Skip to content

Instantly share code, notes, and snippets.

@lucaswerkmeister

lucaswerkmeister/README.md

Last active July 18, 2018 20:57
Show Gist options
  • Save lucaswerkmeister/8746d4d7bb14956ac7a92a81724550ee to your computer and use it in GitHub Desktop.
Save lucaswerkmeister/8746d4d7bb14956ac7a92a81724550ee to your computer and use it in GitHub Desktop.
Download ZIP
Automatic pacman updates
Raw
README.md

I use these files to keep my package manager metadata up to date. pacman-update automatically downloads package updates so that I don’t have to wait for the download when I actually go to upgrade the system, pacman-mirrorlist-update makes sure that the mirror list is not too outdated, and the tmpfiles.d configuration makes sure that all the updates downloaded by pacman-update (which may include many intermediate versions if I don’t upgrade for a while) don’t stay around forever.

To set up these files, copy the .service and .timer files into /etc/systemd/system/, and the pacman.conf file into /etc/tmpfiles.d/. Then, run systemctl enable --now pacman-update.timer pacman-mirrorlist-update.timer.

Raw
pacman-mirrorlist-update.service
[Unit]
Description=Update pacman mirror list
# silently skip if reflector is not installed,
# in that case we can assume the pacman-mirrorlist package keeps the list up to date
ConditionFileIsExecutable=/usr/bin/reflector
[Service]
Type=oneshot
ExecStart=/usr/bin/reflector --sort rate --save %t/reflector/mirrorlist --fastest 5 --latest 25 --protocol https --verbose
ExecStart=+/bin/cp %t/reflector/mirrorlist /etc/pacman.d/mirrorlist
RuntimeDirectory=reflector
DynamicUser=yes
Raw
pacman-mirrorlist-update.timer
[Unit]
Description=Update pacman mirror list monthly
[Timer]
OnCalendar=monthly
Persistent=yes
[Install]
WantedBy=timers.target
Raw
pacman-update.service
[Unit]
Description=Download updates (without installing them)
After=network-online.target
[Service]
Type=simple
ExecStart=/usr/bin/pacman --sync --refresh --sysupgrade --downloadonly --noconfirm --quiet
ProtectSystem=strict
ReadWritePaths=/var/lib/pacman /var/cache/pacman
PrivateDevices=yes
SystemCallFilter=~@privileged
CapabilityBoundingSet=
NoNewPrivileges=yes
PrivateTmp=yes
TemporaryFileSystem=/run
InaccessiblePaths=-/etc/shadow -/etc/gshadow -/var/lib/sudo -/etc/ssh -/etc/opendkim -/var/lib/tor
[Install]
WantedBy=multi-user.target
Raw
pacman-update.timer
[Unit]
Description=Download updates 5 minutes after boot and hourly
[Timer]
OnBootSec=5min
OnCalendar=hourly
[Install]
WantedBy=multi-user.target
Raw
pacman.conf
# remove packages from pacman cache after about two months
d /var/cache/pacman/pkg 0755 root root 60d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment