Arch Linux Pacman 7.0.0 Security Enhancement and Local Repository Configuration Tuning Guide

Arch Linux users pay attention! The default package manager Pacman introduced new security features in version 7.0.0. Pacman 7.0.0 brings a lot of improvements, but it may also require some manual intervention, especially when using a local repository.

New features of Pacman 7.0.0

Prior to version 7.0.0, Pacman downloaded packages with the same permissions as regular users. Starting with version 7.0.0, Pacman will use a separate user with restricted permissions when downloading, a move designed to enhance security.

However, if you have a local repository (a local directory used to store custom packages), this new feature may cause some problems.

Local warehouse issues

Suppose you have a local repository, for example: /home/username/localrepo . After the update, the following issues may occur:

• Problem: The new downloader of Pacman cannot access files in the local repository due to incorrect permission settings. This means that unless you fix permissions, Pacman will not be able to download or install packages from the local repository.

• Solution: You need to grant the alpm group (the group used by Pacman) permission to access the local repository files. Execute the following command:

 chown :alpm -R /home/username/localrepo

Replace /home/username/localrepo with the actual path to your local repository. This command changes the owner group of the folder (and all files in it, because the -R tag is used) to the alpm group.

You also need to make sure that folders in your local repository have executable permissions so that Pacman can enter and read them. If necessary, you can use the chmod command, but usually this permission is automatically set.

.pacnew file processing

When updating programs such as Pacman, Arch Linux sometimes generates new configuration files with .pacnew extensions. For example, you might find a file named pacman.conf.pacnew . These are new versions of the configuration file, but Arch does not automatically overwrite your current configuration to avoid breaking your custom settings.

• How to do it: You need to compare the old configuration file (e.g. pacman.conf ) with the .pacnew file (e.g. pacman.conf.pacnew ). If there are important changes in the .pacnew file, you should merge it into an existing configuration file to avoid problems.

Git warehouse checksum stability

Pacman also makes changes to the way checksums of packages using Git sources. If your package uses a Git source and has a .gitattributes file, you may need to update the checksum in the PKGBUILD file. This is just a one-time change.

Summarize

The Pacman 7.0.0 update brings some significant improvements, but also requires some manual operations, especially when using a local repository. Follow the steps above to ensure that your local repository works smoothly with the new Pacman update. Be sure to merge the .pacnew file and update the checksum if needed.

Reference resources:

• http://miracleart.cn/link/287abb19da8aadbd118443e92685853e

The above is the detailed content of Pacman 7.0.0 Will Now Download Packages as a Separate User. For more information, please follow other related articles on the PHP Chinese website!