I’m new happy user of pinephone from Manjaro edition. I’m trying to document my “way” here if anybody is interested. I guess it will be fun to look at it 10 years later because I think (and hope) that future belongs to linux
BTW I’m new Manjaro user as well thanks to phone edition
Back to my questions So far I didn’t find too much documentation therefore I need some clarification how does it work.
UPDATE procedure best practice
I red that there can be differences between OS update via terminal (using pacman), SW update from UI, flashing new image. Per source there can be configuration differences … I saw it somewhere here on forum … the post was lacking details why it is happening. I’m used to e.g. APT pkg manager handles also configuration changes. Therefore can somebody clarified whether this is true ? If so why and what should be best practice ?
Why do I ask ?
I would like to run custom “stuff” there so I’m kind of worried that I need to apply my changes every time after flashing of new image …
Services open to the world
I noticed that there are two services which are binded to 0.0.0.0 by default.
$ ss -tupln
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* users:(("chatty",pid=4137,fd=46))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
tcp LISTEN 0 128 [::]:22 [::]:*
So far I don’t like it.
SSH server - by default there is very weak password for manjaro and root therefore it can be easily exploited. Arch OS highlights that as well - link. Is it really necessary to have SSH server running by default ?
chatty - I don’t plan to use this up at all. Therefore I will remove it.
Users management
Is it OK to create own OS user and disable logins to manjaro user & change root password ?
That will be always the case, unless you make your own img with your stuff included.
On Phosh arm-unstable i was able to run all the updates so far, either from terminal or Gnome-Software then reboot the system and it worked.
In order to gather some information that will be reported to developers, you need that. If you plan to remain silent, then you can disable it.
Is a public knowledge that the password for manjaro user is 123456 and for root is root. Calling it exploit is a misnomer. Do not connect to unknown wifi networks.
Is up to you, but make sure you add that user to the proper groups and then modify the /usr/share/lightdm/lightdm.conf.d/60-lightdm-autologin.conf and replace the line autologin-user=manjaro
with your user …
That will be always the case, unless you make your own img with your stuff included.
It seems like to much troubles but i can try that in future if there will be more free time. BTW what is the best practice to preserve persistent data (e.g. pictures, sms, etc) during flash operations? What comes to my mind:
store user home folder on different device
sync into cloud
On Phosh arm-unstable i was able to run all the updates so far, either from terminal or Gnome-Software then reboot the system and it worked.
Therefore are these upgrade options interchangeable ?
In order to gather some information that will be reported to developers, you need that. If you plan to remain silent, then you can disable it.
Well you can still enable it in case of issues?
Is up to you, but make sure you add that user to the proper groups and then modify the /usr/share/lightdm/lightdm.conf.d/60-lightdm-autologin.conf and replace the line autologin-user=manjaro
with your user …
Cool will try that. BTW I also noticed that phosh service runs under manjaro user. Therefore it should be changed as well. I hope there aren’t any other skeletons hidden.
I think a default way to backup still has to be figured out; the devices and infrastructure are all pretty new, as are the shells/boot-loader/kernel chipset support/…
Another option to backup /home on the fly is to use an SD-card. You can even have an SD-card to boot (or flash) another image from and use its free space to backup /home (of course a proper backup should not be on the same device).
Obviously flashing is different, it overwrites the device. For the software upgrade options, yes. If you are used to APT, try pacman - I don’t want to go back as pacman is super transparent. And don’t worry your customizations may be overwritten on package updates (when not flashing). Pacman has solid logic to make you aware of changes, create backup conf files etc (if it does not happen, it is a packaging glitch). For example, if you changed phosh.service, there should be a pacman console notification on its next package update that you must merge the new service. (Aside, there is also a proper systemd way to customize services. With systemctl edit xyz.service you can create drop-in files to override or customize defaults on a rolling-forward basis.).
So far I didn’t find too much documentation therefore I need some clarification how does it work.