https://wiki.archlinux.org/api.php?action=feedcontributions&user=Genoskill&feedformat=atomArchWiki - User contributions [en]2024-03-28T14:13:17ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=NFS&diff=788902NFS2023-10-01T15:15:59Z<p>Genoskill: /* Server */ "are defined" -> "one must define". readability.</p>
<hr />
<div>[[Category:File systems]]<br />
[[Category:Network sharing]]<br />
[[Category:Servers]]<br />
[[de:Network File System]]<br />
[[ja:NFS]]<br />
[[zh-hans:NFS]]<br />
{{Related articles start}}<br />
{{Related|NFS/Troubleshooting}}<br />
{{Related articles end}}<br />
From [[Wikipedia: Network File System|Wikipedia]]: <br />
:Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems in 1984, allowing a user on a client computer to access files over a network in a manner similar to how local storage is accessed.<br />
<br />
{{Note|<br />
* NFS is not encrypted. Tunnel NFS through an encrypted protocol like [[Kerberos]] or (secure) [[VPN]] when dealing with sensitive data.<br />
* Unlike [[Samba]], NFS does not have any user authentication by default, client access is restricted by their IP-address/[[hostname]].<br />
* NFS expects the [[user]] and/or [[user group]] IDs are the same on both the client and server. [[#Enabling NFSv4 idmapping|Enable NFSv4 idmapping]] or overrule the UID/GID manually by using {{ic|anonuid}}/{{ic|anongid}} together with {{ic|all_squash}} in {{ic|/etc/exports}}.<br />
* NFS does not support [[Access Control Lists|POSIX ACLs]]. <br />
}}<br />
<br />
== Installation ==<br />
<br />
Both client and server only require the [[install]]ation of the {{Pkg|nfs-utils}} package.<br />
<br />
It is '''highly''' recommended to use a [[time synchronization]] daemon to keep client/server clocks in sync. Without accurate clocks on all nodes, NFS can introduce unwanted delays.<br />
<br />
== Configuration ==<br />
<br />
=== Server ===<br />
<br />
Global configuration options are set in {{ic|/etc/nfs.conf}}. Users of simple configurations should not need to edit this file.<br />
<br />
The NFS server needs a list of directories to share, in the form of exports (see {{man|5|exports}} for details) which one must define in {{ic|/etc/exports}} or {{ic|/etc/exports.d/*.exports}}. These shares are relative to the so-called NFS root. A good security practice is to define a NFS root in a discrete directory tree which will keep users limited to that mount point. Bind mounts are used to link the share mount point to the actual directory elsewhere on the [[filesystem]].<br />
<br />
Consider this following example wherein:<br />
<br />
# The NFS root is {{ic|/srv/nfs}}.<br />
# The export is {{ic|/srv/nfs/music}} via a bind mount to the actual target {{ic|/mnt/music}}.<br />
<br />
# mkdir -p /srv/nfs/music /mnt/music<br />
# mount --bind /mnt/music /srv/nfs/music<br />
<br />
{{Note|[[ZFS]] filesystems require special handling of bindmounts, see [[ZFS#Bind mount]].}}<br />
<br />
To make the bind mount persistent across reboots, add it to [[fstab]]:<br />
<br />
{{hc|/etc/fstab|<br />
/mnt/music /srv/nfs/music none bind 0 0<br />
}}<br />
<br />
Add directories to be shared and limit them to a range of addresses via a CIDR or hostname(s) of client machines that will be allowed to mount them in {{ic|/etc/exports}}, e.g.:<br />
<br />
{{hc|/etc/exports|2=<br />
/srv/nfs 192.168.1.0/24(rw,sync,crossmnt,fsid=0)<br />
/srv/nfs/music 192.168.1.0/24(rw,sync)<br />
/srv/nfs/home 192.168.1.0/24(rw,sync,nohide)<br />
/srv/nfs/public 192.168.1.0/24(ro,all_squash,insecure) desktop(rw,sync,all_squash,anonuid=99,anongid=99) # map to user/group - in this case ''nobody''<br />
}}<br />
<br />
{{Note|When using NFSv4, the nfs root directory is specified by the entry denoted by {{ic|1=fsid=0}}, other directories must be below it. The {{ic|rootdir}} option in the {{ic|/etc/nfs.conf}} file has no effect on this.}}<br />
<br />
{{Tip|<br />
* The {{ic|crossmnt}} option makes it possible for clients to access '''all''' filesystems mounted on a filesystem marked with {{ic|crossmnt}} and clients will not be required to mount every child export separately. Note this may not be desirable if a child is shared with a different range of addresses.<br />
* Instead of {{ic|crossmnt}}, one can also use the {{ic|nohide}} option on child exports so that they can be automatically mounted when a client mounts the root export. Being different from {{ic|crossmnt}}, {{ic|nohide}} still respects address ranges of child exports.<br />
* The {{ic|insecure}} option allows clients to connect from ports above 1023. (Presumably only the root user can use low-numbered ports, so blocking other ports by default creates a superficial barrier to access. In practice neither omitting nor including the {{ic|insecure}} option provides any meaningful improvement or detriment to security.)<br />
* Use an asterisk ({{ic|*}}) to allow access from any interface.<br />
}}<br />
<br />
It should be noted that modifying {{ic|/etc/exports}} while the server is running will require a re-export for changes to take effect:<br />
<br />
# exportfs -arv<br />
<br />
To view the current loaded exports state in more detail, use:<br />
<br />
# exportfs -v<br />
<br />
For more information about all available options see {{man|5|exports}}.<br />
<br />
{{Tip|[https://ip2cidr.com/ ip2cidr] is a tool to convert IP address ranges to correctly structured CIDR specifications.}}<br />
<br />
{{Note|If the target export is a [[tmpfs]] filesystem, the {{ic|1=fsid=1}} option is required.}}<br />
<br />
==== Starting the server ====<br />
<br />
* To run a server using protocol version 3, [[start]] and [[enable]] {{ic|nfs-server.service}}.<br />
* To run a server using protocol version 4, [[start]] and [[enable]] {{ic|nfsv4-server.service}}.<br />
<br />
Users of protocol version 4 exports will probably want to [[mask]] at a minimum both {{ic|rpcbind.service}} and {{ic|rpcbind.socket}} to prevent superfluous services from running. See {{Bug|76453}}. Additionally, consider masking {{ic|nfs-server.service}} which pulled in for some reason as well.<br />
<br />
{{Note|If exporting ZFS shares, also [[start]]/[[enable]] {{ic|zfs-share.service}}. Without this, ZFS shares will no longer be exported after a reboot. See [[ZFS#NFS]].}}<br />
<br />
==== Restricting NFS to interfaces/IPs ====<br />
<br />
By default, starting {{ic|nfs-server.service}} will listen for connections on all network interfaces, regardless of {{ic|/etc/exports}}. This can be changed by defining which IPs and/or hostnames to listen on.<br />
<br />
{{hc|/etc/nfs.conf|2=<br />
[nfsd]<br />
host=192.168.1.123<br />
# Alternatively, use the hostname.<br />
# host=myhostname<br />
}}<br />
<br />
[[Restart]] {{ic|nfs-server.service}} to apply the changes immediately.<br />
<br />
==== Firewall configuration ====<br />
<br />
To enable access through a [[firewall]], TCP and UDP ports {{ic|111}}, {{ic|2049}}, and {{ic|20048}} may need to be opened when using the default configuration; use {{ic|rpcinfo -p}} to examine the exact ports in use on the server:<br />
<br />
{{hc|$ rpcinfo -p {{!}} grep nfs|<br />
100003 3 tcp 2049 nfs<br />
100003 4 tcp 2049 nfs<br />
100227 3 tcp 2049 nfs_acl<br />
}}<br />
<br />
When using NFSv4, make sure TCP port {{ic|2049}} is open. No other port opening should be required:<br />
<br />
{{hc|/etc/iptables/iptables.rules|2=<br />
-A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT<br />
}}<br />
<br />
When using an older NFS version, make sure other ports are open:<br />
<br />
# iptables -A INPUT -p tcp -m tcp --dport 111 -j ACCEPT<br />
# iptables -A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT<br />
# iptables -A INPUT -p tcp -m tcp --dport 20048 -j ACCEPT<br />
# iptables -A INPUT -p udp -m udp --dport 111 -j ACCEPT<br />
# iptables -A INPUT -p udp -m udp --dport 2049 -j ACCEPT<br />
# iptables -A INPUT -p udp -m udp --dport 20048 -j ACCEPT<br />
<br />
To have this configuration load on every system start, edit {{ic|/etc/iptables/iptables.rules}} to include the following lines:<br />
<br />
{{hc|/etc/iptables/iptables.rules|2=<br />
-A INPUT -p tcp -m tcp --dport 111 -j ACCEPT<br />
-A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT<br />
-A INPUT -p tcp -m tcp --dport 20048 -j ACCEPT<br />
-A INPUT -p udp -m udp --dport 111 -j ACCEPT<br />
-A INPUT -p udp -m udp --dport 2049 -j ACCEPT<br />
-A INPUT -p udp -m udp --dport 20048 -j ACCEPT<br />
}}<br />
<br />
The previous commands can be saved by executing:<br />
<br />
# iptables-save > /etc/iptables/iptables.rules<br />
<br />
{{Warning|This command will '''override''' the current iptables start configuration with the current iptables configuration!}}<br />
<br />
If using NFSv3 and the above listed static ports for {{ic|rpc.statd}} and {{ic|lockd}} the following ports may also need to be added to the configuration:<br />
<br />
{{hc|/etc/iptables/iptables.rules|2=<br />
-A INPUT -p tcp -m tcp --dport 32765 -j ACCEPT<br />
-A INPUT -p tcp -m tcp --dport 32803 -j ACCEPT<br />
-A INPUT -p udp -m udp --dport 32765 -j ACCEPT<br />
-A INPUT -p udp -m udp --dport 32803 -j ACCEPT<br />
}}<br />
<br />
To apply changes, [[Restart]] {{ic|iptables.service}}.<br />
<br />
==== Enabling NFSv4 idmapping ====<br />
<br />
{{Expansion|Missing lookup information, static binding examples, etc.}}<br />
<br />
{{Note|1=<nowiki/><br />
* NFSv4 idmapping does not work with the default {{ic|1=sec=sys}} mount option. [https://web.archive.org/web/20220602190451/https://dfusion.com.au/wiki/tiki-index.php?page=Why+NFSv4+UID+mapping+breaks+with+AUTH_UNIX]<br />
* NFSv4 idmapping needs to be enabled on '''both''' the client and server.<br />
* Another option is to make sure the user and group IDs (UID and GID) match on both the client and server.<br />
* [[Enabling]]/[[starting]] {{ic|nfs-idmapd.service}} should '''not''' be needed as it has been replaced with a new id mapper:<br />
{{hc|# dmesg {{!}} grep id_resolver|<br />
[ 3238.356001] NFS: Registering the id_resolver key type<br />
[ 3238.356009] Key type id_resolver registered<br />
}}<br />
}}<br />
<br />
The NFSv4 protocol represents the local system's UID and GID values on the wire as strings of the form {{ic|''user''@''domain''}}. The process of translating from UID to string and string to UID is referred to as ''ID mapping''. See {{man|8|nfsidmap}} for details.<br />
<br />
Even though idmapd may be running, it may not be fully enabled. If {{ic|/sys/module/nfs/parameters/nfs4_disable_idmapping}} or {{ic|/sys/module/nfsd/parameters/nfs4_disable_idmapping}} returns {{ic|Y}} on a client/server, enable it by:<br />
<br />
{{Note|The kernel modules {{ic|nfs4}} and {{ic|nfsd}} need to be loaded (respectively) for the following paths to be available.}}<br />
<br />
On the client:<br />
<br />
# echo N > /sys/module/nfs/parameters/nfs4_disable_idmapping<br />
<br />
On the server:<br />
<br />
# echo N > /sys/module/nfsd/parameters/nfs4_disable_idmapping<br />
<br />
Set as [[Kernel modules#Setting module options|module option]] to make this change permanent, i.e.:<br />
<br />
{{hc|/etc/modprobe.d/nfsd.conf|2=<br />
options nfs nfs4_disable_idmapping=0<br />
options nfsd nfs4_disable_idmapping=0<br />
}}<br />
<br />
To fully use ''idmapping'', make sure the domain is configured in {{ic|/etc/idmapd.conf}} on '''both''' the server and the client: <br />
<br />
{{hc|/etc/idmapd.conf|2=<br />
# The following should be set to the local NFSv4 domain name<br />
# The default is the host's DNS domain name.<br />
Domain = ''domain.tld''<br />
}}<br />
<br />
See [https://unix.stackexchange.com/a/464950] for details.<br />
<br />
=== Client ===<br />
<br />
Users intending to use NFS4 with [[Kerberos]] need to [[start]] and [[enable]] {{ic|nfs-client.target}}.<br />
<br />
==== Manual mounting ====<br />
<br />
For NFSv3 use this command to show the server's exported file systems:<br />
<br />
$ showmount -e ''servername''<br />
<br />
For NFSv4 mount the root NFS directory and look around for available mounts:<br />
<br />
# mount ''servername'':/ ''/mountpoint/on/client''<br />
<br />
Then mount omitting the server's NFS export root: <br />
<br />
# mount -t nfs -o vers=4 ''servername'':/music ''/mountpoint/on/client''<br />
<br />
If mount fails try including the server's export root (required for Debian/RHEL/SLES, some distributions need {{ic|-t nfs4}} instead of {{ic|-t nfs}}):<br />
<br />
# mount -t nfs -o vers=4 ''servername'':/srv/nfs/music ''/mountpoint/on/client''<br />
<br />
{{Note|{{ic|''servername''}} needs to be replaced with a valid hostname (not just IP address). Otherwise mounting of remote share will hang.}}<br />
<br />
==== Mount using /etc/fstab ====<br />
<br />
Using [[fstab]] is useful for a server which is always on, and the NFS shares are available whenever the client boots up. Edit {{ic|/etc/fstab}} file, and add an appropriate line reflecting the setup. Again, the server's NFS export root is omitted.<br />
<br />
{{hc|/etc/fstab|2=<br />
servername:/music /mountpoint/on/client nfs defaults,timeo=900,retrans=5,_netdev 0 0<br />
}}<br />
<br />
{{Note|Consult {{man|5|nfs}} and {{man|8|mount}} for more mount options.}}<br />
<br />
Some additional mount options to consider:<br />
<br />
; rsize and wsize: The {{ic|rsize}} value is the number of bytes used when reading from the server. The {{ic|wsize}} value is the number of bytes used when writing to the server. By default, if these options are not specified, the client and server negotiate the largest values they can both support (see {{man|5|nfs}} for details). After changing these values, it is recommended to test the performance (see [[#Performance tuning]]).<br />
; soft or hard: Determines the recovery behaviour of the NFS client after an NFS request times out. If neither option is specified (or if the {{ic|hard}} option is specified), NFS requests are retried indefinitely. If the {{ic|soft}} option is specified, then the NFS client fails a NFS request after ''retrans'' retransmissions have been sent, causing the NFS client to return an error to the calling application.<br />
<br />
{{Warning|A so-called {{ic|soft}} timeout can cause silent data corruption in certain cases. As such, use the {{ic|soft}} option only when client responsiveness is more important than data integrity. Using NFS over TCP or increasing the value of the {{ic|retrans}} option may mitigate some of the risks of using the {{ic|soft}} option.}}<br />
<br />
; timeo: The {{ic|timeo}} value is the amount of time, in tenths of a second, to wait before resending a transmission after an RPC timeout. The default value for NFS over TCP is 600 (60 seconds). After the first timeout, the timeout value is doubled for each retry for a maximum of 60 seconds or until a major timeout occurs. If connecting to a slow server or over a busy network, better stability can be achieved by increasing this timeout value.<br />
; retrans: The number of times the NFS client retries a request before it attempts further recovery action. If the {{ic|retrans}} option is not specified, the NFS client tries each request three times. The NFS client generates a "server not responding" message after ''retrans'' retries, then attempts further recovery (depending on whether the hard mount option is in effect). <br />
; _netdev: The {{ic|_netdev}} option tells the system to wait until the network is up before trying to mount the share - [[systemd]] assumes this for NFS. <br />
<br />
{{Note|Setting the sixth field ({{ic|fs_passno}}) to a nonzero value may lead to unexpected behaviour, e.g. hangs when the systemd automount waits for a check which will never happen.}}<br />
<br />
==== Mount using /etc/fstab with systemd ====<br />
<br />
Another method is using the [[Fstab#Remote file system|x-systemd.automount]] option which mounts the filesystem upon access:<br />
<br />
{{hc|1=/etc/fstab|2=<br />
servername:/home ''/mountpoint/on/client'' nfs _netdev,noauto,x-systemd.automount,x-systemd.mount-timeout=10,timeo=14,x-systemd.idle-timeout=1min 0 0 <br />
}}<br />
<br />
To make systemd aware of the changes to fstab, [[reload]] systemd and restart {{ic|remote-fs.target}} [https://bbs.archlinux.org/viewtopic.php?pid=1515377#p1515377].<br />
<br />
{{Accuracy|Not everyone uses NetworkManager. Refer to [[Systemd#Running services after the network is up]] instead?}}<br />
<br />
{{Tip|<br />
* The {{ic|noauto}} mount option will not mount the NFS share until it is accessed: use {{ic|auto}} for it to be available immediately. <br> If experiencing any issues with the mount failing due to the network not being up/available, [[enable]] {{ic|NetworkManager-wait-online.service}}. It will ensure that {{ic|network.target}} has all the links available prior to being active.<br />
* The {{ic|users}} mount option would allow user mounts, but be aware it implies further options as {{ic|noexec}} for example.<br />
* The {{ic|1=x-systemd.idle-timeout=1min}} option will unmount the NFS share automatically after 1 minute of non-use. Good for laptops which might suddenly disconnect from the network.<br />
* If shutdown/reboot holds too long because of NFS, [[enable]] {{ic|NetworkManager-wait-online.service}} to ensure that NetworkManager is not exited before the NFS volumes are unmounted. <br />
* Do not add the {{ic|1=x-systemd.requires=network-online.target}} mount option as this can lead to ordering cycles within systemd [https://github.com/systemd/systemd-stable/issues/69]. systemd adds the {{ic|network-online.target}} dependency to the unit for {{ic|_netdev}} mount automatically. <br />
* Using the {{ic|nocto}} option may improve performance for read-only mounts, but should be used only if the data on the server changes only occasionally.<br />
}}<br />
<br />
==== As systemd unit ====<br />
<br />
Create a new {{ic|.mount}} file inside {{ic|/etc/systemd/system}}, e.g. {{ic|mnt-home.mount}}. See {{man|5|systemd.mount}} for details.<br />
<br />
{{Note|Make sure the filename corresponds to the mountpoint you want to use.<br />
E.g. the unit name {{ic|mnt-home.mount}} can only be used if you are going to mount the share under {{ic|/mnt/home}}. Otherwise the following error might occur: {{ic|1=systemd[1]: mnt-home.mount: Where= setting does not match unit name. Refusing.}}. If the mountpoint contains non-ASCII characters, use [[Systemd#Writing unit files|systemd-escape]]).}}<br />
<br />
{{ic|1=What=}} path to share<br />
<br />
{{ic|1=Where=}} path to mount the share<br />
<br />
{{ic|1=Options=}} share mounting options<br />
<br />
{{Note|<br />
* Network mount units automatically acquire {{ic|After}} dependencies on {{ic|remote-fs-pre.target}}, {{ic|network.target}} and {{ic|network-online.target}}, and gain a {{ic|Before}} dependency on {{ic|remote-fs.target}} unless {{ic|nofail}} mount option is set. Towards the latter a {{ic|Wants}} unit is added as well.<br />
* [[Append]] {{ic|noauto}} to {{ic|Options}} preventing automatically mount during boot (unless it is pulled in by some other unit).<br />
* If you want to use a hostname for the server you want to share (instead of an IP address), add {{ic|1=nss-lookup.target}} to {{ic|1=After}}. This might avoid mount errors at boot time that do not arise when testing the unit.<br />
}} <br />
<br />
{{hc|/etc/systemd/system/mnt-home.mount|2=<br />
[Unit]<br />
Description=Mount home at boot<br />
<br />
[Mount]<br />
What=172.16.24.192:/home<br />
Where=/mnt/home<br />
Options=vers=4<br />
Type=nfs<br />
TimeoutSec=30<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
{{Tip|In case of an unreachable system, [[append]] {{ic|1=ForceUnmount=true}} to {{ic|[Mount]}}, allowing the export to be (force-)unmounted.}}<br />
<br />
To use {{ic|mnt-home.mount}}, [[start]] the unit and [[enable]] it to run on system boot.<br />
<br />
===== automount =====<br />
<br />
To automatically mount a share, one may use the following automount unit:<br />
<br />
{{hc|/etc/systemd/system/mnt-home.automount|2=<br />
[Unit]<br />
Description=Automount home<br />
<br />
[Automount]<br />
Where=/mnt/home<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
[[Disable]]/[[stop]] the {{ic|mnt-home.mount}} unit, and [[enable]]/[[start]] {{ic|mnt-home.automount}} to automount the share when the mount path is being accessed.<br />
<br />
{{Tip|[[Append]] {{ic|TimeoutIdleSec}} to enable auto unmount. See {{man|5|systemd.automount}} for details.}}<br />
<br />
==== Mount using autofs ====<br />
<br />
Using [[autofs]] is useful when multiple machines want to connect via NFS; they could both be clients as well as servers. The reason this method is preferable over the earlier one is that if the server is switched off, the client will not throw errors about being unable to find NFS shares. See [[autofs#NFS network mounts]] for details.<br />
<br />
== Tips and tricks ==<br />
<br />
=== Performance tuning ===<br />
<br />
{{Out of date|Mentions 32-bit and 2.6 Linux kernel...}}<br />
<br />
When using NFS on a network with a significant number of clients one may increase the default NFS threads from ''8'' to ''16'' or even a higher, depending on the server/network requirements:<br />
<br />
{{hc|/etc/nfs.conf|2=<br />
[nfsd]<br />
threads=16<br />
}}<br />
<br />
It may be necessary to tune the {{ic|rsize}} and {{ic|wsize}} mount options to meet the requirements of the network configuration.<br />
<br />
In recent linux kernels (>2.6.18) the size of I/O operations allowed by the NFS server (default max block size) varies depending on RAM size, with a maximum of 1M (1048576 bytes), the max block size of the server will be used even if nfs clients requires bigger {{ic|rsize}} and {{ic|wsize}}. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/5.8_technical_notes/known_issues-kernel<br />
It is possible to change the default max block size allowed by the server by writing to the {{ic|/proc/fs/nfsd/max_block_size}} before starting ''nfsd''. For example, the following command restores the previous default iosize of 32k:<br />
<br />
# echo 32768 > /proc/fs/nfsd/max_block_size<br />
<br />
{{Note|This is mainly useful for 32-bit servers when dealing with the large numbers of nfsd threads. Lowering the {{ic|max_block_size}} may decrease NFS performance on modern hardware.}}<br />
<br />
To make the change permanent, create a [[systemd-tmpfile]]:<br />
<br />
{{hc|/etc/tmpfiles.d/nfsd-block-size.conf|<br />
w /proc/fs/nfsd/max_block_size - - - - 32768<br />
}}<br />
<br />
To mount with the increased {{ic|rsize}} and {{ic|wsize}} mount options:<br />
<br />
# mount -t nfs -o rsize=32768,wsize=32768,vers=4 servername:/srv/nfs/music /mountpoint/on/client<br />
<br />
Furthermore, despite the violation of NFS protocol, setting {{ic|async}} instead of {{ic|sync}} or {{ic|sync,no_wdelay}} may potentially achieve a significant performance gain especially on spinning disks. Configure exports with this option and then execute {{ic|exportfs -arv}} to apply.<br />
<br />
{{hc|/etc/exports|2=<br />
/srv/nfs 192.168.1.0/24(rw,async,crossmnt,fsid=0)<br />
/srv/nfs/music 192.168.1.0/24(rw,async)<br />
}}<br />
<br />
{{Warning|Using {{ic|async}} comes with a risk of possible data loss or corruption if the server crashes or restarts uncleanly.}}<br />
<br />
=== Automatic mount handling ===<br />
<br />
This trick is useful for NFS-shares on a [[wireless]] network and/or on a network that may be unreliable. If the NFS host becomes unreachable, the NFS share will be unmounted to hopefully prevent system hangs when using the {{ic|hard}} mount option [https://bbs.archlinux.org/viewtopic.php?pid=1260240#p1260240].<br />
<br />
Make sure that the NFS mount points are correctly indicated in [[fstab]]:<br />
<br />
{{hc|/etc/fstab|2=<br />
lithium:/mnt/data /mnt/data nfs noauto 0 0<br />
lithium:/var/cache/pacman /var/cache/pacman nfs noauto 0 0<br />
}}<br />
<br />
{{Note|<br />
* Use hostnames in [[fstab]] for this to work, not IP addresses.<br />
* In order to mount NFS shares with non-root users the {{ic|users}} option has to be added.<br />
* The {{ic|noauto}} mount option tells [[systemd]] to not automatically [[mount]] the shares at boot, otherwise this may cause the boot process to stall.<br />
}}<br />
<br />
Create the {{ic|auto_share}} script that will be used by [[cron]] or [[systemd/Timers]] to use ICMP ping to check if the NFS host is reachable:<br />
<br />
{{hc|/usr/local/bin/auto_share|<nowiki><br />
#!/bin/bash<br />
<br />
function net_umount {<br />
umount -l -f $1 &>/dev/null<br />
}<br />
<br />
function net_mount {<br />
mountpoint -q $1 || mount $1<br />
}<br />
<br />
NET_MOUNTS=$(sed -e '/^.*#/d' -e '/^.*:/!d' -e 's/\t/ /g' /etc/fstab | tr -s " ")$'\n'b<br />
<br />
printf %s "$NET_MOUNTS" | while IFS= read -r line<br />
do<br />
SERVER=$(echo $line | cut -f1 -d":")<br />
MOUNT_POINT=$(echo $line | cut -f2 -d" ")<br />
<br />
# Check if server already tested<br />
if [[ "${server_ok[@]}" =~ "${SERVER}" ]]; then<br />
# The server is up, make sure the share are mounted<br />
net_mount $MOUNT_POINT<br />
elif [[ "${server_notok[@]}" =~ "${SERVER}" ]]; then<br />
# The server could not be reached, unmount the share<br />
net_umount $MOUNT_POINT<br />
else<br />
# Check if the server is reachable<br />
ping -c 1 "${SERVER}" &>/dev/null<br />
<br />
if [ $? -ne 0 ]; then<br />
server_notok[${#server_notok[@]}]=$SERVER<br />
# The server could not be reached, unmount the share<br />
net_umount $MOUNT_POINT<br />
else<br />
server_ok[${#server_ok[@]}]=$SERVER<br />
# The server is up, make sure the share are mounted<br />
net_mount $MOUNT_POINT<br />
fi<br />
fi<br />
done<br />
</nowiki>}}<br />
<br />
{{Note|Test using a TCP probe instead of ICMP ping (default is tcp port 2049 in NFS4) then replace the line:<br />
<br />
# Check if the server is reachable<br />
ping -c 1 "${SERVER}" &>/dev/null<br />
<br />
with:<br />
<br />
# Check if the server is reachable<br />
timeout 1 bash -c ": < /dev/tcp/${SERVER}/2049"<br />
<br />
in the {{ic|auto_share}} script above.}}<br />
<br />
Make sure the script is [[executable]].<br />
<br />
Next check configure the script to run every X, in the examples below this is every minute.<br />
<br />
==== Cron ====<br />
<br />
{{hc|# crontab -e|<br />
* * * * * /usr/local/bin/auto_share<br />
}}<br />
<br />
==== systemd/Timers ====<br />
<br />
{{hc|/etc/systemd/system/auto_share.timer|2=<br />
[Unit]<br />
Description=Automount NFS shares every minute<br />
<br />
[Timer]<br />
OnCalendar=*-*-* *:*:00<br />
<br />
[Install]<br />
WantedBy=timers.target<br />
}}<br />
<br />
{{hc|/etc/systemd/system/auto_share.service|2=<br />
[Unit]<br />
Description=Automount NFS shares<br />
After=syslog.target network.target<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/local/bin/auto_share<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
Finally, [[enable]] and [[start]] {{ic|auto_share.timer}}.<br />
<br />
==== Using a NetworkManager dispatcher ====<br />
<br />
[[NetworkManager#Network services with NetworkManager dispatcher|NetworkManager]] can also be configured to run a script on network status change.<br />
<br />
The easiest method for mount shares on network status change is to symlink the {{ic|auto_share}} script:<br />
<br />
# ln -s /usr/local/bin/auto_share /etc/NetworkManager/dispatcher.d/30-nfs.sh<br />
<br />
However, in that particular case unmounting will happen only after the network connection has already been disabled, which is unclean and may result in effects like freezing of KDE Plasma applets. <br />
<br />
The following script safely unmounts the NFS shares before the relevant network connection is disabled by listening for the {{ic|down}}, {{ic|pre-down}} and {{ic|vpn-pre-down}} events, make sure the script is [[executable]]:<br />
<br />
{{hc|/etc/NetworkManager/dispatcher.d/30-nfs.sh|<nowiki><br />
#!/bin/sh<br />
<br />
# Find the connection UUID with "nmcli con show" in terminal.<br />
# All NetworkManager connection types are supported: wireless, VPN, wired...<br />
WANTED_CON_UUID="CHANGE-ME-NOW-9c7eff15-010a-4b1c-a786-9b4efa218ba9"<br />
<br />
if [ "$CONNECTION_UUID" = "$WANTED_CON_UUID" ]; then<br />
<br />
# Script parameter $1: network interface name, not used<br />
# Script parameter $2: dispatched event<br />
<br />
case "$2" in<br />
"up")<br />
mount -a -t nfs4,nfs <br />
;;<br />
"down"|"pre-down"|"vpn-pre-down")<br />
umount -l -a -t nfs4,nfs -f >/dev/null<br />
;;<br />
esac<br />
fi<br />
</nowiki>}}<br />
<br />
{{Note|This script ignores mounts with the {{ic|noauto}} option, remove this mount option or use {{ic|auto}} to allow the dispatcher to manage these mounts.}}<br />
<br />
Create a symlink inside {{ic|/etc/NetworkManager/dispatcher.d/pre-down}} to catch the {{ic|pre-down}} events:<br />
<br />
# ln -s /etc/NetworkManager/dispatcher.d/30-nfs.sh /etc/NetworkManager/dispatcher.d/pre-down.d/30-nfs.sh<br />
<br />
=== TLS encryption ===<br />
<br />
NFS traffic can be encrypted using TLS as of Linux 6.5 using the {{ic|1=xprtsec=tls}} mount option. To begin, install the {{AUR|ktls-utils}} package on the client and server, and follow the below configuration steps for each.<br />
<br />
==== Server ====<br />
<br />
Create a private key and obtain a certificate containing your server's DNS name (see [[Transport_Layer_Security#Obtaining_a_certificate|Transport Layer Security]] for more detail). These files do not need to be added to the system's trust store.<br />
<br />
{{Note|Using a self-signed certificate that has also been encrypted is currently not supported and will result in a mount failure.}}<br />
<br />
Edit {{ic|/etc/tlshd.conf}} to use these files, using your own values for {{ic|x509.certificate}} and {{ic|x509.private_key}}<br />
{{hc|/etc/tlshd.conf|2=<br />
[authenticate.server]<br />
x509.certificate= /etc/nfsd-certificate.pem<br />
x509.private_key= /etc/nfsd-private-key.pem<br />
}}<br />
<br />
Now [[start]] and [[enable]] {{ic|tlshd.service}}.<br />
<br />
==== Client ====<br />
<br />
Add the server's TLS certificate generated in the previous step to the system's trust store (see [[Transport_Layer_Security#Add_a_certificate_to_a_trust_store|Transport Layer Security]] for more detail).<br />
<br />
[[Start]] and [[enable]] {{ic|tlshd.service}}.<br />
<br />
Now you should be able to mount the server using the server's DNS name:<br />
<br />
# mount -o xprtsec=tls ''servername.domain'':/ ''/mountpoint/on/client''<br />
<br />
Checking journalctl on the client should show that the TLS handshake was successful:<br />
<br />
{{hc|$ journalctl -b -u tlshd.service|<br />
Sep 28 11:14:46 client tlshd[227]: Built from ktls-utils 0.10 on Sep 26 2023 14:24:03<br />
Sep 28 11:15:37 client tlshd[571]: Handshake with servername.domain (192.168.122.100) was successful<br />
}}<br />
<br />
== Troubleshooting ==<br />
<br />
There is a dedicated article [[NFS/Troubleshooting]].<br />
<br />
== See also ==<br />
<br />
* See also [[Avahi]], a Zeroconf implementation which allows automatic discovery of NFS shares.<br />
* HOWTO: [[Diskless network boot NFS root]]<br />
* [https://web.archive.org/web/20201111215940/https://docs.microsoft.com/en-us/archive/blogs/msdn/sfu/all-well-almost-about-client-for-nfs-configuration-and-performance/ Microsoft Services for Unix NFS Client info]<br />
* [https://web.archive.org/web/20151212160906/https://blogs.oracle.com/jag/entry/nfs_on_snow_leopard NFS on Snow Leopard]<br />
* http://chschneider.eu/linux/server/nfs.shtml<br />
* [https://www.slashroot.in/how-do-linux-nfs-performance-tuning-and-optimization How to do Linux NFS Performance Tuning and Optimization]<br />
* [https://www.cyberciti.biz/faq/linux-unix-tuning-nfs-server-client-performance/ Linux: Tune NFS Performance]</div>Genoskillhttps://wiki.archlinux.org/index.php?title=Init&diff=637624Init2020-10-10T15:02:15Z<p>Genoskill: hyperlink to 'kernel panic'</p>
<hr />
<div>{{Lowercase title}}<br />
[[Category:Init]]<br />
[[es:Init]]<br />
[[fa:init]]<br />
[[ja:Init]]<br />
[[pt:Init]]<br />
{{Related articles start}}<br />
{{Related|Arch boot process}}<br />
{{Related|ConsoleKit}}<br />
{{Related articles end}}<br />
{{Warning|Arch Linux only has official support for [[systemd]]. [https://lists.archlinux.org/pipermail/arch-general/2015-July/039460.html] When using a different init system, please mention so in support requests.}}<br />
[[Wikipedia:Init|Init]] is the first process started during system boot. It is a daemon process that continues running until the system is shut down. Init is the direct or indirect ancestor of all other processes, and automatically adopts all orphaned processes. It is started by the kernel using a hard-coded filename; if the kernel is unable to start it, [[General_troubleshooting#Kernel_panics|panic]] will result. Init is typically assigned [[Wikipedia:process identifier|process identifier]] 1.<br />
<br />
The init ''scripts'' (or ''rc'') are launched by the init process to guarantee basic functionality on system start and shutdown. This includes (un)mounting of [[file system]]s and launching of [[daemons]]. A ''service manager'' takes this one step further by providing active control over launched processes, or [[Wikipedia:Process Supervision|process supervision]]. An example is to monitor for crashes and restart processes accordingly.<br />
<br />
These components combine to the init ''system''. Some inits include the service manager in the init process, or have init scripts in close relation to them. These inits are below referred to as ''integrated'', though entries in different categories may explicitly depend on each other.<br />
<br />
== Inits (integrated) ==<br />
<br />
* {{App|anopa|Init system built around the s6 supervision suite.|https://jjacky.com/anopa/|{{AUR|anopa}}}}<br />
* {{App|GNU Shepherd|Init system written in [https://www.gnu.org/software/guile/ Guile].|https://www.gnu.org/software/shepherd/|{{AUR|shepherd}}}}<br />
* {{App|[[OpenRC]]|Dependency-based init system.|http://www.gentoo.org/proj/en/base/openrc/|{{AUR|openrc}} {{AUR|openrc-arch-services-git}}}}<br />
* {{App|[[systemd]]|Dependency-based init system with aggressive parallelization, process supervision using cgroups, and the ability to depend on a given mount point or dbus service.|https://freedesktop.org/wiki/Software/systemd/|{{Pkg|systemd}}}}<br />
<br />
== Inits ==<br />
<br />
* {{App|[[BusyBox]]|Utilities for rescue and embedded systems.|http://busybox.net/|{{Pkg|busybox}}}}<br />
* {{App|ninit|Fork from [http://www.fefe.de/minit/ minit]|http://riemann.fmi.uni-sofia.bg/ninit/|{{AUR|ninit}}}}<br />
* {{App|sinit|Simple init initially based on Rich Felker’s minimal init.|http://core.suckless.org/sinit|{{AUR|sinit}}}}<br />
* {{App|[[SysVinit]]|Traditional System V init.|http://savannah.nongnu.org/projects/sysvinit|{{AUR|sysvinit}}}}<br />
<br />
== Init scripts ==<br />
<br />
* {{App|initscripts-fork|Maintained fork of SysVinit scripts in Arch Linux.|https://bitbucket.org/TZ86/initscripts-fork/overview|{{AUR|initscripts-fork}}}}<br />
* {{App|minirc|Minimal init script designed for BusyBox.|https://github.com/hut/minirc/|{{AUR|minirc-git}}}}<br />
* {{App|spark-rc|A simple rc script to kickstart your system.|https://gitlab.com/fbt/spark-rc|{{AUR|spark-rc}}{{Broken package link|package not found}}}}<br />
<br />
== Service managers ==<br />
<br />
* {{App|daemontools|Collection of tools for managing UNIX services.|http://cr.yp.to/daemontools.html|{{AUR|daemontools}}}}<br />
* {{App|[[Monit]]|Monit is a process supervision tool for Unix and Linux. With monit, system status can be viewed directly from the command line, or via the native HTTP(S) web server.|http://mmonit.com/monit/|{{Pkg|monit}}}}<br />
* {{App|perp|Persistent process (service) supervisor and management framework for UNIX.|http://b0llix.net/perp/|{{AUR|perp}}}}<br />
* {{App|[[runit]]|UNIX init scheme with service supervision, a replacement for SysVinit, and other init schemes.|http://smarden.org/runit/|{{AUR|runit}}}}<br />
* {{App|s6|Small suite of programs for UNIX, designed to allow service supervision in the line of daemontools and runit.|http://skarnet.org/software/s6/|{{AUR|s6}}}}<br />
<br />
== Configuration ==<br />
<br />
=== Migrate running services ===<br />
<br />
To run daemons under the new init, save a list of running daemons:<br />
<br />
$ systemctl list-units --state=running "*.service" > daemons.list<br />
<br />
and configure the [[#Init scripts]] accordingly. See also [https://unix.stackexchange.com/questions/175380/how-to-list-all-running-daemons].<br />
<br />
{{Note|{{man|8|systemd-tmpfiles}}, [[kernel modules]] and [[sysctl]] may also need configuration.}}<br />
<br />
=== logind ===<br />
<br />
[https://www.freedesktop.org/wiki/Software/systemd/logind/ logind] requires ''systemd'' to be the init process. [https://www.freedesktop.org/wiki/Software/systemd/InterfacePortabilityAndStabilityChart/] As such, [[General_troubleshooting#Session_permissions|local sessions]] and other functionality is not available.<br />
<br />
{{Tip|A standalone version of ''logind'' is available as {{AUR|elogind-git}} [https://lists.gnu.org/archive/html/guix-devel/2015-04/msg00352.html]}}<br />
<br />
; Device permissions<br />
<br />
Add users to respective [[user group]]s for device access and reboot. Current group membership should first be checked with {{ic|id ''user''}}.<br />
<br />
# usermod -a -G video,audio,power,disk,storage,optical,lp,scanner ''user''<br />
<br />
See also [[Users and groups#Pre-systemd groups]]. To create group rules for use with [[Polkit]], see [[Polkit#Bypass password prompt]].<br />
<br />
; Rootless X (1.16)<br />
<br />
As {{ic|Xorg.wrap}} does not check if logind is active [https://bugs.freedesktop.org/show_bug.cgi?id=86975#c5], [[Xorg#Rootless Xorg|root rights for Xorg]] need be enabled manually:<br />
<br />
{{hc|1=/etc/X11/Xwrapper.config|2=<br />
needs_root_rights = yes<br />
}}<br />
<br />
; Power management<br />
<br />
See {{AUR|pm-utils}} and [[acpid]] to replace [[Power_management#Power_management_with_systemd|Power management with systemd]].<br />
<br />
=== Scheduled tasks ===<br />
<br />
Arch uses [[systemd/Timers|timer]] files instead of [[cron]] by default. See [https://github.com/notfoss/archlinux-cronjobs archlinux-cronjobs] for basic cron jobs.<br />
<br />
=== Dbus ===<br />
<br />
{{Expansion|1=Explanative section removed with [https://wiki.archlinux.org/index.php?title=Systemd/User&diff=459389&oldid=458617]}}<br />
<br />
User instances of ''dbus-daemon'' are launched by [[systemd/User]] [https://www.archlinux.org/news/d-bus-now-launches-user-buses/]. When requiring IPC between desktop applications, restore {{ic|30-dbus.sh}}:<br />
<br />
{{hc|1=/etc/X11/xinit/xinitrc.d/30-dbus.sh|2=<br />
#!/bin/bash<br />
<br />
# launches a session dbus instance<br />
if [ -z "${DBUS_SESSION_BUS_ADDRESS-}" ] && type dbus-launch >/dev/null; then<br />
eval $(dbus-launch --sh-syntax --exit-with-session)<br />
fi<br />
}}<br />
<br />
== Tips and tricks ==<br />
<br />
=== systemd-nspawn ===<br />
<br />
[[systemd-nspawn]] is a tool for systemd systems. Since Linux 2.6.19 it is however possible to run systemd on a non-systemd system by using PID namespace. For it, the kernel needs to be configured with {{ic|CONFIG_PID_NS}} and {{ic|CONFIG_NAMESPACES}}). <br />
<br />
The PID namespace creates a new hierarchy of processes starting with PID 1. In addition to this, systemd requires a chrooted root filesystem to be mounted. Hence, you have to at least make a bind mount, because otherwise some services will fail with <br />
<br />
"Failed at step NAMESPACE spawning" due to "Invalid operation" <br />
<br />
as systemd tries to remount the root with {{ic|private}} option. <br />
<br />
To setup a chroot with a new PID namespace you can use jchroot.[http://vincent.bernat.im/en/blog/2011-jchroot-isolation.html] [https://github.com/vincentbernat/jchroot]. <br />
Make sure not to mount {{ic|/proc}} inside the new root before chrooting, otherwise systemd will detect the chroot environment. You can mount it later once systemd is running.<br />
<br />
=== Replacing udev ===<br />
<br />
{{Warning|Replacing udev is not required as ''systemd-udev'' is functional without ''systemd'' as PID 1. Some replacements such as ''eudev'' can also not coexist with {{Pkg|systemd}}—ensure an alternative init is booted '''prior''' to their installation.}}<br />
<br />
* {{App|eudev|eudev is a fork of udev started by the Gentoo project. It is primarily designed and tested with OpenRC.|https://wiki.gentoo.org/wiki/Eudev|{{AUR|eudev}} {{AUR|eudev-git}}}}<br />
* {{App|mdev|Device manager for usage in embedded systems.|https://git.busybox.net/busybox/plain/docs/mdev.txt|{{Pkg|busybox}}}}<br />
* {{App|vdev|A virtual device manager for unix.|https://github.com/jcnelson/vdev.git|{{AUR|vdev-git}}{{Broken package link|package not found}}}}<br />
* {{App|smdev|smdev is a simple program to manage device nodes. It is mostly compatible with mdev but doesn't have all of its features.|http://git.suckless.org/smdev/|{{AUR|smdev-git}}{{Broken package link|package not found}}}}<br />
<br />
== See also ==<br />
<br />
* [https://wiki.debian.org/Debate/initsystem Debian init system debate]<br />
* [http://skarnet.org/software/s6/s6-svscan-1.html How to run s6-svscan as process 1]<br />
* [https://bbs.archlinux.org/viewtopic.php?id=162606&p=1 Replace systemd with busybox + minirc]<br />
* [http://www.troubleshooters.com/linux/init/manjaro_experiments.htm Experiments of Manjaro]<br />
* [https://busybox.net/~vda/init_vs_runsv.html Init vs. runsv]<br />
* [https://felipec.wordpress.com/2013/11/04/init/ Demystifying the init system]<br />
* [http://blog.darknedgy.net/technology/2015/09/05/0/ A history of modern init systems (1992-2015)]<br />
* [https://wiki.gentoo.org/wiki/Comparison_of_init_systems Comparison of init systems (gentoo wiki)]</div>Genoskillhttps://wiki.archlinux.org/index.php?title=Pacman&diff=488164Pacman2017-08-31T17:22:33Z<p>Genoskill: acronym expansion</p>
<hr />
<div>{{Lowercase title}}<br />
[[Category:Package management]]<br />
[[ar:Pacman]]<br />
[[cs:Pacman]]<br />
[[da:Pacman]]<br />
[[de:Pacman]]<br />
[[el:Pacman]]<br />
[[es:Pacman]]<br />
[[fa:Pacman]]<br />
[[fr:Pacman]]<br />
[[id:Pacman]]<br />
[[it:Pacman]]<br />
[[ja:Pacman]]<br />
[[ko:Pacman]]<br />
[[nl:Pacman]]<br />
[[pl:Pacman]]<br />
[[pt:Pacman]]<br />
[[ro:Pacman]]<br />
[[ru:Pacman]]<br />
[[sr:Pacman]]<br />
[[sv:Pacman]]<br />
[[tr:pacman]]<br />
[[uk:Pacman]]<br />
[[zh-hans:Pacman]]<br />
[[zh-hant:Pacman]]<br />
{{Related articles start}}<br />
{{Related|Creating packages}}<br />
{{Related|Downgrading packages}}<br />
{{Related|pacman/Package signing}}<br />
{{Related|pacman/Pacnew and Pacsave}}<br />
{{Related|pacman/Restore local database}}<br />
{{Related|pacman/Rosetta}}<br />
{{Related|pacman/Tips and tricks}}<br />
{{Related|FAQ#Package management}}<br />
{{Related|System maintenance}}<br />
{{Related|Arch Build System}}<br />
{{Related|Official repositories}}<br />
{{Related|Arch User Repository}}<br />
{{Related articles end}}<br />
<br />
The [https://www.archlinux.org/pacman/ pacman] [[Wikipedia:Package manager|package manager]] is one of the major distinguishing features of Arch Linux. It combines a simple binary package format with an easy-to-use [[Arch Build System|build system]]. The goal of ''pacman'' is to make it possible to easily manage packages, whether they are from the [[official repositories]] or the user's own builds.<br />
<br />
''pacman'' keeps the system up to date by synchronizing package lists with the master server. This server/client model also allows the user to download/install packages with a simple command, complete with all required dependencies.<br />
<br />
''pacman'' is written in the C programming language and uses the [[w:tar (computing)|tar]] format for packaging.<br />
<br />
{{Tip|The {{Pkg|pacman}} package contains other useful tools such as [[makepkg]], '''pactree''', '''vercmp''', and [[checkupdates]]. Run {{ic|pacman -Qlq pacman <nowiki>|</nowiki> grep bin}} to see the full list.}}<br />
<br />
== Usage ==<br />
<br />
What follows is just a small sample of the operations that ''pacman'' can perform. To read more examples, refer to {{man|8|pacman|url=https://www.archlinux.org/pacman/pacman.8.html#_examples}}.<br />
<br />
{{Tip|For those who have used other Linux distributions before, there is a helpful [[Pacman Rosetta]] article.}}<br />
<br />
=== Installing packages ===<br />
<br />
{{Note|Packages often have a series of [[PKGBUILD#optdepends|optional dependencies]] which are packages that provide additional functionality to the application, albeit not strictly required for running it. When installing a package, ''pacman'' will list its optional dependencies among the output messages, but they will not be found in {{ic|pacman.log}}: use the [[#Querying package databases|pacman -Si]] command to view the optional dependencies of a package, together with short descriptions of their functionality.}}<br />
<br />
{{Warning|1=When installing packages in Arch, avoid refreshing the package list without [[#Upgrading packages|upgrading the system]] (for example, when a [[#Packages cannot be retrieved on installation|package is no longer found]] in the official repositories). In practice, do '''not''' run {{ic|pacman -Sy ''package_name''}} instead of {{ic|pacman -Sy'''u''' ''package_name''}}, as this could lead to dependency issues. See [[System maintenance#Partial upgrades are unsupported]] and [https://bbs.archlinux.org/viewtopic.php?id=89328 BBS#89328].}}<br />
<br />
==== Installing specific packages ====<br />
<br />
To install a single package or list of packages (including dependencies), issue the following command:<br />
<br />
# pacman -S ''package_name1'' ''package_name2'' ...<br />
<br />
To install a list of packages with regex (see [https://bbs.archlinux.org/viewtopic.php?id=7179 this forum thread]):<br />
<br />
# pacman -S $(pacman -Ssq ''package_regex'')<br />
<br />
Sometimes there are multiple versions of a package in different repositories, e.g. ''extra'' and ''testing''. To install the former version, the repository needs to be defined in front:<br />
<br />
# pacman -S extra/''package_name''<br />
<br />
To install a number of packages sharing similar patterns in their names -- not the entire group nor all matching packages; eg. {{Grp|plasma}}:<br />
<br />
# pacman -S plasma-{desktop,mediacenter,nm}<br />
<br />
Of course, that is not limited and can be expanded to however many levels needed:<br />
<br />
# pacman -S plasma-{workspace{,-wallpapers},pa}<br />
<br />
==== Installing package groups ====<br />
<br />
Some packages belong to a [[Creating_packages#Meta_packages_and_groups|group of packages]] that can all be installed simultaneously. For example, issuing the command:<br />
<br />
# pacman -S gnome<br />
<br />
will prompt you to select the packages from the {{Grp|gnome}} group that you wish to install.<br />
<br />
Sometimes a package group will contain a large amount of packages, and there may be only a few that you do or do not want to install. Instead of having to enter all the numbers except the ones you do not want, it is sometimes more convenient to select or exclude packages or ranges of packages with the following syntax:<br />
<br />
Enter a selection (default=all): 1-10 15<br />
<br />
which will select packages 1 through 10 and 15 for installation, or:<br />
<br />
Enter a selection (default=all): ^5-8 ^2<br />
<br />
which will select all packages except 5 through 8 and 2 for installation.<br />
<br />
To see what packages belong to the gnome group, run:<br />
<br />
# pacman -Sg gnome<br />
<br />
Also visit https://www.archlinux.org/groups/ to see what package groups are available.<br />
<br />
{{Note|If a package in the list is already installed on the system, it will be reinstalled even if it is already up to date. This behavior can be overridden with the {{ic|--needed}} option.}}<br />
<br />
=== Removing packages ===<br />
<br />
To remove a single package, leaving all of its dependencies installed:<br />
<br />
# pacman -R ''package_name''<br />
<br />
To remove a package and its dependencies which are not required by any other installed package:<br />
<br />
# pacman -Rs ''package_name''<br />
<br />
To remove a package, its dependencies and all the packages that depend on the target package:<br />
<br />
{{Warning|This operation is recursive, and must be used with care since it can remove many potentially needed packages.}}<br />
<br />
# pacman -Rsc ''package_name''<br />
<br />
To remove a package, which is required by another package, without removing the dependent package:<br />
<br />
# pacman -Rdd ''package_name''<br />
<br />
''pacman'' saves important configuration files when removing certain applications and names them with the extension: ''.pacsave''. To prevent the creation of these backup files use the {{ic|-n}} option:<br />
<br />
# pacman -Rn ''package_name''<br />
<br />
{{Note|''pacman'' will not remove configurations that the application itself creates (for example "dotfiles" in the home folder).}}<br />
<br />
=== Upgrading packages ===<br />
<br />
{{Warning|<br />
*Users are expected to follow the guidance in the [[System maintenance#Upgrading the system]] section to upgrade their systems regularly and not blindly run the following command.<br />
*Arch only supports full system upgrades. See [[System maintenance#Partial upgrades are unsupported]] and [[#Installing packages]] for details.}}<br />
<br />
''pacman'' can update all packages on the system with just one command. This could take quite a while depending on how up-to-date the system is. The following command synchronizes the repository databases ''and'' updates the system's packages, excluding "local" packages that are not in the configured repositories:<br />
<br />
# pacman -Syu<br />
<br />
=== Querying package databases ===<br />
<br />
''pacman'' queries the local package database with the {{ic|-Q}} flag, the sync database with the {{ic|-S}} flag and the files database with the {{ic|-F}} flag. See {{ic|pacman -Q --help}}, {{ic|pacman -S --help}} and {{ic|pacman -F --help}} for the respective suboptions of each flag.<br />
<br />
''pacman'' can search for packages in the database, searching both in packages' names and descriptions:<br />
<br />
$ pacman -Ss ''string1'' ''string2'' ...<br />
<br />
Sometimes, {{Ic|-s}}'s builtin ERE (Extended Regular Expressions) can cause a lot of unwanted results, so it has to be limited to match the package name only; not the description nor any other field:<br />
<br />
$ pacman -Ss '^vim-'<br />
<br />
To search for already installed packages:<br />
<br />
$ pacman -Qs ''string1'' ''string2'' ...<br />
<br />
To search for package file names in remote packages:<br />
<br />
$ pacman -Fs ''string1'' ''string2'' ...<br />
<br />
To display extensive information about a given package:<br />
<br />
$ pacman -Si ''package_name''<br />
<br />
For locally installed packages:<br />
<br />
$ pacman -Qi ''package_name''<br />
<br />
Passing two {{ic|-i}} flags will also display the list of backup files and their modification states:<br />
<br />
$ pacman -Qii ''package_name''<br />
<br />
To retrieve a list of the files installed by a package:<br />
<br />
$ pacman -Ql ''package_name''<br />
<br />
To retrieve a list of the files installed by a remote package:<br />
<br />
$ pacman -Fl ''package_name''<br />
<br />
To verify the presence of the files installed by a package:<br />
<br />
$ pacman -Qk ''package_name''<br />
<br />
Passing the {{ic|k}} flag twice will perform a more thorough check.<br />
<br />
To query the database to know which package a file in the file system belongs to:<br />
<br />
$ pacman -Qo ''/path/to/file_name''<br />
<br />
To query the database to know which remote package a file belongs to:<br />
<br />
$ pacman -Fo ''/path/to/file_name''<br />
<br />
To list all packages no longer required as dependencies (orphans):<br />
<br />
$ pacman -Qdt<br />
<br />
To list all packages explicitly installed and not required as dependencies:<br />
<br />
$ pacman -Qet<br />
<br />
To list a dependency tree of a package:<br />
<br />
$ pactree ''package_name''<br />
<br />
To list all the packages recursively depending on an ''installed'' package, use ''whoneeds'' from {{AUR|pkgtools}}:<br />
<br />
$ whoneeds ''package_name''<br />
<br />
or the reverse flag to ''pactree'':<br />
<br />
$ pactree -r ''package_name''<br />
<br />
See [[pacman tips]] for more examples.<br />
<br />
==== Database structure ====<br />
<br />
The pacman databases are normally located at {{ic|/var/lib/pacman/sync}}. For each repository specified in {{ic|/etc/pacman.conf}} there will be a corresponding database file located there. Database files are tar-gzipped archives containing one directory for each package, for example for the {{Pkg|which}} package:<br />
<br />
{{bc|<br />
% tree which-2.20-6 <br />
which-2.20-6<nowiki><br />
|-- depends<br />
`-- desc</nowiki><br />
}}<br />
<br />
The {{ic|depends}} file lists the packages this package depends on, while {{ic|desc}} has a description of the package such as the file size and the MD5 hash.<br />
<br />
=== Cleaning the package cache ===<br />
<br />
''pacman'' stores its downloaded packages in {{ic|/var/cache/pacman/pkg/}} and does not remove the old or uninstalled versions automatically, therefore it is necessary to deliberately clean up that folder periodically to prevent such folder to grow indefinitely in size.<br />
<br />
The built-in option to remove all the cached packages that are not currently installed is:<br />
<br />
# pacman -Sc<br />
<br />
{{Warning|<br />
* Only do this when certain that previous package versions are not required, for example for a later [[downgrade]]. {{ic|pacman -Sc}} only leaves the versions of packages which are ''currently installed'' available, older versions would have to be retrieved through other means, such as the [[Archive]].<br />
* It is possible to empty the cache folder fully with {{ic|pacman -Scc}}. In addition to the above, this also prevents from reinstalling a package directly ''from'' the cache folder in case of need, thus requiring a new download. It should be avoided unless there is an immediate need for disk space.<br />
}}<br />
<br />
Because of the above limitations, consider an alternative for more control over which packages, and how many, are deleted from the cache:<br />
<br />
The ''paccache'' script, provided by the {{Pkg|pacman}} package itself, deletes all cached versions of each package regardless of whether they're installed or not, except for the most recent 3, by default:<br />
<br />
# paccache -r<br />
<br />
{{Tip|1=You can create [[pacman hooks]] to run this automatically after every pacman transaction. See [https://bbs.archlinux.org/viewtopic.php?pid=1694743#p1694743 this thread] for examples.}}<br />
<br />
You can also define how many recent versions you want to keep:<br />
<br />
# paccache -rk 1<br />
<br />
To remove all cached versions of uninstalled packages, re-run ''paccache'' with:<br />
<br />
# paccache -ruk0<br />
<br />
See {{ic|paccache -h}} for more options.<br />
<br />
{{AUR|pkgcacheclean}} and {{AUR|pacleaner}} are two further alternatives.<br />
<br />
=== Additional commands ===<br />
<br />
Download a package without installing it:<br />
<br />
# pacman -Sw ''package_name''<br />
<br />
Install a 'local' package that is not from a remote repository (e.g. the package is from the [[AUR]]):<br />
<br />
# pacman -U ''/path/to/package/package_name-version.pkg.tar.xz''<br />
<br />
To keep a copy of the local package in ''pacman'''s cache, use:<br />
<br />
# pacman -U file:///''path/to/package/package_name-version.pkg.tar.xz''<br />
<br />
Install a 'remote' package (not from a repository stated in ''pacman'''s configuration files):<br />
<br />
# pacman -U ''<nowiki>http://www.example.com/repo/example.pkg.tar.xz</nowiki>''<br />
<br />
To inhibit the {{ic|-S}}, {{ic|-U}} and {{ic|-R}} actions, {{ic|-p}} can be used.<br />
<br />
''pacman'' always lists packages to be installed or removed and asks for permission before it takes action.<br />
<br />
=== Installation reason ===<br />
<br />
The ''pacman'' database distinguishes the installed packages in two groups according to the reason why they were installed:<br />
<br />
* '''explicitly-installed''': the packages that were literally passed to a generic ''pacman'' {{ic|-S}} or {{ic|-U}} command;<br />
* '''dependencies''': the packages that, despite never (in general) having been passed to a ''pacman'' installation command, were implicitly installed because [[dependency|required]] by another package that was explicitly installed.<br />
<br />
When installing a package, it is possible to force its installation reason to ''dependency'' with:<br />
<br />
# pacman -S --asdeps ''package_name''<br />
<br />
When '''re'''installing a package, though, the current installation reason is preserved by default.<br />
<br />
The list of explicitly-installed packages can be shown with {{ic|pacman -Qe}}, while the complementary list of dependencies can be shown with {{ic|pacman -Qd}}.<br />
<br />
To change the installation reason of an already installed package, execute:<br />
<br />
# pacman -D --asdeps ''package_name''<br />
<br />
Use {{ic|--asexplicit}} to do the opposite operation.<br />
<br />
{{Tip|Installing optional dependencies with {{ic|--asdeps}} will cause it such that if you [[Pacman/Tips_and_tricks#Removing_unused_packages_.28orphans.29|remove orphans]], ''pacman'' will also remove leftover optional dependencies.}}<br />
<br />
=== Search for a package that contains a specific file ===<br />
<br />
Sync the files database:<br />
<br />
# pacman -Fy<br />
<br />
Search for a package containing a file, e.g.:<br />
<br />
# pacman -Fs pacman<br />
core/pacman 5.0.1-4<br />
usr/bin/pacman<br />
usr/share/bash-completion/completions/pacman<br />
extra/xscreensaver 5.36-1<br />
usr/lib/xscreensaver/pacman<br />
<br />
{{Tip|You can set a cron job or a systemd timer to sync the files database regularly.}}<br />
<br />
For advanced functionality install [[pkgfile]], which uses a separate database with all files and their associated packages.<br />
<br />
== Configuration ==<br />
<br />
''pacman'''s settings are located in {{ic|/etc/pacman.conf}}: this is the place where the user configures the program to work in the desired manner. In-depth information about the configuration file can be found in {{man|5|pacman.conf|url=https://www.archlinux.org/pacman/pacman.conf.5.html}}.<br />
<br />
=== General options ===<br />
<br />
General options are in the {{ic|[options]}} section. Read {{man|8|pacman|url=https://www.archlinux.org/pacman/pacman.8.html}} or look in the default {{ic|pacman.conf}} for information on what can be done here.<br />
<br />
==== Comparing versions before updating ====<br />
<br />
To see old and new versions of available packages, uncomment the "VerbosePkgLists" line in {{ic|/etc/pacman.conf}}. The output of {{ic|pacman -Syu}} will be like this:<br />
<br />
Package (6) Old Version New Version Net Change Download Size<br />
<br />
extra/libmariadbclient 10.1.9-4 10.1.10-1 0.03 MiB 4.35 MiB<br />
extra/libpng 1.6.19-1 1.6.20-1 0.00 MiB 0.23 MiB<br />
extra/mariadb 10.1.9-4 10.1.10-1 0.26 MiB 13.80 MiB<br />
<br />
==== Skip package from being upgraded ====<br />
<br />
{{Warning|Be careful in skipping packages, since [[partial upgrades]] are unsupported.}}<br />
<br />
To have a specific package skipped when [[#Upgrading packages|upgrading]] the system, specify it as such:<br />
<br />
IgnorePkg=linux<br />
<br />
For multiple packages use a space-separated list, or use additional {{ic|IgnorePkg}} lines. Also, glob patterns can be used. If you want to skip packages just once, you can also use the {{ic|--ignore}} option on the command-line - this time with a comma-separated list.<br />
<br />
It will still be possible to upgrade the ignored packages using {{ic|pacman -S}}: in this case ''pacman'' will remind you that the packages have been included in an {{ic|IgnorePkg}} statement.<br />
<br />
==== Skip package group from being upgraded ====<br />
<br />
{{Warning|Be careful in skipping package groups, since [[partial upgrades]] are unsupported.}}<br />
<br />
As with packages, skipping a whole package group is also possible:<br />
<br />
IgnoreGroup=gnome<br />
<br />
==== Skip files from being installed to system ====<br />
<br />
To always skip installation of specific directories list them under {{Ic|NoExtract}}. For example, to avoid installation of [[systemd]] units use this:<br />
<br />
NoExtract=usr/lib/systemd/system/*<br />
<br />
Later rules override previous ones, and you can negate a rule by prepending {{ic|!}}.<br />
<br />
{{Tip|''pacman'' issues warning messages about missing locales when updating a package for which locales have been cleared by ''localepurge'' or ''bleachbit''. Commenting the {{ic|CheckSpace}} option in {{ic|pacman.conf}} suppresses such warnings, but consider that the space-checking functionality will be disabled for all packages.}}<br />
<br />
==== Maintain several configuration files ====<br />
<br />
If you have several configuration files (e.g. main configuration and configuration with [[testing]] repository enabled) and would have to share options between configurations you may use {{ic|Include}} option declared in the configuration files, e.g.:<br />
<br />
Include = ''/path/to/common/settings''<br />
<br />
where {{ic|''/path/to/common/settings''}} file contains the same options for both configurations.<br />
<br />
==== Hooks ====<br />
<br />
''pacman'' can run pre- and post-transaction hooks from the {{ic|/usr/share/libalpm/hooks/}} directory; more directories can be specified with the {{ic|HookDir}} option in {{ic|pacman.conf}}, which defaults to {{ic|/etc/pacman.d/hooks}}. Hook file names must be suffixed with ''.hook''.<br />
<br />
For more information on alpm hooks, see {{man|5|alpm-hooks|url=https://www.archlinux.org/pacman/alpm-hooks.5.html}}.<br />
<br />
=== Repositories and mirrors ===<br />
<br />
Besides the special [[#General options|[options]]] section, each other {{ic|[section]}} in {{ic|pacman.conf}} defines a package repository to be used. A ''repository'' is a ''logical'' collection of packages, which are ''physically'' stored on one or more servers: for this reason each server is called a ''mirror'' for the repository.<br />
<br />
Repositories are distinguished between [[Official repositories|official]] and [[Unofficial user repositories|unofficial]]. The order of repositories in the configuration file matters; repositories listed first will take precedence over those listed later in the file when packages in two repositories have identical names, regardless of version number. In order to use a repository after adding it, you will need to [[#Upgrading packages|upgrade]] the whole system first.<br />
<br />
Each repository section allows defining the list of its mirrors directly or in a dedicated external file through the {{ic|Include}} directive: for example, the mirrors for the official repositories are included from {{ic|/etc/pacman.d/mirrorlist}}. See the [[Mirrors]] article for mirror configuration.<br />
<br />
==== Package security ====<br />
<br />
''pacman'' supports package signatures, which add an extra layer of security to the packages. The default configuration, {{ic|1=SigLevel = Required DatabaseOptional}}, enables signature verification for all the packages on a global level: this can be overridden by per-repository {{ic|SigLevel}} lines. For more details on package signing and signature verification, take a look at [[pacman-key]].<br />
<br />
== Troubleshooting ==<br />
<br />
=== "Failed to commit transaction (conflicting files)" error ===<br />
<br />
If you see the following error: [https://bbs.archlinux.org/viewtopic.php?id=56373]<br />
<br />
error: could not prepare transaction<br />
error: failed to commit transaction (conflicting files)<br />
''package'': ''/path/to/file'' exists in filesystem<br />
Errors occurred, no packages were upgraded.<br />
<br />
Why this is happening: ''pacman'' has detected a file conflict, and by design, will not overwrite files for you. This is a design feature, not a flaw.<br />
<br />
The problem is usually trivial to solve. A safe way is to first check if another package owns the file ({{ic|pacman -Qo ''/path/to/file''}}). If the file is owned by another package, [[Reporting bug guidelines|file a bug report]]. If the file is not owned by another package, rename the file which 'exists in filesystem' and re-issue the update command. If all goes well, the file may then be removed.<br />
<br />
If you had installed a program manually without using ''pacman'' or a frontend, for example through {{ic|make install}}, you have to remove it and all its files and reinstall properly using ''pacman''. See also [[Pacman tips#Identify files not owned by any package]].<br />
<br />
Every installed package provides a {{ic|/var/lib/pacman/local/''$package-$version''/files}} file that contains metadata about this package. If this file gets corrupted, is empty or goes missing, it results in {{ic|file exists in filesystem}} errors when trying to update the package. Such an error usually concerns only one package. Instead of manually renaming and later removing all the files that belong to the package in question, you may exceptionally run {{ic|pacman -S --force $package}} to force ''pacman'' to overwrite these files.<br />
<br />
{{Warning|Take care when using the {{ic|--force}} switch (for example {{ic|pacman -Syu --force}}) as it can cause major problems if used improperly. It is highly recommended to only use this option when the Arch news instructs the user to do so.}}<br />
<br />
=== "Failed to commit transaction (invalid or corrupted package)" error ===<br />
<br />
Look for ''.part'' files (partially downloaded packages) in {{ic|/var/cache/pacman/pkg}} and remove them (often caused by usage of a custom {{ic|XferCommand}} in {{ic|pacman.conf}}).<br />
<br />
# find /var/cache/pacman/pkg/ -iname "*.part" -exec rm {} \;<br />
<br />
=== "Failed to init transaction (unable to lock database)" error ===<br />
<br />
When ''pacman'' is about to alter the package database, for example installing a package, it creates a lock file at {{ic|/var/lib/pacman/db.lck}}. This prevents another instance of ''pacman'' from trying to alter the package database at the same time.<br />
<br />
If ''pacman'' is interrupted while changing the database, this stale lock file can remain. If you are certain that no instances of ''pacman'' are running then delete the lock file:<br />
<br />
# rm /var/lib/pacman/db.lck<br />
<br />
=== Packages cannot be retrieved on installation ===<br />
<br />
This error manifests as {{ic|Not found in sync db}}, {{ic|Target not found}} or {{ic|Failed retrieving file}}.<br />
<br />
Firstly, ensure the package actually exists (and watch out for typos!). If certain the package exists, your package list may be out-of-date or your repositories may be incorrectly configured. Try running {{ic|pacman -Syyu}} to force a refresh of all package lists and upgrade.<br />
<br />
It could also be that the repository containing the package is not enabled on your system, e.g. the package could be in the ''multilib'' repository, but ''multilib'' is not enabled in your ''pacman.conf''.<br />
<br />
See also [[FAQ#Why is there only a single version of each shared library in the official repositories?]].<br />
<br />
=== Manually reinstalling pacman ===<br />
<br />
{{Warning|It is extremely easy to break your system even worse using this approach. Use this only as a last resort if the method from [[#pacman crashes during an upgrade]] is not an option.}}<br />
<br />
Even if ''pacman'' is terribly broken, you can fix it manually by downloading the latest packages and extracting them to the correct locations. The rough steps to perform are<br />
<br />
# Determine dependencies to install<br />
# Download each package from a mirror of your choice<br />
# Extract each package to root<br />
# Reinstall these packages with {{ic|pacman -Sf}} to update the package database accordingly<br />
# Do a full system upgrade<br />
<br />
If you have a healthy Arch system on hand, you can see the full list of dependencies with<br />
<br />
$ pacman -Q $(pactree -u pacman)<br />
<br />
but you may only need to update a few of them depending on your issue. An example of extracting a package is<br />
<br />
# tar -xvpwf ''package.tar.xz'' -C / --exclude .PKGINFO --exclude .INSTALL<br />
<br />
Note the use of the {{ic|w}} flag for interactive mode. Running non-interactively is very risky since you might end up overwriting an important file. Also take care to extract packages in the correct order (i.e. dependencies first). [https://bbs.archlinux.org/viewtopic.php?id=95007 This forum post] contains an example of this process where only a couple ''pacman'' dependencies are broken.<br />
<br />
=== pacman crashes during an upgrade ===<br />
<br />
In the case that ''pacman'' crashes with a "database write" error while removing packages, and reinstalling or upgrading packages fails thereafter, do the following:<br />
<br />
# Boot using the Arch installation media. Preferably use a recent media so that the ''pacman'' version matches/is newer than the system. <br />
# Mount the system's root filesystem, e.g. {{ic|mount /dev/sdaX /mnt}} as root, and check the mount has sufficient space with {{ic|df -h}}<br />
# Mount the proc and sysfs filesystems as well: {{ic|mount -t {proc,sysfs} /dev/sdaX {/mnt/proc, /mnt/sys} }} <br />
# If the system uses default database and directory locations, you can now update the system's pacman database and upgrade it via {{ic|1=pacman --root=/mnt --cachedir=/mnt/var/cache/pacman/pkg -Syyu}} as root. <br />
# After the upgrade, one way to double-check for not upgraded but still broken packages: {{ic|find /mnt/usr/lib -size 0}} <br />
# Followed by a re-install of any still broken package via {{ic|1=pacman --root /mnt --cachedir=/mnt/var/cache/pacman/pkg -S ''package''}}.<br />
<br />
=== "Unable to find root device" error after rebooting ===<br />
<br />
Most likely your initramfs got broken during a kernel update (improper use of ''pacman'''s {{ic|--force}} option can be a cause). You have two options; first, try the ''Fallback'' entry.<br />
<br />
{{Tip|In case you removed the ''Fallback'' entry, you can always press the {{ic|Tab}} key when the bootloader menu shows up (for Syslinux) or {{ic|e}} (for GRUB or systemd-boot), rename it {{ic|initramfs-linux-fallback.img}} and press {{ic|Enter}} or {{ic|b}} (depending on your bootloader) to boot with the new parameters.}}<br />
<br />
Once the system starts, run this command (for the stock {{Pkg|linux}} kernel) either from the console or from a terminal to rebuild the initramfs image:<br />
<br />
# mkinitcpio -p linux<br />
<br />
If that does not work, from a current Arch release (CD/DVD or USB stick), [[mount]] your root and boot partitions. Then [[chroot]] using ''arch-chroot'':<br />
<br />
# arch-chroot /mnt<br />
# pacman -Syu mkinitcpio systemd linux<br />
<br />
{{Note|<br />
* If you do not have a current release or if you only have some other "live" Linux distribution laying around, you can [[chroot]] using the old fashioned way. Obviously, there will be more typing than simply running the {{ic|arch-chroot}} script.<br />
* If ''pacman'' fails with {{ic|Could not resolve host}}, please [[Network_configuration#Check_the_connection|check your internet connection]].<br />
* If you cannot enter the arch-chroot or chroot environment but need to re-install packages you can use the command {{ic|pacman -r /mnt -Syu foo bar}} to use ''pacman'' on your root partition.}}<br />
<br />
Reinstalling the kernel (the {{Pkg|linux}} package) will automatically re-generate the initramfs image with {{ic|mkinitcpio -p linux}}. There is no need to do this separately.<br />
<br />
Afterwards, it is recommended that you run {{ic|exit}}, {{ic|umount /mnt/{boot,} }} and {{ic|reboot}}.<br />
<br />
=== Signature from "User <email@gmail.com>" is unknown trust, installation failed ===<br />
<br />
You can try to either:<br />
* update the known keys, i.e. {{ic|pacman-key --refresh-keys}}<br />
* manually upgrade {{Pkg|archlinux-keyring}} package first, i.e. {{ic|pacman -S archlinux-keyring}}<br />
* follow [[pacman-key#Resetting all the keys]]<br />
<br />
=== Request on importing PGP keys ===<br />
<br />
If [[Installation guide|installing]] Arch with an outdated ISO, you are likely prompted to import PGP keys. Agree to download the key to proceed. If you are unable to add the PGP key successfully, update the keyring or upgrade {{Pkg|archlinux-keyring}} (see [[#Signature from "User <email@gmail.com>" is unknown trust, installation failed|above]]).<br />
<br />
=== Signature from "User <email@archlinux.org>" is invalid, installation failed ===<br />
<br />
When the system time is faulty, signing keys are considered expired (or invalid) and signature checks on packages will fail with the following error:<br />
<br />
error: ''package'': signature from "User <email@archlinux.org>" is invalid<br />
error: failed to commit transaction (invalid or corrupted package (PGP signature))<br />
Errors occured, no packages were upgraded.<br />
<br />
Make sure to correct the [[time]], for example with {{ic|ntpd -qg}} run as root, and run {{ic|hwclock -w}} as root before subsequent installations or upgrades.<br />
<br />
=== "Warning: current locale is invalid; using default "C" locale" error ===<br />
<br />
As the error message says, your locale is not correctly configured. See [[Locale]].<br />
<br />
=== pacman does not honor proxy settings ===<br />
<br />
Make sure that the relevant environment variables ({{ic|$http_proxy}}, {{ic|$ftp_proxy}} etc.) are set up. If you use ''pacman'' with [[sudo]], you need to configure sudo to [[sudo#Environment variables|pass these environment variables to pacman]].<br />
<br />
=== How do I reinstall all packages, retaining information on whether something was explicitly installed or as a dependency? ===<br />
<br />
To reinstall all the native packages: {{ic|<nowiki>pacman -Qnq | pacman -S -</nowiki>}} (the {{ic|-S}} option preserves the installation reason by default).<br />
<br />
You will then need to reinstall all the foreign packages, which can be listed with {{ic|pacman -Qmq}}.<br />
<br />
=== "Cannot open shared object file" error ===<br />
<br />
It looks like previous ''pacman'' transaction removed or corrupted shared libraries needed for pacman itself.<br />
<br />
To recover from this situation you need to unpack required libraries to your filesystem manually. First find what package contains the missed library and then locate it in the ''pacman'' cache ({{ic|/var/cache/pacman/pkg/}}). Unpack required shared library to the filesystem. This will allow to run ''pacman''.<br />
<br />
Now you need to [[#Installing specific packages|reinstall]] the broken package. Note that you need to use {{ic|--force}} flag as you just unpacked system files and ''pacman'' does not know about it. ''pacman'' will correctly replace our shared library file with one from package.<br />
<br />
That's it. Update the rest of the system.<br />
<br />
=== Freeze of package downloads ===<br />
<br />
Some issues have been reported regarding network problems that prevent ''pacman'' from updating/synchronizing repositories. [https://bbs.archlinux.org/viewtopic.php?id&#61;68944] [https://bbs.archlinux.org/viewtopic.php?id&#61;65728] When installing Arch Linux natively, these issues have been resolved by replacing the default ''pacman'' file downloader with an alternative (see [[Improve pacman performance]] for more details). When installing Arch Linux as a guest OS in [[VirtualBox]], this issue has also been addressed by using ''Host interface'' instead of ''NAT'' in the machine properties.<br />
<br />
=== Failed retrieving file 'core.db' from mirror ===<br />
<br />
If you receive this error message with correct [[mirrors]], try setting a different [[Resolv.conf|name server]].<br />
<br />
== See also ==<br />
<br />
* [https://www.archlinux.org/pacman/ Pacman Home Page]<br />
* {{man|3|libalpm|url=https://www.archlinux.org/pacman/libalpm.3.html}}<br />
* {{man|8|pacman|url=https://www.archlinux.org/pacman/pacman.8.html}}<br />
* {{man|5|pacman.conf|url=https://www.archlinux.org/pacman/pacman.conf.5.html}}<br />
* {{man|8|repo-add|url=https://www.archlinux.org/pacman/repo-add.8.html}}</div>Genoskill