RepoJournal
Arch Linux

@archlinux

The Arch Linux org — the rolling distro and the developers who run it

Pick a date

  1. Sun 3 may
  2. Mon 4 may
  3. Tue 5 may
  4. Wed 6 may
  5. Thu 7 may
  6. Fri 8 may
  7. Sat 9 may
  8. Sun 10 may
  9. Mon 11 may
  10. Tue 12 may
  11. Wed 13 may
  12. Thu 14 may
  13. Fri 15 may
  14. Sat 16 may
  15. Sun 17 may
  16. Tue 19 may
  17. Wed 20 may
  18. Thu 21 may
  19. Sat 23 may
  20. Sun 24 may
  21. Mon 25 may
  22. Tue 26 may
  23. Thu 28 may
  24. Fri 29 may
  25. Sat 30 may
  26. Sun 31 may
  27. Mon 1 jun
  28. Mon 8 jun
  29. Tue 9 jun
  30. Today 10 jun

The Wire · Showcase

ARCHINSTALL CLOSES SECURITY GAP IN EFI BOOT PARTITION

By RepoJournal · Filed · About Arch Linux

The installer now restricts ESP permissions to prevent world-readable secrets like random-seed files from leaking during boot.

Archinstall merged a critical fix that mounts the EFI System Partition with fmask=0077 and dmask=0077 [1], blocking unauthorized access to sensitive boot-time files. The same PR series also landed translation CI validation [2] that catches a subtle but pervasive bug where f-string interpolation happens before translation lookup, causing localized messages to silently fail at runtime. A new pot_tools utility shipped with the CI work to help maintainers validate and manage the translation catalog without manual overhead. On the mail stack, Dovecot and Pigeonhole both landed testing updates [3][4] ahead of wider release, while buildbtw hit 0.0.5 [7] with changelog housekeeping complete. Desktop sees steady updates across xorg-xev and fooyin [5][6].

Action items

References

  1. [1] fix: restrict EFI partition permissions with fmask/dmask=0077 (#4506) archlinux/archinstall
  2. [2] Add translation CI validation ↗ archlinux/archinstall
  3. [3] update dovecot to 2.4.4-1 in extra-testing-x86_64 archlinux/state
  4. [4] update pigeonhole to 2.4.4-1 in extra-testing-x86_64 archlinux/state
  5. [5] update xorg-xev to 1.2.7-1 in extra-x86_64 archlinux/state
  6. [6] update fooyin to 0.10.7-2 in extra-x86_64 archlinux/state
  7. [7] Release buildbtw version 0.0.5 archlinux/buildbtw

FAQ

What changed in Arch Linux on May 19, 2026?
The installer now restricts ESP permissions to prevent world-readable secrets like random-seed files from leaking during boot.
What should Arch Linux teams do about it?
Review EFI permission change for your installation workflow; verify /efi/loader/random-seed is not world-readable after next install • Test Dovecot and Pigeonhole from extra-testing before next production mail server upgrade • Monitor translation CI checks in new archinstall PRs; old f-string pattern will now fail validation
Which Arch Linux repositories shipped on May 19, 2026?
archlinux/archinstall, archlinux/state, archlinux/buildbtw

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.