Mabe it’s the same actor, but there still has to be a good reason/a goal for all of this.
Come on, now I thought there’s something new, but it’s still just that single statement from 10 days ago.
And that single statement has the following concluding line:
- We are keeping technical details about the attack, its origin and our mitigation tactics internal while the attack is still ongoing.
The attacks are still ongoing.
2 Likes
I only can speculate about this:
Poisening software like the xz-thing last year?
Getting easy money from people that install malicious versions of other software?
Any reason why people cross the line of legal actions?
Sure, right now we can all just speculate. For me it just feels strange somehow. Doing this to a project like Arch for 3 weeks straight…I just can’t see the logic behind this. There are definitely a lot more valuable targets than the AUR out there to spend your criminal energy on.
What are people doing to update their AUR packages during DDOS attacks? The lack of AUR mirrors is a definite problem.
I’ve been updating for the past few days without issues. It’s intermittent at the moment.
All traffic seems normal as of this moment…
❯ up
[sudo] password for wombat:
:: Synchronizing package databases...
endeavouros 15.9 KiB 132 KiB/s 00:00 [---------------------------------------] 100%
core 122.1 KiB 264 KiB/s 00:00 [---------------------------------------] 100%
extra 7.9 MiB 10.3 MiB/s 00:01 [---------------------------------------] 100%
multilib 132.2 KiB 294 KiB/s 00:00 [---------------------------------------] 100%
chaotic-aur 643.9 KiB 607 KiB/s 00:01 [---------------------------------------] 100%
:: Searching AUR for updates...
:: Searching databases for updates...
there is nothing to do
Looking for updates…
Nothing to do.
Nothing unused to uninstall
❯
Maybe Debian stable enjoyers got offended at being called “stale” by Arch users.
1 Like
This is what I’ve been getting most times I try and update. Then again, I update before and after work - not during.
yes to one update, failed later.
that’s ok. at least it’s mostly accessible and not entirely closed.
I feel bad for the Arch devs/maintainers, as if they did not have enough to do now to add this fulltime headache to their plate
1 Like
i just installed Arch, everything worked for me.
It is very strange because the last week I had only one or two problems with updating from the AUR. This however was resolved within the same hour. It makes me wonder if somehow there is some kind of filter on internet traffic from certain countries or something like that.
Because you haven’t installed any AUR packages yet.
I’ve tried updating with and without a VPN and it made no difference. Now it randomly is working again.
The situation is the same as it was 2 days or 5 days ago.
There are DDoSs ongoing .. various services, though recently mainly the AUR, are only intermittently available or unavailable. Arch has opted to so far not release too many details.
Unless that changes substantively then theres not a lot more to say.
Yes, you may not be able to access the AUR. Then you may be able to again a little later.
Just like yesterday.
PS.
We also already had a thread about this.
And this is what prompted my question - are there any alternative means people are using to update AUR packages?
Apparently there is a github mirror of the AUR, but I cannot for the life of me figure out how to find pkgbuilds on it: https://github.com/archlinux/aurweb
And that’s because I was looking at the wrong github repo - this is the AUR mirror: https://github.com/archlinux/aur/branches/active?page=1
You need 2 things ..
- A recognition that all the packages there are git branches
- The manual AUR method and prerequisites.
ex;
First you need to be up to date and have the necessary packages;
sudo pacman -Syu git base-devel
Then we get what we want from the mirror (here browsh);
git clone -b browsh --single-branch https://github.com/archlinux/aur.git browsh
Now we enter the directory and build.
cd browsh
The manual build/install method including flags for dependencies and clean up;
makepkg -sric
1 Like
Thanks so much. Although clunky, it’s nice to know that this workaround exists.
Aside from the git branch part its about equal to the manual/makepkg way of interacting with the AUR.
That everyone is has become familiar with before using it, right? Right? 
To exhibit (and skipping git and base-devel as already installed);
git clone https://aur.archlinux.org/browsh.git
cd browsh
makepkg -sric
1 Like