Arch Linux provides a number of services for Arch Linux Staff which they can freely use but fair use is applicable.
This server hosts Keycloak, a single sign on server Arch Linux uses to easily onboard new users to new groups and provide a seemless login experience through all our services once they all use SSO. Currently Gitab, Matrix and Hedgedoc use SSO and staff only need a Keycloak account to be able to use these services.
Generally it’s recommended to secure this account. By default all staff accounts require 2-Factor authentication through OTP or Webauthn. Keycloak allows multiple 2-Factor authentication providers to be set up, it is recommended to set up a backup 2-Factor authentication method in case you lose access to one of your devices.
This can be configured in the keycloak security page[dead link 2023-05-06 ⓘ]. Note that the first configured device is configured as the default.
For all staff an @archlinux.org email address is available, during onboarding an email address should have been created for you.
- SMTP/IMAP server: mail.archlinux.org
- SMTP port: 465 (TLS)
- IMAP port: 993 (TLS)
- username: the system account name
- password: set by each user themselves with
Email forwarding can be achieved by creating a sieve rule.
- GUI: https://github.com/thsmi/sieve (not available on Arch repos yet)
- TUI: sieve-connect
- Script linting: check-sieve, (website)
- Thunderbird has a sieve addon
Hedgedoc is an open source collaborative markdown editor to be used to work together on documents or share sensitive snippets. As staff you can login to hedgedoc using your Keycloak account.
- By default only Staff is able to edit and view the document you shared as URL.
- To allow outsiders to edit view documents select a different option than Limited in the right top dropdown menu.
Public HTML / Home directory (pkgbuild.com)
A personal web hosting server for TUS, developers and (on request) support staff to share patches, packages and other Arch Linux related files. Login to
homedir.archlinux.org and run:
$ mkdir ~/public_html $ setfacl -m user:http:x ~ $ setfacl -m user:http:rx ~/public_html
Build server (build.archlinux.org)
A build server is available for Developers / Trusted Users to build packages using devtools.
extra-x86_64-build and similar devtool commands runs build chroots locally on the users computer.
offload-build -r extra accomplishes the same on the build server.
Gitlab can be used to collaborate on Arch Linux projects in the
Arch Linux namespace or to host Arch Linux related projects in your personal space. To request an official new project in the Arch Linux namespace create an issue in the infrastructure repository using the
New Official Project template.
archlinux.org is not only the main website for our distribution, all Staff have an account there to be shown as team member of their respected team on the website. Apart from that it offers the following functionality:
- Signing off packages in testing repositories, see the Arch Testing Team page
- Adopting/orphaning packages as Developer / Trusted user
- Viewing your out of date packages and reports on packages you maintain in the repository
- For example non reproducible packages
- Creating To Do lists for rebuilds or packaging change tasks.
- Posting news articles, requires a proposal on
arch-dev-publicand a 1 day waiting period
Tier 0 Mirror
A Tier 0 Mirror is available for Staff to access the most recent packages from Arch Linux for debugging, rebuilds. Access is granted via archweb.
Hosting upstream tarballs
Sometimes packagers need to keep an archive of previous upstream releases, secure a copy of sources which upstream deletes or distribute releases for internal packages.
https://sources.archlinux.org is the internal service for hosting these sources. This service is hosted on
/srv/sources. There are two directories available.
sources/ is used to rehost distributed package sources which needs the sources available for package compliance. This is mostly limited to the
GPL licenses. This is an automatic process administerd by
dbscripts with the
other/ is for source rehosting. There is no set structure but generally the top-level directory is used for core and extra.
Directories here can be used for package releases. Some upstreams have a tendency to remove past releases, and to accomplish reproducible builds and have older packages still be buildable it’s a good idea to upload these releases for safe-keeping.
IRC cloaks are used on the IRC network to show affiliation to an open-source project on the Libera Chat network. These are visible through
/whois and displayed as
~taco@archlinux/trusteduser/Taco. These are given out by the group contacts for each project.
For an up-to-date list of group contacts see Arch IRC channels#Libera Chat group contacts.
We offer a Matrix homeserver for Arch team members. Matrix is a federated communication service with a variety of available clients for multiple platforms, mobile included. The flagship Element clients offer us file upload, end-to-end encryption, push notifications and integrations with third-party services.
For the initial sign-in you need to use a client that supports OpenID Single-Sign-On, such as Element Web. Enter
@username:archlinux.org as the username and Element should offer to sign into our homeserver.
You will be automatically invited to several rooms:
#archlinux:archlinux.org: A public room for Arch Linux users.
#internal:archlinux.org: A staff-only room with end-to-end encryption.
Password login is currently disabled, which might exclude some clients. It can be re-enabled should demand exist.
If you need to provide your client with a homeserver address, use
We bridge several of our private IRC channels on Libera Chat to Matrix, which you need to be invited into:
#developers:archlinux.org: Bridged with
#trusted-users:archlinux.org: Bridged with
#staff:archlinux.org: Bridged with
Please request an invitation in
#internal:archlinux.org for the rooms you need to be in.
Channels without keys are available via the official Libera Chat bridge. For example:
#archlinux-devops:libera.chat: Bridged with
#archlinux-projects:libera.chat: Bridged with
Please avoid joining large bridged rooms (such as
#archlinux:libera.chat), as these slow down the server immensely.
Libera Chat may require you to have a registered nick to join certain channels. Once
@appservice:libera.chat contacts you, tell it
!username username, then
!storepass password with the username and the password of your Libera Chat NickServ account. Then
!reconnect and it will reconnect you as registered.