A look inside Arch Linux

# A look inside Arch Linux

#### Jelle van der Waa [<jelle@archlinux.org>](mailto:jelle@archlinux.org)

---

# Overview

* Arch Linux overview
* Team & development
* Community
* Popularity
* Future

---

# $ whoami

* Joined Arch Linux in 2010 
* Developer @ Arch Linux
* Involved in the security/devops team
* Developer @ Kopano

???

I'm Jelle, joined Arch in 2010 as a Trusted user, have been
a bug wrangler and currently a Developer since a year and also
helping out in the Security / Dev ops team and the Arch Linux website.

My day job is being a developer at Kopano, where I work on our open source AGLv3
communication, collaboration and sharing platform.

---

# Arch Linux

* Arch Linux is 15 years old now!
* Now x86_64 only
* Rolling release
* No corporate backing!

---

# Package management

* Pacman as package manager
* Set of scripts for a clean build chroot
* Signed packages
* Fast

---

# Lightweight & flexible

* No default DE
* Few core packages required (Linux, glibc, systemd)
* Aimed at competent Linux users

---

# Vanilla and upstream

* Packages are kept as vanilla as possible
* Latest upstream release is packaged
* Upstream defaults are used (minimal customization)
* Less split packages, development headers included
* Customization through ABS (ports like)

---

# Installation

* No real installer
* Installation instructions on the wiki
* Comparable to debootstrap

---

# Development

* pacman
* dbscripts
* install iso
* packaging related tools (lddcheck, sogrep, etc.)

???

Arch always packages the latest packages, high impact packages and rebuilds
go to [testing] first.

Signoffs are done by selected users (testers) and other Developer / TU's.

---

# Reproducible builds

* Currently pacman master supports reproducible builds
* 2 Archers involved in the reproducible build project

???

Even though Arch is a small distro, it's still involved in big projects
such as reproducible builds.

---

# Financial

* Financial contributions keep servers running (build, repo, website)
* Arch Linux is a member project of the SPI Inc. non-profit corporation
* Commercial sponsors sponsor servers and monetary contributions

???

Thanks for the donations!

---

# Team structure

* 39 Developers (some inactive)
* 47 Trusted Users
* 24 Support staff (Security team, irc ops, forum mod, wiki admin)
* Overlap in roles

---

# Developers

* Maintain core packages
* Make important decisions that affect the distribution
* No voting on decisions
* Some are also active upstream

???

Systemd decision was made without a vote, due to unmaintainable initscripts for example.
Do-cracy, active members make the decisions.

Some developers have been active in systemd, and other projects.

---

# Trusted Users

* Separate, independent group
* Maintains the AUR
* Maintains [community]
* Votes on team membership

---

# Packaging roles

* Rebuilding packages for soname bumps
* Bugging upstream about issues
* Writing patches for upstream
* Updating packages

???

When a library bumps a soname, all dependencies have to be rebuild, the maintainer of that library
is responsible for that rebuild. We have an todo list setup on Archweb to manage these rebuilds, and a
sort of auto-rebuilder.

When users report issues, the packager usually co-ordinates with upstream, creating a bug report or
writing a patch for the latest GCC, Boost, or other library/compiler of the week.

Normal operating is handling updating packages usually reported on the website by users.

---

# DevOps

* Maintain the server infrastructure
* Everything automated with Ansible
* [Git repository](https://git.archlinux.org/infrastructure.git/) public available

---

# Security Team

* Maintain the [security tracker](https://security.archlinux.org) 
* Write advisories
* Involved with compiler defaults (PIE, -fstack-protector-strong, etc.)

---

# Support staff

* IRC ops
* Forum moderators
* Wiki administrators

???

Independent team, who choose their own team members.

---

# Community

* 1803 #archlinux users
* 28956 wiki users
* 48248 AUR users 
* 83300 forum users

???

Second biggest channel on freenode

---

# IRC

* Popular support channel
* Used for team communication
* Second biggest channel on freenode

???

Security team discusses advisories and vulnerabilities, sometimes
with community input.

Other distro questions sometimes appear!

---

# AUR

* Allows uploading of PKGBUILD files (equivalent of .spec or debian/)
* Staging ground for new packages / team members
* Git repository per package
* AUR helpers to make life easier

---

# AUR stats

* 43.334 packages
* 16.265 packages where updated this year
* ~ 1000 packages updated in the past 7 days
* ~ 150 packages added in the past 7 days

???

---

# Wiki

* Started in 2005
* 4200 wiki pages
* Contains a lot of general Linux software articles (systemd, nginx, etc.)

---

# Wiki stats

![wiki stats](img/wiki_stats.png)

[Source](https://wiki.archlinux.org/index.php/ArchWiki:Statistics), [dip in users](https://lists.archlinux.org/pipermail/arch-general/2014-February/034920.html)

???

* Number of registered users
* General Linux software articles, also useful for other distros
* Unknown what caused the dip

---

# Wiki & Gentoo influence

Gentoo wiki died in 2008 (data loss)

![gentoo arch stats](img/archgentootrends.png)

---

# Forums

* 1.6 million posts
* Various topics

???

* Community contributions
* Newbie corner
* Programming

---

# Arch women / classroom

* IRC channel
* Classes given by Arch users (ad-hoc)
* Foster female involvement in Arch Linux and FOSS
* [Website](https://archwomen.org/)

---

# Forks

* ~ 30 forks
* ALARM
* Manjaro
* Parabola

???

ALARM - ARM edition
Parabola the RMS edition
Manjaro - Ubuntu like Arch, completely separate repos

---

# Popularity

* AUR
* Wiki
* Forks
* IRC channels

???

How did Arch get popular? Most probably because
of AUR, Wiki and very active irc channel.

Forks show that Arch has something to offer which
is interesting.

---

# Rolling release

* Rolling release is a popular concept
* Rolling release works surprisingly well
* Developers/Users want the latest tools

???

Developers and users love the latest software, and other
distros follow this lead see OpenSuSe Tumbleweed.

Although sometimes there is a lot of breakage, due to the latest
GCC not compiling old software or a library update breaking proprietary software.

---

# Simple, no-nonsense

* User-centric
* Free to customize
* Arch keeps it simple
* Packages proprietary software (steam, nvidia, cuda)

---

# Future

* Keep on rolling
* Automate packaging
* Reproducible builds
* Switching from SVN to Git
* Database signing
* More security hardening

???

Still a lot to do for a small distro, we will keep on rolling and
keep packaging software also for software with flatpak and other alternatives

Keep trying to keep upstream sane! See chromium and other projects bundling dependencies

We want to automate packaging more and fully support reproducible builds and installation
images.

Our packaging is currently in SVN and we want to switch to Git.

Database signing is still a problem which we need to solve

We don't ship with a MAC, and we might want to do that, but this gives users
less flexibility; SELinux, AppArmor.

---

# Conclusion

* Wiki, AUR, Forums and IRC
* Ease of packaging
* Customizable
* Rolling release and up to date

---

# Contribute

* Help on the forums / IRC / mailing lists
* Documentation on the wiki
* Contribute PKGBUILDs to the AUR
* Help the security team out reviewing CVE's

---

# Questions