AUR (en) - sing-box

Search Criteria

Enter search criteria

Search by

Keywords

Out of Date

Sort by

Sort order

Per page

Package Details: sing-box 1.13.12-1

Package Actions

Git Clone URL:	https://aur.archlinux.org/sing-box.git (read-only, click to copy)
Package Base:	sing-box
Description:	The universal proxy platform.
Upstream URL:	https://sing-box.sagernet.org/
Licenses:	LicenseRef-sing-box
Conflicts:	sing-box-beta, sing-box-git
Submitter:	everyx
Maintainer:	everyx (lilac)
Last Packager:	lilac
Votes:	25
Popularity:	1.41
First Submitted:	2022-09-15 09:44 (UTC)
Last Updated:	2026-05-15 13:14 (UTC)

Dependencies (6)

glibc (glibc-git^AUR, glibc-eac^AUR, glibc-git-native-pgo^AUR)
clang (llvm-git^AUR, clang-minimal-git^AUR, clang17-bin^AUR) (make)
go (go-git^AUR, gcc-go-git^AUR, go-bin^AUR, goup-rs^AUR, gcc-go-snapshot^AUR, gcc-go) (make)
lld (llvm-git^AUR) (make)
sing-geoip-rule-set (sing-geoip-rule-set-git^AUR) (optional) – GeoIP rule sets
sing-geosite-rule-set (sing-geosite-rule-set-git^AUR) (optional) – GeoSite rule sets

Required by (14)

gui.for.singbox (optional)
metacubexd (optional)
metacubexd-bin (optional)
mimic-node-git (optional)
phantom-browser-bin (optional)
s-ui-git
serenity (optional)
serenity-bin (optional)
serenity-git (optional)
v2ray-rs (optional)
yacd-ghp-bin (optional)
yacd-git (optional)
yacd-meta-ghp-bin (optional)
zashboard-bin (optional)

Sources (1)

sing-box-1.13.12.tar.gz

Pinned Comments

everyx commented on 2026-03-06 01:13 (UTC)

This package will be automatically updated via CI. Please mark it as expired only if it has not been updated within 24 hours after a new version is released.

Latest Comments

« First ‹ Previous 1 2 3 4 5 Next › Last »

akiirui commented on 2025-03-25 03:18 (UTC) (edited on 2025-08-20 14:00 (UTC) by akiirui)

This is my sing-box@.service, using DynamicUser：

/etc/systemd/system/sing-box@.service

[Unit]
Description=sing-box service
Documentation=https://sing-box.sagernet.org
After=network.target nss-lookup.target network-online.target

[Service]
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
DynamicUser=yes
CacheDirectory=sing-box-%i
CacheDirectoryMode=755
LoadCredential=config.json:/etc/sing-box/%i.json
ExecStart=/usr/bin/sing-box run -c ${CREDENTIALS_DIRECTORY}/config.json -D ${CACHE_DIRECTORY}
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=10s
LimitNOFILE=infinity

[Install]
WantedBy=multi-user.target

/etc/systemd/system/sing-box@PROFILE.service.d/override.conf

[Service]
LoadCredential=cert:/etc/letsencrypt/live/EXAMPLE.COM/fullchain.pem
LoadCredential=key:/etc/letsencrypt/live/EXAMPLE.COM/privkey.pem

PROFILE.json

"tls": {
  ...
  "key_path": "/run/credentials/sing-box@PROFILE.service/key",
  "certificate_path": "/run/credentials/sing-box@PROFILE.service/cert"
}

everyx commented on 2024-11-22 09:39 (UTC)

One solution would be to make the config not readable by non-root users and load it using LoadCredentials in the systemd service.

@Poscat In fact, most users who care about this should create a configuration file under /etc/sing-box/ themselves, set the permissions, and then enable sing-box@[config_file_name].service.

However, can you send me a patch to my email? I will carry out a review.

Poscat commented on 2024-11-22 09:19 (UTC)

One solution would be to make the config not readable by non-root users and load it using LoadCredentials in the systemd service.

everyx commented on 2024-11-19 03:38 (UTC)

Are there any reasons the default config is readable by anyone? This seems to be a potential security issue :/

@Poscat Since the sing-box user is created by systemd-sysusers, modifying the file group to sing-box within the PKGBUILD should not work. I'm not sure what the best practice is for this type of requirement. Do you have any related suggestions?

Poscat commented on 2024-11-18 09:52 (UTC)

Are there any reasons the default config is readable by anyone? This seems to be a potential security issue :/

everyx commented on 2024-04-14 01:50 (UTC)

add gopath to build so that it doesn't pollute your home dir export GOPATH="$SRCDEST/go-modules"

@kevku Setting GOPATH="$SRCDEST/go-modules can be a helpful solution if they haven't already configured a GOPATH, I will submit an update soon.

kevku commented on 2024-04-11 08:36 (UTC)

add gopath to build so that it doesn't pollute your home dir

export GOPATH="$SRCDEST/go-modules"

rocka commented on 2024-02-03 10:34 (UTC)

When using tun inbound with systemd-resolved, sing-box would execute resolvectl commands to modify default DNS route and search domain, but sing-box user does not have this privilege.

ref: https://github.com/SagerNet/sing-box/issues/477 https://github.com/SagerNet/sing-tun/blob/38c945fec5df642b1ee0895c5c3a75a3f1276341/tun_linux.go#L821-L824

I suggest install a polkit rule file to /usr/share/polkit-1/rules.d/sing-box-tun.rules:

// Allow sing-box to set domain and default-route
polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.resolve1.set-domains" ||
         action.id == "org.freedesktop.resolve1.set-default-route" ||
         action.id == "org.freedesktop.resolve1.set-dns-servers") &&
        subject.user == "sing-box") {
        return polkit.Result.YES;
    }
});

This would allow sing-box user to modify systemd-resolved DNS configuration without manual authorization.

merrkry commented on 2024-01-12 11:17 (UTC)

sing-box 的默认构建标记已经包含 with_dhcp，请求添加。