Toggle menu
Toggle preferences menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

Arch User Repository

From atl.wiki
Revision as of 01:55, 6 June 2024 by PratyushKing (talk | contribs) (general aur helper commands added)

AUR which is also known as the Arch User Repository is a community-driven repository of PKGBUILDs, anyone can upload a package to the AUR (we will talk about how to do that in this article) and anyone can take down a package too from the AUR which just a simple letter to the mailing list (which stats say that at least 2-3 people are always active trying to look out for malicious PKGBUILD files). Basically, all the PKGBUILD is, it's a way to create an Arch Package, typically having an extension of .pkg.tar.zst (pkg meaning package, tar being a way to merge multiple files/folders into one, zst being a way to compress the file). Such a package with that extension can be installed via the command sudo pacman -U <file>.pkg.tar.zst. However, we would not be going in detail about that.

AUR is also very much known to have broken packages (as later said in this article, you can easily add a package to AUR with 0 pushbacks 90% of the time), however if you read the PKGBUILDs (with an AUR helper that gives you the option to do so) then you can easily figure out if it will install or not. In a simple context, the average PKGBUILD will have two functions, it will be structured and functioned just like a regular bash script with metadata at top and two functions below, first function is the prepare() function and the other is package() function, to be short : the prepare function creates a directory for the package it is supposed to make and then adds all binaries, config files into how pacman will understand, the package function will just add final scripts, make the package (via makepkg) and then install it through pacman, however this is not always the case since all PKGBUILDs are just like regular bash scripts, you can just have a prepare function to check the files downloaded through source and the package function just putting the files in user directories, this way you won't need root permissions at all. We will see that in detail.[1]

Significance

AUR being one of the biggest package sources in the Linux community, it has over 60,000 packages and active volunteers to quality check the unfiltered packages. AUR packages are very creative in their own regard also, from people managing to install packages from other formats (.deb) where it's not even made for Arch Linux[2] to people using Windows Electron applications and modifying it to work on Linux[3], it is no surprise that you can find almost any package possible on the AUR.

Safety

With the great power of the AUR, you will be surprised by how secure it is, most people say it is very unsafe, however if you get the habit of reading the PKGBUILD files before installing them, you will never run into issues, but this is not even that severe of a security flaw due to how many people are always checking new packages submitted.

The main issue starts with a famous term "dependency hell" which to be short means "installing separate packages that require a certain dependency of a specific version but they both have separate version requirements so you end up with a broken installation". Yeah, it sounds very complicated, because it is. Basically, if you have any 2 separate packages, one could be from your extra or core repositories (check the pacman page to learn about default repositories) and the other one could be from the AUR, well if the package maintainer of the AUR package and the package from the extra's repository, let's say depends on ffmpeg and it requires a very old version, well since the packages on the extra's repository are always kept up-to-date as soon as possible, you might end up having a "dependency hell" where pacman wants to use a newer version for the package in extra repository but the AUR package requires an older version and then you end up with a corrupted package and if the package is an important package for the system, you will end up with a full corrupted install.

Naming Scheme

This is a very strictly enforced naming scheme in the AUR and it is basically adding a suffix that determines the package type.. The main ones are:

  • -git : which means that the package will clone and build manually through a git repository. (Most likely GitHub or GitLab repository)
  • -bin : which means that the package will just fetch a pre-compiled binary and install the configuration files. (RECOMMENDED)
  • No Suffix : which means that the package is either proprietary or it is compiling or source-based package. Just see the PKGBUILD for this one.

Now, ideally you would pick the -bin package or a proprietary package with no suffix meaning that it will just use binary anyways (because you cannot manually compile programs without source code), this is because it is much faster to use a pre-compiled binary as opposed to letting it manually clone, build and install.

Installing AUR packages

This might be a little complicated for those who aren't familiar with the way Arch Linux packages work but it is quite easy to grab.

Basically, if you used archinstall[4] for your system, you probably have this package called base-devel, it means base development and this is what allows us to install packages from the AUR repository, you must have git installed too since we need to clone packages. If you installed Arch Linux the manual way you have probably pacstrapped it because it is recommended in the ArchWiki, if you haven't then please install base-devel through pacman.

To summarize, installing any package from AUR is basically getting a PKGBUILD that tells the system to create a package and install, it is kind of weird but essentially an AUR package is instructions to make an Arch Linux package. We will try to install the waterfox-bin[5] package because it is not available in the extra or core repository. (To understand the -bin suffix, please check the naming scheme above).

To install waterfox-bin[5] via the AUR, you have to install git and base-devel via pacman as said earlier. Then you will use git clone https://aur.archlinux.org/waterfox-bin.git, that will clone the PKGBUILD for Waterfox and put it in your current directory. Use cd waterfox-bin to go inside that directory and then run makepkg -si which will use makepkg to make the package and ask to install it. What we are doing here is using a single file to build an Arch Linux package for us and install that. This will successfully install the package. Yeah, it was that easy, to make it more easy however, we have AUR Helpers.

AUR Helpers

There are majorly 8 AUR helpers but only 3 most commonly used ones, namely:

  • yay[6] (Yet another yogurt) : This is the most widely used AUR helper and is also surprisingly the most downloaded package on the AUR! It is written in go but it has a lot of propaganda behind it that it is dying and it is dead, one of the main developers from yay actually started paru, which is our next AUR helper.
  • paru[7] : This is by far the second most recognized AUR helper in the community and it is the most recent one, being made by one of the main developers of yay, it should be no surprise here that it is fully feature packed and offers a lot of features, we recommend this the most due to how it always forces you to review PKGBUILDs that you try to install, this always keeps you safe and forces you to be careful. It can get annoying sometimes but it is a very good habit to maintain especially if you like to scavenger hunt new packages every day. This AUR helper is written in Rust.
  • pacaur[8] : This is out of date nowadays and does not receive any support due to it lacking a lot of features, originally it was started as an AUR helper that minimizes user interaction but it is not being actively used right now and it is written in Bash. It is quite nostalgic to a lot of people so it is still fairly widely used.

There are other AUR helpers but these 3 are the most common and easiest to use. We will focus with paru because of it being the most verbose AUR helper, it has some unsafe flags but you won't encounter it in most cases.

To install an AUR helper, you do it just like a package except we will use the -bin versions of the package, see this is what most beginners in the community do wrong, they install the regular without -bin suffix AUR helper package build file. As we saw earlier at naming schemes, without that suffix, the package will be manually cloned and compiled then put into your system, but using the -bin packages just use a pre-compiled binary.

This is a guide to install paru AUR helper but you can use the same with any AUR helper by just switching the names.

  1. Run this command sudo pacman -S base-devel git --needed --noconfirm . This command looks very scary but it just installs git and the required package commands we want, it will not ask the user for any (y/n) but rather just do it and it will also prevent reinstalling so if you have both of these installed, it will just say that it is already installed and that it is skipping.
  2. Then you run git clone https://aur.archlinux.org/paru-bin.git --depth=1, that will download our PKGBUILD from the AUR, this is one of the most common beginner mistake, they complain it takes too long but they never download the binary PKGBUILD script. The --depth=1 flag is to just tell git to not get previous commit information and only get commit information from the last <n> number of commits, which here is 1 since we will just build and remove that directory. Once it is cloned, cd into that directory.
  3. Once you are inside the directory, run makepkg -si and then wait, depending on your network you should take roughly 2-10 minutes to download and install. After it is done, just run paru and check. (if you do leave your devices and when you come back you see that it was waiting for root permission and that it had quit now saying timeout exceeded, you can just do a ls and check, there should be a package file [extension: .pkg.tar.zst], if it does then just do sudo pacman -U <file>.pkg.tar.zst)

Done! Now you can enjoy installing packages. With paru you might want to change this one main thing, go into your /etc/paru.conf file with your favorite text editor. The most important thing you have to change is:

Since paru by default when just ran with example: paru brave, it will by default print from first to last but there's a problem, now you cannot get the most relevant one to your search and end up with a lot of useless packages at the start, well you should un-comment the line where it says BottomUp in the configuration file, if it is not there just add a new line under the options category and write BottomUp.

Other than that you can play around and add or remove flags however you like but don't forget to add/uncomment Color from the /etc/pacman.conf file because yes that effects to paru also. You can add ILoveCandy for quirky progress bars.

General AUR Helper Commands

Spotlight to the paru AUR helper but all these commands should work with yay which is about 90% of users when paru + yay are combined.

Commands List
Command Purpose Is marked unsafe?
paru & paru -Syu Both update all packages from pacman and the AUR paru -Sy is marked unsafe.
paru <package_name> This command tells paru to search the AUR and allow you to select one or multiple packages to download and install from the AUR No
paru -S <package_name> Unless the AurOnly flag is not enabled in the configuration file, this will install a package if that specific name is a packge from the AUR or from pacman No
paru -Ss <package_name> Will act the same way as paru <package_name> would except it will not allow you to select anything but rather just print a list in the same format No
paru -Sua Will only upgrade packages from the AUR No
paru -Rns This will remove an AUR package (or a regular system package without the AurOnly flag) and will remove any configuration files it had. No
paru -Rnsc This will remove an AUR package (or a regular system package without the AurOnly flag) and will remove any configuration files it had except it will also remove all cascading dependencies the program had installed. No, but it can be dangerous if you don't check the packages

PKGBUILDs

(WORK IN PROGRESS)