overthinkos/cachyos-pacstrap
distros/skills/cachyos-pacstrap/SKILL.md
Bootstrap-from-scratch CachyOS rootfs via pacstrap inside a privileged builder. Builds end-to-end as of charly 2026.141.1850 (shared pacstrap renderer emits Architecture + SigLevel); retained for offline/air-gapped builds. Lives in the overthinkos/cachyos submodule (box/cachyos). MUST be invoked before building or troubleshooting cachyos-pacstrap.
development
Updated Jun 11, 2026
$ install --global
skillsauthnpx skillsauth add overthinkos/overthink-plugins cachyos-pacstrapInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 11, 2026, 7:01 AM139.3s1 file scanned
SKILL.md
- name:
- cachyos-pacstrap
- description:
- |
cachyos-pacstrap
Bootstrap-from-scratch CachyOS root filesystem, built via pacstrap inside the
privileged /charly-distros:cachyos-pacstrap-builder container
(from: builder:pacstrap, bootstrap_builder_image: cachyos-pacstrap-builder).
Lives in
overthinkos/cachyos(git submodule atbox/cachyos). Build:charly -C box/cachyos box build cachyos-pacstrap.
When to use it (and when not)
The canonical CachyOS base (/charly-distros:cachyos) pulls the upstream-published
OCI image from Docker Hub — that is the recommended path and the one the CachyOS
project itself uses. This pacstrap variant exists for offline / air-gapped
builds and as a worked example of the from: builder:pacstrap +
bootstrap_builder_image: pattern.
pacstrap x86_64_v3 + SigLevel (fixed)
Earlier this path was unusable: the privileged pacstrap step rejected the
CachyOS x86_64_v3 packages (package architecture is not valid) and, on the
VM path, tripped GPGME signature checks (GPGME error: No data). Fixed as of
charly 2026.141.1850 by the shared renderPacstrapExtraConf helper (charly/build.go,
used by both runPrivilegedBootstrap and charly/vm_bootstrap.go):
- it derives an
[options] Architecture = x86_64 x86_64_v3directive from the cachyos-v3 repos' microarch token, so pacman acceptslinux-cachyosetc.; - it emits each repo's
SigLevel— the VM bootstrap path previously open-coded the loop and droppedSigLevel, soSigLevel = Nevercachyos repos fell back to signature-required and GPGME failed. Both paths now share one renderer (R3), so they can't diverge again.
Verified live: charly -C box/cachyos box build cachyos-pacstrap produces a
rootfs with linux-cachyos (%ARCH% = x86_64_v3) installed. (Requires an charly
with this fix — newer than the published release.) The Docker-Hub /charly-distros:cachyos
base is still the faster default (no privileged build).
Box Properties
| Property | Value |
|----------|-------|
| From | builder:pacstrap |
| bootstrap_builder_image | cachyos-pacstrap-builder |
| Distro | cachyos, arch |
| Build | pac |
| Home repo | overthinkos/cachyos (box/cachyos) |
The cachyos distro config (pacstrap base packages, CachyOS keyring
F3B607488DB35A47, mirrorlist, cachyos* repos) lives in the main repo's
build.yml and is flat-imported by the submodule (a bare-string import: item).
Cross-References
/charly-distros:cachyos— the recommended Docker-Hub base/charly-distros:cachyos-pacstrap-builder— the privileged builder it uses/charly-vm:cachyos— the VM built via the same pacstrap path
When to Use This Skill
MUST be invoked before building or debugging the CachyOS pacstrap rootfs. Invoke BEFORE reading source code or launching Explore agents.
Related Skills
overthinkos/charly
tools
VerifiedTrustedCommunity
OpenCharly CLI (charly) binary installed into container/VM images for in-container use. Use when working with charly binary deployment inside containers, native D-Bus support, or the full charly toolchain (charly binary + virtualization + gocryptfs + socat).
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-cachyos
development
VerifiedTrustedCommunity
Operator CachyOS workstation profile — a kind:local template + target:local deploy that installs the full dev stack (30 candies) onto a CachyOS host via ShellExecutor. Lives in the overthinkos/cachyos submodule. MUST be invoked before editing or applying the charly-cachyos workstation profile.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-fedora
tools
VerifiedTrustedCommunity
Fedora box with the full charly toolchain using shared candies. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Same candy list as charly-arch. Includes NVIDIA GPU runtime. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-fedora box.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-arch
tools
VerifiedTrustedCommunity
Arch Linux box with the full charly toolchain. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Composes /charly-coder:charly-mcp so the box is reachable as an MCP gateway on port 18765. NVIDIA GPU runtime composed in. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-arch box.
SKILL.mdUpdated Jun 10, 2026