[arch-general] pacman caches packages with u=rw,g=,o= permissions
Lately, possibly starting at mid December, files in /var/cache/pacman/pkg/ are kept with mode u=rw,g=,o= . Am I the only one having it? -- jadon
Hi,
Lately, possibly starting at mid December, files in /var/cache/pacman/pkg/ are kept with mode u=rw,g=,o= . Am I the only one having it?
On my system they're all 644, updated yesterday. Are you using pacman directly? -- Merlin Büge
Lately, possibly starting at mid December, files in /var/cache/pacman/pkg/ are kept with mode u=rw,g=,o= . Am I the only one having it? Not observed here:
$ find /var/cache/pacman/pkg/ -iname '*.tar.zst' -exec stat -c '%a' {} + | sort -u 644 ----- Check what `umask` prints before invoking pacman. If not 0022, here’s the culprit. Otherwise please post the EXACT, COMPLETE command line you are invoking.
mpan via arch-general <arch-general@lists.archlinux.org> wrote:
Lately, possibly starting at mid December, files in /var/cache/pacman/pkg/ are kept with mode u=rw,g=,o= . Am I the only one having it? Not observed here:
$ find /var/cache/pacman/pkg/ -iname '*.tar.zst' -exec stat -c '%a' {} + | sort -u 644 -----
Check what `umask` prints before invoking pacman. If not 0022, here???s the culprit.
Right to the point. A systemd timer script had a too strict Umask setting. Thank for all replies. -- jadon
Otherwise please post the EXACT, COMPLETE command line you are invoking.
Right to the point. A systemd timer script had a too strict Umask setting. Are you invoking pacman in an unattended manner in a systemd timer? If yes, you probably have another problem. I suppose you mean calling `pacman -Sywu`. That puts your system into a potential partial upgrade scenario and makes your local package versions desynced from from the sync database contains.
If your goal is to download packages to cache, see the `checkupdates` command from package community/pacman-contrib⁽¹⁾. `checkupdates -d` is doing exactly what you want, but without leading to a partial upgrade. ____ ⁽¹⁾ https://archlinux.org/packages/community/x86_64/pacman-contrib/
mpan via arch-general <arch-general@lists.archlinux.org> wrote:
Right to the point. A systemd timer script had a too strict Umask setting.
That should have been UMask, not Umask. It could be that Umask is supported. It is UMask at https://www.freedesktop.org/software/systemd/man/systemd.exec.html .
Are you invoking pacman in an unattended manner in a systemd timer? If yes, you probably have another problem. I suppose you mean calling `pacman -Sywu`.
You are correct. With long options, it is written as pacman --sync --refresh --downloadonly --sysupgrade .
That puts your system into a potential partial upgrade scenario and makes your local package versions desynced from from the sync database contains.
According to https://wiki.archlinux.org/title/System_maintenance#Partial_upgrades_are_uns... pacman -Sywu is not safe. But pacman -Syu is safe. Quoting the wiki, the rational is that pacman -Sywu will update the pacman sync database without installing the newer packages. What I fail to see is why pacman -Sywu, followed by pacman -Su, 1. Will update the pacman sync database without installing the newer packages. But then 2. Will not update the pacman sync database while installing the packages it has prevoiusly downloaded.
If your goal is to download packages to cache, see the `checkupdates` command from package community/pacman-contrib????????. `checkupdates -d` is doing exactly what you want, but without leading to a partial upgrade.
That is, my understanding is that checkupdates -d is equivalent to pacman -Sywu && pacman -Su . I haven't read checkupdates manual page. It could be that other then a safe upgrade it does additional work. -- jadon
____ ???????? https://archlinux.org/packages/community/x86_64/pacman-contrib/
According to https://wiki.archlinux.org/title/System_maintenance#Partial_upgrades_are_uns... pacman -Sywu is not safe. But pacman -Syu is safe. Quoting the wiki, the rational is that pacman -Sywu will update the pacman sync database without installing the newer packages. What I fail to see is why pacman -Sywu, followed by pacman -Su, 1. Will update the pacman sync database without installing the newer packages. But then 2. Will not update the pacman sync database while installing the packages it has prevoiusly downloaded. If `-Sywu` is *immediately* followed by `-Su` then there is no risk of running into a partial upgrade, but:
1) Then there is normally no reason to run those as separate commands, as `-Sywu` immediately followed by `-Su` has no benefits compared to simple `-Syu`. `-Sywu` is used to avoid the update, but download package files to the cache. 2) You are mentioning a system timer, so I assume `-Sywu` is not immediately followed by `-Su`. Unless you are also running unattended updates, which is even worse and *will* eventually break your system. `checkupdates -d` does exactly the same as `-Sywu`, but without updating the system-wide sync databases. So pacman’s view of everything remains the same as if nothing was updated. It only gets package files in the cache.
mpan via arch-general <arch-general@lists.archlinux.org> wrote:
According to https://wiki.archlinux.org/title/System_maintenance#Partial_upgrades_are_uns... pacman -Sywu is not safe. But pacman -Syu is safe. Quoting the wiki, the rational is that pacman -Sywu will update the pacman sync database without installing the newer packages. What I fail to see is why pacman -Sywu, followed by pacman -Su, 1. Will update the pacman sync database without installing the newer packages. But then 2. Will not update the pacman sync database while installing the packages it has prevoiusly downloaded. If `-Sywu` is *immediately* followed by `-Su` then there is no risk of running into a partial upgrade, but:
1) Then there is normally no reason to run those as separate commands, as `-Sywu` immediately followed by `-Su` has no benefits compared to simple `-Syu`. `-Sywu` is used to avoid the update, but download package files to the cache. 2) You are mentioning a system timer, so I assume `-Sywu` is not immediately followed by `-Su`. Unless you are also running unattended updates, which is even worse and *will* eventually break your system.
`checkupdates -d` does exactly the same as `-Sywu`, but without updating the system-wide sync databases. So pacman???s view of everything remains the same as if nothing was updated. It only gets package files in the cache.
I have tried to look into the checkupdates script, but got confused. It looks not long bash script. Does it do the work by copying the system-wide sync databases to a temporary databases, works on those temporary databases, and wiped them before exiting? -- jadon
Hi, On Wed, Jan 19, 2022 at 15:44:30 +0000, u34--- via arch-general wrote:
I have tried to look into the checkupdates script, but got confused. It looks not long bash script. Does it do the work by copying the system-wide sync databases to a temporary databases, works on those temporary databases, and wiped them before exiting?
No, it downloads a fresh copy of the sync database (the point is, after all, to have the latest sync database) to a temporary location. The most interesting part for this is probably +/- around line 100. It also doesn't wipe it after that. Any subsequent invocations of checkupdates will reuse that sync DB (assuming $CHECKUPDATES_DB is not changed and the system isn't rebooted in case it's on a tmpfs), to avoid unnecessary re-downloading if there are no changes on the mirror. I personally keep my $CHECKUPDATES_DB in $XDG_STATE_HOME/pacman/checkupdates, for instance. Best, Tinu
participants (4)
-
Merlin Büge
-
mpan
-
Tinu Weber
-
u34@net9.ga