* fix: restrict EFI partition permissions with fmask/dmask=0077
Mount the ESP with fmask=0077 and dmask=0077 to prevent world-readable
files like /efi/loader/random-seed.
Closes#4241
* fix(efi): collapse fmask/dmask dedup to dict.fromkeys one-liner
Per @Torxed's review feedback. Same semantics as the previous loop
(dedupe by exact-string match) but shorter. dict.fromkeys preserves
insertion order, where set() would not.
* fix(efi): drop defensive list wrap per review
The list() copy on line 378 was load-bearing only if options were
mutated downstream, but the EFI branch reassigns options via
dict.fromkeys() (line 381) and the non-EFI branch passes through
to mount() without mutating. Drop the copy.
* Fix broken localization: tr(f-string) never matches translation catalog
tr(f'Invalid configuration: {error}') evaluates the f-string before
tr() runs, so xgettext extracts the literal placeholder as the msgid
while runtime passes the formatted string - the two never match.
Switch to tr('...{}').format(...) and update msgid in base.pot.
* Add CI validation for translations and pot_tools dev utility
Add translation-check workflow with two jobs:
- validate-po: msgfmt --check on changed .po files, .mo sync warning,
tr(f-string) anti-pattern grep on changed .py files
- validate-pot: verify all tr() strings exist in base.pot when .py
files change
Workflow only triggers on .py/.po/.pot file changes.
Add scripts/pot_tools.py developer utility (stats, list, add_missing)
for managing base.pot.
* Fix code style: use tabs and reformat xgettext arguments
Align check_pot_freshness.py and pot_tools.py with project
indentation (tabs) and ruff format requirements.
Sorry :-)
* Replace custom PO parser with msgcmp, drop pot_tools.py
Address review feedback: use standard gettext msgcmp instead of
hand-rolled parser for base.pot freshness check. Remove pot_tools.py
that duplicated locales_generator.sh functionality.
* Move translation checks into locales_generator.sh, simplify CI workflow
Use msgcmp instead of diff for base.pot validation to avoid failing on
legacy stale entries - the same cascading breakage that killed the
original workflow (disabled 2023, removed in #4483).
* Fix broken .po files: duplicate msgid in Hindi, missing format args in Finnish
* Add iwd standalone option to network configuration
Adds NicType.IWD as a third option alongside NM and NM_IWD: install
iwd, write /etc/iwd/main.conf with EnableNetworkConfiguration=true and
NameResolvingService=systemd, enable iwd.service + systemd-resolved.service.
iwd handles DHCP itself and resolved picks up its DNS via the symlink, so
no NetworkManager pulled in.
Also fills in parse_arg cases for NM_IWD and IWD so config files
round-trip both nic types.
Assisted-By: Flint
* wire up resolv stub and networkd service
* exclude virtual devices, dont harcode iface name instead match 'ether'
similar pattern to .network files shipped in /etc/systemd/network
* use dedent and rename menu option
I think it was a mistake to have made the previous changes to KDE Apps. In retrospect, it seemed like a good idea since the Budgie developer had done it that way in Fedora, which is the distro the developer uses as a reference for Budgie. When you start using it, you realize there's no bridge between the desktop and the KDE Apps, and things like Dolphin recognizes icons and themes, requiring some rather annoying manual configurations. Then, if you want to change them again, you have to change those configurations again. Files don't open by default with the apps either; you have to configure them for that to work.
At first, I thought the Budgie packager for Arch had forgotten some stray dependency, but with some free time, I tested it with Fedora 44, and to my surprise, it has exactly the same problems, which is completely unacceptable for a final stable release. I suppose he'll make the necessary changes in the near future, but right now, it's a disaster.
* Add --share-log flag to upload install.log to paste.rs
* Apply ruff-format to share_log.py
* Rework share-log per review: subcommand, TUI confirmation, truncate large logs
* Replace curl/SysCommand with urllib.request, remove defensive try/except
Per review: use stdlib urllib instead of shelling out to curl,
drop unnecessary try/except around TUI confirmation,
remove tempfile (content is passed directly as bytes).
* Fix TUI imports after ui module was pulled one level up (#4515)
* Decouple share_install_log from TUI module
* Add unit tests for share_install_log function
* Update docs to use share-log subcommand syntax
* Fix truncated package metadata in additional packages preview (#3580)
* Simplify package info fix: use rstrip and CSS wrap instead of env var plumbing
* Apply preview text wrap conditionally via wrap_preview parameter
* Add missing wrap-preview CSS to OptionListScreen and pass parameter through SelectMenu
* Keep standalone initramfs for grub-btrfs when UKI is enabled
Fixes#4505
* Move keep_initramfs logic into add_bootloader()
The grub-btrfs snapshot detection was in guided.py, forcing custom
script authors to replicate it. Since Installer already holds
disk_config, the check belongs inside add_bootloader().
The cutefish package was never in the official Arch repos (AUR only)
and the upstream project is abandoned. Installing this profile would
always fail with a pacman "not found" error.
* Fix sway+nvidia confirmation dialog (#4481)
Two bugs in the Sway+Nvidia driver confirmation:
1. The boolean was inverted - confirming "yes, I'm okay with issues"
reverted the driver to the previous choice instead of keeping it.
2. The warning triggered for any Nvidia driver, including the
open-source nouveau driver which is officially supported by Sway.
Add GfxDriver.is_nvidia_proprietary() and is_nvidia_nouveau() methods
so the warning fires only for nvidia-open-dkms (proprietary userspace).
* Address review feedback (#4485)
- Drop is_nvidia_nouveau() helper. It is not called anywhere yet; can
be re-added when a consumer lands.
- Collapse the Sway+Nvidia confirmation result handling into a single
expression now that allow_skip=False guarantees a boolean answer.
* Make network configuration mandatory with explicit "No network" option
* Add network configuration recommendation hint and disable sorting
* Warn when network selection was skipped instead of making it mandatory
Replace the mandatory network_config menu requirement with a yellow
warning on the final confirmation screen, shown only when the user
skipped the network menu entirely. Explicitly picking "No network
configuration" is treated as a conscious choice and does not trigger
the warning.
- Drop mandatory=True from the network_config global menu item
- Rename NicType.NONE menu label from "No network" to
"No network configuration" (an installed system still has an NIC;
only the install-time configuration is absent)
- Add ConfigurationOutput.get_install_warnings() and render them in
confirm_config when show_install_warnings=True
- guided.py and minimal.py enable the warning on the confirm screen
- Reuse the existing "No network configuration" msgid in .pot; add the
warning string; update Ukrainian translations accordingly
* Drop NicType.NONE from this PR
The NONE option introduced earlier in this branch is being removed per
review feedback (#4408). Whether to add explicit "None" options across
multiple menus (greeter, gfx driver, network, bootloader) is now being
discussed in #4464 and should land as a separate change there.
This PR keeps only the warning-on-confirm behaviour: when the user
skipped the network menu entirely (network_config is None), a yellow
warning is shown on the final confirmation screen.
First Edit :
- "effort" is singular so use has not have
Second Edit :
- we use "an" before vowel sounds (an old )
Third Edit :
- use Sometimes because sometimes means occasionally and Some times means some period or era
Fourth Edit :
- Plural of ISO is ISOs not ISO's
* Show install summary when configuration is valid
Previously the Install menu preview was empty when everything was valid,
leaving the user with no "ready" signal. Now show "Ready to install"
plus a two-column summary of the current configuration.
- New _install_summary() composes an aligned key/value table with rows
for disks+FS+LUKS, bootloader, kernel, profile, greeter, package
count, network, locale and timezone. Column width adapts to the
longest translated label so translations keep the alignment.
- Rows whose underlying config is not set are skipped rather than
rendered as empty.
- base.pot / uk base.po: add new msgids for summary labels.
* Move install summary into ConfigurationOutput
The summary helper that renders the install preview's two-column
configuration overview lived in GlobalMenu. Move it to
ConfigurationOutput.as_summary() so it sits alongside the JSON
output methods that share the same role. The preview now syncs
menu state to ArchConfig and delegates rendering.
renovate[bot]
BB
Anton Hvornum
utuhiro78
Daniel Girtler
Clinton Phillips
Softer
Matteo
HADEON
stinga11
Lena Pastwa
aronmr-1
correctmost
Steen Rabol
Hassaan Amin
Franco Castillo