From knowledge-patch
Covers Arch Linux rolling updates, pacman 7.x changes, service migrations, and breaking changes for system upgrades.
How this skill is triggered — by the user, by Claude, or both
Slash command
/knowledge-patch:arch-knowledge-patchThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Baseline: Arch Linux through mid-2024 and pacman 6.x; covers changes through 2026-07-12, including pacman 7.1.0.
Baseline: Arch Linux through mid-2024 and pacman 6.x; covers changes through 2026-07-12, including pacman 7.1.0.
| Reference | Topics |
|---|---|
| Package management | pacman 7.0.0 and 7.1.0 sandboxing and signatures, makepkg and PKGBUILD changes, repositories, repo-add, firmware packaging, package-source licensing |
| Service migrations | OpenSSH and rsync interventions, Redis to Valkey, Zabbix accounts, Dovecot 2.4, nft-backed iptables, Kea ownership, Vinyl Cache |
| Runtime and desktop transitions | glibc and Discord, Wine WoW64, Plasma X11, Waydroid, .NET 10, NVIDIA 590 |
| Operations and security | Arch service outage fallbacks, AUR package auditing |
pacman.conf, maintaining PKGBUILDs, running private repositories, or automating pacman 7.0.0 or 7.1.0..pacnew and .pacsave files instead of assuming package upgrades preserve local configuration.Restart the daemon immediately after upgrading openssh to 9.8p1 because the old daemon cannot accept new connections:
systemctl try-restart sshd
On a remote host, preserve an existing session until the restarted daemon accepts a new connection.
Upgrade every rsync daemon and client to Arch package 3.4.0-1 or newer, then reboot. Treat public mirrors as urgent: vulnerable anonymous servers can permit remote code execution, and hostile servers can attack connecting clients and sensitive files.
Remove [community], [community-testing], [testing], [testing-debug], [staging], and [staging-debug] from /etc/pacman.conf. Merge the .pacnew from pacman>=6.0.2-7; stale entries cause database synchronization to fail.
For upgrades from linux-firmware 20250508.788aadc8-2 or earlier to 20250613.12fe085f-5 or newer, remove the old package without dependency checks and reinstall it during the full upgrade:
pacman -Rdd linux-firmware
pacman -Syu linux-firmware
Expect linux-firmware to become an empty dependency package backed by hardware-specific firmware packages.
Install plasma-x11-session before upgrading an X11 workstation. Plasma 6.4 installs only the Wayland session by default after kwin splits into kwin-wayland and kwin-x11.
Recreate existing 32-bit prefixes and reinstall their applications after wine and wine-staging move to pure WoW64. Do not expect [multilib] to remain a dependency; anticipate slower direct OpenGL from some 32-bit applications.
Do not start Dovecot 2.4 with a 2.3-or-earlier configuration. Migrate it first, or install dovecot23 and the matching pigeonhole23 or dovecot23-fts-* packages when replication or delayed migration is required.
.pyc files below /usr/lib/waydroid/tools/ when upgrading from before 1.5.4-3.-9.0 .NET package during the .NET 10 full upgrade, then remove its unversioned counterpart if version 9 must remain.nvidia-580xx-dkms before NVIDIA 590 replaces the closed modules with open kernel-module packages.Treat iptables as the nft-backed package. Use iptables-legacy only for legacy-only behavior, inspect both rules .pacsave files when switching packages, restore rules as needed, and test uncommon xtables extensions.
After upgrading to kea>=1:3.0.3-6, assign existing state to the dedicated kea account and restart the services:
chown kea: /var/lib/kea/* /var/log/kea/* /run/lock/kea/logger_lockfile
systemctl try-restart kea-ctrl-agent.service kea-dhcp{4,6,-ddns}.service
Add interactive or service accounts to the kea group only when they require access to Kea leases, logs, or configuration.
Migrate directories, accounts, commands, and systemd units from varnish names to vinyl names. Disable varnish.service and varnishncsa.service; enable vinyl-cache.service and vinylncsa.service after correcting state ownership.
Plan to move Arch-managed deployments from redis to Valkey. The Redis package was deprecated after its brief April 2025 transition in [extra], moved to the AUR, and stopped receiving Arch updates.
Change ownership and embedded account names in custom PSK files, scripts, sudoers rules, and configuration to the shared zabbix account introduced by zabbix-common. Complete this before deleting the old component-specific accounts.
During the ongoing malicious-package incident, inspect every change to each AUR package's PKGBUILD and install scripts before updating. Report suspicious commits for packages in use through the aur-general mailing list.
Merge pacman's .pacnew so Arch's DownloadUser default can take effect. Make each local repository traversable by the alpm group:
chown :alpm -R /path/to/local/repo
find /path/to/local/repo -type d -exec chmod g+x {} +
On Linux, expect the downloader to be unable to write outside its download directory. Prefer the fine-grained pacman 7.1.0 sandbox controls when one restriction is incompatible; use DisableSandbox or --disable-sandbox only when wholesale disablement is necessary.
Expect pacman 7.1.0's default SigLevel to be Required for packages and databases. Configure an intentional exception for unsigned local content; do not rely on the previous permissive default.
GITFLAGS; makepkg no longer supports it.BUILDENV or OPTIONS from a PKGBUILD.options=(!buildenv) to suppress MAKEFLAGS or CHOST./etc/makepkg.d/gitconfig while ignoring system Git configuration.NPROC; keep build-system parallelism separate.xdata.options_$arch..gitattributes.Use repo-add --wait-for-lock when multiple writers may update a repository. Use repo-add --remove when the update should also delete old package files.
Load only the reference that matches the task:
npx claudepluginhub nevaberry/nevaberry-plugins --plugin knowledge-patchDebian 13.0 upgrade knowledge patch covering risk triage, SSH preparation, boot space, encrypted storage, and package changes.
Provides migration strategies for framework and language upgrades, including dependency audits, breaking change detection, codemod references, and rollback plans. Covers React, Vue, Next.js, Laravel, Angular, and multiple languages.
Guides collaborative design exploration before implementation: explores context, asks clarifying questions, proposes approaches, and writes a design doc for user approval.