Arch Linux AUR migrated to a new server, new keys

Archlinux AUR migrated to a new server, with new keys. See announcement for more info
Arch Linux announcement

Pudge

9 Likes

Thanks. For the “average” user, what does that acutally mean though? Do I need to update/fix/change anything on my system due to this, or is for folks who package things in the AUR?

If you are a normal user, you probably only connect to the AUR via https so it shouldn’t impact you much. If you are connecting via ssh, you will probably get an error from ssh warning you of a potential man in the middle attack unless you remove/update the old host key.

Typically the key would be in ~/.ssh/known_hosts

4 Likes

Generally, ssh-keygen -R aur.archlinux.org then check and accept the new key.

3 Likes

So, nothing on my end really. Thanks guys!

3 Likes

Indeed. As an AUR advanced user ie maintaining some PKGBUILDs, I had to tweak ~/.ssh/known_hosts

3 Likes

I understand that maintainers need ssh access, they need to upload their packages. But for “downloaders” like me, Is there any other reason why one would go direct to the OS via ssh?
Just curious, maybe I am missing out on something cool, simply because I don’t know. Wouldn’t be the first time.

I use yay by the way :slight_smile:

There isn’t any real reason - if you’re only downloading from the AUR (e.g. to build with makepkg) then git clone can use the HTTPS address, and yay can grab an archive rather than using git.

Edit: correction after actually thinking about it

3 Likes