Arch Linux

Keeping up with security updates for your web browser is of increasing practical relevance. Under normal conditions this means important updates roughly every couple of weeks.

Mainline firefox or chromium packages are typically easy mode: For most people it's a matter of staying on top of regular pacman updates. torbrowser-launcher updates from inside the browser and is also usually painless to manage.

Running custom builds or forks from AUR requires more attention. Is the AUR package up to date? If it's a fork: Are security updates from Mozilla/Google downstreamed in a timely manner? Have you built it? Can you still build it? How long since you pulled and rebuilt that ungoogled-chromium binary and how many CVEs has it racked up by now?

Anyone running firefox-esr or any derivative like icecat, waterfox^1^, mullvad-browser or konform-browser from AUR should probably be paying attention to this right now:

Arch Linux repositories updated llvm and clang to v22 on 2026-03-07. This caused a regression for Firefox ESR packaging resulting in compilation failure when building.

Firefox ESR 14.9.0 was released on 2026-03-24.

This means that since then, users of the AUR packages for these browsers have not been able to build a new version with security fixes on up to date Arch Linux system. Some users may be prepared to handle this by maintaining separate build infra with internal registry where keeping system packages frozen on older version is acceptable but for everyone else, this is a conundrum.

Anyone browsing the web on firefox-esr or a derivative should make sure you get fixes for the issues addressed in 140.9.0 asap.

konform-browser AUR package has been patched with clang 22 toolchain fixes from mozilla and should now build succesfully. The other forks including firefox-esr will still need manual patching or downgrading clang toolchain packages to v21 to compile. The konform-browser patches for clang 22 are in the AUR repo and should be portable to the other browsers too. If others can share their results in testing (both X11 and Wayland) or reviewing the fix, this might help in sorting out the firefox-esr situation sooner than later, too.

^1^: Looking at git log it claims to build as of the wasi-compiler-rt21 makedepends but I have still not been able to make it compile when attempting. Please LMK if I'm holding it wrong and there is a way!

Announcement brought to you by Konform Browser

I have a basic firewall, but did not use App Armor, SELinux, or kernel blacklists. I definitely shut down port 22 just for now. It's just a laptop daily driver. Should I do more?

Also, I'm now addicted to Arch. I'm using Hyprland with it. This means I've got two bleeding edge wares and that gets rough sometimes when things break. I want Arch on my desktop gaming rig though. I tired other distros but I just love Arch. Has anyone tried using Ansible to manage multiple installations? I really can't maintain two so I was wondering if Ansible would make it easier, especially for updating.

cross-posted from: https://sh.itjust.works/post/56239562

Hello, I have been trying to get my drivers to play more nice with my hardware. When I originally installed Arch, it automatically installed the nouveau driver which mostly worked. However I was having issues with some windows rendering with big white boxes and a couple random crashes of the OS.

After looking into fixes I was recommended to swap to nvidia drivers, and I followed a guide to install the AUR nvidia-470xx-utils. But this completely broke my drivers. Luckily I was able to use TTY to revert these changes and got the nouveau drivers reinstalled.

With that background out of the way, I'm now dealing with some new issues. After logging in it now takes much longer to load the desktop and my whole system will randomly reboot. I'm hoping someone can point me in the right direction.

I am happy to post any more info or clarify points, I'm still very new to a lot of this.

Here is my gpu readout when I run lspci -v:

01:00.0 VGA compatible controller: NVIDIA Corporation GK107M [GeForce GT 650M Mac Edition] (rev a1) (prog-if 00 [VGA controller]) Subsystem: Apple Inc. Device 00fc Flags: fast devsel, IRQ 16 Memory at c0000000 (32-bit, non-prefetchable) [size=16M] Memory at 90000000 (64-bit, prefetchable) [size=256M] Memory at a0000000 (64-bit, prefetchable) [size=32M] I/O ports at 2000 [size=128] Expansion ROM at c1000000 [disabled] [size=512K] Capabilities: Kernel modules: nouveau, nvidia_drm, nvidia

Why is nftables a dependency for docker? I thought docker used iptables for networking? Also I didn't think you were supposed to have nftables and iptables installed at the same time so should I now replace iptables with iptables-nftables?

Hey everyone,

So I did my usual weekly system update with paru -Syu this morning. The update went through normally. nothing major, no core packages, Nvidia, or Plasma updates from what I could tell when I glanced at the packages. I also checked the Arch news beforehand to see if anything required manual intervention and there was nothing.

I went ahead and rebooted and tried logging into a Wayland session from SDDM, and it froze on the desktop immediately. Couldn't even get into a TTY from there.

This issue is somewhat familiar and has happened to me before. Usually, it’s fixable by rebooting or unplugging and plugging back in an external monitor. So I did a forced reboot (holding power) and tried again same freeze. Tried once more, still the same.

Then I booted into X11, logged in, and initially it seemed fine. I resized the scaling to 125% (it was at 100%), logged out and tried logging back into x11 and it froze again.

I had no idea what broke. I ended up going into TTY from GRUB and restoring a Timeshift snapshot from a day ago. After that, I could log in normally again.

Has anyone else run into this issue?

PS: I wanted to check the journal and debug it, but I had to catch a bus for vacation, so my laptop is at home. Will try to investigate more later.

cross-posted from: https://programming.dev/post/45148310

Supac is a declarative package manager written in Rust fully scriptable in nushell. It's meant to make it easy to use the native package managers in existing distros without going through the associated headaches of using Nix, while maintaining the ergonomics of structured data in nushell.

Currently supported backends are:

• Archlinux and derivatives
• flatpak
• cargo/cargo-binstall
• uvx (packages only for now)
• rustup toolchains

I daily drive it, and it works well. Feel free to give it a try!

I am always tinkering with my setup. Isn't that that normal for many linux users, especially Arch users?

I have for many years used GRUB, and have touched on using systemd-boot. I ditched systemd-boot rather quickly because I wanted to be able to list snapshots within GRUB and was happy with that until one day I couldn't for the life of me get snapshots to restore upon loading one.

So I started looking around; and found Limine, limine-snapper-sync, and Liminie-mkinitcpio-hook

After finding those, I pulled out a spare machine to test doing a clean install with Limine and proceeded to install snapper, and the above packages for syncing, along with snap-pac. I found it quite easy to use. I even tested restoring a snapshot. It was flawless for my use case.

So I then converted my laptop from GRUB to limine, and then my gaming rig.

I am quite happy with it.

What bootloader do you use, and why?

I'm using hyprland, and I have a wallpaper where I want the visualizer to go behind objects. I have an overlay, but I don't know what the best way to get the overlay in front of the buildings is. I have tried using hyprpaper and mpvpaper, but neither seemed to support transparency.

I’ve been running Arch (vanilla) on a dell laptop for more than a year now, and really happy with it. I also just installed Omarchy on an ancient machine both to try to give it a bit more life and try out a tiling window manager.

I’m now planning to move my main desktop machine over from windows 10, but it has a 1070ti graphics card—which I’m quite happy with as I don’t game at all, and only occasionally run small local LLM models for messing around. I don’t need a newer card, but of course, Nvidia…

So, would I be better off replacing it now with AMD or something else, or just using the older drivers? Will the 580xx- driver still give me a few years before I need to worry.?

I will miss RTX Voice, but happy to give noisettorch a go.

Just installed updates from Pacman, not even touching the AUR. Now when I reboot machine, this happens. It just reboots itself and the cycle repeats itself. Any solutions?

Play chess in your terminal

https://archlinux.org/packages/extra/x86_64/chess-tui/

I don't know how I ganked it. Was trying to screw with config stuff to set up MPD because I've never done it before. Now I turn on the machine and it is missing the ly greeter. Instead, I type in my username and password and it gives me a terminal. I have no idea what to do now. Got me considering the nuclear option (wave a white flag and install over this drive with Debian).

Help?

Edit: the ly display manager bit the dust for some reason. Just installed sddm and now I'm back in business!

Edit 2: Apparently ly just needed a new symlink because they changed something and the old one no longer works. Back to using my favorite display manager and using my computer as I usually do. Thanks for the help, folks! Y'all are great <3

Is there a FOSS only repo like Debain's main? I couldn't see anywhere in The official repos if core allows non-free repos.

Hi everyone, I'm trying to install vivado (2025.2) on my recent install of arch Linux. I've seen this error occur in a lot of Linux distros, and usually it was resolved by installing libncurses and other packages ( which i did successfully do on fedora and other distros). That said, with arch it seems these packages aren't available since it cannot be found by the package manager.

I'm wondering if anyone knows what dependencies are needed, if there are alternatives, to get vivado to work on arch.

Hello again guys.

I'd like to be able to mute discord notification sounds in addition to toggling off the dunst popup (the latter of which I already have working) but I cant seem to be able to find a way to do so, and control it through the sxhkd keybind.

Here is my keybind to disable notifications:

# Toggle notifications on/off
super + shift + comma
	sh -c 'if dunstctl is-paused | grep -q "true"; then dunstctl set-paused false; notify-send -t 2500 "Notifications enabled"; else notify-send -t 2500 "Notifications disabled"; sleep 2.5; dunstctl set-paused true; fi'

However even after I toggle notifications off, I still hear the discord pings which frankly is annoying when I'm trying to concentrate on something, or watching a movie or whatever.

Anyone have any idea how to do this without breaking too much of my setup haha?

Thanks in advance as always, and of course if you need more info do ask.

Hello everyone, I've had an issue with discord on Arch Linux for a long time, but only now had the time to document the error (had to photograph it with phone and transcribe it).

Its a weird one, buckle up.

At random times, discord crashes which causes my polybar to crash, as well as my sxhkd, which obviously means my computer is practically useless until I hard shutdown using the power button on my case. Whats weird is that sometimes it will go weeks without crashing, and other times it will crash frequently in a short time span (e.g. it crashed a couple times yesterday, and once today).

Here is the error as I photographed it:

And here it is after I manually copied it into a text editor (keep in mind I might have missed a character here or there because of this).

A JavaScript Error occurred in the main process

Uncaught exception:
Error: EROFS: read-only file system, write
	at writeSync (node:fs:923:3)
	at SyncWriteStream._write (node:internal/fs/sync._write_stream:275)
	at writeOrBuffer (node:internal/streams/writable:572:12)
	at _write (node:internal/streams/writable:501:10)
	at Writeable.write (node:internal/streams/writable:510:10)
	at console.value (node:internal/console/constructor:298:16)
	at console.warn (node:internal/console/constructor:405:26)
	at transport.writeFn (/opt/discord/resources/app.asar/node_modules/electron-log/src/node/transports/console.js:45:7)
	at transport (/opt/discord/resources/app.asar/node_modules/electron-log/src/node/transports/console.js:51:15)
	at Logger.processMessage (/opt/discord/resources/app.asar/node_modules/electron-log/src/core/Logger.js:175:11)

Anyone have any idea how I can troubleshoot this?

I also tried checking the following directory but it doesn't exist on my PC:

/opt/discord/resources/app.asar/node_modules/electron-log/src/core/

I only have the file /opt/discord/resources/app.asar So obviously something is going on there that shouldn't be happening.

I've got no idea how to troubleshoot node apps, so would appreciate any help from those of you who have those skills.

Thanks in advance! Please let me know if you need more info or need me to run commands and show you the output, and Ill do so.

cross-posted from: https://feditown.com/post/2146379

I want a display manager that shows the desktop as the background, instead of a background image or video. I'm thinking of auto-logging in on boot, and adding another startup command to Hyprland to lock the desktop and show the display manger. My searches didn't yield anything. The closest I could find is hyprlock which blurs the desktop, but that's just a lock screen & not a proper display manager.

Hello everyone!

I would like certain windows to remain in full screen even if another tiled/floating window is opened on the same workspace. I would also like the tiled/floating windows to remain above the full screen window so that they don't disappear if I click on the full screen window.

The primary use case for this is games such as Eve Online, where I use a number of external tools which may or may not spawn new windows over the game window (e.g. the Rift Intel tool, which spawns a new small floating window whenever someone writes in one of the intel channels you set Rift to monitor). I dont want it to exit full screen mode. If a tiled or floating window is opened on the same window then Eve also goes into tiled mode.

Reading up a little about this I came across the concept of layers in bspwm, but I'm not entirely sure if they fit for this use case. Here's an example of what I don't want to happen:

(The Hostile Reported popup window is from Rift and spawns wherever focus is)

Normally I have it be entirely fullscreen. I'd like to be able to interact with these and other popup windows in tiled/floating mode without pulling Eve out of fullscreen.

How can I begin to work on this? Of course if you would like more info please ask and I'll provide it.

Thanks in advance!

[SOLUTION (I think)] I had to add this rule for my Eve client:

bspc rule -a "steam_app_8500" state=fullscreen layer=below border=off focus=on

but also had to add this rule for the Rift Intel tool:

bspc rule -a "dev-nohus-rift-MainKt" state=floating layer=above

I guess this is the way to do it for any set of programs where you want one to keep its fullscreen status but have others above it

NOTE: This also applied the same behaviour to the eve launcher since the way steam proton works both the launcher and the clients have the same WM_CLASS. If anyone knows any way to distinguish them in bspwm please let me know. Here is what I get for each when running xprop:

$ xprop | grep -E 'CLASS|NAME'
_NET_WM_NAME(UTF8_STRING) = "EVE Launcher" WM_ICON_NAME(STRING) = "EVE Launcher" WM_NAME(STRING) = "EVE Launcher" WM_LOCALE_NAME(STRING) = "en_US.UTF-8" WM_CLASS(STRING) = "steam_app_8500", "steam_app_8500"
# Click on launcher

$ xprop | grep -E 'CLASS|NAME'
_NET_WM_NAME(UTF8_STRING) = "EVE" WM_ICON_NAME(STRING) = "EVE" WM_NAME(STRING) = "EVE" WM_LOCALE_NAME(STRING) = "en_US.UTF-8" WM_CLASS(STRING) = "steam_app_8500", "steam_app_8500"
# Click on client

Ive tried rewriting the rule as such:

bspc rule -a "steam_app_8500:steam_app_8500:EVE" state=fullscreen layer=below

and also adding a rule for the launcher specifically (before the client rule):

bspc rule -a "steam_app_8500:steam_app_8500:EVE Launcher" state=tiled layer=normal

But the launcher still opens in fullscreen. The client however seems to be fine - it opens in fullscreen on the 'below' layer so when a new window is opened on the same workspace it isn't forced into tiled mode.

Hello everyone :)

I have this in a script which I call from my .zshrc:

#!/bin/zsh

# ~/.bin/check_last_update.sh

GREEN='\033[92m'
YELLOW='\033[93m'
RED='\033[91m'
RESET='\033[0m'

# Check if there are available updates for packages
num_packages_to_update=$(checkupdates | wc -l)

if (( num_packages_to_update >= 0 && num_packages_to_update <= 20 )); then
	echo -e "${GREEN}Available updates: $num_packages_to_update${RESET}" >> /dev/tty
elif (( num_packages_to_update > 20 && num_packages_to_update <= 50 )); then
	echo -e "${YELLOW}Available updates: $num_packages_to_update${RESET}" >> /dev/tty
else
	echo -e "${RED}Available updates: $num_packages_to_update${RESET}" >> /dev/tty
fi

# Kernel version check
running_kernel=$(uname -r)
installed_kernel=$(pacman -Q linux | awk '{print $2}' | cut -d '-' -f1 | cut -d '.' -f1,2,3)

running_kernel_base=$(echo "$running_kernel" | cut -d '-' -f1)

if [[ "$running_kernel_base" != "$installed_kernel" ]];
then
	echo -e "${RED}Kernel mismatch detected. Reboot recommended.${RESET}" >> /dev/tty
fi

It works, but when I open a new terminal it may take up to 2 seconds for the prompt to show up. Is there a way of speeding this up?

Would it be a good idea to perform the checks in the background every hour or so, maybe with a systemd timer or something, and cache the results (or possibly to make it even more efficient, just store a file somewhere out of the way containing the number of updates and if there is a kernel mismatch - maybe on separate lines so when I open a terminal I can easily query the file and get exactly what I need) so that when I open a new terminal instead of checking with the live repositories it checks the cached data? Also, I guess this would mean that if a package has become available for update after the last time the check script runs, then the number it tells me will be less than the actual number of available updates, right?

Thanks in advance!

I have a 500MB boot partition, and I keep only the linux and linux-lts kernels.

Recently I see that the partition only has about 23Mb free.

Is there some recent change which increased the kernel's size significantly?

I plan on installing Arch on the ROG Ally X because:
1: I need it as my daily driver.
2: Don’t want the OS to be immutable.
3: Don’t want a “handheld OS” with Steam preinstalled (Steam is a privacy nightmare and I plan on at least using it within a sandbox).

Is there anything I should know / do before the installation or any tips anyone has for better compatibility? Or anyone who’s gone through the process whom I can learn a thing or two from.

Thank you in advance <3

I have decided that, simply put, I am very, very tired of my computer acting against me and gaining new problems every day as if they were achievements in a video game, so I’m going to take advantage of my Linux experience with the Steam Deck and Raspberry Pi OS to finally start moving away from Windows!

Hello everyone,

I'm experiencing an issue while trying to run dracut on my Arch Linux system. When I execute the command dracut -f, I receive the following error:

Can't write to /efi/f515a4a11be148a580c14dcbdcc58ef9/6.16.4-zen1-1-zen: Directory /efi/f515a4a11be148a580c14dcbdcc58ef9/6.16.4-zen1-1-zen does not exist or is not accessible.

• Kernel Version: 6.16.4-zen1-1-zen
• Dracut Version: 108
• The EFI partition is mounted correctly:

  /dev/nvme1n1p1 on /efi type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro)
  

• The permissions for the /efi directory are as follows:

  drwxr-xr-x 4 root root 4096 Nov 21  2022 /efi/EFI
  

• There are no logs in /var/log/dracut.log.
• I have not made any recent changes to my system that I believe would affect the boot process.
• Interestingly, when I update the kernel using yay linux, dracut can regenerate the initrd without any issues:

  /efi ❯❯❯ yay -S linux
  Sync Explicit (1): linux-6.16.4.arch1-1
  warning: linux-6.16.4.arch1-1 is up to date -- reinstalling
  ...
  (3/4) Updating initramfs with dracut
  --> Building initramfs for linux (6.16.4-arch1-1)
  

Questions:

• Has anyone encountered a similar issue or can provide guidance on how to resolve this?
• Are there any additional checks or commands I should run to diagnose the problem further?

Thank you for your help!

I got a bunch of firmware issues afte updating my system (i don't think it was an arch linux update, but still), and then I start getting awful lag spike, and my computer crashes, stating lack of ram. My caps lock light doesn't toggle, so I think it's a lower level issue.

Anyways, I tried going on the forums to see if anyone had similar issues lately, but it seems to be down.

Has anyone got issues with their drivers, or is it just my laptop getting too old?