Message

Arch Linux

The latest and greatest news from the Arch Linux distribution.

  1. Changes to default password hashing algorithm and umask settings

    With shadow >= 4.14.0, Arch Linux's default password hashing algorithm changed from SHA512 to yescrypt.

    Furthermore, the umask settings are now configured in /etc/login.defs instead of /etc/profile.

    This should not require any manual intervention.

    Reasons for Yescrypt

    The password-based key derivation function (KDF) and password hashing scheme yescrypt has been chosen due to its adoption (readily available in libxcrypt, which is used by pam) and its stronger resilience towards password cracking attempts over SHA512.

    Although the winner of the Password Hashing Competition has been argon2, this algorithm is not yet available in libxcrypt (attempt one, attempt two).

    Configuring yescrypt

    The YESCRYPT_COST_FACTOR setting in /etc/login.defs is currently without effect, until pam implements reading its value. If a YESCRYPT_COST_FACTOR higher (or lower) than the default (5) is needed, it can be set using the rounds option of the pam_unix module (i.e. in /etc/pam.d/system-auth).

    General list of changes

    • yescrypt is used as default password hashing algorithm, instead of SHA512
    • pam honors the chosen ENCRYPT_METHOD in /etc/login.defs and does not override the chosen method anymore
    • changes in the filesystem (>= 2023.09.18) and pambase (>= 20230918) packages ensure, that umask is set centrally in /etc/login.defs instead of /etc/profile

  2. ansible-core >= 2.15.3-1 update may require manual intervention

    As of ansible-core 2.15.3, upstream moved documentation and examples to a separate dedicated repository (see the related changelogs).
    This means that, starting from version 2.15.3 the ansible-core package will stop shipping documentation and a default configuration example under /etc/ansible/ansible.cfg.

    Regarding the documentation, it is available online: https://docs.ansible.com/
    As for the configuration file, as explained in the wiki, a base config can be generated with the following command:

    ansible-config init --disabled > ansible.cfg

    After updating from ansible-core <= 2.15.2-1 to >= 2.15.3-1, everyone using a custom global Ansible configuration file stored under /etc/ansible/ansible.cfg will have their configuration saved as a pacsave file.
    To restore it, run the following command:

    mv /etc/ansible/ansible.cfg.pacsave /etc/ansible/ansible.cfg

  3. budgie-desktop >= 10.7.2-6 update requires manual intervention

    When upgrading from budgie-desktop 10.7.2-5 to 10.7.2-6, the package mutter43 must be replaced with magpie-wm, which currently depends on mutter. As mutter43 conflicts with mutter, manual intervention is required to complete the upgrade.

    First remove mutter43, then immediately perform the upgrade. Do not relog or reboot between these steps.

    pacman -Rdd mutter43

    pacman -Syu

  4. TeX Live package reorganization

    Starting from version 2023.66594-9, TeX Live packages have been reorganized to mirror upstream collections. Even though the new texlive-basic replaces the old texlive-core, many of the texlive-core contents (including language specific files) are now split between different packages. To find out which Arch package contains a specific CTAN package, you can use the tlmgr utility, eg.

    $ tlmgr info euler | grep collection
collection:  collection-latexrecommended

    which means the euler CTAN package is contained in texlive-latexrecommended. You may also use pacman -F to query for specific files.

    A new metapackage texlive-meta is available to install all subpackages (except for language specific ones), and the new texlive-doc package provides the full documentation for offline use.

  5. OpenBLAS >= 0.3.23-2 update requires manual intervention

    The openblas package prior to version 0.3.23-2 doesn't ship optimized LAPACK routine and CBLAS/LAPACKE interfaces for compatibility. This decision has been reverted now, and the ability to choose a different default system BLAS/LAPACK implementation while keeping openblas installed is now provided to allow future co-installation of BLIS, ATLAS, etc.

    The default BLAS implementation will be used for most packages like NumPy or R. Please install "blas-openblas" and "blas64-openblas" to make OpenBLAS the default BLAS implementation, just like the old behavior.

    Unfortunately you will get errors on updating if you currently have OpenBLAS installed as the default BLAS implementation:

    error: failed to prepare transaction (could not satisfy dependencies) :: installing openblas (0.3.23-2) breaks dependency 'blas' required by cblas :: installing openblas (0.3.23-2) breaks dependency 'blas' required by lapack

    Please append your preferred default BLAS implementation to the regular -Syu command line to get around it. For example:

    pacman -Syu blas-openblas

    or

    pacman -Syu blas



Joomla templates by a4joomla