Arch Linux

1. kea >= 1:3.0.3-6 update requires manual intervention

   The kea package has moved all services to run as a dedicated kea user (instead of root) for improved security. This change requires permission updates to the runtime files created by the kea services.

   Users upgrading from an existing kea installation should therefore run the following commands after the upgrade:

   chown kea: /var/lib/kea/* /var/log/kea/* /run/lock/kea/logger_lockfile

   systemctl try-restart kea-ctrl-agent.service kea-dhcp{4,6,-ddns}.service

   Accounts that need to interact with kea services files (e.g. lease files under /var/lib/kea, log files under /var/log/kea or configuration files under /etc/kea) should be added to the kea group.

2. iptables now defaults to the nft backend

   The old iptables-nft package name is replaced by iptables, and the legacy backend is available as iptables-legacy.

   When switching packages (among iptables-nft, iptables, iptables-legacy), check for .pacsave files in /etc/iptables/ and restore your rules if needed:

   • /etc/iptables/iptables.rules.pacsave
   • /etc/iptables/ip6tables.rules.pacsave

   Most setups should work unchanged, but users relying on uncommon xtables extensions or legacy-only behavior should test carefully and use iptables-legacy if required.

3. NVIDIA 590 driver drops Pascal and lower support; main packages switch to Open Kernel Modules

   With the update to driver version 590, the NVIDIA driver no longer supports Pascal (GTX 10xx) GPUs or older. We will replace the nvidia package with nvidia-open, nvidia-dkms with nvidia-open-dkms, and nvidia-lts with nvidia-lts-open.

   Impact: Updating the NVIDIA packages on systems with Pascal, Maxwell, or older cards will fail to load the driver, which may result in a broken graphical environment.

   Intervention required for Pascal/older users: Users with GTX 10xx series and older cards must switch to the legacy proprietary branch to maintain support:

   • Uninstall the official nvidia, nvidia-lts, or nvidia-dkms packages.
   • Install nvidia-580xx-dkms from the AUR

   Users with Turing (20xx and GTX 1650 series) and newer GPUs will automatically transition to the open kernel modules on upgrade and require no manual intervention.

4. .NET packages may require manual intervention

   The following packages may require manual intervention due to the upgrade from 9.0 to 10.0:

   • aspnet-runtime
   • aspnet-targeting-pack
   • dotnet-runtime
   • dotnet-sdk
   • dotnet-source-built-artifacts
   • dotnet-targeting-pack

   pacman may display the following error failed to prepare transaction (could not satisfy dependencies) for the affected packages.

   If you are affected by this and require the 9.0 packages, the following commands will update e.g. aspnet-runtime to aspnet-runtime-9.0:

   pacman -Syu aspnet-runtime-9.0

   pacman -Rs aspnet-runtime

5. waydroid >= 1.5.4-3 update may require manual intervention

   The waydroid package prior to version 1.5.4-2 (including aur/waydroid) creates Python byte-code files (.pyc) at runtime which were untracked by pacman. This issue has been fixed in 1.5.4-3, where byte-compiling these files is now done during the packaging process.

   As a result, the upgrade may conflict with the unowned files created in previous versions. If you encounter errors like the following during the update:

   error: failed to commit transaction (conflicting files)

   waydroid: /usr/lib/waydroid/tools/__pycache__/__init__.cpython-313.pyc exists in filesystem

   waydroid: /usr/lib/waydroid/tools/actions/__pycache__/__init__.cpython-313.pyc exists in filesystem

   waydroid: /usr/lib/waydroid/tools/actions/__pycache__/app_manager.cpython-313.pyc exists in filesystem

   You can safely overwrite these files by running the following command:

   pacman -Syu --overwrite /usr/lib/waydroid/tools/\*__pycache__/\*