Small collection of commands to maintain Garuda packages

Hi there :slight_smile:

I wrote a couple of commands, who could help you to manage your packages. :smiley:

There is already an old thread about that, but it turned out that editing that original post is not intended by this forum, so I opened a repository

1 Like

I gave it a very superficial look, this is my feedback: nice idea but...

The option --skip-mirrorlist should not have any issue with partial upgrades: at worst an older package will be installed than the latest available, but the system will remain consistent.
Even if one or more of the mirrors fail, pacman is smart enough to use the same mirror for all the packages.
What would risk a partial upgrade is a pacman -S not immediately followed by a full upgrade: any packages installed meanwhile risk to be "too recent" with respect to others installed on the system.

The option --noconfirm ... I have to check how is handled by garuda-update.
With plain pacman, it's not a good idea, it's safe most of the times but there are cases when the default interaction is necessary, e.g. when a new version adds a conflict with something else.
Arch can't be upgraded unattended (again, as far as I understand...)

Also, using --noconfirm and --skipreview with AUR packages has security implications.

To upgrade AUR packages too, there's garuda-update --aur.
It will use paru, or if not found, yay.

The remove options, I'm not very sure but again I'd rather see and confirm what is going to be removed, especially with a recursive/cascade/unnedeed remove.

One thing that would help to avoid the "coming back to see it's waiting" (or that it failed) would be to extend the default sudo password timeout.
Most useful when upgrading AUR packages and the rebuild takes a long time.


To anyone who surely knows better than me:
please point out any incorrect information in the above text.

Thanks for your feedback

The option --skip-mirrorlist should not have any issue with partial upgrades

Yes, I agree.

What gives you the impression, I think otherwise?

What would risk a partial upgrade is a pacman -S not immediately followed by a full upgrade: any packages installed meanwhile risk to be ā€œtoo recentā€ with respect to others installed on the system.

Yeah, I agree as well. This is why I do make that state impossible. :smiley:

The option --noconfirm ā€¦ I have to check how is handled by garuda-update.

Like with normal pacman, as far as I understand.

With plain pacman, itā€™s not a good idea, itā€™s safe most of the times but there are cases when the default interaction is necessary, e.g. when a new version adds a conflict with something else.
Arch canā€™t be upgraded unattended (again, as far as I understandā€¦)

The default option is always the safest option. Is that not the case, would I consider that a bug on the other side. Why would you make the unsafe option the default?

Also, using --noconfirm and --skipreview with AUR packages has security implications.

Using the AUR as security implications. I figured, the most people couldnt tell a security issue when its dancing on its nose. I agree that it has security issues, and I think the target audience group is unable to take the benefit that a preview gives them. It just limits their ability to install packages.

And personally, I find it highly annoying, how its implemented. :slightly_frowning_face:

To upgrade AUR packages too, thereā€™s garuda-update --aur.

I prepare the script, to make it easy to replace paru with another Arch helper.
Long term, I will also try to make other Arch distributions compatible.
In this version, I wanted garuda-update to work, since it provides significant benefits compared to normal pacman updates, so long as you use Garuda.

I didnt wanted to lose these benefits, for the sake of compatibility.
And checking for the distro and then implementing different options, seemed to be too much overhead for now.

I want to implement a more advanced system, that also takes other AUR helpers into account.

P.S: Just saw that the routing through the search command doesnt work.
I added some echos to make clear, what command is run and if it succeeds and I forgot that this hinders the different options to execute successfully.

1 Like

The mentioned issue has been resolved.

Thanks for clarifications, makes sense.

most people couldnt tell a security issue when its dancing on its nose

LOL, so true.
Neither do I to be honest, or rather, Iā€™m just too lazy to bother most of the times. :crossed_fingers:

The default option is always the safest option. Is that not the case, would I consider that a bug on the other side. Why would you make the unsafe option the default?

This I donā€™t understand. Isnā€™t --noconfirm the default in the scripts?
I think itā€™s convenient, but unsafe.

What gives you the impression, I think otherwise?

Maybe this:

The option --skip-mirrorlist makes the update go faster and has the drawback, that you might theoretically hit a mirror, that is out of sync. And this could put your system in a partially updated state.

As far as I understand, that should not happen, unless a mirror is serving a ā€œbrokenā€ database.
But that could also happen with a mirror already in the mirrorlist.

The default option is meant to be safe. The pacman developers, and applications in general, try to make safe choices to be default.

So you dont do anything, that would break your system, or anything.

As before with the security issue, this is simply adding convenience for the price that the user needs to know, what he is doing. Since most users do rely on safe defaults, and would just as likely simply accept the default answer anyway (or even worse, choose the non-save, non-default answer) I do not see a potential issue with choosing the safe default by default.

People rely on it anyway, again, they dont check.

As far as I understand, that should not happen, unless a mirror is serving a ā€œbrokenā€ database.

It does happen. And quite frequently so.

https://archlinux.org/mirrors/status/

Ugh!
I just found milcheck while looking for more info.

2 Likes

Inspired by this revelation, I just wrote this quick-and-dirty crap:

mirrorlist_sanitize_outofsync

depends=('grep' 'sed' 'curl') optdepends('htmlq') :slight_smile:
If htmlq is available it will be used to scrape the html, otherwise since the page is very well formatted a reasonable sed contraption is.
If anyone knows how to determine if a server is out-of-sync from the json I'd like to know too.
It seems to me, that precious piece of information is not there (milcheck also scrapes the html).

#!/bin/bash

# exit on errors
set -e

_mirrorlist="/etc/pacman.d/mirrorlist"
_outofsync="curl https://archlinux.org/mirrors/status/"

_usage="usage:
  sudo ${0##*/}   normal  : edit mirrorlist in-place
  ${0##*/} -d     dry run : copy mirrorlist to .
  ${0##*/} -D     debug   : copy mirrorlist to . and cache online status
"

# process options
case "$1" in
  -d) test -f ./mirrorlist || cp "$_mirrorlist" .
      _mirrorlist="./mirrorlist"
      ;;
  -D) test -f ./mirrorlist || cp "$_mirrorlist" .
      test -f ./arch_mirrors_status.html || $_outofsync -o ./arch_mirrors_status.html
      _mirrorlist="./mirrorlist"
      _outofsync="cat ./arch_mirrors_status.html"
      ;;
  '') if (($EUID)); then
      printf "error: you cannot perform this operation unless you are root.\n$_usage" 1>&2
      exit 13
      fi
      ;;
   *) printf "error: unrecognized argument '$1'\n$_usage" 1>&2
      exit 22
      ;;
esac

# get list of servers from the mirrorlist
mirrorlist_servers() {
  grep -oP '^Server += +\K[^$]+' $_mirrorlist
}

# get list of out-of-sync mirrors from the arch mirror status webpage
outofsync_mirrors() {
  if command -v htmlq >/dev/null; then
    $_outofsync |htmlq '#outofsync_mirrors tr td:first-of-type' |grep -oP '\<td\>\K[^<]+'
  else
    $_outofsync |sed -n '/table id="outofsync_mirrors"/,/\/table/{/:\/\//s/\s*\|<[^>]*>//gp}'
  fi
}

# fetch data
_timestamp=$(date +%F\ %R)
_mirrorlist_servers=$(mirrorlist_servers)
_outofsync_mirrors=$(outofsync_mirrors)

# backup the mirrorlist
cp ${_mirrorlist} ${_mirrorlist}.bak-outofsync

# comment out any out-of-sync mirrors
_retcode=0
for _mirror in $_mirrorlist_servers; do
  if grep -F "$_mirror" <<<$_outofsync_mirrors; then
    _retcode=1
    sed -i -E "s|^Server += +$_mirror.*$|# & # out-of-sync on $_timestamp|" $_mirrorlist
  fi
done
# TODO: (maybe) uncomment previously out-of-sync mirrors now functional

# check if all mirrors are disabled
if ! mirrorlist_servers >/dev/null; then
  _retcode=2
fi

# messages
case $_retcode in
  0)  printf "no out-of-sync servers found.\n"; rm -f ${_mirrorlist}.bak-outofsync ;;
  1)  printf "\nwarning: some out-of-sync servers have been disabled.\n" ;;
  2)  printf "\nerror: all mirrorlist servers are out-of-sync and have been disabled!\nregenerate the mirrorlist.\n" ;;
esac 1>&2

exit $_retcode

The above will comment out any out-of-sync servers from the mirrorlist.
Out-of-sync mirrors will be printed to stdout, messages to stderr.
Return codes: 0=none 1=some 2=all out-of-sinc, or 13 if run without -d and not root.
Options -d and -D are for dry-run / debug, else edit the mirrorlist in-place.

Comments and corrections welcome.

1 Like

There is also

2 Likes

Garuda-update has a custom --noconfirm engine that does what pacmanā€™s noconfirm does except a little smarter like handling certain types of conflicts automatically (answering Y instead of the default N)

5 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.