproducible (108 due to makepkg recording false sizes in .PKGINFO).PKGBUILD fetching logic failed (21 packages).Failed to download source files due to DNS issues (popt, libpipeline, acl, mlocate).Packages did not build due to OOM and other issues (lib32-gcc-libs, gcc-obj, gcc-libs, gcc-go, gcc-fortran, gcc, fakeroot).asp failed to get package due unknown reasons (libusb).Packages not reproducible (s-nail, amd-ucode, syslinux, texinfo, tzdata, patch, .. and more).libpcap GPG verification failed.Builds with different packages installed leading to a different BUILDINFO due to an issue in repro (unknown).Logs of the process can be found here.This shows that still a lot has still to be done for reproducible Arch Linux, in the next pacman release the size issue should be resolved. Which will lead to at least some reproducible packages! Repro has to be improved and non reproducible packages sorted out. In a few months I intend to retry reproducing [core] packages and have at least > 0% reproducibility!

https://vdwaa.nl/reproducing-core-packages-2019-06.html

via @planetarch
Official News: libbloom>=1.6-2 update requires manual intervention

The libbloom package prior to version 1.6-2 was missing a soname link. This has been fixed in 1.6-2, so the upgrade will need to overwrite the untracked soname link created by ldconfig. If you get an errorlibbloom: /usr/lib/libbloom.so.1 exists in filesystemwhen updating, usepacman -Suy --overwrite usr/lib/libbloom.so.1to perform the upgrade.

https://www.archlinux.org/news/libbloom16-2-update-requires-manual-intervention/

via @planetarch