Planet Arch Linux is a window into the world, work and lives of Arch Linux developers, trusted users and support staff.
Yo! Hope people have had a lovely spring. This month has passed quickly! I have put off writing the monthly post because I was busy with a weekend project. My master thesis was about how to apply transparency logs and reproducible builds to give package rebuilders the ability to produce tamper evident logs. This is handy since any one package build can easily be proven to be part of the log, and you can very easily fill inn the history from one point in time to another by hashing files in the correct order.
Hi, there. Today’s article will be a rather short article. In this article I would like to showcase Go 1.16 new embed package. If you are familiar with Go you might know embedding functionality already from famous other libraries like go-bindata. The problem with go-bindata has been that upstream vanished one day and then multiple forks appeared and every company or person was doing their own thing with embedding assets into Go programs.
Yoooo! Another month has passed which means another status update. The python2 removal has been steady and several packages has been removed this month. Currently a query for python2 on archweb returns 139 matches. At the start of the month it was around 160-170. Progress! I have suggested we remove checkdepends on python2 packages to ease the cleanup of dependency cycles. The response has been lukewarm at best so we’ll see how that progresses.
The installation medium now provides a guided installer. This addition to the default method of installation (based on the installation guide) is similar to the other methods. If you use this installer, do not forget to mention it when asking for support and also to provide the archinstall log, when asked.
For monitoring the Arch Linux infrastructure we've moved on from Zabbix to Prometheus as it fits more into our infrastructure is code goal. This required some research into how we could achieve the same monitoring with Prometheus. Our Zabbix setup monitored Host, MySQL, Borg and Arch Linux related metrics. For …
A year ago I wrote about my Wayland setup on Linux. This year I would like to give you a small update on how I am going with Wayland on Arch Linux and how it is my daily driver at home and work. The setup itself stayed pretty much the same: Operating System: Arch Linux Window Manager: Sway Status bar: Heavily customized Barista bar Screenshots: Bash script utilizing Grim + Slurp Screen recordings: Bash script utilizing wf-recorder Sharing Text: Bash script utilizing wl-clipboard Dynamic Menu: bemenu Password Management: A combination of gopass, bemenu and bash Screensharing: xdg-desktop-portal-wlr + pipewire You can find my full setup in my dotfiles repository on Github.
Yo! New month, new update! The start of this month was marked with FOSDEM! I held a talk about secure boot and the tooling stuff I have written, sbctl. It’s a tool to help you manage secure boot keys and signing files. With help from sbsigntools it also does live enrollment of keys. The talk went great (I think) and it was fun to see how FOSDEM pulled off the conference with matrix and jitsi.
As linux-lts moved to the 5.10 version, all official kernels of Arch Linux now support zstd compressed initramfs images, so mkinitcpio is switching to zstd compressed images by default with version 30, which is currently on [testing]. If, for any reason, you are using a kernel version prior to 5.9, make sure to change mkinitcpio.conf COMPRESSION to use one of the compressors supported, like gzip, otherwise you will not be able to boot images generated by mkinitcpio.
Google has announced that they are going to block everything but Chrome from accessing certain Google features (like Chrome sync) starting on March 15. This decision by Google is going to affect Arch's
chromiumpackage a bit earlier, on March 2, when Chromium 89 gets released. We know for sure that data syncing will stop working (passwords, bookmarks, etc.). Other features such as geolocation or enhanced spell check might continue to function for a bit longer. Extensions integrating with Google Drive might misbehave and LibreOffice will lose access to documents stored there. Other distros such as openSUSE and Fedora have already removed the soon-to-be-limited API keys from their Chromium 88 packages. Fedora's advisory provides a great deal of perspective on this and I also found this Hackaday post to be quite informative.
And January is over! Time has frankly been moving fast the past days. Packaging wise, things has been fine. Added tailscale and some other minor packages, but had a real purge of old packages from resigned maintainers. Also dropped ntop to the AUR which hasn’t been actively developed for years at this point. I’m curious when people are going to bug me about that one :) On the security side of things there has been quite a lot happening just the past week.
The php package has been updated to version 8.0. Please refer to the upstream migration guide. As some applications are not compatible with PHP 8 yet we provide a php7 package which can be installed alongside version 8. Packages that depend on PHP reflect this update and will require php7 if needed. You might need to update your configuration accordingly. PHP 7 binaries and configuration have the "7" suffix:
- /usr/bin/php -> /usr/bin/php7
- /etc/php -> /etc/php7
- /usr/bin/php-fpm -> /usr/bin/php-fpm7
- /usr/lib/systemd/system/php-fpm.service -> /usr/lib/systemd/system/php-fpm7.service
- /run/php-fpm -> /run/php-fpm7
Hello and welcome to my little Kubernetes on Hetzner tutorial for the first half of 2021. This tutorial will help you bootstrapping a Kubernetes Cluster on Hetzner with KubeOne. I am writing this small tutorial, because I had some trouble to bootstrap a cluster on Hetzner with KubeOne. But first of all let us dive into the question why we even need KubeOne and how does KubeOne helps. KubeOne is a small wrapper around kubeadm.
We are happy to announce our newest public service: A manual pages indexing site at man.archlinux.org that publishes the man pages of all our packages and allows you to search and browse them. Check out, for example, the man page of tar. You can also find this service linked to in the sidebar as well as on every package detail page. Thanks to Wiki Admin lahwaacz for developing archmanweb for this purpose. While there are other man page indexing sites out there, it is our hope that publishing man pages matching the versions of our released packages further improves Arch accessibility and documentation.
A lot has happened since the last reproducible builds summit in Marrakesh 2019, this blog post is a summary of the progress made in 2020 of everything related to getting reproducible builds in Arch Linux. archlinux-repro Also known as
reprothis tool allows one to rebuild a package and check …
End of the year and third blog post! Hope everyone has had a nice new years eve :) The first news of the month is that Remi Gacogne was accepted as Trusted User. Congratulations to him and super exciting. Other then that I have had a meeting with the devops team discussing how we should implement the debuginfod system on our infrastructure. I have written up the ansible role for debuginfod and it was more or less decided that we want to host it on a small VPS for the service itself, and sync debug packages to the host to serve them.
Due to issues with our anti spam measures, we had to migrate those mailing lists, that were sent from @archlinux.org before to the @lists.archlinux.org domain. Submission to the mailing list is not affected and still works with @archlinux.org. Mails get redirected automagically. The only change that may need to be considered on your side are filters and rules matching the From or List-id header which changed accordingly.
Arch Linux got kubernetes packaged into the [community] repository the past week with the hard work of David Runge. I contribute to testing the packages so I thought it would be interesting to write up quickly the testing that was done. Originally I did the testing with docker but with the dockershim deprecation I rewrote the blog to utilize containerd instead. David has reworked the kubernetes archwiki article as well. It currently doesn’t cover all use cases and contributions welcome.
We have been slowly working towards the next pacman release. The major change for this release is the implementation of parallel downloads. Check out this video: It is time for this feature to receive some wider testing. Grab the package Continue reading →
Second month of doing these posts. In short not much has been happening the past weeks, but that would be a slight lie. I have sponsored rgacognes Trusted User application. The application was posted to the mailing list, and it’s currently being voted and decided by a weeks time. There has also been some discussion for years about bringing debug packages into Arch. This has largely been stalled but I brought it back to life again.
The Problem Someone enters an IRC support channel and proclaims their dovecot server has been hacked and a non existing user sends spam email from their server. The initial reaction might be something along the lines of Wat ಠ_ಠ With the following assumption that the user clearly did something wrong. Hosting email is difficult after all. I don’t quite recall how rest of the support went, but it was solved and the root cause was not found.
We are happy to announce that the talks held at Arch Conf 2020 have been edited and released :) The can be found on CCC Media, Youtube and in our archive. On our archive you can find a copy of all the edited talks, the submitted questions from the Q&A and the presentation slides. We have also included the DJ mixes from the break, the assets used for the OBS stream, and the break animation along with the background used for the presentations.
We are very happy to announce that accessibility features have been added to our installation medium with archiso v49. From release 2020.11.01 onward these are available via the 2nd boot loader menu item. A specific installation guide can be found on the wiki. Many thanks go to Alexander Epaneshnikov who integrated the features from the TalkingArch project into archiso's releng profile, which is used for creating the installation medium. Note: The boot loader timeouts have been set to 15s to allow blind users to select the menu item as the boot loaders themselves do not offer accessibility features.
I wanted to start writing these for myself as I have been reading quite a few monthly resports from Chris Lamb and other Debian contributors. They make for interesting content for readers curious about what distribution maintainers do during a month, and motivation for myself as not everything one does is visible work. I’ll try have some sort of structure with them, by starting off with the menial tasks, and add the meeting notes and misc contributions at the bottom.
pkgstats is a tool that gathers and analyses installed packages of Arch Linux users. It started as a small shell script back in 2008 and helps us among other things to determine which packages are no longer used but also which packages from the AUR are popular candidates. Previously I rewrote the server part and … Continue reading "pkgstats version 3: lookup package statistics from your terminal"