Arch -- useful user tips

[abarbarian]

On 5/10/2022 at 12:09 AM, securitybreach said:

Do you honestly want gnome-keyring to unlock automatically as that sounds like a security risk? It looks like you can autologin into gnome-keyring though: https://bbs.archlinux.org/viewtopic.php?id=249486

 

I want Surfshark to automatically start when I boot the pc.

 

Things have improved somewhat. when I boot up now, I get the popup asking for the "default password"  after entering this Surfshark opens and with just one click it now connects me to the server of my choice.

 

Now if only I can get rid of that "default keyring " popup on boot. From my reading I think it can be done if you use a login manager but I use startx. So far I have not been able to make sense of the information I have found on the net.

Do we have any Gnomies here who could throw some light on the problem ??

[securitybreach]

You could just disable the gnome-keyring altogether https://wiki.archlinux.org/title/GNOME/Keyring

[abarbarian]

On 5/11/2022 at 11:29 AM, securitybreach said:

You could just disable the gnome-keyring altogether https://wiki.archlinux.org/title/GNOME/Keyring

 

Ta.

 

I'll have to look into this after me holls.

[abarbarian]

On 9/10/2017 at 3:25 PM, securitybreach said:

I do use a hook to automatically take care of mirrorlist.pacnew files though.

 

/etc/pacman.d/hooks/mirrorlist.hook

 

[Trigger]
Type = Package
Operation = Install
Operation = Upgrade
Target = pacman-mirrorlist

[Action]
Description = Updating mirrorlist...
When = PostTransaction
Exec = /usr/bin/env sh -c "reflector --country 'United States' --latest 50 --age 24 --sort rate --save /etc/pacman.d/mirrorlist; if [[ -f /etc/pacman.d/mirrorlist.pacnew ]]; then rm /etc/pacman.d/mirrorlist.pacnew; fi"

 

 

 

This basically uses reflector to grab the latest 50 mirrors for the USA and sort them by speed. Then it removes the /etc/pacman.d/mirrorlist.pacnew file.

 

Just caught up with this part of me Arch maintenance.

 

If you are using REFLECTOR then you do not need a pacman hook. As you can just do in /etc/pacman.conf.

 

NoExtract   = etc/pacman.d/mirrorlist

 

All of the tweaking for reflector is done through /etc/xdg/reflector/reflector.conf.Mine is,

 

Quote

--save /etc/pacman.d/mirrorlist
--country GB,EE,FI,LV,LT
--protocol https
--latest 10
--sort age 24
--fastest 10

 

If you make changes to the reflector.conf then you may wish to refresh the mirrorlist ahead of schedule so use,

 

systemctl start reflector.service

 

To check that the timer is set correctly run,

 

systemctl list-timers
Thu 2023-02-23 12:04:00 GMT 3 days left Thu 2023-02-02 15:51:21 GMT 2 weeks 3 days ago archlinux-keyring-wkd-sync.timer archlinux-keyring-wkd-
Mon 2023-02-27 01:20:33 GMT 6 days left Mon 2023-02-20 10:45:10 GMT 36min ago          fstrim.timer                     fstrim.service
Mon 2023-02-27 02:32:46 GMT 6 days left Mon 2023-02-20 10:44:34 GMT 36min ago          reflector.timer                  reflector.service

 

Edited February 20, 2023 by abarbarian

[securitybreach]

2 minutes ago, abarbarian said:

 

Just caught up with this part of me Arch maintenance.

 

If you are using REFLECTOR then you do not need a pacman hook. As you can just do in /etc/pacman.conf.

 

Well things change in 6 years...

[abarbarian]

Easily Convert Images to WebP on Linux and macOS

Quote

WebP is a modern, open source, image format that provides superior lossless and lossy compression ( as well as animation and alpha transparency ) for images on the web.

There are a lot of online tools that will allow you to convert your images but, why upload your images on a random server when you can easily convert them right on your computer?

 

If you capture pictures from the net for your own use or for posting in say forums then this new WebP format is a right pain as some forums will not accept the format for posts. As the article states you can use on-line methods but it may be quicker or easier to convert on your own pc. You may of course want to convert from JPG/PNG etc to WebP.

 

Using cwebp/dwebp to Convert Images

 

Quote

Use cwebp on the command line to convert PNG or JPEG image files to WebP format.

 

cwebp image.png -o image.webp

 

Quote

Use dwebp on the command line to convert WebP image files to the PNG or PPM format. You can convert a WebP image file, say image.webp to a PNG image with the command:

 

dwebp image.webp -o image.png

 

You may need libwebp which was already installed on my Arch as it needed by several other programs.

 

https://archlinux.org/packages/extra/x86_64/libwebp/

 

I found that converting WebP was a right old pain till I found this neat little cli tip.

 

Edited February 20, 2023 by abarbarian

[abarbarian]

23 minutes ago, securitybreach said:

Well things change in 6 years...

 

Gosh has it taken me that long to carry out some basic maintenance

[abarbarian]

kernel-modules-hook

 

https://github.com/saber-nyan/kernel-modules-hook

 

Quote

Tired of missing modules when updating the kernel?
Annoyed by modprobe: FATAL: Module smth not found in directory /lib/modules/new-kernel?
Losing uptime after reboots due to kernel update?

 

After doing an update that has a new kernel some programs will not work unless you do a reboot. This little program may be just what you are looking for. It was in the AUR but is now in the EXTRA repo.

I could not find out a great deal about it on the net apart from some out of date information and some fud. As it is now in the EXTRA repo I do not anticipate any problems running it.

Have just installed it and will post back if I have any problems.

Edited June 19, 2023 by abarbarian

[securitybreach]

I seen that the other day and went to mention it but like you said, no real details about it on the net.

[abarbarian]

46 minutes ago, securitybreach said:

I seen that the other day and went to mention it but like you said, no real details about it on the net.

 

Well I have installed it but there has been no kernel update so I can not say how it performs. If it works ok then it will be a neat addition.

[securitybreach]

Well usually I will just wait until something stops working until I do the reboot after a kernel update. Like how earlier the usb ports stopped working until I rebooted but it usually takes a day or so before it goes wonky.

[securitybreach]

There has always been things like Ksplice but that is mostly only used for servers.

[securitybreach]

Ksplice is an open-source extension of the Linux kernel that allows security patches to be applied to a running kernel without the need for reboots, avoiding downtimes and improving availability. Ksplice supports only the patches that do not make significant semantic changes to kernel's data structures.

 

https://en.wikipedia.org/wiki/Ksplice

[abarbarian]

10 hours ago, securitybreach said:

Well usually I will just wait until something stops working until I do the reboot after a kernel update.

 

Same here but having a program not work until a reboot can be annoying. Not such a big deal with faster boot up times but it was a real pain back when.

 

10 hours ago, securitybreach said:

There has always been things like Ksplice but that is mostly only used for servers.

 

Too techy for this old grey cell. 

[abarbarian]

Kernel-modules   --- UPDATE

 

It seems that the above is working as I had a kernel update. Here is the output after updating.

 

(28/32) upgrading linux                            [----------------------] 100%
(29/32) upgrading linux-headers                    [----------------------] 100%
(30/32) upgrading nvidia                           [----------------------] 100%
(31/32) upgrading python-zeroconf                  [----------------------] 100%
(32/32) upgrading yt-dlp                           [----------------------] 100%
:: Running post-transaction hooks...
( 1/15) Restoring Linux kernel modules...
++ uname -r
+ KVER=6.3.8-arch1-1
+ test -e /usr/lib/modules/backup/6.3.8-arch1-1
+ rsync -AHXal --ignore-existing /usr/lib/modules/backup/6.3.8-arch1-1 /usr/lib/modules/
+ rm -rf /usr/lib/modules/backup
( 2/15) Creating system user accounts...
( 3/15) Reloading system manager configuration...
( 4/15) Reloading device manager configuration...
( 5/15) Arming ConditionNeedsUpdate...
( 6/15) Updating module dependencies...
( 7/15) Install DKMS modules
==> dkms install --no-depmod v4l2loopback/0.12.7 -k 6.3.9-arch1-1
==> depmod 6.3.9-arch1-1
( 8/15) Updating linux initcpios...
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'

 

[abarbarian]

Keeping a list of all explicitly installed packages can be useful to backup a system or quicken the installation of a new one:

 

https://wiki.archlinux.org/title/Pacman/Tips_and_tricks#List_of_installed_packages

 

I followed the wiki and did this for my install

 

To keep an up-to-date list of explicitly installed packages (e.g. in combination with a versioned /etc/), you can set up a hook. 2023

 

Arch packages

 

[Trigger]
Operation = Install
Operation = Remove
Type = Package
Target = *

[Action]
When = PostTransaction
Exec = /bin/sh -c '/usr/bin/pacman -Qqen > /etc/pacman.d/hooks/pkglist.txt'

 

 

--asdeps for Arch packages

 

[Trigger]
Operation = Install
Operation = Remove
Type = Package
Target = *

[Action]
When = PostTransaction
Exec = /bin/sh -c '/usr/bin/comm -13 <(pacman -Qqdt | sort) <(pacman -Qqdtt | sort) > /etc/pacman.d/hooks/optdeplist.txt'

 

 

Foreign packages

 

[Trigger]
Operation = Install
Operation = Remove
Type = Package
Target = *

[Action]
When = PostTransaction
Exec = /bin/sh -c '/usr/bin/pacman -Qqem > /etc/pacman.d/hooks/foreignpkglist.txt'

 

[securitybreach]

Neat but I just use these to get a list of all packages (native + aur) and install on new machine

 

pacman -Q | awk '{print $1}' > pkg.list 

 

Then to reinstall after installing paru, I run this to reinstall everything:

 

cat pkg.list | xargs paru -S --needed --noconfirm

 

Also, make sure to capture your /etc/ and $HOME configs

 

Having a pacman hook is neat but how often do people reinstall?

[securitybreach]

I keep my list on github under my config folder

[abarbarian]

9 minutes ago, securitybreach said:

Neat but I just use these to get a list of all packages (native + aur) and install on new machine

 

pacman -Q | awk '{print $1}' > pkg.list 

 

Then to reinstall after installing paru, I run this to reinstall everything:

 

cat pkg.list | xargs paru -S --needed --noconfirm

 

Also, make sure to capture your /etc/ and $HOME configs

 

Having a pacman hook is neat but how often do people reinstall?

 

That looks neat. As to how often folk reinstall. Depends on the user I guess and how much they know and how much they fiddle. They say Nero was an Arch user.

[abarbarian]

Came across this very neat site the other day. It gives detailed information on both Arch official packages and AUR packages.

 

Explore Arch Versions - Your Ultimate Guide

Searching for  the " refind " package in  the official section we get,

 

Quote

3. Information about the refind package on Arch Linux

Repository : extra
Name : refind
Version : 0.14.0.2-2
Description : An EFI boot manager
Architecture : x86_64
URL : https://www.rodsbooks.com/refind/
Licenses : BSD-2-Clause CC-BY-SA-3.0 CC-BY-SA-4.0 GPL-2.0-only
GPL-2.0-or-later GPL-3.0-or-later LGPL-2.1-or-later
LGPL-3.0-or-later OR CC-BY-SA-3.0
Groups : None
Provides : None
Depends On : bash dosfstools efibootmgr
Optional Deps : gptfdisk: for finding non-vfat ESP with refind-install
imagemagick: for refind-mkfont
openssl: for generating local certificates with refind-install
python: for refind-mkdefault
refind-docs: for HTML documentation
sbsigntools: for EFI binary signing with refind-install
sudo: for privilege elevation in refind-install and
refind-mkdefault
Conflicts With : None
Replaces : None
Download Size : 986.76 KiB
Installed Size : 1979.74 KiB
Packager : David Runge
Build Date : Sun Nov 26 20:04:41 2023
Validated By : MD5 Sum SHA-256 Sum Signature@archlinux.org>

 

You also get details of how to install and uninstall the program with " pacman ". One note of caution here though they give,

 

Quote

2. Uninstall "refind" package

Please follow the steps below to uninstall refind on Arch Linux:

$ sudo pacman -Rcns refind

 

Using the " c " option in the pacman command above can make you system unusable. Find details on this in the Arch Wiki and make your own mind up as to using it or not.

 

Quote

# pacman -Rsc package_name

To remove a package, which is required by another package, without removing the dependent package:

Warning: The following operation can break a system and should be avoided. See System maintenance#Avoid certain pacman commands.

 

Searching for Window Maker  in the AUR section we get,

windowmaker-extra

and three different windowmaker's,

 

windowmaker-crm-git

windowmaker-git

windowmaker

 

On the windowmaker page you get instructions,

 

Install "windowmaker" effortlessly via AUR with the help of a helper(YAY)

and

 

Manually Install "windowmaker" via AUR

 

Which is useful for new users of Arch, though I prefer a different AUR helper. Interesting to see that the uninstall hint does not have the "c " option.

 

Quote

(Optional) Uninstall windowmaker on Arch using YAY

$ yay -Rns windowmaker

 

So which windowmaker would you use ? Well windowmaker is the one to use as the other two are no longer maintained currently. From the information given at this site it is hard to tell as the dates given in the information section are a tad strange.

 

Quote

3. Information about the windowmaker package on Arch User Repository (AUR)

ID: 1390358
Name: windowmaker
PackageBaseID: 128929
PackageBase: windowmaker
Version: 0.96.0-1
Description: An X11 window manager with a NEXTSTEP look and feel
URL: http://www.windowmaker.org/
NumVotes: 22
Popularity: 0.089027
OutOfDate:
Maintainer: bidulock
Submitter: Barthalion
FirstSubmitted: 1515341746
LastModified: 1705904112
URLPath: /cgit/aur.git/snapshot/windowmaker.tar.gz

 

You can only find out the current state of the program by going to the AUR itself and looking up the programs. The date mix up is strange as on the AUR page the date is set correctly in a normal readable fashion.

 

All in all this is a neat site. The site also does the same thing for all the main distros.

 

 

Edited March 7 by abarbarian

[securitybreach]

Neat but you really should be using pacman -Rns for removing packages.

[securitybreach]

 

Quote

 

Pacman saves important configuration files when removing certain applications and names them with the extension: .pacsave. To prevent the creation of these backup files use the -n option:

# pacman -Rn package_name

 

[abarbarian]

53 minutes ago, securitybreach said:

Neat but you really should be using pacman -Rns for removing packages.

 

Yeah that is why I included the advisory below.

 

58 minutes ago, abarbarian said:

You also get details of how to install and uninstall the program with " pacman ". One note of caution here though they give,

 

Quote

2. Uninstall "refind" package

Please follow the steps below to uninstall refind on Arch Linux:

$ sudo pacman -Rcns refind

 

Using the " c " option in the pacman command above can make you system unusable. Find details on this in the Arch Wiki and make your own mind up as to using it or not.

 

Quote

# pacman -Rsc package_name

To remove a package, which is required by another package, without removing the dependent package:

Warning: The following operation can break a system and should be avoided. See System maintenance#Avoid certain pacman commands.

 

[abarbarian]

Fstrim for ssd and nvme drives

 

As part of me new install of Arch I looked into using fstrim as the discard (continuous trim) option in fstab is not recommended for the above drives.

 

Quote

By enabling the existing fstrim.timer systemd unit file by default, will cause weekly execution of the fstrim.service. This service acts only on mounted filesystems listed in fstab. On supported hardware (e.g. most SD Card, SSD, and NVMe drives), LVM thin provisioned storage, and file systems (e.g. ext4, XFS, Btrfs, f2fs, VFAT), fstrim will inform underlying physical storage device's firmware about unused blocks. This hinting can make wear leveling and block erasure more efficient.

The timer will execute Monday at 00:00 local time. If the system is inactive at this time, it will be run immediately upon becoming active again (upon wake from suspend, during or very soon after boot). 

 

Quote

Periodic TRIM  

The util-linux package provides fstrim.service and fstrim.timer systemd unit files. Enabling the timer will activate the service weekly. The service executes fstrim(8) on all mounted filesystems listed in fstab on devices that support the discard operation.

The timer relies on the timestamp of /var/lib/systemd/timers/stamp-fstrim.timer (which it will create upon first invocation) to know whether a week has elapsed since it last ran. Therefore there is no need to worry about too frequent invocations, in an anacron-like fashion. 
 

 

Useful commands

 

sudo systemctl enable fstrim.timer

sudo systemctl list-timers

sudo systemctl status fstrim.timer

sudo systemctl disable fstrim.timer

 

I also came across this tip,

 

https://fedoraproject.org/wiki/Changes/EnableFSTrimTimer

 

Quote

Advanced customizations:

Like any systemd unit customization, the user shouldn't directly modify /usr units. Example: sudo systemctl edit fstrim.service and insert a modified ExecStart line using --all instead of --fstab, which then creates /etc/systemd/system/fstrim.service.d containing override.conf; reboot or systemctl daemon-reload; and now fstrim is applied to all mounted file systems. For more information see:
https://www.freedesktop.org/software/systemd/man/systemctl.html
https://www.freedesktop.org/software/systemd/man/systemd.unit.html

 

This is what I did

 

Quote

Advanced customizations:   ---2024-AMD-ARCH

Like any systemd unit customization, the user shouldn't directly modify /usr units.

 Example: 

sudo systemctl edit fstrim.service     and insert a modified

 

 ExecStart line using --all instead of --fstab

 

[Service]
ExecStart=
ExecStart=/usr/bin/fstrim --all

 

which then creates /etc/systemd/system/fstrim.service.d containing override.conf

 reboot or systemctl daemon-reload and now fstrim is applied to all mounted file systems.
 

 

The red highlight is the modified entry for the file. Not sure if I needed the empty EXEC= line but am almost sure you need the [Service] addition. I wonder if anyone can confirm that everything is correct for  me ? 

[sunrat]

29 minutes ago, abarbarian said:

The red highlight is the modified entry for the file. Not sure if I needed the empty EXEC= line but am almost sure you need the [Service] addition. I wonder if anyone can confirm that everything is correct for  me ? 

 Sounds like it should work. Here's the default Debian fstrim.service file, a bit different (doesn't Arch have a default one?).
 

[Unit]
Description=Discard unused blocks on filesystems from /etc/fstab
Documentation=man:fstrim(8)
ConditionVirtualization=!container

[Service]
Type=oneshot
ExecStart=/sbin/fstrim --listed-in /etc/fstab:/proc/self/mountinfo --verbose --quiet-unsupported
PrivateDevices=no
PrivateNetwork=yes
PrivateUsers=no
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
MemoryDenyWriteExecute=yes
SystemCallFilter=@default @file-system @basic-io @system-service

 

Works fine here.

[securitybreach]

3 hours ago, abarbarian said:

Fstrim for ssd and nvme drives

 

As part of me new install of Arch I looked into using fstrim as the discard (continuous trim) option in fstab is not recommended for the above drives.

 

 

 

Useful commands

 

sudo systemctl enable fstrim.timer

sudo systemctl list-timers

sudo systemctl status fstrim.timer

sudo systemctl disable fstrim.timer

 

I also came across this tip,

 

https://fedoraproject.org/wiki/Changes/EnableFSTrimTimer

 

 

This is what I did

 

 

The red highlight is the modified entry for the file. Not sure if I needed the empty EXEC= line but am almost sure you need the [Service] addition. I wonder if anyone can confirm that everything is correct for  me ? 

 

Yup Trim is only intended for SSDs.

[securitybreach]

I use this instead of FTRIM on my SSDs:

 

Quote

 

Using the discard option for a mount in /etc/fstab enables continuous TRIM in device operations:

/dev/sda1  /           ext4  defaults,discard   0  1

 

https://wiki.archlinux.org/title/Solid_state_drive#Continuous_TRIM

[abarbarian]

1 hour ago, securitybreach said:

I use this instead of FTRIM on my SSDs:

 

https://wiki.archlinux.org/title/Solid_state_drive#Continuous_TRIM

 

Reason I decided to use fstrim  and not discard is due to the note at the start of the wiki page.

 

Quote

Note: If you want to use TRIM, use either periodic TRIM or continuous TRIM. Continuous TRIM is not the most preferred way to issue TRIM commands among the Linux community. For example, Ubuntu enables periodic TRIM by default [2], Debian does not recommend using continuous TRIM and Red Hat recommends using periodic TRIM over using continuous TRIM if feasible [3].

 

It was advice or information on the last part of my post that I was interested in.

[abarbarian]

5 hours ago, sunrat said:

Sounds like it should work. Here's the default Debian fstrim.service file, a bit different (doesn't Arch have a default one?).

 

Yup the Arch one looks just like yours.

[securitybreach]

It runs this executable:

 

Quote

 

[Unit]
Description=Discard unused blocks on filesystems from /etc/fstab
Documentation=man:fstrim(8)
ConditionVirtualization=!container

[Service]
Type=oneshot
ExecStart=/usr/bin/fstrim --listed-in /etc/fstab:/proc/self/mountinfo --verbose --quiet-unsupported
PrivateDevices=no
PrivateNetwork=yes
PrivateUsers=no
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
MemoryDenyWriteExecute=yes
SystemCallFilter=@default @file-system @basic-io @system-service

 

 

I've been using this for many years now.