[Warning] Pamac-aur-git update on January 6th, 2020


Pamac-aur-git maintainer here :slight_smile:

I know a good bunch of EndeavourOS users are using pamac-aur-git as their pacman GUI.

On january 6th - and until next update - code will be grabbed from development branch in order to grab pamac 9.3.0beta. I’ve been using it on my main computer for two days without any big issues. But YMMV :smiling_imp:

Capture du 2020-01-06 14-27-16

So, if you want to stay on “stable” code, please use pamac-aur instead.


il y a un bug ou il plante

I just updated before i saw this. We don’t know when the next update comes?

Tu peux me décrire les conditions du plantage ?

When development code will be merged on main channel. Cant’ say. Sorry.

1 Like

Et ?

D’ailleurs, je vais faire une nouvelle mise à jour pour un bug de sécurité: https://gitlab.manjaro.org/applications/pamac/issues/719


Thank you for the heads up, @FredBezies! I might switch on my business laptop, but will continue with your release for the desktop.

1 Like

Yeah they like to tinker with pamac too much. Somewhere along the line they screwed the pooch.
From their forum:

The issue has been fixed

Security breach

Testing and Unstable branch - Pamac 9.3.0beta-1/9.3.0beta-2

Anyone can trick you into installing a package simply by offering it on their webpage pretending to be one thing but in reality it is malware and with this behavior of Pamac - hell is loose in your system.

Mime type

❯ cat /usr/share/mime/packages/x-alpm-package.xml
<?xml version="1.0"?>
 <mime-info xmlns='http://www.freedesktop.org/standards/shared-mime-info'>
   <mime-type type="application/x-alpm-package">
   <generic-icon name="package-x-generic"/>
   <comment>Alpm Package</comment>
   <glob pattern="*.pkg.tar.xz"/>
   <glob pattern="*.pkg.tar.gz"/>
   <glob pattern="*.pkg.tar.zst"/>
   <glob pattern="*.pkg.tar.bz2"/>
   <glob pattern="*.pkg.tar.lrz"/>
   <glob pattern="*.pkg.tar.lzo"/>
   <glob pattern="*.pkg.tar.z"/>
   <glob pattern="*.pkg.tar.lz4"/>
   <glob pattern="*.pkg.tar.lz"/>
   <glob pattern="*.pkg.tar"/>

Mime handler

❯ cat ~/.config/mimeapps.list| grep x-alpm-package

Pamac polkit policy
Pre-autorized to install

❯ cat /usr/share/polkit-1/actions/org.manjaro.pamac.policy
  <action id="org.manjaro.pamac.commit">
    <description gettext-domain="pamac">Install, update, or remove packages</description>
>--- snip

Recommended action
Remove Pamac from your system until the implementation is reverted.

1 Like

An updated version will be available on both testing and unstable channel. This version is not available for Mr and Mrs Everybody :smiley:


I think within a week, pamac-aur-git will be switched back to “main” channel.


Odd that Manjaro is uptight about pamac not asking for password, what about the KDE users who installed Discover in Manjaro ? I don’t remember Discover asking for password in years. Where is their fear for that ?

The pamac is working fine for me.

1 Like

Well, it works, thank you very much.
Yeah, I installed pamac yesterday… Rolled without any update notifier since install but pamac is just so handy.
Always installs via terminal but pamac is great as a combined search engine and notifier.


Just for the info: pamac 9.2.2.r18 = pamac 9.3.0rc

Switched back to master branch.

And the mandatory screenshot:

Capture du 2020-01-17 16-38-56

Closing thread now.