From Arch:
Starting with 7.4.1-2, the following Zabbix system user accounts (previously shipped by their related packages) will no longer be used. Instead, all Zabbix components will now rely on a shared zabbix user account (as originally intended by upstream and done by other distributions):
- zabbix-server
- zabbix-proxy
- zabbix-agent (also used by the
zabbix-agent2 package)
- zabbix-web-service
This shared zabbix user account is provided by the newly introduced zabbix-common split package, which is now a dependency for all relevant zabbix-* packages.
The switch to the new user account is handled automatically for the corresponding main configuration files and systemd service units.
However, manual intervention may be required if you created custom files or configurations referencing to and / or being owned by the above deprecated users accounts, for example:
PSK files used for encrypted communication
- Custom scripts for metrics collections or report generations
sudoers rules for metrics requiring elevated privileges to be collected
- ...
Those should therefore be updated to refer to and / or be owned by the new zabbix user account, otherwise some services or user parameters may fail to work properly, or not at all.
Once migrated, you may [remove the obsolete user accounts from your system].
OpenRC now requires services local, localmount and netmount to be added to runlevel default.
This can be done with commands:
rc-update add local default
rc-update add localmount default
rc-update add netmount default
The update brings experimental user services support. Our wiki page has been updated to include information about it.
i686 users will probably be unable to upgrade, due to a problem with the latest archlinux32-keyring 20241114-1
the solution is posted on the bug tracker
https://labs.parabola.nu/issues/3679
NOTE: pacman v7 is currently in [libre-testing]; but it will be promoted to libre soon
from arch:
With the release of [version 7.0.0] pacman has added support for
downloading packages as a separate user with dropped privileges.
For users with local repos however this might imply that the download
user does not have access to the files in question, which can be fixed
by assigning the files and folder to the alpm group and ensuring the
executable bit (+x) is set on the folders in question.
$ chown :alpm -R /path/to/local/repo
Remember to [merge the .pacnew ...
from arch:
After upgrading to openssh-9.8p1, the existing SSH daemon will be unable to accept new connections.
When upgrading remote hosts, please make sure to restart the sshd service
using systemctl try-restart sshd right after upgrading.
We are evaluating the possibility to automatically apply a restart of the sshd service on upgrade in a future release of the openssh-9.8p1 package.