User:Quequotion/Arch User Repository: Difference between revisions

From ArchWiki
(→‎What is a Trusted User (TU)?: Clarify that the TU role in [community] is two-fold: they manage the repository itself AND the packages therein)
(→‎How do I create a PKGBUILD?: link to rules of submission)
Line 190: Line 190:
=== How do I create a PKGBUILD? ===
=== How do I create a PKGBUILD? ===


Be sure to check the AUR to avoid duplicating efforts, then see [[creating packages]].
Consult [[User:Quequotion/AUR submission guidelines#Rules of submission]], then see [[creating packages]].


=== I have a PKGBUILD I would like to submit; can someone check it to see if there are any errors? ===
=== I have a PKGBUILD I would like to submit; can someone check it to see if there are any errors? ===

Revision as of 16:22, 24 August 2019

The Arch User Repository (AUR) is a community-driven repository for Arch users. It contains package descriptions (PKGBUILDs) that allow you to compile a package from source with makepkg and then install it via pacman. The AUR was created to organize and share new packages from the community and to help expedite popular packages' inclusion into the community repository. This document explains how users can access and utilize the AUR.

A good number of new packages that enter the official repositories start in the AUR. In the AUR, users are able to contribute their own package builds (PKGBUILD and related files). The AUR community has the ability to vote for packages in the AUR. If a package becomes popular enough — provided it has a compatible license and good packaging technique — it may be entered into the community repository (directly accessible by pacman or abs).

Warning: AUR packages are user produced content. Any use of the provided files is at your own risk.

Getting started

Users can search and download PKGBUILDs from the AUR Web Interface. These PKGBUILDs can be built into installable packages using makepkg, then installed using pacman.

  • Ensure the base-devel package group is installed in full (pacman -S --needed base-devel).
  • Glance over the #FAQ for answers to the most common questions.
  • You may wish to adjust /etc/makepkg.conf to optimize for your processor prior to building packages from the AUR. A significant improvement in compile times can be realized on systems with multi-core processors by adjusting the MAKEFLAGS variable. Users can also enable hardware-specific optimizations in GCC via the CFLAGS variable. See makepkg for more information.

It is also possible to interact with the AUR through SSH: type ssh aur@aur.archlinux.org help for a list of available commands.

History

In the beginning, there was ftp://ftp.archlinux.org/incoming, and people contributed by simply uploading the PKGBUILD, the needed supplementary files, and the built package itself to the server. The package and associated files remained there until a Package Maintainer saw the program and adopted it.

Then the Trusted User Repositories were born. Certain individuals in the community were allowed to host their own repositories for anyone to use. The AUR expanded on this basis, with the aim of making it both more flexible and more usable. In fact, the AUR maintainers are still referred to as TUs (Trusted Users).

Between 2015-06-08 and 2015-08-08 the AUR transitioned from version 3.5.1 to 4.0.0, introducing the use of Git repositories for publishing the PKGBUILDs. Existing packages were dropped unless manually migrated to the new infrastructure by their maintainers.

Git repositories for AUR3 packages

The AUR Archive on GitHub has a repository for every package that was in AUR 3 at the time of the migration. Alternatively, there is the aur3-mirror repository which provides the same.

Installing packages

Installing packages from the AUR is a relatively simple process. Essentially:

  1. Acquire the build files, including the PKGBUILD and possibly other required files, like systemd units and patches (often not the actual code).
  2. Verify that the PKGBUILD and accompanying files are not malicious or untrustworthy.
  3. Run makepkg -si in the directory where the files are saved. This will download the code, resolve the dependencies with pacman, compile it, package it, and install the package.
Note: It is your responsibility to track AUR package updates; pacman only tracks binary repositories. When packages in the official repositories are updated, you will need to rebuild any AUR packages that depend on them.

Prerequisites

First ensure that the necessary tools are installed by installing the base-devel group in full which includes make and other tools needed for compiling from source.

Note: Packages in the AUR assume that the base-devel group is installed, i.e. they do not list the group's members as dependencies explicitly.

Next choose an appropriate build directory. A build directory is simply a directory where the package will be made or "built" and can be any directory. The examples in the following sections will use ~/builds as the build directory.

Acquire build files

Locate the package in the AUR. This is done using the search field at the top of the AUR home page. Clicking the application's name in the search list brings up an information page on the package. Read through the description to confirm that this is the desired package, note when the package was last updated, and read any comments.

There are several methods for acquiring the build files for a package:

  • Via git: This is the preferred method. Clone the repository labelled "Git Clone URL" in the "Package Details" on its AUR page:
$ git clone https://aur.archlinux.org/package_name.git
Note: An advantage of this method is that you can easily get updates to the package via git pull.
  • Download a snapshot: Either by clicking the "Download snapshot" link under "Package Actions" on the right hand side of its AUR page, or from the terminal:
$ curl -L -O https://aur.archlinux.org/cgit/aur.git/snapshot/package_name.tar.gz
The snapshot file is compressed, and must be extracted (preferably in a directory set aside for AUR builds):
$ tar -xvf package_name.tar.gz

Build and install the package

Change directories to the directory containing the package's PKGBUILD.

$ cd package_name
Warning: Carefully check the PKGBUILD, any .install files, and any other files in the package's git repository for malicious or dangerous commands. If in doubt, do not build the package, and seek advice on the forums or mailing list. Malicious code has been found in packages before. [1]

View the contents of all provided files. For example, to use the pager less to view PKGBUILD do:

$ less PKGBUILD
Tip: If you are updating a package, you may want to look at the changes since the last commit.
  • To view changes since the last git commit you can use git show.
  • To view changes since the last commit using vimdiff, do git difftool @~..@ vimdiff. The advantage of vimdiff is that you view the entire contents of each file along with indicators on what has changed.

Make the package. After manually confirming the contents of the files, run makepkg as a normal user:

$ makepkg -si
  • -s/--syncdeps automatically resolves and installs any dependencies with pacman before building. If the package depends on other AUR packages, you will need to manually install them first.
  • -i/--install installs the package if it is built successfully. Alternatively the built package can be installed with pacman -U package_name.pkg.tar.xz.

Other useful flags are

  • -r/--rmdeps removes build-time dependencies after the build, as they are no longer needed. However these dependencies may need to be reinstalled the next time the package is updated.
  • -c/--clean cleans up temporary build files after the build, as they are no longer needed. These files are usually needed only when debugging the build process.
Note: The above example is only a brief summary of the build process. It is highly recommended to read the makepkg and ABS articles for more details.

Feedback

The AUR provides various means for users to communicate with package maintainers, provided they have setup an account on the AUR Web Interface.

Commenting on packages

Comments allow users to provide suggestions or respond to updates and maintainers to respond to users or make announcements. The Python-Markdown syntax is supported, which provides basic Markdown syntax for formatting. Maintainers may pin comments by clicking the thumbtack button in their top-right corner.

Note:
  • The markdown implementation has some occasional differences with the official syntax rules.
  • Commit hashes to the Git repository of the package and references to Flyspray tickets are converted to links automatically.
  • Long comments are collapsed and can be expanded on demand.
Tip: Avoid pasting patches or PKGBUILDs into the comments section; they quickly become obsolete and just end up needlessly taking up lots of space. Instead email those files to the maintainer, or use a pastebin.

Voting for packages

One of the easiest activities for all Arch users is to browse the AUR and vote for their favourite packages. All packages are eligible for adoption by a TU for inclusion in the community repository, and the vote count is one of the considerations in that process; it is in everyone's interest to vote!

While logged in, on the AUR page for a package you may click "Vote for this package" under "Package Actions" on the right. It is also possible to vote from the commandline with aurvoteAUR, aurvote-gitAUR, aur-auto-vote-gitAUR, or aurvote-utilsAUR.

Alternatively, if you have set up ssh authentication, you can directly vote from the command line using your ssh key and avoid having to save or type in your AUR password.

$ ssh aur@aur.archlinux.org vote package_name

Flagging packages out-of-date

While logged in, on the AUR page for a package you may click "Flag package as out-of-date" under "Package Actions" on the right. You should also leave a comment indicating details as to why the package is outdated, preferably including links to a release announcement or a new release tarball. Also try to reach out to the maintainer directly by email. If there is no response after two weeks, you may file an orphan request.

Note: VCS packages are not considered out-of-date when the pkgver changes, do not flag them as the maintainer will merely unflag the package and ignore you.

Debugging packages

If you are having trouble building a package, read its PKGBUILD and the comments on its AUR page. It is possible that a PKGBUILD is broken for everyone. If you cannot figure it out on your own, report it to the maintainer (e.g. by posting the errors you are getting in the comments on the AUR page). You may also seek help in the AUR Issues, Discussion & PKGBUILD Requests forum.

  • To avoid problems caused by your particular system configuration, build packages in a clean chroot. If the build process still fails in a clean chroot, the issue is probably with the PKGBUILD.

Avoid common pitfalls:

  1. Ensure your build environment is up-to-date by upgrading before building anything.
  2. Ensure you have both base and base-devel groups installed.
  3. Use the -s option with makepkg to check and install all the dependencies needed before starting the build process.
  4. Try the default makepkg configuration.
  5. See Makepkg#Troubleshooting for common issues.

Web interface translation

See i18n.txt in the AUR source tree for information about creating and maintaining translation of the AUR web interface.

FAQ

What kind of packages are permitted on the AUR?

For most cases, everything is permitted, subject to the submission requirements.

How can I vote for packages in the AUR?

See #Voting for packages.

What is a Trusted User (TU)?

The Trusted Users are people chosen to oversee the AUR and the community repository. They also maintain the packages in community.

What is the difference between the Arch User Repository and the community repository?

The AUR stores package descriptions, maintained by community members, while the community repository stores packages, maintained by the Trusted Users. See User:Quequotion/AUR submission guidelines#Promoting packages to the community repository for more information.

Foo in the AUR is outdated; what should I do?

See #Flagging packages out-of-date.

In the meantime, you can try updating the package yourself by editing the PKGBUILD locally. Sometimes, updates do not require changes to the build or package process, in which case simply updating the pkgver or source array is sufficient.

Foo in the AUR does not compile when I run makepkg; what should I do?

You are probably missing something trivial; see #Debugging packages.

ERROR: One or more PGP signatures could not be verified!; what should I do?

Most likely you do not have the required public key(s) in your personal keyring to verify downloaded files. See Makepkg#Signature checking for details.

How do I create a PKGBUILD?

Consult User:Quequotion/AUR submission guidelines#Rules of submission, then see creating packages.

I have a PKGBUILD I would like to submit; can someone check it to see if there are any errors?

There are several channels available to submit your package for review; see User:Quequotion/AUR submission guidelines#Verifying packages.

How to get a PKGBUILD into the community repository?

See User:Quequotion/AUR submission guidelines#Promoting packages to the community repository.

How can I speed up repeated build processes?

See Makepkg#Improving compile times.

What is the difference between foo and foo-git packages?

Many AUR packages come in "stable" release and "unstable" development versions. Development packages usually have a suffix denoting their Version Control System and are not intended for regular use, but may offer new features or bugfixes. Because these packages only download the latest available source when you execute makepkg, their pkgver in the AUR does not reflect upstream changes. Likewise, these packages cannot perform an authenticity checksum on any VCS source.

See also System maintenance#Use proven software packages.

Why has foo disappeared from the AUR?

It is possible the package has been adopted by a TU and is now in the community repository.

Packages may be deleted if they did not fulfill the #Rules of submission. See the aur-requests archives for the reason for deletion.

If the package used to exist in AUR3, it might not have been migrated to AUR4. See the #Git repositories for AUR3 packages where these are preserved.

How do I find out if any of my installed packages disappeared from AUR?

The simplest way is to check the HTTP status of the package's AUR page:

$ comm -23 <(pacman -Qqm | sort) <(curl https://aur.archlinux.org/packages.gz | gzip -cd | sort)

How can I obtain a list of all AUR packages?

See also