We are currently experiencing a high volume of malicious package adoptions and updates in the Arch User Repository.
We are actively working to track down existing malicious commits and attempting to prevent additional malicious commits from being pushed.
While this is happening, and while we work to create a more permanent solution, users may see issues with the following:
- Creating new accounts on the AUR
- Pushing package updates
- Adopting or creating new packages
We continue to encourage all users of AUR packages to review all PKGBUILD and install script changes when updating, especially during this time.
If you notice suspicious commits to a package that you use, please reach out to Arch staff via the aur-general mailing list with more information.
Recently we held our leader elections and after a lively discussion period on the (internal) mailing lists and voting phase with two candidates Levente "anthraxx" Polyák was re-elected as Arch Linux Project Lead.
As per our election rules he is re-elected with the term lasting two years.
The role of of the project lead within Arch Linux is connected to a bunch of
responsibilities regarding decision making (when no consensus can be reached), community leadership, Code of Conduct enforcement, handling
financial matters with SPI and overall project management tasks.
Congratulations to Levente, thank you for stepping up to serve this community and all the best wishes for another successful term! 🥳
The Varnish project has renamed itself to Vinyl Cache.
We followed this rename with a new vinyl-cache package.
This upgrade results in breaking changes and users are advised to study these changes and how it affects them before following the replacement.
All references to "varnish" have been changed to "vinyl" in all binaries and directories.
At minimum, users will have to:
- rename
/etc/varnish to /etc/vinyl-cache
- rename
/var/lib/varnish to /var/lib/vinyl-cache
- fix up ownership of files inside
/var/lib/varnish
- user
varnish becomes vinyl
- group
varnish becomes vinyl
- user
varnishlog becomes vinyllog
- user
vcache remains the same
- disable the old
varnish.service and varnishncsa.service systemd units
- enable the new
vinyl-cache.service and vinylncsa.service systemd units
Meanwhile, the varnish package has been dropped from [extra].
We're not currently planning to maintain a new varnish package as it's a different upstream project.
The kea package has moved all services to run as a dedicated kea user (instead of root) for improved security. This change requires permission updates to the runtime files created by the kea services.
Users upgrading from an existing kea installation should therefore run the following commands after the upgrade:
chown kea: /var/lib/kea/* /var/log/kea/* /run/lock/kea/logger_lockfile
systemctl try-restart kea-ctrl-agent.service kea-dhcp{4,6,-ddns}.service
Accounts that need to interact with kea services files (e.g. lease files under /var/lib/kea, log files under /var/log/kea or configuration files under /etc/kea) should be added to the kea group.
