Monthly Server Update – September`19

Thoughts

Just some information before you start the update process.
We will probably drop the PwOSS - Raspberry Pi image in the future to focus more on 64bit server and desktop distribution. This does not mean that we will stop doing the update process for both, but we will no longer create the image for the Pi.

We think it would be much more useful if we could create a script with all the necessary configurations etc. and you can simply download the arch image directly from archlinuxarm.org itself and run the script. The creation of the image simply takes too long and I personally have a lot to do over the next few months. So if someone wants to do it... you are more than welcome.

 

Server Update

pikaur -Syu

 

Raspberry Pi only

You need to change one PKGBUILD:
:: warning: Not showing diff for libselinux package (installing for the first time)
Do you want to edit PKGBUILD for libselinux package? [Y/n] Y

arch=('i686' 'x86_64' 'armv6h')
to
arch=(any)

 

Arch and Raspberry

Don't worry about this warning.

(43/89) upgrading graphviz [##################################################################################] 100%
Warning: Could not load "/usr/lib/graphviz/libgvplugin_gtk.so.6" - file not found
Warning: Could not load "/usr/lib/graphviz/libgvplugin_gdk.so.6" - file not found
Warning: Could not load "/usr/lib/graphviz/libgvplugin_gtk.so.6" - file not found
Warning: Could not load "/usr/lib/graphviz/libgvplugin_gdk.so.6" - file not found

 

Pi-hole

Update gravity

pihole -g

 


 

Pacnew

dnscrypt-proxy

File: /etc/dnscrypt-proxy/dnscrypt-proxy.toml
1) Replace original with update
2) Delete update, keeping original as is
3) Interactively merge original with update
4) Show differences again
5) Save update as example config
Please select from the menu above (-1 to ignore this update): 3
/etc/dnscrypt-proxy/dnscrypt-proxy.toml.pacnew /etc/dnscrypt-proxy/dnscrypt-proxy.toml /tmp/etc-update-1669741/etc/dnscrypt-proxy/dnscrypt-proxy.toml.merged
Merging /etc/dnscrypt-proxy/dnscrypt-proxy.toml.pacnew and /etc/dnscrypt-proxy/dnscrypt-proxy.toml
server_names = ['dnscrypt.me', 'de.dnsmaschine.net', 'doh-cry |
%1
listen_addresses = ['127.0.0.1:53000', '[::1]:53000'] | listen_addresses = ['127.0.0.1:53', '[::1]:53']
%1
# proxy = "socks5://127.0.0.1:9050" | # proxy = 'socks5://127.0.0.1:9050'
%2
# http_proxy = "http://127.0.0.1:8888" | # http_proxy = 'http://127.0.0.1:8888'
%2
## Use the REFUSED return code for blocked responses | ## Response for blocked queries. Options are refused, `hin

## Setting this to false means that some responses will be | ## an IP response. To give an IP response, use the format `a

## Unfortunately, false appears to be required for Android | ## Using the hinfo option means that some responses will be

## Unfortunately, the hinfo option appears to be required f
%2
refused_code_in_responses = false | # blocked_query_response = 'refused'
%1
| ## 4865 = TLS_AES_128_GCM_SHA256
| ## 4867 = TLS_CHACHA20_POLY1305_SHA256
%2
## Use 0 to not test for connectivity at all, | ## Use 0 to not test for connectivity at all (not recommended
%2
netprobe_address = "9.9.9.9:53" | netprobe_address = '9.9.9.9:53'
%2
> ## Additional data to attach to outgoing queries.
> ## These strings will be added as TXT records to queries.
> ## Do not use, except on servers explicitly asking for extra
> ## to be present.
>
> # query_meta = ["key1:value1", "key2:value2", "key3:value3"]
>
%2
refresh_delay = 72 |
%1
# urls = ["https://www.quad9.net/quad9-resolvers.md"] | # urls = ['https://www.quad9.net/quad9-resolvers.md']
# minisign_key = "RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKx | # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKx
# cache_file = "quad9-resolvers.md" | # cache_file = 'quad9-resolvers.md'
# refresh_delay = 72 | # prefix = 'quad9-'
# prefix = "quad9-"
%2
# [static.'google'] | # [static.'pwoss']
# stamp = 'sdns://AgUAAAAAAAAAAAAOZG5zLmdvb2dsZS5jb20NL2V4c | # stamp = 'sdns:AQcAAAAAAAAAAAAQM19800e19eudjocdkKMMg'
%2
1) Replace /etc/dnscrypt-proxy/dnscrypt-proxy.toml with merged file
2) Show differences between merged file and original
3) Remerge original with update
4) Edit merged file
5) Return to the previous menu
Please select from the menu above (-1 to exit, losing this merge): 1
Replacing /etc/dnscrypt-proxy/dnscrypt-proxy.toml with /tmp/etc-update-1669741/etc/dnscrypt-proxy/dnscrypt-proxy.toml.merged
mv: overwrite '/etc/dnscrypt-proxy/dnscrypt-proxy.toml'? y
rm: remove regular file '/etc/dnscrypt-proxy/dnscrypt-proxy.toml.pacnew'? y

 


 

Keep the system clean

 

Logs

  1. sudo rm btmp btmp.1 faillog lastlog openvpn.log pacman.log tallylog wtmp fail2ban.log pacman.log nginx/* samba/log.smbd
  2. sudo find /var/log -type f -regex ".*\.gz$" -delete && sudo find /var/log -type f -regex ".*\.[0-9]$" -delete
  3. pihole -f

 

Caches, history and wget

sudo rm /root/.cache/ /root/.bash_history /root/.wget-hsts ; sudo rm /srv/seafile/.bash_history /srv/seafile/.wget-hsts /srv/seafile/.cache/

 

Orphans

sudo pacman -Rns $(pacman -Qtdq)

 

Pacman & pikaur caches

pikaur -Scc

 

Journal

sudo journalctl --vacuum-size=1M && sudo journalctl --verify

 


 

Reboot

sudo reboot now -h

 

Arch Linux x86_64:

Already Downgraded Software:

  • nothing

PwOSS - ISO:

Download

Wiki

 

Raspberry Pi:

Already Downgraded Software:

  • nothing

PwOSS - Image:

Download

Wiki

 

Other ARM devices:

PwOSS - Wiki