DEV Community


Posted on

Arch Linux: Stop recommending people to use makepkg for the AUR

This is relevant to Arch Linux and the Arch User Repository. If you don't know what that is, no need to read this article.

Alright, there seems to be around 3 kinds of people:

  1. "Pacman should be like apt"
  2. "You probably want an AUR helper"
  3. "Real men use makepkg"

2/3 of these people know that adding a custom repository to get a program is HORRIBLE security-wise. That's not worth mentioning.
I will instead be focusing on eliminating the 3rd kind, leaving us with the second (which I'm a part of).

Let me tell you a tale of how I got used to the AUR.
Immediately when I started off, I wanted to be the 3rd kind. I wanted to use only the official tools. "Real men don't need no helper" or whatever. I scanned the wiki on my phone (Arch wasn't completely set up yet), and found out how to install packages. I failed to find out how to update them, so I assumed pacman did that for you. I started cloning all packages to ~/Downloads, building them, and deleting them.
That was my first pitfall. Already, I had made a mistake. I needed to keep them updated. Alright, that's simple enough. I re-downloaded all my packages (TIP: pacman -Qm) to ~/AUR. Then I made a bash script to git pull all the things, and building them if there was anything to update (NOTE: I hadn't thought of -git packages).
This is what I used for a while. And it worked, except it required a lot of interaction. I had to copy the URL, cd, git clone, cd, makepkg. I started avoiding the AUR as much as I could. Alright, simple fix: Just make a bash script to download it? No. This is where I stopped. And I'll tell you why in a second.
But first I want to inject that I never checked any other files than the PKGBUILDs. I never read the wiki carefully enough, so I failed to realize that ALL files could contain viruses. If I had used a helper, this risk would have been avoided all together.

I saved my most important point to last. If you make shell scripts around the manual way of doing it, are you really still using the manual way...
...or have you created a helper?

Top comments (13)

cirrus profile image
OnFileNotWanted • Edited

i think the general conSENSEus on #archlinux is that, by all means use an AUR helper, BUT familiarise yourself with mkpkg beforehand as the said helper WILL break on pacman updates. Forewarned if forearmed
heres a wee shell script, by default it opens the PKGBUILD in $EDITOR for you to peruse BEFORE installing anything
OnFileNotWanted's DEV Profile

archy_1337 profile image


Some comments may only be visible to logged-in visitors. Sign in to view all comments.