Arch Planet

Planet Arch Linux is a window into the world, work and lives of Arch Linux developers, package maintainers and support staff.

RSS Feed

Facts

Oct. 4, 2024

A collection of facts about yours truly. Guaranteed to be as accurate as my memory.

Optimized cloud-init templates on Proxmox

Oct. 3, 2024

There are already quite a few resources out there demonstrating how to create a cloud-init enabled VM template in Proxmox. Here are the ones I mainly used to discover the topic, and which I suggest you go through because what follows depends on them: What those and many similar resources give are step-by-step instructions divided in as many commands to facilitate understanding. What I haven’t seen so far though, is an all-in-one, optimized command to …

Optimized cloud-init template on Proxmox

Sept. 30, 2024

There are already quite a few resources out there demonstrating how to create a cloud-init enabled VM template in Proxmox. Here are the ones I mainly used to discover the topic, and which I suggest you go through because what follows depends on them: What those and many similar resources give are step-by-step instructions divided in as many commands to facilitate understanding. What I haven’t seen so far though, is an all-in-one, optimized command to do the same thing, …

Manual intervention for pacman 7.0.0 and local repositories required

Sept. 14, 2024

With the release of version 7.0.0 pacman has added support for downloading packages as a separate user with dropped privileges. For users with local repos however this might imply that the download user does not have access to the files in question, which can be fixed by assigning the files and folder to the alpm group and ensuring the executable bit (+x) is set on the folders in question. $ chown :alpm -R /path/to/local/repo Remember to merge the .pacnew files to apply the new default. Pacman also introduced a change to improve checksum stability for git repos that utilize .gitattributes files. This might require a one-time checksum change for PKGBUILDs that use git sources.

Why I started livestreaming as a Rust developer?

Sept. 6, 2024

Some thoughts on why I started livestreaming my open-source development sessions and my future plans.

SSH CA with device and identity attestation: ssh-tpm-ca-authority

Aug. 31, 2024

The past year I have been hacking around on tools utilizing TPMs, and one of the features I have been interested to learn more about is the device attestation features. After being a bit inspired by some ideas from people at work, the hackerspace and toots on mastodon, I figure out a SSH certificate authority would be a cool small project to hack on. Last year I wrote an SSH agent with TPM bound keys so this would nicely fit into the existing tooling.

Reproducible Arch images with mkosi

Aug. 31, 2024

In the previous article I investigated how to create a reproducible image but ended up with only managing to create two identical image directories. In this article we'll end up with a fully bit-by-bit reproducible filesystem image! Some things have changed since the last post, mkosi now no longer creates …

August

Aug. 29, 2024

Arch Linux in August 2024 # Staff # We would like to welcome Quentin Michaud as part of the Arch Linux Package Maintainer team. RFC # A previously proposed Distribution Developer Manual RFC has been accepted with the intention to document how to run the distribution while leveraging GitLab’s collaboration features and streamlined workflows for maintaining and evolving the resulting specifications. We have proposed an RFC to license all Arch Linux package sources under the terms of the Zero-Clause BSD license.

Deleting emails will not save the planet

Aug. 24, 2024

A while ago I saw a post on LinkedIn that piqued my interest, not because it was any good, but because it was impressively wrong. It claimed that, to quote, “if every email user deleted just 10 emails, it would save enough electricity to power millions of households each year”. This is not only wrong, it is obviously wrong. In this post, I’d like to dive into why it’s wrong, how one might come to think it’s right, and perhaps what better message you could put out there to save the planet.

Investigating creating reproducible images with mkosi

Aug. 18, 2024

I've blogged before about creating vagrant images using mkosi as part of an investigation to move image creation to mkosi but also as I will be giving a talk at All Systems Go about Arch Linux images mkosi and reproducibility. With reproducible images in this article I mean that anyone …

July

July 29, 2024

Arch Linux in July 2024 # Pacman # Pacman v7.0.0 has been released as a major feature version. A new DownloadUser configuration option allows for dropping privileges when downloading files to a temporary directory. On top of this security measure, the new Landlock sandbox also prevents writing outside the restricted download directory. Additionally, makepkg removes GITFLAGS support, as it required breaking changes to git source handling. Furthermore this release addresses unstable git checksumming influenced by specific user configuration. On top, it now prevents PKGBUILD from overriding BUILDENV to avoid undesired side effects.

Building vagrant images with mkosi

July 27, 2024

Last FOSDEM, there where some talks around mkosi using it for kernel hacking and systemd integration tests. These talks got me interested in mkosi, a systemd project for building OS images. After chatting some more with the maintainers, I considered the idea of moving the arch-boxes project to mkosi. (note …

The sshd service needs to be restarted after upgrading to openssh-9.8p1

July 1, 2024

After upgrading to openssh-9.8p1, the existing SSH daemon will be unable to accept new connections (see https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/issues/5). When upgrading remote hosts, please make sure to restart the sshd service using systemctl try-restart sshd right after upgrading. We are evaluating the possibility to automatically apply a restart of the sshd service on upgrade in a future release of the openssh-9.8p1 package.

June

June 29, 2024

Arch Linux in June 2024 # archinstall # The archinstall v2.8.1 update has been released, featuring several bug fixes and improvements to partitioning and desktop profiles, along with the introduction of experimental LVM support and the addition of Finnish translation. ArchWeb # ArchWeb 2024-06-12 has been rolled out, which includes an update to Django’s latest major version, Django 5.0 as well as small improvements within our Ruff configuration used as our Python linter.

May

May 29, 2024

Arch Linux in May 2024 # Staff # We would like to welcome Bert Peters (bertptrs) as well as Giovanni Harting (anonfunc) as part of the Arch Linux Package Maintainer team. RFC # An RFC has been accepted to introduce “Arch Linux Ports” as testbed for unofficial architectures until they are integrated in the main Arch Linux repositories. devtools # We have released devtools v1.2.0, featuring several new enhancements and improvements. This release includes distro flag changes, notably the addition of no-omit-frame-pointer flags and _FORTIFY_SOURCE level 3.

Gnome Search Provider: Emacs Integration

May 23, 2024

Rationale Emacs users try to avoid leaving their editor for other tasks. There is an shell (Eshell: The Emacs Shell), an integration into Secret Service API (Emacs auth-source Library 0.3) and countless other integrations. Search is a central element of the Gnome desktop environment. Many applications implement the Search Provider dbus interface to provide suitable results. The aim of this package is to make these search results also available within the Emacs editor.

The Name Quest

May 3, 2024

I went on a trip to Mongolia to find out the meaning behind my name.

April

April 29, 2024

Arch Linux in April 2024 # Staff # Project Leader Election # Recently, we held our Arch Linux Project Leader election, and the current Project Leader, Levente “anthraxx” Polyák, was the sole nominee. As per our election rules, he has been re-elected for another term. Congratulations to Levente, and we wish him continued success in his leadership! RFC # An RFC has been accepted to grant all Arch Linux staff members, not limited to those in packaging roles, the privilege to initiate RFCs directly, aligning with the broad range of topics these documents encompass.

Arch Linux 2024 Leader Election Results

April 15, 2024

Recently we held our leader election, and the previous Project Leader Levente "anthraxx" Polyák ran again while no other people were nominated for the role. As per our election rules he is re-elected for a new term. The role of of the project lead within Arch Linux is connected to a few responsibilities regarding decision making (when no consensus can be reached), handling financial matters with SPI and overall project management tasks. Congratulations to Levente and all the best wishes for another successful term! 🥳

Ratatui Received Funding: What's Next?

April 8, 2024

Let's delve into the realm of open source funding along with Ratatui's journey.

Increasing the default vm.max_map_count value

April 7, 2024

The vm.max_map_count paramater will be increased from the default 65530 value to 1048576. This change should help address performance, crash or start-up issues for a number of memory intensive applications, particularly for (but not limited to) some Windows games played through Wine/Steam Proton. Overall, end users should have a smoother experience out of the box with no expressed concerns about potential downsides in the related proposal on arch-dev-public mailing list. This vm.max_map_count increase is introduced in the 2024.04.07-1 release of the filesystem package and will be effective right after the upgrade. Before upgrading, in case you are already setting your own value for that parameter in a sysctl.d configuration file, either remove it (to switch to the new default value) or make sure your configuration file will be read with a higher priority than the /usr/lib/sysctl.d/10-arch.conf file (to supersede the new default value).

NixOS is not reproducible

April 2, 2024

Okay, sorry for the clickbait. NixOS is not reproducible according to the Reproducible Builds definition. I keep reading people making this claim repeatedly on orange-site, even LWN.net made a similar claim when writing about Nix and Guix earlier this week.1 Along with their recently launched wiki. So, what is the Reproducible Builds definition?2 When is a build reproducible? A build is reproducible if given the same source code, build environment and build instructions, any party can recreate bit-by-bit identical copies of all specified artifacts.

xz Package Backdoor

March 29, 2024

Please see the Arch main page announcement and take appropriate action. https://archlinux.org/news/the-xz-packa … ackdoored/

The xz package has been backdoored

March 29, 2024

TL;DR: Upgrade your systems and container images now! As many of you may have already read (one), the upstream release tarballs for xz in version 5.6.0 and 5.6.1 contain malicious code which adds a backdoor. This vulnerability is tracked in the Arch Linux security tracker (two). The xz packages prior to version 5.6.1-2 (specifically 5.6.0-1 and 5.6.1-1) contain this backdoor. The following release artifacts contain the compromised xz:
  • installation medium 2024.03.01
  • virtual machine images 20240301.218094 and 20240315.221711
  • container images created between and including 2024-02-24 and 2024-03-28
The affected release artifacts have been removed …

March

March 29, 2024

Arch Linux in March 2024 # Staff # We would like to welcome Carl Smedstad as part of the Arch Linux Package Maintainer team. Furthermore, we would like to welcome svartkanin as Support Staff for the archinstall project, assisting with issue tracking and handling of merge requests. Project Leader Election # The 2024 Arch Linux Project Leader election process has started, with the nomination period now officially open for candidate submissions.