Feedback on Pamac

bedna · 13 July 2023 19:22

No, I DO NOT CARE WHO MADE THE MISTAKE, it doesn’t MATTER. Whoever that person is probably feels bad enough as it is. Misstakes happen, that is not the issue here, I want that to be absolutely clear on my side!!!
If It was up to me I would like to hug that person and say “it’s ok, the world didn’t end”.
(unless it was with malicious intent ofc)
DO NOT HATE ON PEOPLE (not saying you are cscs, I just want to make MY STANCE perfectly clear in this).

I just ask for an open dialogue, or at least a blogpost explaining how they will move on from this. I DO NOT CARE ABOUT BLAME!!!

Edit
To clarify. As an end USER, I do not care, or should be involved with if it was gross negligence that cause this or not, what I care about is the longevity of Manjaro
I love it, I want to keep using it with all the other noobs like me.
But if the manjaro team will go in a direction where its less noob friendly, I want to KNOW that, it’s as simple as that. A lot of comments in this forum points to that, and the silence from the manjaro team on those comments are becoming more and more frustrating to me.
Can I recommend it to other people?
Do I want to install it on my moms old laptop for her to use?
Should I look into learning ARCH if its going to be the same as using Manjaro?
These are all VERY relevant questions for the longevity of Manjaro.

Olli · 13 July 2023 19:48

my concern is that this security leak is downplayed to a small issue while it could be a really serious “0day root LPE” exploit actually. searching for “vala-vala-haha” shows up that this pamac issue can be a real danger.
my question is:
can we trust the system actually while pamac is the tin-opener for such exploits and if we can’t, is there a workaround (for example uninstall of pamac or whatever) or am i just too nervous ?
@Manjaro-Team i don’t wanna blame anyone but i really appreciate an official announcement to clear this frightening situation.

cscs · 13 July 2023 19:48

What are you talking about?
If anything all comments and decisions point to trying to make manjaro simpler - example: replace pacman with pamac.
Whether all of these are good decisions whether with that goal in mind or not … is a different subject.
I honestly have no idea where you are getting the idea that manjaro is becoming less noob friendly, more Arch, or whatever … its quite the opposite.

Yeah - dont use pamac. I dont have it installed.
(sometimes I do really quick for some test for some user query … but then remove again)

SealOfAllSeals · 13 July 2023 23:56

On what you guys have been talking about, Manjaro is not Arch; it’s supposed to be for everyone that wants stability and ease of use without requiring cli knowledge and yet, pamac breaking from time to time due to whatever the cause may be also breaks the GUI and strands the newcomers and non-power users like in the middle of nowhere; for that reason i think pamac should not try to be a standalone program when managing pacman packages as they are essential to the system and just use pacman for everything instead; i really don’t understand why you guys won’t want normal people to use Linux; what, does it take away from the cool factor of the operating system? Today’s users will be tomorrow’s developers and getting more people to actually like & use Linux based systems will only benefit the whole freaking world, yet the entire Linux community for whatever reason goes against that, that’s a wow moment right there, just a wow moment.

Now, getting all in order and just providing an example

I think that pamac should guarantee itself when it comes to system packages, and just use pacman commands when pamac is called for to install pacman-manjaro packages. Such as when

pamac install ufw

is called upon from the GUI application or the cli, the command just running

pacman -S ufw

therefore making any form of breakage on the side of system packages pretty much impossible.

Another example to this would be

pamac list

Just doing

pacman -Q

Pamac list for whatever reason takes 5 seconds while the pacman -Q command is instantenous, so this way of doing that would also decrease overhead & provide a better user experience.

I also think that pamac should just use the database & cache files created by pacman, instead of trying to compile it’s own; it may also use the internet to fetch if an application exists in the manjaro repositories or a local db file (the only one that it’ll make accept pacman ones and act accordingly; that’d not only preserve all functions of pamac but also make the program as stable as pacman in Arch is, even more at times due to the releases philosophy that Manjaro operates on.

cscs · 14 July 2023 04:34

WTF are you talking about?

It used to be that way.
Its been developed in a different direction.
I have just about zero hope that will change.

…But… if you want it that way … you can do it by using functions…
(you can have or not have pamac installed for this to work)
Placed in .bashrc or .zshrc or similar …

pamac() {
    if [[ $@ == "update" || $@ == "upgrade" ]]; then
        command sudo pacman -Syu
    fi
    if [[ $1 == "list" ]]; then
    	shift;
        command pacman -Qs ${*}
    fi
    if [[ $1 == "install" ]]; then
    	shift;
        command sudo pacman -Syu ${*}
    fi
}

(either a new session or running, ex, source .bashrc)
Afterwards then … pamac commands will work as you describe you wanted.
Of course it could be made separate instead of usurping pamac … lets call it … macman

macman() {
    if [[ $@ == "update" || $@ == "upgrade" ]]; then
        command sudo pacman -Syu
    fi
    if [[ $1 == "search" ]]; then
    	shift;
        command pacman -Ss ${*}
    if [[ $1 == "list" ]]; then
    	shift;
        command pacman -Qs ${*}
    fi
    if [[ $1 == "install" ]]; then
    	shift;
        command sudo pacman -Syu ${*}
    fi
}

Then you can use macman update, etc.

SealOfAllSeals · 14 July 2023 05:09

So… That one is the catch-phrase of yours i guess, or it’s just that you didn’t read the replies correctly; possibly missing what i was talking about there. I don’t use quotes & formatting ■■■■ much in order to encourage people to read the whole post & all the replies just to make sense out of the discussion, that usually either equals to people shouting “WHY IS THERE NO TL;DR???” or actually reading the discussion to make sense out of what has been said; guess this conversation is not going to be within the usual part as i believe you’ve sorta missed what i meant there, let me just give you an example. Actually, let me not give you an example as the amazing forum members @Teo and @bedna have actually explained what i’ve been trying to say here thoroughly; on what i just wrote, you’ll probably have to find what i’m talking about yourself.

Also just to clarify, i’ve daily driven Arch & actively used a plathera of other distributions in the 2 years I’ve been active on Linux & Unix based systems. As you might’ve expected, i use cli a lot & this is supposed to be a feedback thread, not a “OH I WANT TO FIX IT FOR MYSELF!” thread. Yet, there are people that don’t want to bother with CLI that’d also like to use an actual operating system rather then garbage can systems like MacOS or Windows & the whole selling point of Manjaro is kind of to appeal to those newer users while actually give the veteran users a stable operating system that they can safely daily-drive without breakages while also giving the users great access to software, thanks to the base of the OS.

bedna · 14 July 2023 05:12

@cscs
I think this is the most “linux bro” answer I have ever read.
I’m laughing here, both because you are kinda tonedeaf up in the air, but then completely slams back down with the most brilliant solution to the pacman/pamac problem ever.

I cant stop laughing here.

Edit
I will actually copy that script and use it now, my .bashrc is getting bigger and bigger, but why not. Thanks for that one!

cscs · 14 July 2023 05:17

But …
I really dont understand …
How, on a communication platform utilized by multitudes of people including volunteers, for a piece of software likewise provided for free, with the intention of making things easier, and on a thread about a particular package made for that very intention, where detractors agree they want it simpler that way … again here discussing among volunteers …
That somehow we have someone suddenly exclaiming
“why you guys no want people use linux?”

SealOfAllSeals · 14 July 2023 05:21

I’ve not said that, neither do i think @bedna has said that. Yet, check this line.

That was what i was referring to here

Edit: That line in itself really doesn’t sum it up real good, getting a good understanding of what i mean really requires one to read the whole conversation as i base everything i say after i dissect each and every post. Although i agree that people should indeed be on their right minds and actually think while operating any computers, you may look at the other answers to get a more clear understanding of what i might’ve meant. Again, Manjaro is not supposed to be the bleeding edge distro that breaks every time you update and it’s supposed to be easy enough for everybodies use; that one line should sum it up.

cscs · 14 July 2023 05:22

It might have been this part where … you did say that?
I may have been confused by the words and all.

Anyways carry on.
I’ve already noted my own distaste for pamac… and whether you wanted it or not … a little remedy.

Cheers.

bedna · 14 July 2023 05:27

Interesting you feel hurt, or offended by that comment. Maybe analyze that?

No, honestly here.

The reason cscs is because of how the website promotes manjaro. I honestly think it boils down to that.
Then people, like me, come here and have different expectations.

To be honest, I’m surprised in the other direction, I thought this forum would be MORE elitist than it is.
I think its FINE to tinker a bit, I kinda enjoy it.

But you have to understand that for one of me there are most likely 5 other guys (according to the massive amount of first time posters I have seen recently, that do NOT want to tinker, that has ZERO CLUE that they have to read the update announcements and just want their computer “to work”.

And when those guys come here for the first time because they need help, and are unfortunate to meet someone, lets say, less noob friendly, when again, they expect this to be noob friendly because of what it says on the webpage, I COMPLETELY understand frustration and confusion when the program HANDED TO THEM by the os, seems to break their computer.

cscs · 14 July 2023 05:38

I think theres confusion upon confusion here.

I am not hurt … these are not my things.

I was questioning something that doesnt make sense to me because that exclamation seemed to come out of nowhere - I didnt feel I had done anything to prompt such a response. I didnt think anyone was trying to gatekeep linux, yet there seemed to be a resentment towards … what was not happening?

Anyhoo … whatever this ‘dialogue’ is doesnt make sense to me. Cheerio.

Mirdarthos · 14 July 2023 06:54

Apologies. You are right. I was tired and halfway asleep and got confused. Apologies.

But anyway, I agree with @cscs. This “disccussion” is going nowhere and turning into a shouting match, so,

cherio 'ol chaps!

linux-aarhus · 14 July 2023 07:11

I cannot speak on behalf of other team members - for obvious reasons - so what I say now is my own opinion.

Please don’t escalate this into something it is not - this is a flaw in some computer code - it will get fixed.

Until that has been done - you can simply remove pamac-gtk and the packages depending on pamac - and your system is safe - it won’t cripple your system - and if you need a GUI - use octopi.

Being with Manjaro since late 2016 and invited to the team shortly thereafter I have seen the amount of rotten vegetables thrown at Manjaro as a distribution and individuals as well - especially former team members tend to be a bit agressive that way.

There is a general hate against Manjaro and it appears that some people around the globe find it generally amusing to throw that kind of objects at the stage.

The general trend - throwing objects at the stage - has grown a thick spam filter on Manjaro Team members - thus causing possibly important points to get lost in that filter.

As you are aware - only around a dozen people[ 1 ] is providing a very popular Arch based distribution and out this only one person is working on Pamac - in spare time - and currently occupied elsewhere.

The flaw in pamac could possibly be an inherited flaw in polkit as pointed out by

zbe · 14 July 2023 07:24

Relax dude. You’re watching too much reality tv.

Why would you even have to mention (in caps and 3 exclamation points no less) anything about blame… It’s a bug in some code. And you want a written apology now?

Ah it’s gross negligence now already. Although you could use that phrase to describe how some users maintain their systems.

Why? Why would you care about any distro like it’s your spouse or pet? There’s 500 others. (It would matter 0% if 480 of them disappeared tomorrow.) Especially if we are talking about desktop use.

That’s just an illusion newcomers have. It was always meant for more experienced users and it will stay like that as long as it is arch-based. Of course since they became for profit company it makes sense they will try to attract as many users as possible.

You can recommend anything to anyone, it’s (supposedly) a free world.

Do you? I guess, if you plan to keep maintaining it. She won’t care what distro is on her computer. Only thing she’ll care about is that she can do whatever she does on her PC.

Considering maintenance it is exactly the same. If you can maintain manjaro then you can arch. I mean, how is that even surprising when manjaro uses 95% of arch packages?

So the only question here is how willing are you to learn. If you’re motivated you should already be reading archwiki every day, no matter if on arch, manjaro or any other ~~arch-based~~ distro.

SealOfAllSeals · 14 July 2023 09:12

Hey, just to clarify; i’d made this thread just to be a feedback on how pamac as it is operated & nothing else, thanks for the reply.

bedna · 14 July 2023 15:16

These 2 sentences make more sense than anything so far, and is the exact kind of response I was looking for.
Yeah, there is a lot of dislike of Manjaro, and I am asking for a way to REMEDY that hate, a way to support Manjaro, but you make it darn near IMPOSSIBLE.

So I guess Manjaro do not CARE about the pr, they do not CARE that every single linux influencer (tbh, I think they will make a foot note this time not really giving it much interest) about how Manjaro AGAIN screwed up.

I, or any of the ppl in this thread saying we are disappointed that the statement on the webpage for manjaro is INCORRECT and that pamac BROKE the system they were using, are NOT the aggressive kind here. Pusking “+1” on a comment that basically says “stfu, we do not care” is really darn TOXIC,

I guess THIS is what manjaro stands behind. Pretty fkn awful. Completely twisting my words, I NEVER said ANY of the sort, I even CLARIFIED my stance to NOT create confusion, but still, THIS is a comment that deserves a +1. Yuck

Again, THIS is a +1 apparently. Great!
Yeah, I feel more and more unwelcome here.

And:

http://www.manjaro.com

Manjaro is a free and open source Linux operating system that emphasizes user privacy and control of their hardware. It is user-friendly and suitable for those new to computers

NEW TO COMPUTERS. Sure, it’s an “illusion”

Maybe, just fkn MAYBE you should try to understand the MASSIVE backlash this is creating.

I have no interest in interacting with a forum that, in my eyes, pushes away the ppl I want to be welcome here, the ppl who were more like me when I joined, ie noobs.
It’s becoming more and more clear that this is not the case.

But op just stated this is not the discussion he want in this thread, I respect that so I back off and probably stop interacting with the forum other than when it breaks and reading the announcement (because THAT is apparently something a person “new to computers” would know about)

It was nice while it lasted, but this is clearly not sustainable.

zbe · 14 July 2023 16:52

It’s you who are thinking loudly “what if”, which I wanted to point out how ridiculous it is already.

And to refresh your memory, here is another ridiculous thing you said:

Breathe and don’t take everything so personal.

Yes, and on fox news about page they have “offers its audiences in-depth news reporting […] and diversity of thought”.

This is again something, as you said, “in your eyes” ie. in your head. Everyone is a noob when they start with anything. What matters here is to set your expectations realistically.

And if you still think that someone totally “NEW TO COMPUTERS” will do just fine with (any) rolling distro then you are just delusional.
(I mean, it’s possible if “that someone” is highly motivated and have a lot of time to read and absorb a lot of things.)

Yeah, few dozen people out of 8 billion will see this, laugh it off and forget it in a week. No one cares.

You should spend more time reading manuals and wikis instead of watching any kind of “influencers”.

FIrst of all “we” here is I. I’m speaking for myself. And second, who is twisting the words now…

PS.: Gonna give you +1.

guinux · 14 July 2023 17:06

Hi all,
I’m the dev of pamac and I think must clarify some points.
I’m developing pamac alone since ten years now with the first goal to provide a GUI to pacman.
Know that coding a GUI is far more complex than a CLI. You can now run pamac-gtk as an user, browse packages, select what packages you wan to install and click to proceed. It’s only at this moment that you are asked for a root password. Then you can follow the progress of the installation.
This a standard behavior for a GUI those days but it needs to code two programs, one for the GUI and one for the daemon in background in order to run action as root and manage authorizations. Those programs also need to communicate in both ways.
Regarding this, pacman/libalpm is a simple program/library that just permit to read and write the packages database.
When trying to implement features like cancelling an installation or checking for updates as a user and avoid partial upgrades, you face some limitations because pacman is solely code to be a CLI.
It appears that, with the aim of providing an ever better user experience, I introduced with libpamac 11.5.4, a way to make a so called Local Privilege Escalation that permits to a logged in user to grant root access. It’s a security issue but don’t forget that it still need a physical access to your computer and an active session opened. Screen locking by itself prevent for such an exploit.
The vulnerable code was published two months ago but I was informed of the issue the 8th of July.
It was a very bad timing because I planned to leave my home for three weeks the next day. It’s in this situation that I still took some of my time to provide a fix but without the possibility to run all needed tests. Sadly with such a complex program pamac is now, the fix breaks some functionalities like applying updates.
With the help of the @Manjaro-Team that I thank here, all seems now fixed.
I’m proud of the trust you have in Pamac and I understand that this kind of trouble is disappointing.
I truly believe in the open sources community and be sure I will continue to contribute in providing easy to use softwares for everyone.

SealOfAllSeals · 15 July 2023 02:38

Also just wanted to add, the new GUI looks amazing. Thanks for your hard work!