Arch Linux users, take a note! Pacman, the default package manager for Arch Linux, introduced a new security feature in version 7.0.0. Pacman 7.0.0 comes with some cool new features and a few changes that might require a bit of manual intervention, especially if you have a local repository.
What's New in pacman 7.0.0?
Before version 7.0.0, pacman
would download packages with the same privileges as your regular user account. Starting from the new version 7.0.0, pacman will now use a separate user with limited permissions when downloading. This is a security feature to minimize risks.
However, if you have a local repository (a place on your computer where you store your own custom packages), this new feature might cause a small hiccup.
The Problem with Local Repositories
Let’s say you have a local repository. This could be a folder something like: /home/username/localrepo
.
Here’s what happens after the update:
Problem:
- Pacman’s new download user doesn’t have access to the files in your local repo because the permissions haven’t been set correctly.
- This means
pacman
won’t be able to download or install packages from your local repo unless you fix the permissions.
How to Fix It:
To fix this issue, you need to give the alpm group (a group that pacman uses) permission to access your local repository files.
You can do this by running the following command:
chown :alpm -R /home/username/localrepo
Replace /path/to/local/repo
with the actual path to your local repository.
The above command changes the group ownership of the folder (and all the files inside it, because of the -R
flag) to the alpm group, which is the group pacman uses.
You also need to make sure that the folders in your local repo are executable, meaning pacman can enter and read them. You can do this with the chmod command if needed, but usually, this is set automatically.
What About .pacnew
Files?
Sometimes when you update a program, like pacman
, Arch Linux generates new configuration files with the .pacnew
extension.
For example, you might find a file called pacman.conf.pacnew
. These are new versions of configuration files, but Arch doesn’t automatically overwrite your current config to avoid messing up your custom settings.
What to Do:
- You need to compare your old configuration file (like
pacman.conf
) with the.pacnew
file (likepacman.conf.pacnew
). - If there are important changes in the
.pacnew
file, you should merge them into your existing config file to avoid issues.
Checksum Stability for Git Repos
Pacman also made a change to improve how it handles checksums for packages that use Git sources. If your package uses Git sources and has a .gitattributes
file, you might need to update the checksums in your PKGBUILD
file. This is a one-time change.
In Summary;
- Pacman now uses a different user for downloading to improve security.
- If you have a local repository, you need to change its permissions so pacman can still access it.
- You need to check
.pacnew
files after the update and merge any important changes into your existing configuration. - If you use packages that pull from Git repositories, you might need to update the checksum in your build scripts.
Wrapping Up
The update to pacman 7.0.0 brings some great improvements, but it also requires a bit of manual intervention, especially if you have a local repository. By following the steps above, you can ensure that your local repository works smoothly with the new pacman update. Don't forget to merge those .pacnew
files and update your checksums if needed.
Resource: