Pacman 7.1, the package manager used in the Arch distribution, is now available. LinuxThe following changes can be highlighted:
- Mandatory digital signature verification for packages and files in the repository database is enabled by default (the SigLevel setting is set to "Required" by default). Missing or invalid signatures will now result in termination with an error message.
- Sandbox isolation for the handler downloading data over the network has been strengthened. The number of allowed system calls has been limited, the NO_NEW_PRIVS flag has been enabled to prevent privilege changes, and the Landlock mechanism has been improved. The following parameters have been added to pacman.conf and the command line utility to control sandbox isolation: "DisableSandboxFilesystem," "DisableSandboxSyscalls," and "DisableSandbox."
- If there are expired keys, a request for their re-import is provided, with the expectation that on server keys already have updated keys.
- The NPROC parameter has been added to the makepkg utility for configuring the number of parallel operations. Parallelization of file cleanup operations has been implemented. PKGBUILD files now support the "xdata" and "options_$arch" fields. A separate file, /etc/makepkg.d/gitconfig, is used for Git configuration (system settings are ignored). Support for reproducible builds has been improved.
- The "repo-add" utility now has the "--wait-for-lock" option to retry setting a lock on the database instead of terminating, and the "--remove" option to remove old package files.
Source: opennet.ru
