Planet Arch Linux is a window into the world, work and lives of Arch Linux developers, trusted users and support staff.
Today’s blog article is a more unusual one. If you know me in person you would not connect me to web development, but yet here we are. So, how do I got here? One student at my university has asked me if I could help and have a look on their code. He was working on unit tests with Selenium on a very beginner friendly level. This is how I got more interested in this topic.
libxcrypt4.4.21, weak password hashes (such as MD5 and SHA1) are no longer accepted for new passwords. Users that still have their passwords stored with a weak hash will be asked to update their password on their next login. If the login just fails (for example from display manager) switch to a virtual terminal (Ctrl-Alt-F2) and log in there once.
As some of you may have read over the past days, there has been an ownership dispute over the freenode.net network. The IRC network has been used by Arch Linux and many other projects over the past decades as a platform for discussion and support. The dispute led to the exodus of most former freenode staff from the network and the founding of a new network: libera.chat Starting today, Arch Linux and its sister projects Arch Linux ARM and Arch Linux 32 will begin migrating the official IRC channels from freenode.net to libera.chat. Please bear with us as this can take some time to be fully settled in. We thank the freenode community for the many years of great service and collaboration.
In today’s article I would like to shine some light on my local terminal setup. My setup consists of ZSH and Alacritty. ZSH or the Z shell is an extended variant of the Bourne shell (bash). It comes with a few useful features and extensions. Many people use the ZSH mostly for nice shell prompts or tab completion. This article will be about more advanced features, like custom shortcuts. Alacritty is a terminal emulator written in Rust.
Yo! Hope people have had a lovely spring. This month has passed quickly! I have put off writing the monthly post because I was busy with a weekend project. My master thesis was about how to apply transparency logs and reproducible builds to give package rebuilders the ability to produce tamper evident logs. This is handy since any one package build can easily be proven to be part of the log, and you can very easily fill inn the history from one point in time to another by hashing files in the correct order.
Hi, there. Today’s article will be a rather short article. In this article I would like to showcase Go 1.16 new embed package. If you are familiar with Go you might know embedding functionality already from famous other libraries like go-bindata. The problem with go-bindata has been that upstream vanished one day and then multiple forks appeared and every company or person was doing their own thing with embedding assets into Go programs.
Yoooo! Another month has passed which means another status update. The python2 removal has been steady and several packages has been removed this month. Currently a query for python2 on archweb returns 139 matches. At the start of the month it was around 160-170. Progress! I have suggested we remove checkdepends on python2 packages to ease the cleanup of dependency cycles. The response has been lukewarm at best so we’ll see how that progresses.
The installation medium now provides a guided installer. This addition to the default method of installation (based on the installation guide) is similar to the other methods. If you use this installer, do not forget to mention it when asking for support and also to provide the archinstall log, when asked.
For monitoring the Arch Linux infrastructure we've moved on from Zabbix to Prometheus as it fits more into our infrastructure is code goal. This required some research into how we could achieve the same monitoring with Prometheus. Our Zabbix setup monitored Host, MySQL, Borg and Arch Linux related metrics. For …
A year ago I wrote about my Wayland setup on Linux. This year I would like to give you a small update on how I am going with Wayland on Arch Linux and how it is my daily driver at home and work. The setup itself stayed pretty much the same: Operating System: Arch Linux Window Manager: Sway Status bar: Heavily customized Barista bar Screenshots: Bash script utilizing Grim + Slurp Screen recordings: Bash script utilizing wf-recorder Sharing Text: Bash script utilizing wl-clipboard Dynamic Menu: bemenu Password Management: A combination of gopass, bemenu and bash Screensharing: xdg-desktop-portal-wlr + pipewire You can find my full setup in my dotfiles repository on Github.
Yo! New month, new update! The start of this month was marked with FOSDEM! I held a talk about secure boot and the tooling stuff I have written, sbctl. It’s a tool to help you manage secure boot keys and signing files. With help from sbsigntools it also does live enrollment of keys. The talk went great (I think) and it was fun to see how FOSDEM pulled off the conference with matrix and jitsi.
As linux-lts moved to the 5.10 version, all official kernels of Arch Linux now support zstd compressed initramfs images, so mkinitcpio is switching to zstd compressed images by default with version 30, which is currently on [testing]. If, for any reason, you are using a kernel version prior to 5.9, make sure to change mkinitcpio.conf COMPRESSION to use one of the compressors supported, like gzip, otherwise you will not be able to boot images generated by mkinitcpio.
Google has announced that they are going to block everything but Chrome from accessing certain Google features (like Chrome sync) starting on March 15. This decision by Google is going to affect Arch's
chromiumpackage a bit earlier, on March 2, when Chromium 89 gets released. We know for sure that data syncing will stop working (passwords, bookmarks, etc.). Other features such as geolocation or enhanced spell check might continue to function for a bit longer. Extensions integrating with Google Drive might misbehave and LibreOffice will lose access to documents stored there. Other distros such as openSUSE and Fedora have already removed the soon-to-be-limited API keys from their Chromium 88 packages. Fedora's advisory provides a great deal of perspective on this and I also found this Hackaday post to be quite informative.
And January is over! Time has frankly been moving fast the past days. Packaging wise, things has been fine. Added tailscale and some other minor packages, but had a real purge of old packages from resigned maintainers. Also dropped ntop to the AUR which hasn’t been actively developed for years at this point. I’m curious when people are going to bug me about that one :) On the security side of things there has been quite a lot happening just the past week.
The php package has been updated to version 8.0. Please refer to the upstream migration guide. As some applications are not compatible with PHP 8 yet we provide a php7 package which can be installed alongside version 8. Packages that depend on PHP reflect this update and will require php7 if needed. You might need to update your configuration accordingly. PHP 7 binaries and configuration have the "7" suffix:
- /usr/bin/php -> /usr/bin/php7
- /etc/php -> /etc/php7
- /usr/bin/php-fpm -> /usr/bin/php-fpm7
- /usr/lib/systemd/system/php-fpm.service -> /usr/lib/systemd/system/php-fpm7.service
- /run/php-fpm -> /run/php-fpm7
Hello and welcome to my little Kubernetes on Hetzner tutorial for the first half of 2021. This tutorial will help you bootstrapping a Kubernetes Cluster on Hetzner with KubeOne. I am writing this small tutorial, because I had some trouble to bootstrap a cluster on Hetzner with KubeOne. But first of all let us dive into the question why we even need KubeOne and how does KubeOne helps. KubeOne is a small wrapper around kubeadm.
We are happy to announce our newest public service: A manual pages indexing site at man.archlinux.org that publishes the man pages of all our packages and allows you to search and browse them. Check out, for example, the man page of tar. You can also find this service linked to in the sidebar as well as on every package detail page. Thanks to Wiki Admin lahwaacz for developing archmanweb for this purpose. While there are other man page indexing sites out there, it is our hope that publishing man pages matching the versions of our released packages further improves Arch accessibility and documentation.
A lot has happened since the last reproducible builds summit in Marrakesh 2019, this blog post is a summary of the progress made in 2020 of everything related to getting reproducible builds in Arch Linux. archlinux-repro Also known as
reprothis tool allows one to rebuild a package and check …
End of the year and third blog post! Hope everyone has had a nice new years eve :) The first news of the month is that Remi Gacogne was accepted as Trusted User. Congratulations to him and super exciting. Other then that I have had a meeting with the devops team discussing how we should implement the debuginfod system on our infrastructure. I have written up the ansible role for debuginfod and it was more or less decided that we want to host it on a small VPS for the service itself, and sync debug packages to the host to serve them.
Due to issues with our anti spam measures, we had to migrate those mailing lists, that were sent from @archlinux.org before to the @lists.archlinux.org domain. Submission to the mailing list is not affected and still works with @archlinux.org. Mails get redirected automagically. The only change that may need to be considered on your side are filters and rules matching the From or List-id header which changed accordingly.
Arch Linux got kubernetes packaged into the [community] repository the past week with the hard work of David Runge. I contribute to testing the packages so I thought it would be interesting to write up quickly the testing that was done. Originally I did the testing with docker but with the dockershim deprecation I rewrote the blog to utilize containerd instead. David has reworked the kubernetes archwiki article as well. It currently doesn’t cover all use cases and contributions welcome.
We have been slowly working towards the next pacman release. The major change for this release is the implementation of parallel downloads. Check out this video: It is time for this feature to receive some wider testing. Grab the package Continue reading →
Second month of doing these posts. In short not much has been happening the past weeks, but that would be a slight lie. I have sponsored rgacognes Trusted User application. The application was posted to the mailing list, and it’s currently being voted and decided by a weeks time. There has also been some discussion for years about bringing debug packages into Arch. This has largely been stalled but I brought it back to life again.
The Problem Someone enters an IRC support channel and proclaims their dovecot server has been hacked and a non existing user sends spam email from their server. The initial reaction might be something along the lines of Wat ಠ_ಠ With the following assumption that the user clearly did something wrong. Hosting email is difficult after all. I don’t quite recall how rest of the support went, but it was solved and the root cause was not found.
We are happy to announce that the talks held at Arch Conf 2020 have been edited and released :) The can be found on CCC Media, Youtube and in our archive. On our archive you can find a copy of all the edited talks, the submitted questions from the Q&A and the presentation slides. We have also included the DJ mixes from the break, the assets used for the OBS stream, and the break animation along with the background used for the presentations.