Secure Manjaro Linux Software Repositories

Secure Manjaro Linux Software Repositories

07 Aug 2020, 08:32am TZ +05:30
linux, manjaro
tips, tools, Security

Typically in Arch Linux all the software repositories or mirrors that are used have https as default.

In Manjaro Linux that is not the case by default.

Let’s fix that !

We love Manjaro Let’s make it more Secure!

Note: It is important that you update these repositories right after the fresh installation of Manjaro Linux, else it would not be effective.

Step 1 : Fixing the Protocol #

In-order to achieve this we need to modify the /etc/pacman-mirrors.conf file.

Typically the file would look like this:

##
## /etc/pacman-mirrors.conf
##

## Branch Pacman should use (stable, testing, unstable)
Branch = stable

...

## Define protocols and priority
##   separated by comma 'https,http' or 'http,https'
## ATM available protocols are: http, https, ftp
## Not specifying a protocol will ban the protocol from being used
## If a mirror has more than one protocol defined only the first is written to the mirrorlist
## Empty means all in reversed alphabetic order
# Protocols =

## When set to False - all certificates are accepted.
## Use only if you fully trust all ssl-enabled mirrors.
# SSLVerify = True

The interesting lines are # Protocols = and # SSLVerify = True.

We need to change the Protocol to https. And we also need to make sure the certificates of the repository are correct SSLVerify.

To do that, here are simple sed replace script:

# Switch the Protocol to HTTPS
sudo sed -i 's/# Protocols =/Protocols = https/g' /etc/pacman-mirrors.conf
# Enable SSL Certificate Verification
sudo sed -i 's/# SSLVerify/SSLVerify/g' /etc/pacman-mirrors.conf

Once you are done with this your default protocol are updated.

However we still don’t have the repository URL’s Switched to https.

Step 2 : Update the Repository URL’s #

This one is quite simple.

# Update the Mirror List with max timeout for search 5 seconds
sudo pacman-mirrors --timeout 5 --country United_States Japan
# Update all Packages from these updated mirrors
sudo pacman -Syyu

The important point to note in the above command is - which country is near to your location. In my case I am using United_States and Japan based repositories.

If you are un-sure of which country code / name to use use this command.

# List out the Countries where Manjaro Pacman mirrors are available
sudo pacman-mirrors --country-list

Wish you All the Best #

Hope this would help you enhance your Manjaro Linux awesomeness.

As always, I look forward to your suggestion and comments. DM me on Twitter .

References #