Keeping up with security updates for your web browser is of increasing practical relevance. Under normal conditions this means important updates roughly every couple of weeks.

Mainline firefox or chromium packages are typically easy mode: For most people it's a matter of staying on top of regular pacman updates. torbrowser-launcher updates from inside the browser and is also usually painless to manage.

Running custom builds or forks from AUR requires more attention. Is the AUR package up to date? If it's a fork: Are security updates from Mozilla/Google downstreamed in a timely manner? Have you built it? Can you still build it? How long since you pulled and rebuilt that ungoogled-chromium binary and how many CVEs has it racked up by now?

Anyone running firefox-esr or any derivative like icecat, waterfox^1^, mullvad-browser or konform-browser from AUR should probably be paying attention to this right now:

Arch Linux repositories updated llvm and clang to v22 on 2026-03-07. This caused a regression for Firefox ESR packaging resulting in compilation failure when building.

Firefox ESR 14.9.0 was released on 2026-03-24.

This means that since then, users of the AUR packages for these browsers have not been able to build a new version with security fixes on up to date Arch Linux system. Some users may be prepared to handle this by maintaining separate build infra with internal registry where keeping system packages frozen on older version is acceptable but for everyone else, this is a conundrum.

Anyone browsing the web on firefox-esr or a derivative should make sure you get fixes for the issues addressed in 140.9.0 asap.

konform-browser AUR package has been patched with clang 22 toolchain fixes from mozilla and should now build succesfully. The other forks including firefox-esr will still need manual patching or downgrading clang toolchain packages to v21 to compile. The konform-browser patches for clang 22 are in the AUR repo and should be portable to the other browsers too. If others can share their results in testing (both X11 and Wayland) or reviewing the fix, this might help in sorting out the firefox-esr situation sooner than later, too.

^1^: Looking at git log it claims to build as of the wasi-compiler-rt21 makedepends but I have still not been able to make it compile when attempting. Please LMK if I'm holding it wrong and there is a way!

Announcement brought to you by Konform Browser

I've had the following error on F2FS, I've deleted the affected folder, and would keep getting the same error on F2FS.

I tried reformatting to EXT4, and am now still getting the same error. I checked if Modprobe could enable the "overlay" module, but I get the following error:

sudo ls /lib/modules/$(uname -r)/kernel/fs/overlayfs/overlay.ko
ls: cannot access '/lib/modules/6.19.6-arch1-1/kernel/fs/overlayfs/overlay.ko': No such file or directory
sudo modprobe overlay
modprobe: FATAL: Module overlay not found in directory /lib/modules/6.19.6-arch1-1

However the following does exist:

/lib/modules/6.19.8-arch1-1/kernel/fs/overlayfs/overlay.ko.zst

And also go this error:

Error: configure storage: kernel does not support overlay fs: 'overlay' is not supported over extfs at "/home/dudess/.local/share/containers/storage/overlay": backing file system is unsupported for this graph driver

The following shows CONFIG_OVERLAY_FS=m which online it says it could be available but is not loaded.

zcat /proc/config.gz | grep OVERLAY_FS
CONFIG_OVERLAY_FS=m
CONFIG_OVERLAY_FS_REDIRECT_DIR=y
# CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW is not set
CONFIG_OVERLAY_FS_INDEX=y
CONFIG_OVERLAY_FS_XINO_AUTO=y
CONFIG_OVERLAY_FS_METACOPY=y
# CONFIG_OVERLAY_FS_DEBUG is not set

And the following shows ext4 for the file system type.

mount | grep ext4
/dev/nvme0n1p2 on / type ext4 (rw,relatime)

I am trying to update my PC, but I get this error and I don't really know how to fix it.

Thanks :D

For those of you still not satisfied with the Firefox fork ecosystem, we propose to you Konform Browser. Yes, it's another one about privacy and security with a canine logo. But I do think we have something to bring to the table.

This started as a fork of LibreWolf and now stands on its own four feet.

Some highlights to give an idea to those having used LibreWolf or another FF fork:

• Security: Konform is based on Firefox ESR. This means a more stable base without missing out on the latest security updates, in exchange for longer time waiting for the newest features from Firefox.
  • In this sense (and a few others), Konform Browser is closer to IceCat/GNUZilla than it is to Librewolf.
• Freedom: Konform allows a higher level of customization. It gives the user control and trusts you with that responsibility. Some examples:
  • Allows enabling dark mode and following system theming even when Resist Fingerprinting is enabled.
  • Allows installing your own self-built unsigned add-ons
  • "Spoof referer source" user configuration option
• Privacy and security: Disables all browser features relying on external network connections^1^.
  • "RemoteSettings" is completely disabled^2^.
  • No cloud "AI" integrations. You can run Konform on a disconnected network and not notice any reduced functionality.
  • All telemetry, metrics, and ads from the browser disabled.
  • OCSP turned off.
  • tcpdump and see the difference

Oh, and it actually builds on Arch, in contrast to IceCat^3^. In fact, currently the only supported distribution channels are source on Codeberg and AUR.

While it's not entirely newborn, it's still early days so we won't say "trust me bro" here - this is currently not ready for a non-technical audience but rather looking to engage with people who might already be building their own Firefox or Chromium forks. Continuing work on what we consider a production-ready browser while not rushing to ship a single binary is intentional.

I should add that even if we contrast with LibreWolf above, this is not at all meant as a dig or criticism. That we chose it as base and that it's the easiest to compare with is a testament both to how closely aligned we are and that Konform has a lot to thank Librewolf and the wider Firefox customization community for. Like they built from Librefox and Arkenfox to bring private browsing to a wider audience, so are we but the next to try help widen and deepen the browser ecosystem.

Doors open for users, testers and contributors. Looking forward to hear what you think and if there's anything missing.

^1^: One notable exception is allowing the bundled uBlock origin to perform filter lists updates.

^2^: This means that local full-page translation is also unavailable even if in principle it should be possible to bundle and run translations fully locally. It's just the way Mozilla built it. Patches towards allowing users to enable fully offline translations would be very welcome.

^3^: For now; I'm sure they will fix it too. Lots of respect for the GNUZilla/IceCat people.

https://codeberg.org/konform-browser

https://aur.archlinux.org/packages/konform-browser

Screenshot

An overview of the work done on the ALPM project in 2024 and 2025.

Arch noob here: Is there a single command to install from the AUR? And if the answer is no, why not?

I first found the distro when I was in high school , I already using Debian-based distros as my host OS at that time.Arch's icon attracting me to try it(blue is my favorite color). However, when I started the installation, a CLI appeared instead of GUI, and since I had only been using GNU+Linux for a short time, I gave up.

One day, while scrolling the Chinese forum "2047" (hosted outside China)there 's a post https://2047.one/t/17974#Post-183536 recommending https://archlinuxstudio.github.io/ArchLinuxTutorial/#/ (It has English translation), an online book written by free software enthusiastic user who uses Arch, book was in detailed, covered not only install,daily usage,gaming and circumvent the GFW .The book first emphasize the importance of software freedom and encourage using Arch as it upgrade-cycle immediately brings new features , the book I was excited and start installation following the guide.

However,I couldn't understand the partition step and use Archinstall to done the installation,inside Virt-manager.A day I did pacman -Syyu,Anki runs into problem,and after next pacman -Syyu,the whole system runs into problem,as a noob I can't fix it,mainly I just need restart That deck of Anki as I didn't back up.I stop using Arch,decide try it in future.

This year(I'm a college student now),I have seen safety concerns about Ventoy,so I decided reinstall Debian without Ventoy.The ArchLinuxTutorial write UEFI method but no BIOS,boot Arch iso into virt-manager it will be BIOS,I thought I can first try to install Arch again as Host OS.

On 18th Sep,I did GPG verify and DD command to flash USB drive as my first exprience,also encouraged me may successful install Arch this time,Arch was just like nightmare difficult just little easier compared with Gentoo to me.

19th,I tried near three times and figured out the step stops years ago:

mount /dev/sdax /mnt
mkdir /mnt/efi #Create efi directory
mount /dev/sdax /mnt/efi
mkdir /mnt/home #Create home directory
mount /dev/sdax /mnt/home

I used think Efi and Home folder is in /mnt,so I typed the same partition above,I mentioned the author created 3 partitions before,which match this chart.I passed it and read offcial Arch wiki create Swap by myself.These and after steps are all succeed,I look at the mention word tells me no error I feels so content.Just uncarefully missed 1 of the last steps,I went to sleep and complete restart installing on 20th,all the install finished.

I'm proud that I finally did this I thought uneasy in the past, gave confidence for me to try BIOS Arch install in VM and FreeBSD when I have time one day.Though I still don't understand many parts of the tutor. I was Just follow it and typing,sometimes struggling.

I still prefer stable release rather than rolling ,but I like the KISS principle.

Happy hacking!Recommend this book for you :)

It’s time to finally build the ticket to my well-deserved freedom from Windows! Join me as I desperately try to make this new Linux PC work, and who knows, it might even end up amazing!

Just days after the Archinstall 3.0.12 release for this text-based Arch Linux installer, Archinstall 3.0.13 is now available to deliver a new feature. That new feature is a text-based interface for being able to connect to a WiFi network within Archinstall.

For addressing a nearly three year old feature request to be able to connect to a wireless network from the Arch Linux installer, Archinstall 3.0.13 adds such support similar to other Linux distribution installers

Is using ArchInstall an OK and recommended way to install Arch?

https://wiki.archlinux.org/title/Archinstall

Also, last time I installed KDE, I got a huge amount of bloat software I didn't want. And searching for apps through the menu search would often unintentonal suggest apps I didn't want. And uninstalling these apps would not work sometimes as they were dependent on kde-full.

The Arch Linux team has once again been forced to respond to a distributed denial-of-service attack targeting its AUR repository infrastructure. As a result, DDoS protection has been enabled for aur.archlinux.org to help mitigate the ongoing disruption.

While this measure helps keep the AUR website accessible, it has introduced a significant side effect: pushing to the AUR is currently not possible.

I'm able to get to the BIOS on my desktop. But when greeted by the boot loader to choose between Arch or Arch fallback, after choosing, I lose display.

Sometimes I can get display, but its not consistent. Draining my computers power by unplugging the power cord and holding the power button works sometimes. Sometimes a simple reboot will work.

I have an Asus b550m-plus motherboard. It was working great with Arch until recently.

Edit: it uses by press e at the boot loader then putting nomodeset at the end, but the display is choppy compared to when its able to boot without it.

Edit: Installing linux-lts and directing my bootloader to it worked. I didn't even need to install linux.

I have decided that, simply put, I am very, very tired of my computer acting against me and gaining new problems every day as if they were achievements in a video game, so I’m going to take advantage of my Linux experience with the Steam Deck and Raspberry Pi OS to finally start moving away from Windows!

2025-08-21 - Christian Heusel

We want to provide an update on the recent service outages affecting our infrastructure. The Arch Linux Project is currently experiencing an ongoing denial of service attack that primarily impacts our main webpage, the Arch User Repository (AUR), and the Forums.

We are aware of the problems that this creates for our end users and will continue to actively work with our hosting provider to mitigate the attack. We are also evaluating DDoS protection providers while carefully considering factors including cost, security, and ethical standards.

To improve the communication around this issue we will provide regular updates on our service status page going forward.

As a volunteer-driven project, we appreciate the community's patience as our DevOps team works to resolve these issues. Please bear with us and thank you for all the support you have shown so far.

Workarounds during service disruption

• In the case of downtime for archlinux.org:
  • Mirrors: The mirror list endpoint used in tools like reflector is hosted on this site. Please default to the mirrors listed in the pacman-mirrorlist package during an outage.
  • ISO: Our installation image is available on a lot of the mirrors, for example the DevOps administered geomirrors. Please always verify its integrity as described on the wiki and confirm it is signed by 0x54449A5C (or other trusted keys that may be used in the future).
• In the case of downtime for aur.archlinux.org:
  • Packages: We maintain a mirror of AUR packages on GitHub. You can retrieve a package using: $ git clone --branch <package_name> --single-branch https://github.com/archlinux/aur.git <package_name>

Additional remarks

• Our services may send an initial connection reset due to the TCP SYN authentication performed by our hosting provider, but subsequent requests should work as expected.

• We are keeping technical details about the attack, its origin and our mitigation tactics internal while the attack is still ongoing.

OC by @Agility0971@lemmy.world

If you ever wanted to chroot into the generated initramfs here are the steps. I thought it was interesting so wanted to share.

mkdir -p /mnt/initramfs
cd $_
lsinitcpio -x /boot/initramfs-linux.img
mount --bind /proc ./proc
mount --bind /sys ./sys
mount --bind /dev ./dev
SHELL=/bin/ash chroot .

On the 16th of July, at around 8pm UTC+2, a malicious AUR package was uploaded to the AUR. Two other malicious packages were uploaded by the same user a few hours later. These packages were installing a script coming from the same GitHub repository that was identified as a Remote Access Trojan (RAT).

The affected malicious packages are:

• librewolf-fix-bin
• firefox-patch-bin
• zen-browser-patched-bin

The Arch Linux team addressed the issue as soon as they became aware of the situation. As of today, 18th of July, at around 6pm UTC+2, the offending packages have been deleted from the AUR.

We strongly encourage users that may have installed one of these packages to remove them from their system and to take the necessary measures in order to ensure they were not compromised.

According to the gamingonlinux discord, the following packages are also suspected to be compromised:

https://aur.archlinux.org/pkgbase/minecraft-cracked/

https://aur.archlinux.org/pkgbase/ttf-ms-fonts-all/

https://aur.archlinux.org/pkgbase/vesktop-bin-patched/

https://aur.archlinux.org/pkgbase/ttf-all-ms-fonts/

If you have any of these packages installed, immediately delete it and check your system processes for a process called systemd-initd (this is the RAT).

Here is an analysis of the malicious payload: https://www.virustotal.com/gui/file/d9f0df8da6d66aaae024bdca26a228481049595279595e96d5ec615392430d67

2025-06-21 - Jan Alexander Steffens

With 20250613.12fe085f-5, we split our firmware into several vendor-focused packages. linux-firmware is now an empty package depending on our default set of firmware.

Unfortunately, this coincided with upstream reorganizing the symlink layout of the NVIDIA firmware, resulting in a situation that Pacman cannot handle. When attempting to upgrade from 20250508.788aadc8-2 or earlier, you will see the following errors:

linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad103 exists in filesystem
linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad104 exists in filesystem
linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad106 exists in filesystem
linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad107 exists in filesystem

To progress with the system upgrade, first remove linux-firmware, then reinstall it as part of the upgrade:

# pacman -Rdd linux-firmware
# pacman -Syu linux-firmware

2025-06-16 - Peter Jung

We are transitioning the wine and wine-staging package to a pure wow64 build. This change removes the dependency on the multilib repository for wine and wine-staging.

The main reason for this is to align with upstream Wine development, which simplifies packaging and the dependency chain.

Potential Issues:

• OpenGL Performance: A known limitation of the new WoW64 mode is reduced performance for 32-bit applications that use OpenGL directly
• Breaking Changes: Existing 32-bit prefixes needs to be recreated

If you are facing issues with 32 bit prefixes, please recreate these and reinstall the application.

cross-posted from: https://lemmy.world/post/29327391

Valkey, a high-performance key/value datastore, will be replacing redis in the [extra] repository. This change is due to Redis modifying its license from BSD-3-Clause to RSALv2 and SSPLv1 on March 20th, 2024.

Arch Linux Package Maintainers intend to support the availability of the redis package for roughly 14 days from the day of this post, to enable a smooth transition to valkey. After the 14 day transition period has ended, the redis package will be moved to the AUR. Also, from this point forward, the redis package will not receive any additional updates and should be considered deprecated until it is removed.

Users are recommended to begin transitioning their use of Redis to Valkey as soon as possible to avoid possible complications after the 14 day transition window closes.