Arch Planet

Planet Arch Linux is a window into the world, work and lives of Arch Linux developers, trusted users and support staff.

RSS Feed

nvidia 455.28 is incompatible with linux >= 5.9


nvidia is currently partially incompatible with linux >= 5.9 [1] [2]. While graphics should work fine, CUDA, OpenCL, and likely other features are broken. Users who've already upgraded and need those features are advised to switch to the linux-lts kernel for the time being until a fix for nvidia is available.

Distri – Comparing Apples and Oranges?


Last weekend we had what I consider to be the very successful Arch Conf 2020. This included a talk by Michael Stapelberg about distri, his Linux distribution to research fast package management. Michael showed an example of installing QEMU in Continue reading →

ghostpcl>=9.53.2-2 and ghostxps>=9.53.2-2 updates require manual intervention


The ghostpcl and ghostxps packages prior to version 9.53.2-2 were missing a soname link each. This has been fixed in 9.53.2-2, so the upgrade will need to overwrite the untracked files created by ldconfig. If you get any of these errors ghostpcl: /usr/lib/ exists in filesystem ghostxps: /usr/lib/ exists in filesystem when updating, use pacman -Syu --overwrite /usr/lib/,/usr/lib/ to perform the upgrade.

Stream details, video details and come help out!


Schedule The schedule for the conference has been published for the conference and can be found in the CFP system. Please check out all the great talks we have! Stream The stream is going to be available through the CCC Video Operation Center, which will be hosting our main stream, and a re-stream on Twitch. C3VOC: Twitch channel: For questions during the Q&A sessions, one can use the IRC channel #archlinux-conf-q&a on Freenode, or write them on the Twitch chat.

Arch Conf 2020 schedule


On the 10th and 11th of October there is going to be an online edition of Arch Conf. The conference is going to have presentations from the Arch team along with community submitted presentations and lightning talks. We are proud to announce the first revision of the schedule! The conference timezone is CEST/UTC+2: Updates and additional information can be found on the conference page: See you there! Cheers from the conference team.

Kill Arch Bugs: Help us on the 13th of September!


We would like to hold a bug wrangling day on the 13th of September to reduce the large amount of open tickets. If you cannot take part in the bug wrangling day, then feel free to help us any time before that event. How? Please review all bugs that were reported by you and check if they are still valid. Please request a task closure on the bug tracker if the task may be closed. Otherwise please provide further information so that we can continue to work on the bug. We cannot fix bugs without your feedback. Questions? Join us at #archlinux-bugs channel on during 13th of September. As we live in different timezones not all devs and bug wranglers will be available at the same time, but feel free to report your issues to any dev available. Also please check your mailboxes that may contain notifications about comments made on your tickets.

Google Summer of Code 2020


Intro I spent the last three to four months working on the open source project in-toto as part of my Google Summer of Code stipend at the Cloud Native Computing Foundation (CNCF). Followers of my blog might have read already about in-toto. If you do not know the project, I suggest you have a look on my introduction to in-toto. The introduction article has been written as part of my Google Summer of Code stipend and gives a good overview about the project and what its objectives are.

Arch Conf Online 2020


During the weekend of 10th and 11th of October there is going to be an online Arch Linux conference. The details are currently being worked on, but the Call for Participation has been published and people can submit their talk ideas until the 18th of September. All talks are expected to be recorded as it will ease the planning for the live portion of the stream, however there are going to be live Q&A session with the presenters if they are available.

How I install Arch Linux


Recently I have installed Arch Linux on a shiny new Lenovo Thinkpad T14 AMD. This blog article shall mainly be a reminder for me for the future, but feel free to use anything useful in it. I did not install Arch Linux for a long time (nearly over 8 years, lol). Therefore I never saw a need to automate an Arch Linux installation. I am aware, that there are solutions for automated Arch Linux installation.

Google Summer of Code 2020


tl;dr Just give me the link to the PR: Intro This blog post tracks my accomplishments during my Google Summer of Code 2020 Stipend at CNCF. I have spend around three months on working on For tracking I am using the goal-setting framework OKR (objectives and key results). My main objective has been to implement in-toto-run functionality in the in-toto Go implementation. However, I have also fixed a few other issues on this journey and wrote a blog post about in-toto.

AUR Migration: New SSH HostKeys


Due to the fact that the AUR has been migrated to a new server, the SSH HostKeys used to connect to the host have changed. These are the new keys fingerprints: Ed25519: SHA256:RFzBCUItH9LZS0cKB5UE6ceAYhBD5C8GeOBip8Z11+4 ECDSA: SHA256:uTa/0PndEgPZTf76e1DFqXKJEXKsn7m9ivhLQtzGOCI RSA: SHA256:5s5cIyReIfNNVGRFdDbe3hdYiI5OelHGpw2rOUud3Q8 The fingerprints above can also be found on the AUR home page when not logged in.

Wayland in 2020


It is nearly a year since my last blog article about Wayland on Linux. Thus I thought it is time for an update on how my desktop with sway developed. What happened? I changed my file sharing scripts I moved from rofi to bemenu I changed my scripts, that were based on rofi For my file sharing scripts I introduced a new helper script with the generic name share.

Fix PDF Display on Chrome


For many months I had a weird issue with displaying PDFs in chrome on my website. I always thought this is a browser issue and would be fixed soon, but actually it was an issue with my Content Security Policy (CSP). If you ever stumbled upon my CV you might have looked on this: Finally I could fix this, after finding this Chrome issue here: The problem got triggered via my strong CSP.

Improving the Secure Boot user experience


Secure boot tooling is terrible, can we do better? Currently the most widely used tooling for secure boot is the Ubuntu sbsigntools and efitools. If you are currently using secure boot both of these packages are probably installed on your system. Both of them support the basics of generating signature lists and signing the EFI variables with certificates, but they still have differences which is a source of confusion. efitools has 3 different ways of generating signature lists, cert-to-efi-hash-list, cert-to-sig-list and hash-to-efi-sig-list.

Test driving Flathub mirror for users in China


One of the reasons Flathub is relatively fast regardless of where it’s used is CDN service provided by Fastly. This is not a good thing for users from China though, where Fastly, and thus Flathub, is blocked. Similar services are operating in China, but being an open source project, it’s easy to guess our budget is close to zero. A fellow Arch developer, Felix Yan suggested some VPS providers that are considered “China-friendly”. In the end, I configured two new servers in Seoul using Oracle Cloud free tier. As Flathub enforces the remote URL for historical reasons, switching to …

Introduction to in-toto


Today I would like to talk about supply chains. I am participating as package maintainer for several years for now and supply chains are one of the key factors that were on my mind the most. As package maintainer I try to ensure, that all users can be certain, that they are actually using what the project owners had in their minds. This only works with a secure supply chain. This secure supply chain seems to be a big problem for many devs.

Not seeing the wood for the trees


The way Flathub infrastructure works is not complicated for current trends, but there are enough moving parts to make debugging transient issues tricky. When a user starts a download, Flatpak connects to CDN provided by Fastly. CDN connects to one of two front servers, VPSes acting as caching load balancers/proxies in front of hub, the main server exposing ostree repositories and publishing new builds with flat-manager. These happen on Buildbot, another VPS. All HTTP servers are nginx. No magic involved; boring is an advantage for infrastructure. One long-standing issue was random 503 Service Unavailable errors, causing Flatpak to …

Identify the OS via ping


This article will be rather short. I just wanted to highlight something, that not much people know. This could be helpful for network diagnostics or capture-the-flag games. If you ever find yourself in the situation to identify a device’s OS only by it’s IP address, you can try just pinging the device. The TTL (Time-To-Live) will give you an hint about the OS. You can use the following table for the beginning:

Postmortem 2020-04-28


Prolog My server went down today. So I’ve decided to write a little postmortem for me, so that I will hopefully learn from my server outage. This is also a nice moment to learn how Google writes postmortems: Overview Date: 2020-04-29 Status: Complete, action items in progress Impact: The following of my components went down for a period of 5 hours and 6 minutes: WKD server https// (images are partly persist unavailable) IRC bouncer git server Root Causes: Backup restore mechanisms didn’t work as expected.

Packaging LXD for Arch Linux


With the release of 3.20, LXD was included into the community repository of Arch Linux in January, and has currently been sitting there happily for the past months. LXD is a container manager from Canonical that manages containers as if they where independent machines in a cluster. I have somehow taken to calling them “containers-as-machines”. This is in contrast to podman and docker which would be “containers-as-applications”. Think of lxd as ganeti, but for containers.

Changing the expiration date of your Yubikey


In this, hopefully short, article I want to summarize what I’ve did for changing the expiration date of my GPG key on my Yubikey. This tutorial is for all people who has generated their GPG key on their laptop and then transferred it to the Yubikey. If you’ve generated the GPG key pair on the Yubikey, you will not need this. We need to differentiate between two cases: Changing the expiration date of a subkey or changing the expiration date of your GPG master key.

zn_poly 0.9.2-2 update requires manual intervention


The zn_poly package prior to version 0.9.2-2 was missing a soname link. This has been fixed in 0.9.2-2, so the upgrade will need to overwrite the untracked files created by ldconfig. If you get an error zn_poly: /usr/lib/ exists in filesystem when updating, use pacman -Syu --overwrite usr/lib/ to perform the upgrade.

nss>=3.51.1-1 and lib32-nss>=3.51.1-1 updates require manual intervention


The nss and lib32-nss packages prior to version 3.51.1-1 were missing a soname link each. This has been fixed in 3.51.1-1, so the upgrade will need to overwrite the untracked files created by ldconfig. If you get any of these errors nss: /usr/lib/ exists in filesystem lib32-nss: /usr/lib32/ exists in filesystem when updating, use pacman -Syu --overwrite /usr/lib\*/ to perform the upgrade.

Share your Wifi via QR code


Hey, this is going to be a short blog article. A few days ago I had a friend at my place who asked for the Wifi password. So I presented my 32 char WPA2 key and we all got very frustrated, because we had to type it in manually. After typing the key in, I thought there must be a better solution for tackling this problem, like generating a QR code.

hplip 3.20.3-2 update requires manual intervention


The hplip package prior to version 3.20.3-2 was missing the compiled python modules. This has been fixed in 3.20.3-2, so the upgrade will need to overwrite the untracked pyc files that were created. If you get errors such as these hplip: /usr/share/hplip/base/__pycache__/__init__.cpython-38.pyc exists in filesystem hplip: /usr/share/hplip/base/__pycache__/avahi.cpython-38.pyc exists in filesystem hplip: /usr/share/hplip/base/__pycache__/codes.cpython-38.pyc exists in filesystem ...many more... when updating, use pacman -Suy --overwrite /usr/share/hplip/\* to perform the upgrade.