RE-ARCH Package Management

Comprehensive guide to RE-ARCH's security-first package management philosophy and four-tier architecture.

🔒 Security-First Philosophy

RE-ARCH implements a security-first package management strategy that prioritizes system stability, security, and maintainability through clear separation of concerns:

🚨 Golden Rule: Separation of Concerns

Never install GUI applications (Firefox, LibreOffice, GIMP, etc.) via pacman - always use Flatpak for enhanced security and system stability.

📦 Four-Tier Package Architecture

RE-ARCH uses a carefully designed four-tier package management system:

1. 🔨 pacman - System Foundation

Primary Role: Core system components and essential command-line tools
Security Model: Direct system access, administrator-controlled
Update Strategy: Conservative, follows Arch Linux stability model

What to install with pacman:

• ✅ System libraries: glibc, systemd, kernel modules
• ✅ Command-line tools: git, curl, wget, nano, htop
• ✅ Development tools: gcc, make, python, nodejs
• ✅ System utilities: file system tools, network utilities
• ✅ Base system: base-devel, linux headers

What NOT to install with pacman:

• ❌ GUI applications: Firefox, Chrome, LibreOffice, GIMP
• ❌ Media players: VLC, MPV (unless CLI-only)
• ❌ Office suites: LibreOffice, OnlyOffice
• ❌ Development IDEs: VS Code, IntelliJ (use Flatpak instead)

2. 📱 Flatpak - Secure Applications

Primary Role: Sandboxed, secure GUI applications
Security Model: Containerized execution with permission controls
Update Strategy: Independent application lifecycle management

Why Flatpak for GUI apps:

• 🔒 Sandboxing: Applications run in isolated containers
• 🛡️ Permission control: Granular permission management
• 🔄 Independent updates: Apps update separately from system
• 🌍 Universal: Works across all Linux distributions
• 🧩 Dependency isolation: No conflicts with system packages

What to install with Flatpak:

• ✅ Web browsers: Firefox, Chrome, Chromium, Brave
• ✅ Office suites: LibreOffice, OnlyOffice
• ✅ Media players: VLC, MPV
• ✅ Development IDEs: VS Code, IntelliJ IDEA
• ✅ Creative tools: GIMP, Inkscape, Blender
• ✅ Communication: Discord, Signal, Telegram

Common Flatpak commands:

# Search for applications
flatpak search firefox

# Install application
flatpak install flathub org.mozilla.firefox

# Update all applications
flatpak update

# List installed applications
flatpak list

# Remove application
flatpak uninstall org.mozilla.firefox

3. 📦 AUR - Specialized Tools

Primary Role: Community-maintained specialized packages
Security Model: User-compiled with manual review required
Update Strategy: Community-driven with user validation

When to use AUR:

• 🔧 Specialized tools: Not available in official repos or Flatpak
• 🎮 Gaming utilities: Steam tools, game-specific utilities
• 🛠️ Development tools: Niche development packages
• 📚 Academic software: Research tools, scientific applications

AUR Helper - paru:

# Install paru (if not already installed)
# See Post-Installation Setup for instructions

# Search AUR
paru -Ss package-name

# Install from AUR
paru -S package-name

# Update AUR packages
paru -Syu

# Remove AUR package
paru -R package-name

AUR Security Guidelines:

• 📖 Always review PKGBUILDs before installation
• 🔍 Check package popularity and maintainer history
• ⚠️ Avoid orphaned packages without active maintainers
• 🔄 Update regularly to get security fixes

4. 🍺 Homebrew - Development Environment

Primary Role: Isolated development tool management
Security Model: User-space installation without system modification
Update Strategy: Independent development environment lifecycle

Why Homebrew for development:

• 🔒 User isolation: Installs in user directory
• 🧩 Environment separation: Doesn't interfere with system
• 🌍 Cross-platform: Same tools on Linux and macOS
• 📦 Package versions: Multiple versions of same tool

What to install with Homebrew:

• ✅ Programming languages: Python, Node.js, Ruby versions
• ✅ Development tools: kubectl, terraform, docker-compose
• ✅ CLI utilities: Modern alternatives to traditional tools
• ✅ Build tools: cmake, gradle, maven

Common Homebrew commands:

# Search for packages
brew search package-name

# Install package
brew install package-name

# Update all packages
brew update && brew upgrade

# List installed packages
brew list

# Remove package
brew uninstall package-name

🛡️ RE-ARCH Security Enhancements

System-Level Protection

• Firewalld: Active firewall protection enabled by default
• Btrfs Snapshots: Automatic system state protection with rollback capability
• Package Verification: Cryptographic signature validation for all packages
• Minimal Attack Surface: Lean system with only essential components

Application Sandboxing

• Flatpak Isolation: Applications run in secure containers
• Permission Management: Granular control over application capabilities
• Runtime Separation: Shared runtimes reduce system bloat
• Automatic Updates: Security patches delivered independently

Multilib Repository

Enabled by default for 32-bit compatibility:

• 🎮 Steam: Native 32-bit game support
• 🍷 Wine: Windows application compatibility
• 🎯 Legacy applications: Older 32-bit software

Gaming Package Recommendations

Via pacman:

• steam - Steam client and runtime
• wine - Windows compatibility layer
• lutris - Game management platform

Via Flatpak:

• com.valvesoftware.Steam - Sandboxed Steam
• net.lutris.Lutris - Gaming platform
• org.polymc.PolyMC - Minecraft launcher

🔄 Update Strategy

System Updates (pacman)

# Full system update
sudo pacman -Syu

# Update package databases only
sudo pacman -Sy

# Check for available updates
checkupdates

Application Updates (Flatpak)

# Update all Flatpaks
flatpak update

# Check for available updates
flatpak remote-ls --updates

AUR Updates (paru)

# Update AUR packages
paru -Syu

# Check for AUR updates only
paru -Qua

Development Tools (Homebrew)

# Update Homebrew and packages
brew update && brew upgrade

# Check for available updates
brew outdated

🛡️ Security Best Practices

1. Package Verification

# Verify package signatures (pacman)
sudo pacman -S --verify package-name

# Check Flatpak permissions
flatpak info --show-permissions app-id

# Review AUR PKGBUILDs
paru -G package-name  # Downloads PKGBUILD for review

2. Regular Updates

• Daily: Check for Flatpak updates
• Weekly: Full system update with pacman
• Monthly: AUR package updates and cleanup

3. Package Cleanup

# Remove orphaned packages (pacman)
sudo pacman -Rns $(pacman -Qtdq)

# Clean package cache
sudo pacman -Sc

# Remove unused Flatpaks
flatpak uninstall --unused

# Clean Homebrew cache
brew cleanup

🔧 Configuration Files

pacman Configuration

File: /etc/pacman.conf Key settings:

• ParallelDownloads = 5 - Faster downloads
• Color - Colored output
• VerbosePkgLists - Detailed package information

Flatpak Configuration

System: /var/lib/flatpak/ User: ~/.local/share/flatpak/ Configuration: ~/.config/flatpak/

paru Configuration

File: ~/.config/paru/paru.conf Key settings:

• BottomUp - Show results from bottom
• RemoveMake - Remove build dependencies
• CleanAfter - Clean build files after installation

🚨 Common Issues and Solutions

Package Conflicts

# Force reinstall conflicting package
sudo pacman -S --overwrite "*" package-name

# Resolve dependency conflicts
sudo pacman -Syu --ignore=problem-package

Flatpak Issues

# Reset Flatpak permissions
flatpak permission-reset

# Repair Flatpak installation
flatpak repair --user

AUR Build Failures

# Update base-devel
sudo pacman -S base-devel

# Clean build directory
rm -rf ~/.cache/paru/clone/package-name

📊 Package Statistics

Default Installation Breakdown

• pacman packages: ~150 essential system packages
• Flatpak apps: 0 (user installs post-installation)
• AUR packages: 0 (optional, user-driven)
• Homebrew packages: 0 (development-focused)

Storage Usage

• System packages: ~8-12GB
• Flatpak runtimes: ~2-4GB (shared among apps)
• AUR packages: Varies by package
• Homebrew: ~1-2GB for typical development setup

---

For post-installation application setup, see Post-Installation Setup.