DeveloperWiki:Staff Services
Staff Services
Arch Linux provides a number of services for Arch Linux Staff which they can freely use but fair use is applicable.
accounts.archlinux.org
This server hosts Keycloak, a single sign on server Arch Linux uses to easily onboard new users to new groups and provide a seamless login experience through all our services once they all use SSO. Currently Gitlab, Matrix and HedgeDoc use SSO and staff only need a Keycloak account to be able to use these services.
Generally it’s recommended to secure this account. By default all accounts require 2-Factor authentication through OTP or WebAuthn. Keycloak allows multiple 2-Factor authentication providers to be set up, it is recommended to set up a backup 2-Factor authentication method in case you lose access to one of your devices.
This can be configured in the keycloak security page. Note that the first configured device is configured as the default.
For all staff an @archlinux.org email address is available, during onboarding an email address should have been created for you.
Configuration
- SMTP/IMAP server: mail.archlinux.org
- SMTP port: 465 (TLS)
- IMAP port: 993 (TLS)
- username: the system account name
- password: set by each user themselves with
ssh mail.archlinux.org
Email forwarding can be achieved by creating a sieve rule.
Sieve
- GUI: https://github.com/thsmi/sieve (not available on Arch repos yet)
- TUI: sieve-connect
- Script linting: check-sieve, (website)
- Thunderbird has a sieve addon
HedgeDoc instance
HedgeDoc is an open source collaborative markdown editor to be used to work together on documents or share sensitive snippets. As part of staff you can login to hedgedoc using your Keycloak account.
- By default only Staff is able to edit and view the document you shared as URL.
- To allow outsiders to edit view documents select a different option than Limited in the right top dropdown menu.
Public HTML / Home directory (pkgbuild.com)
A personal web hosting server for Package Maintainers, developers and (on request) support staff to share patches, packages and other Arch Linux related files. Login to homedir.archlinux.org
and run:
$ mkdir ~/public_html $ setfacl -m user:http:x ~ $ setfacl -m user:http:rx ~/public_html
Then visit https://pkgbuild.com/~username/
.
Build server (build.archlinux.org)
A build server is available for Developers / Package Maintainers to build packages using devtools.
You can use it by setting things up as described in Package Maintainer guidelines#Remote build on build.archlinux.org, which mostly boils down to adjusting the ~/.makepkg.conf
and using the --offload
flag for pkgctl
which wraps the legacy offload-build
tool.
Gitlab
Gitlab can be used to collaborate on Arch Linux projects in the Arch Linux
namespace or to host Arch Linux related projects in your personal space. To request an official new project in the Arch Linux namespace create an issue in the infrastructure repository using the New Official Project
template.
Archweb
archlinux.org is not only the main website for our distribution, all Staff have an account there to be shown as team member of their respected team on the website. Apart from that it offers the following functionality:
- Signing off packages in testing repositories, see the Arch Testing Team page
- Adopting/orphaning packages as Developer / Package Maintainers
- Viewing your out of date packages and reports on packages you maintain in the repository
- For example non reproducible packages
- Creating To Do lists for rebuilds or packaging change tasks.
- Posting news articles, requires a proposal on
arch-dev-public
and a 1 day waiting period
Tier 0 Mirror
A Tier 0 Mirror is available for Staff to access the most recent packages from Arch Linux for debugging, rebuilds. Access is granted via archweb.
Hosting upstream tarballs
Sometimes packagers need to keep an archive of previous upstream releases, secure a copy of sources which upstream deletes or distribute releases for internal packages.
https://sources.archlinux.org is the internal service for hosting these sources. This service is hosted on repos.archlinux.org
under /srv/sources
. There are two directories available.
sources/
is used to rehost distributed package sources which needs the sources available for package compliance. This is mostly limited to the GPL
licenses. This is an automatic process administerd by dbscripts
with the sourceballs
service.
other/
is for source rehosting. There is no set structure but generally the top-level directory is used for core and extra.
Directories here can be used for package releases. Some upstreams have a tendency to remove past releases, and to accomplish reproducible builds and have older packages still be buildable it’s a good idea to upload these releases for safe-keeping.
IRC Cloak
IRC cloaks are used on the IRC network to show affiliation to an open-source project on the Libera Chat network. These are visible through /whois
and displayed as ~taco@archlinux/package-maintainer/Taco
. These are given out by the group contacts for each project.
For an up-to-date list of group contacts see Arch IRC channels#Libera Chat group contacts.
Mumble Server
In order to have a place to hang out and talk there now is a Arch Linux Mumble Server under mumble.archlinux.org
. See the announcement mail for the password and more information around it!
Matrix
We offer a Matrix homeserver for Arch team members. Matrix is a federated communication service with a variety of available clients for multiple platforms, mobile included. The flagship Element clients offer us file upload, end-to-end encryption, push notifications and integrations with third-party services.
Signing in
For the initial sign-in you need to use a client that supports OpenID Single-Sign-On, such as Element Web. Enter @username:archlinux.org
as the username and Element should offer to sign into our homeserver.
You will be automatically invited to our staff space and internal room:
#staff-space:archlinux.org
: A staff-only space for Arch Linux staff.#internal:archlinux.org
: A staff-only room with end-to-end encryption.
There's also a public space available:
#public-space:archlinux.org
: A public space for Arch Linux users.#archlinux:archlinux.org
: A public room for Arch Linux users.#offtopic:archlinux.org
: A public room for off-topic social chat.
Password login is currently disabled, which might exclude some clients. It can be re-enabled should demand exist.
If you need to provide your client with a homeserver address, use https://matrix.archlinux.org
.
Our rooms bridged to IRC
We bridge several of our private IRC channels on Libera.Chat to Matrix.
These rooms are open to all staff-space members:
#packaging:archlinux.org
: Bridged with#archlinux-packaging
.#staff:archlinux.org
: Bridged with#archlinux-staff
.#valve:archlinux.org
: Bridged with#archlinux-valve
.
The following rooms are not open to all staff, so you need to be invited:
#developers:archlinux.org
: Bridged with#archlinux-dev
.#trusted-users:archlinux.org
: Bridged with#archlinux-tu
.
Please request an invitation in #internal:archlinux.org
for the rooms you need to be in.
These rooms are bridged to public channels, for which you should log into Libera.Chat via SASL:
#aurweb:archlinux.org
: Bridged with#archlinux-aurweb
.#buildbtw:archlinux.org
: Bridged with#archlinux-buildbtw
.#bugs:archlinux.org
: Bridged with#archlinux-bugs
.#devops:archlinux.org
: Bridged with#archlinux-devops
.#pacman:archlinux.org
: Bridged with#archlinux-pacman
.#projects:archlinux.org
: Bridged with#archlinux-projects
.#reproducible:archlinux.org
: Bridged with#archlinux-reproducible
.#security:archlinux.org
: Bridged with#archlinux-security
.#signstar:archlinux.org
: Bridged with#archlinux-signstar
.#testing:archlinux.org
: Bridged with#archlinux-testing
.#wiki:archlinux.org
: Bridged with#archlinux-wiki
.
If you fail to do so, your bridged IRC user cannot join the channels, meaning your messages won't be bridged. See Libera.Chat's guide on how to register a nickname. Afterwards, contact @irc-bridge:archlinux.org
and send it the following commands:
!username username
, with the primary nickname you registered with, then!storepass password
, with your password for NickServ, and then!reconnect
to reconnect and attempt the SASL login.
If this worked, @liberachat_SaslServ:archlinux.org
should contact you after the reconnect.