Manual intervention for pacman 7.0.0 and local repositories required
With the release of version 7.0.0 pacman has added support for downloading packages as a separate user with dropped privileges.
For users with local repos however this might imply that the download user does not have access to the files in question, which can be fixed by assigning the files and folder to the
Remember to merge the .pacnew files to apply the new default.
Pacman also introduced a change to improve checksum stability for git repos that utilize
https://archlinux.org/news/manual-intervention-for-pacman-700-and-local-repositories-required/
#news
With the release of version 7.0.0 pacman has added support for downloading packages as a separate user with dropped privileges.
For users with local repos however this might imply that the download user does not have access to the files in question, which can be fixed by assigning the files and folder to the
alpm group and ensuring the executable bit (+x) is set on the folders in question.$ chown :alpm -R /path/to/local/repo
Remember to merge the .pacnew files to apply the new default.
Pacman also introduced a change to improve checksum stability for git repos that utilize
.gitattributes files. This might require a one-time checksum change for PKGBUILDs that use git sources.https://archlinux.org/news/manual-intervention-for-pacman-700-and-local-repositories-required/
#news
π8β€1π€1
Optimized cloud-init template on Proxmox
There are already quite a few resources out there demonstrating how to create a cloud-init enabled VM template in Proxmox. Here are the ones I mainly used to discover the topic, and which I suggest you go through because what follows depends on them:
Proxmox [wiki](https://pve.proxmox.com/wiki/Cloud-Init_Support) and [official documentation](https://pve.proxmox.com/pve-docs/chapter-qm.html#qm_cloud_init) on Cloud-Init support
Perfect Proxmox Template with Cloud Image and Cloud Init (YouTube, Techno Tim 2022-03)
What those and many similar resources give are step-by-step instructions divided in as many commands to facilitate understanding. What I havenβt seen so far though, is an all-in-one, optimized command to do the same thing, β¦
https://bastientraverse.com/en/proxmox-optimized-cloud-init-template/
#planetarch
There are already quite a few resources out there demonstrating how to create a cloud-init enabled VM template in Proxmox. Here are the ones I mainly used to discover the topic, and which I suggest you go through because what follows depends on them:
Proxmox [wiki](https://pve.proxmox.com/wiki/Cloud-Init_Support) and [official documentation](https://pve.proxmox.com/pve-docs/chapter-qm.html#qm_cloud_init) on Cloud-Init support
Perfect Proxmox Template with Cloud Image and Cloud Init (YouTube, Techno Tim 2022-03)
What those and many similar resources give are step-by-step instructions divided in as many commands to facilitate understanding. What I havenβt seen so far though, is an all-in-one, optimized command to do the same thing, β¦
https://bastientraverse.com/en/proxmox-optimized-cloud-init-template/
#planetarch
π1
Facts
A collection of facts about yours truly. Guaranteed to be as accurate as my memory.
https://serebit.dev/posts/facts/
#planetarch
A collection of facts about yours truly. Guaranteed to be as accurate as my memory.
https://serebit.dev/posts/facts/
#planetarch
π1
Can't trust any VPN these days
After Turkey banned Discord, I had to jump through some hoops, fix my VPN, and learn a bit about how DNS works.
https://blog.orhun.dev/cant-trust-any-vpn/
#planetarch
After Turkey banned Discord, I had to jump through some hoops, fix my VPN, and learn a bit about how DNS works.
https://blog.orhun.dev/cant-trust-any-vpn/
#planetarch
π4
Providing a license for package sources
Arch Linux hasn't had a license for any package sources (such as PKGBUILD files) in the past, which is potentially problematic. Providing a license will preempt that uncertainty.
In RFC 40 we agreed to change all package sources to be licensed under the very liberal 0BSD license. This change will not limit what you can do with package sources. Check out the RFC for more on the rationale and prior discussion.
Before we make this change, we will provide contributors with a way to voice any objections they might have. Starting on 2024-11-19, over the course of a week, contributors will receive a single notification email listing all their contributions.
If you receive an email and agree to this change, there is no action required from your side.
If you do not agree, please reply to the email and we'll find a solution together.
If you contributed to Arch Linux packages before but didn't receive an email, please contact us at package-sources-licensing@archlinux.org.
https://archlinux.org/news/providing-a-license-for-package-sources/
#news
Arch Linux hasn't had a license for any package sources (such as PKGBUILD files) in the past, which is potentially problematic. Providing a license will preempt that uncertainty.
In RFC 40 we agreed to change all package sources to be licensed under the very liberal 0BSD license. This change will not limit what you can do with package sources. Check out the RFC for more on the rationale and prior discussion.
Before we make this change, we will provide contributors with a way to voice any objections they might have. Starting on 2024-11-19, over the course of a week, contributors will receive a single notification email listing all their contributions.
If you receive an email and agree to this change, there is no action required from your side.
If you do not agree, please reply to the email and we'll find a solution together.
If you contributed to Arch Linux packages before but didn't receive an email, please contact us at package-sources-licensing@archlinux.org.
https://archlinux.org/news/providing-a-license-for-package-sources/
#news
π7π2β€1
How I set up this blog
Like my blog? Here is how I set it up.
https://blog.orhun.dev/setting-up-this-blog/
#planetarch
Like my blog? Here is how I set it up.
https://blog.orhun.dev/setting-up-this-blog/
#planetarch
π2
Goodbye, Sam
A eulogy for the greatest dog of all, and a friend I will never forget.
https://serebit.dev/posts/merry-christmas-sam/
#planetarch
A eulogy for the greatest dog of all, and a friend I will never forget.
https://serebit.dev/posts/merry-christmas-sam/
#planetarch
β€13π5π€‘2
2024 wrapped
Dear blog. This post is inspired by an old friend of mine who has been writing these for the past few years. I meant to do this for a while now, but ended up not preparing anything, so this post is me writing it from memory. Thereβs likely stuff I forgot, me being gentle with myself Iβll probably just permit myself to complete this list the next couple of days. I hate bragging, I try to not depend on external validation as much as possible, and being the anti-capitalist that I am, I try to be content with knowing Iβm β¦
https://vulns.xyz/2024/12/2024-wrapped/
#planetarch
Dear blog. This post is inspired by an old friend of mine who has been writing these for the past few years. I meant to do this for a while now, but ended up not preparing anything, so this post is me writing it from memory. Thereβs likely stuff I forgot, me being gentle with myself Iβll probably just permit myself to complete this list the next couple of days. I hate bragging, I try to not depend on external validation as much as possible, and being the anti-capitalist that I am, I try to be content with knowing Iβm β¦
https://vulns.xyz/2024/12/2024-wrapped/
#planetarch
π₯4π4
Critical rsync security release 3.4.0
We'd like to raise awareness about the rsync security release version
An attacker only requires anonymous read access to a vulnerable rsync server, such as a public mirror, to execute arbitrary code on the machine the server is running on. Additionally, attackers can take control of an affected server and read/write arbitrary files of any connected client. Sensitive data can be extracted, such as OpenPGP and SSH keys, and malicious code can be executed by overwriting files such as
We highly advise anyone who runs an rsync daemon or client prior to version
All infrastructure servers and mirrors maintained by Arch Linux have already been updated.
https://archlinux.org/news/critical-rsync-security-release-340/
#news
We'd like to raise awareness about the rsync security release version
3.4.0-1 as described in our advisory ASA-202501-1.An attacker only requires anonymous read access to a vulnerable rsync server, such as a public mirror, to execute arbitrary code on the machine the server is running on. Additionally, attackers can take control of an affected server and read/write arbitrary files of any connected client. Sensitive data can be extracted, such as OpenPGP and SSH keys, and malicious code can be executed by overwriting files such as
~/.bashrc or ~/.popt.We highly advise anyone who runs an rsync daemon or client prior to version
3.4.0-1 to upgrade and reboot their systems immediately. As Arch Linux mirrors are mostly synchronized using rsync, we highly advise any mirror administrator to act immediately, even though the hosted package files themselves are cryptographically signed.All infrastructure servers and mirrors maintained by Arch Linux have already been updated.
https://archlinux.org/news/critical-rsync-security-release-340/
#news
π€―3π2π1
Glibc 2.41 corrupting Discord installation
We plan to move
This issue has been fixed in the Discord canary build. If you rely on audio connectivity, please use the canary build, login via browser or the flatpak version until the fix hits the stable Discord release.
There have been no reports that (written) chat connectivity is affected.
https://archlinux.org/news/glibc-241-corrupting-discord-installation/
#news
We plan to move
glibc and its friends to stable later today, Feb 3. After installing the update, the Discord client will show a red warning that the installation is corrupt.This issue has been fixed in the Discord canary build. If you rely on audio connectivity, please use the canary build, login via browser or the flatpak version until the fix hits the stable Discord release.
There have been no reports that (written) chat connectivity is affected.
https://archlinux.org/news/glibc-241-corrupting-discord-installation/
#news
Infrastructure as Advent of Code
In the cold of December we have but one thing to keep us warm: our laptops, trying to solve Advent of Code puzzles with inefficient algorithms. This year, 2024, is the tenth edition, and the puzzles are filled with more Easter eggs than ever before. Unfortunately, Iβm not interested in Easter eggs, or solving the puzzles. I am a DevOps engineer, and Iβm going to apply Infrastructure as Code principles to Advent of Code.
https://bertptrs.nl/2025/02/04/infrastructure-as-advent-of-code.html
#planetarch
In the cold of December we have but one thing to keep us warm: our laptops, trying to solve Advent of Code puzzles with inefficient algorithms. This year, 2024, is the tenth edition, and the puzzles are filled with more Easter eggs than ever before. Unfortunately, Iβm not interested in Easter eggs, or solving the puzzles. I am a DevOps engineer, and Iβm going to apply Infrastructure as Code principles to Advent of Code.
https://bertptrs.nl/2025/02/04/infrastructure-as-advent-of-code.html
#planetarch
π€1π¨βπ»1
Cleaning up old repositories
Around two years ago, we've merged the
On systems where
The following deprecated repositories will be removed:
Please make sure to remove all use of the aforementioned repositories from your
https://archlinux.org/news/cleaning-up-old-repositories/
#news
Around two years ago, we've merged the
[community] repository into [extra] as part of the git migration. In order to not break user setups, we kept these repositories around in an unused and empty state. We're going to clean up these old repositories on 2025-03-01.On systems where
/etc/pacman.conf still references the old [community] repository, pacman -Sy will return an error on trying to sync repository metadata.The following deprecated repositories will be removed:
[community], [community-testing], [testing], [testing-debug], [staging], [staging-debug].Please make sure to remove all use of the aforementioned repositories from your
/etc/pacman.conf (for which a .pacnew was shipped with pacman>=6.0.2-7)!https://archlinux.org/news/cleaning-up-old-repositories/
#news
π«‘5π3
Rust edition 2024 annotated
Last Thursday Rust 1.85 was released, and with it, edition 2024 has dropped. The new edition is significantly larger than the two editions that preceded it, and contains many small but significant quality of life improvements to the language. In this post, Iβd like to explain what an edition is, and summarize all the changes that were made to the language I love. If you need the details, I recommend reading the edition guide, but for a general overview, read on.
https://bertptrs.nl/2025/02/23/rust-edition-2024-annotated.html
#planetarch
Last Thursday Rust 1.85 was released, and with it, edition 2024 has dropped. The new edition is significantly larger than the two editions that preceded it, and contains many small but significant quality of life improvements to the language. In this post, Iβd like to explain what an edition is, and summarize all the changes that were made to the language I love. If you need the details, I recommend reading the edition guide, but for a general overview, read on.
https://bertptrs.nl/2025/02/23/rust-edition-2024-annotated.html
#planetarch
π5
Valkey to replace Redis in the [extra] Repository
Valkey, a high-performance key/value datastore, will be replacing redis in the [extra\] repository. This change is due to Redis modifying its license from BSD-3-Clause to RSALv2 and SSPLv1 on March 20th, 2024.
Arch Linux Package Maintainers intend to support the availability of the redis package for roughly 14 days from the day of this post, to enable a smooth transition to valkey. After the 14 day transition period has ended, the redis package will be moved to the AUR. Also, from this point forward, the redis package will not receive any additional updates and should be considered deprecated until it is removed.
Users are recommended to begin transitioning their use of Redis to Valkey as soon as possible to avoid possible complications after the 14 day transition window closes.
https://archlinux.org/news/valkey-to-replace-redis-in-the-extra-repository/
#news
Valkey, a high-performance key/value datastore, will be replacing redis in the [extra\] repository. This change is due to Redis modifying its license from BSD-3-Clause to RSALv2 and SSPLv1 on March 20th, 2024.
Arch Linux Package Maintainers intend to support the availability of the redis package for roughly 14 days from the day of this post, to enable a smooth transition to valkey. After the 14 day transition period has ended, the redis package will be moved to the AUR. Also, from this point forward, the redis package will not receive any additional updates and should be considered deprecated until it is removed.
Users are recommended to begin transitioning their use of Redis to Valkey as soon as possible to avoid possible complications after the 14 day transition window closes.
https://archlinux.org/news/valkey-to-replace-redis-in-the-extra-repository/
#news
β€2π1π΄1
Easter hack: terraform-provider-openwrt
April is usualy tax season for most people in Norway, and as I got some βmoney back on the skΓ¦ttβ I wound up purchasing an OpenWrt One to replace my 13-14 year old Asus router. Iβve been meaning to learn a bit more about networking in general and getting an OpenWrt router seemed like a fun project. Last year I bought a Beryl AX from GL-Inet as I was travelling for a few weeks.
https://linderud.dev/blog/easter-hack-terraform-provider-openwrt/
#planetarch
April is usualy tax season for most people in Norway, and as I got some βmoney back on the skΓ¦ttβ I wound up purchasing an OpenWrt One to replace my 13-14 year old Asus router. Iβve been meaning to learn a bit more about networking in general and getting an OpenWrt router seemed like a fun project. Last year I bought a Beryl AX from GL-Inet as I was travelling for a few weeks.
https://linderud.dev/blog/easter-hack-terraform-provider-openwrt/
#planetarch
π3
Am I a musician yet? - Superbooth 2025 Experience
I went to Berlin for a music event and here is what happened.
https://blog.orhun.dev/am-i-a-musician-yet/
#planetarch
I went to Berlin for a music event and here is what happened.
https://blog.orhun.dev/am-i-a-musician-yet/
#planetarch
Transition to the new WoW64 wine and wine-staging
We are transitioning the wine and wine-staging package to a pure wow64 build. This change removes the dependency on the multilib repository for wine and wine-staging.
The main reason for this is to align with upstream Wine development, which simplifies packaging and the dependency chain.
Potential Issues:
OpenGL Performance: A known limitation of the new WoW64 mode is reduced performance for 32-bit applications that use OpenGL directly
Breaking Changes: Existing 32-bit prefixes needs to be recreated
If you are facing issues with 32 bit prefixes, please recreate these and reinstall the application.
https://archlinux.org/news/transition-to-the-new-wow64-wine-and-wine-staging/
#news
We are transitioning the wine and wine-staging package to a pure wow64 build. This change removes the dependency on the multilib repository for wine and wine-staging.
The main reason for this is to align with upstream Wine development, which simplifies packaging and the dependency chain.
Potential Issues:
OpenGL Performance: A known limitation of the new WoW64 mode is reduced performance for 32-bit applications that use OpenGL directly
Breaking Changes: Existing 32-bit prefixes needs to be recreated
If you are facing issues with 32 bit prefixes, please recreate these and reinstall the application.
https://archlinux.org/news/transition-to-the-new-wow64-wine-and-wine-staging/
#news
π9
Plasma 6.4.0 will need manual intervention if you are on X11
On Plasma 6.4 the wayland session will be the only one installed when the users does not manually specify kwin-x11.
With the recent split of kwin into kwin-wayland and kwin-x11, users running the old X11 session needs to manually install plasma-x11-session, or they will not be able to login. Currently pacman is not able to figure out your personal setup, and it wouldn't be ok to install plasma-x11-session and kwin-x11 for every one using Plasma.
### tldr: Install plasma-x11-session if you are still using x11
https://archlinux.org/news/plasma-640-will-need-manual-intervention-if-you-are-on-x11/
#news
On Plasma 6.4 the wayland session will be the only one installed when the users does not manually specify kwin-x11.
With the recent split of kwin into kwin-wayland and kwin-x11, users running the old X11 session needs to manually install plasma-x11-session, or they will not be able to login. Currently pacman is not able to figure out your personal setup, and it wouldn't be ok to install plasma-x11-session and kwin-x11 for every one using Plasma.
### tldr: Install plasma-x11-session if you are still using x11
https://archlinux.org/news/plasma-640-will-need-manual-intervention-if-you-are-on-x11/
#news
π6π2π1
linux-firmware >= 20250613.12fe085f-5 upgrade requires manual intervention
With
Unfortunately, this coincided with upstream reorganizing the symlink layout of the NVIDIA firmware, resulting in a situation that Pacman cannot handle. When attempting to upgrade from
To progress with the system upgrade, first remove
https://archlinux.org/news/linux-firmware-2025061312fe085f-5-upgrade-requires-manual-intervention/
#news
With
20250613.12fe085f-5, we split our firmware into several vendor-focused packages. linux-firmware is now an empty package depending on our default set of firmware.Unfortunately, this coincided with upstream reorganizing the symlink layout of the NVIDIA firmware, resulting in a situation that Pacman cannot handle. When attempting to upgrade from
20250508.788aadc8-2 or earlier, you will see the following errors:linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad103 exists in filesystem
linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad104 exists in filesystem
linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad106 exists in filesystem
linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad107 exists in filesystem
To progress with the system upgrade, first remove
linux-firmware, then reinstall it as part of the upgrade:# pacman -Rdd linux-firmware
# pacman -Syu linux-firmware
https://archlinux.org/news/linux-firmware-2025061312fe085f-5-upgrade-requires-manual-intervention/
#news
β8π5π3π€¬1
Specifications
In October 2024 a team of dedicated developers has started work on the ALPM project. Since then it has been focusing on writing new documentation on many aspects of Arch Linux Package Management that were not thoroughly documented in the past. This article provides an overview of the specifications written by this project and attempts to contextualize them for the reader. The existing stack π With its `bash` based `makepkg` tool for package creation, the libalpm C library for interfacing with system state and the central `pacman` package management tool, the pacman project has defined the β¦
https://devblog.archlinux.page/2025/specifications/
#planetarch
In October 2024 a team of dedicated developers has started work on the ALPM project. Since then it has been focusing on writing new documentation on many aspects of Arch Linux Package Management that were not thoroughly documented in the past. This article provides an overview of the specifications written by this project and attempts to contextualize them for the reader. The existing stack π With its `bash` based `makepkg` tool for package creation, the libalpm C library for interfacing with system state and the central `pacman` package management tool, the pacman project has defined the β¦
https://devblog.archlinux.page/2025/specifications/
#planetarch
π4π₯2
Introducing pkgctl license
In Arch Linux, as part of RFC40, we have recently decided to license all Arch Linux package sources as 0BSD. Our package sources didn't have any license previously. RFC40 only specified that we do want to license our package sources but it didn't specify how to ensure this. As such, in RFC52 we decided we want to use REUSE to achieve that. NOTE: It might be a bit confusing that our PKGBUILD files also have a
https://devblog.archlinux.page/2025/pkgctl-license/
#planetarch
In Arch Linux, as part of RFC40, we have recently decided to license all Arch Linux package sources as 0BSD. Our package sources didn't have any license previously. RFC40 only specified that we do want to license our package sources but it didn't specify how to ensure this. As such, in RFC52 we decided we want to use REUSE to achieve that. NOTE: It might be a bit confusing that our PKGBUILD files also have a
license field. However, this field specifies the upstream license, i.e. the license of the software that we package. It does not specify β¦https://devblog.archlinux.page/2025/pkgctl-license/
#planetarch