Arch Linux has released version 7.1.0 of the Pacman package manager, a vital tool used in the Arch Linux distribution. The latest release comes with several noteworthy changes:
- By default, mandatory digital signature verification for packages and files from the repository database is now enabled. The absence of a signature or an incorrect signature will result in an error message.
- There have been enhancements in the sandbox isolation of the handler loading data over the network. Limitations have been set on the number of system calls, the NO_NEW_PRIVS flag is activated to prevent privilege changes, and restrictions via the Landlock mechanism have been improved. Options have been added to pacman.conf and the command-line utility to control isolation.
- If there are expired keys, the system ensures a request to re-import them, assuming the keyserver already possesses updated keys.
- New features include the addition of the NPROC parameter to the makepkg utility for configuring the number of concurrent operations and the ability to parallelize file cleaning operations. Support for specific fields in PKGBUILD files and a separate configuration file for Git (/etc/makepkg.d/gitconfig) have been implemented. Reproducible build support has also been enhanced.
- Additions to the “repo-add” utility include the options “–wait-for-lock” for retrying setting a lock on the database and “–remove” for removing old package files.
/Reports, release notes, official announcements.