Arch Linux‘s package manager, Pacman, has reached version 7.1, bringing a notable focus on security, sandboxing, and build reproducibility. A major portion of the update centers around improvements to Pacman’s downloader sandbox.
It now restricts system calls more tightly, leverages the NO_NEW_PRIVS flag to prevent privilege escalation, and offers fine-grained sandbox control through new configuration options in pacman.conf and on the command line.
Several compatibility fixes were also added to ensure smooth operation when running as a non-root user or on NFS-mounted filesystems, while support for older Landlock ABIs was restored.
Error handling and diagnostics also se…
Arch Linux‘s package manager, Pacman, has reached version 7.1, bringing a notable focus on security, sandboxing, and build reproducibility. A major portion of the update centers around improvements to Pacman’s downloader sandbox.
It now restricts system calls more tightly, leverages the NO_NEW_PRIVS flag to prevent privilege escalation, and offers fine-grained sandbox control through new configuration options in pacman.conf and on the command line.
Several compatibility fixes were also added to ensure smooth operation when running as a non-root user or on NFS-mounted filesystems, while support for older Landlock ABIs was restored.
Error handling and diagnostics also see refinement as unknown package groups now return explicit errors when using -Sg, and directory path resolution has been improved. The message for dependency cycles has been downgraded to debug level to reduce unnecessary noise during package operations.
Regarding key management, the process of (re)importing keys—especially expired ones—has been made more reliable, addressing one of the more frequent pain points for Arch users maintaining local keyrings.
Beyond the package manager itself, makepkg —the tool used for building Arch packages —gains several workflow and performance upgrades. Users can now define an NPROC configuration option to control parallel operations, while stripping files has been parallelized for faster execution.
Pacman 7.1 also improves the generation of debugging information, ensures reproducibility in source package tarballs, and introduces architecture-specific fields (options_$arch) and split packages.
Several long-standing quirks have also been addressed. Makepkg now ignores system-wide Git configurations, respects empty configuration directories, and enforces consistent handling of build options within PKGBUILD scripts. It also prevents repeated entries in the arch array and ensures “tidy” scripts execute in the intended order.
Finally, for repository maintainers, repo-add receives two helpful new flags: --wait-for-lock to manage concurrent repository updates safely, and --remove, which automatically deletes outdated package files during metadata refreshes.
Refer to the full changelog for detailed information about all the novelties and improvements that Pacman 7.1 brings. Arch users will get it as an update in the coming days when they run the well-known pacman -Syu command.
Bobby Borisov
Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.