Difference between revisions of "Arch User Repository"

From ArchWiki
Jump to navigation Jump to search
(Not sure what the point is in an almost exact duplicate of given instructions - Undo revision 377985 by TheYinYeti (talk))
(→‎Submitting packages to aur4.archlinux.org: Add notes on creating an SSH key and adding an entry to .ssh/config)
Line 343: Line 343:
For write access to the AUR users need to have an [[SSH keys|SSH key]].
For write access to the AUR users need to have an [[SSH keys|SSH key]].
The contents of a public key {{ic|.ssh/foo.pub}} need to be copied to the user profile in ''My Account''.
The contents of a public key {{ic|~/.ssh/foo.pub}} need to be copied to the user profile in ''My Account''.
It is recommended that you create a new key, rather than use an existing SSH key so that you could selectively revoke the SSH key should something happen.
It is recommended that you create a new key, rather than use an existing SSH key so that you could selectively revoke the SSH key should something happen.
The following command will create an SSH key named '''foo''' under {{ic|~/.ssh/}}:
$ ssh-keygen -C "aur" -f ~/.ssh/foo -b 4096
The next step is to edit {{ic|~/.ssh/config}} and add the following entry:
Host aur4.archlinux.org                                                       
  User aur                                                                     
  IdentityFile /home/user/.ssh/foo}}
In order to upload a package, simply clone the Git repository with the corresponding name:
In order to upload a package, simply clone the Git repository with the corresponding name:

Revision as of 20:00, 9 June 2015

ro:AUR zh-CN:Arch User Repository

The Arch User Repository (AUR) is a community-driven repository for Arch users. It contains package descriptions (PKGBUILDs) that allow you to compile a package from source with makepkg and then install it via pacman. The AUR was created to organize and share new packages from the community and to help expedite popular packages' inclusion into the community repository. This document explains how users can access and utilize the AUR.

A good number of new packages that enter the official repositories start in the AUR. In the AUR, users are able to contribute their own package builds (PKGBUILD and related files). The AUR community has the ability to vote for or against packages in the AUR. If a package becomes popular enough — provided it has a compatible license and good packaging technique — it may be entered into the community repository (directly accessible by pacman or abs).

Getting started

Users can search and download PKGBUILDs from the AUR Web Interface. These PKGBUILDs can be built into installable packages using makepkg, then installed using pacman.

  • Ensure the base-devel package group is installed (pacman -S --needed base-devel).
  • Read the remainder of this article for more info and a short tutorial on installing AUR packages.
  • Visit the AUR Web Interface to inform yourself on updates and happenings. There you will also find statistics and an up-to-date list of newest available packages available in AUR.
  • Glance over the #FAQ for answers to the most common questions.
  • You may wish to adjust /etc/makepkg.conf to better optimize for your processor prior to building packages from the AUR. A significant improvement in compile times can be realized on systems with multi-core processors by adjusting the MAKEFLAGS variable. Users can also enable hardware-specific optimizations in GCC via the CFLAGS variable. See makepkg for more information.


The following items are listed for historical purposes only. They have since been superseded by the AUR and are no longer available.

In the beginning, there was ftp://ftp.archlinux.org/incoming, and people contributed by simply uploading the PKGBUILD, the needed supplementary files, and the built package itself to the server. The package and associated files remained there until a Package Maintainer saw the program and adopted it.

Then the Trusted User Repositories were born. Certain individuals in the community were allowed to host their own repositories for anyone to use. The AUR expanded on this basis, with the aim of making it both more flexible and more usable. In fact, the AUR maintainers are still referred to as TUs (Trusted Users).


The AUR web interface can be found at https://aur.archlinux.org/, and an interface suitable for accessing the AUR from a script can be found at https://aur.archlinux.org/rpc.php.

Queries search package names and descriptions via a MySQL LIKE comparison. This allows for more flexible search criteria (e.g. try searching for tool%like%grep instead of tool like grep). If you need to search for a description that contains %, escape it with \%.

Installing packages

Installing packages from the AUR is a relatively simple process. Essentially:

  1. Acquire the tarball which contains the PKGBUILD and possibly other required files, like systemd-units and patches (but often not the actual code).
  2. Extract the tarball (preferably in a folder set aside just for builds from the AUR) with tar -xvf foo.tar.gz.
  3. Run makepkg in the directory where the files are saved (makepkg -s will automatically resolve dependencies with pacman). This will download the code, compile it and pack it.
  4. Look for a README file in src/, as it might contain information needed later on.
  5. Install the resulting package with pacman:
# pacman -U /path/to/pkg.tar.xz

AUR helpers add seamless access to the AUR. They vary in their features but can ease in searching, fetching, building, and installing from PKGBUILDs found in the AUR. All of these scripts can be found in the AUR.

Warning: There is not and will never be an official mechanism for installing build material from the AUR. All AUR users should be familiar with the build process.


First ensure that the necessary tools are installed. The package group base-devel should be sufficient; it includes make and other tools needed for compiling from source.

Warning: Packages in the AUR assume the base-devel group is installed, and AUR packages will not list members of this group as dependencies even if the package cannot be built without them. Please ensure this group is installed before complaining about failed builds.
# pacman -S --needed base-devel

Next choose an appropriate build directory. A build directory is simply a directory where the package will be made or "built" and can be any directory. Examples of commonly used directories are:


or if using ABS (the Arch Build System):


For more information on ABS read the Arch Build System article. The example will use ~/builds as the build directory.

Acquire build files

Locate the package in the AUR. This is done using the search feature (text field at the top of the AUR home page). Clicking the application's name in the search list brings up an information page on the package. Read through the description to confirm that this is the desired package, note when the package was last updated, and read any comments.

Download the necessary build files by clicking on the "Download tarball" link under "Package actions" on the right hand side. This file should be saved to the build directory or otherwise copied to the directory after downloading. In this example, the file is called "foo.tar.gz" (standard format is pkgname.tar.gz, if it has been properly submitted).

Alternatively you can download the tarball from the terminal, changing directories to the build directory first:

$ cd ~/builds
$ curl -L -O https://aur.archlinux.org/packages/fo/foo/foo.tar.gz

Build the package

Change directories to the build directory if not already there, then extract the previously downloaded package:

$ cd ~/builds
$ tar -xvf foo.tar.gz

This should create a new directory called "foo" in the build directory.

Warning: Carefully check all files. cd to the newly created directory and carefully check the PKGBUILD and any .install file for malicious commands. PKGBUILDs are bash scripts containing functions to be executed by makepkg: these functions can contain any valid commands or Bash syntax, so it is totally possible for a PKGBUILD to contain dangerous commands through malice or ignorance on the part of the author. Since makepkg uses fakeroot (and should never be run as root), there is some level of protection but you should never count on it. If in doubt, do not build the package and seek advice on the forums or mailing list.
$ cd foo
$ nano foo.install

Make the package. After manually confirming the integrity of the files, run makepkg as a normal user:

$ makepkg -s

The -s switch will use sudo to install any needed dependencies. If the use of sudo is undesirable, manually install required dependencies beforehand and exclude the -s in the above command.

Install the package

Install the package using pacman. A tarball should have been created named:

<application name>-<application version number>-<package revision number>-<architecture>.pkg.tar.xz

This package can be installed using pacman's "upgrade" command:

# pacman -U foo-0.1-1-i686.pkg.tar.xz   

These manually installed packages are called foreign packages — packages which have not originated from any repository known to pacman. To list all foreign packages:

$ pacman -Qm 
Note: The above example is only a brief summary of the package building process. A visit to the makepkg and ABS pages will provide more detail and is highly recommended, especially for first-time users.


The AUR Web Interface has a comments facility that allows users to provide suggestions and feedback on improvements to the PKGBUILD contributor. Avoid pasting patches or PKGBUILDs into the comments section: they quickly become obsolete and just end up needlessly taking up lots of space. Instead email those files to the maintainer, or even use a pastebin.

One of the easiest activities for all Arch users is to browse the AUR and vote for their favourite packages using the online interface. All packages are eligible for adoption by a TU for inclusion in the community repository, and the vote count is one of the considerations in that process; it is in everyone's interest to vote!

Sharing and maintaining packages

Users can share PKGBUILDs using the Arch User Repository. It does not contain any binary packages but allows users to upload PKGBUILDs that can be downloaded by others. These PKGBUILDs are completely unofficial and have not been thoroughly vetted, so they should be used at your own risk.

Submitting packages

Warning: Before attempting to submit a package you are expected to familiarize yourself with Arch packaging standards and all articles, mentioned at the bottom of it.
Note: The following section describes how to upload packages to aurweb 3.5.1. If you are submitting a package for the first time, please consider directly uploading it to AUR 4 instead.

After logging in to the AUR web interface, a user can submit a gzipped tarball (.tar.gz) of a directory containing build files for a package. The directory inside the tarball should contain a PKGBUILD, .SRCINFO, any .install files, patches, etc. (absolutely no binaries). Examples of what such a directory should look like can be seen inside /var/abs if the Arch Build System were installed.

The tarball can be created with the following command:

$ makepkg --source

Note that this is a gzipped tarball; assuming you are uploading a package called libfoo, when you create the file it should look similar to this:

$ tar tf libfoo-0.1-1.src.tar.gz
Note: The ".SRCINFO" file contains source package metadata, see #AUR metadata for details.

When submitting a package, observe the following rules:

  • Check the official package database for the package. If any version of it exists, do not submit the package. If the official package is out-of-date, flag it as such. If the official package is broken or is lacking a feature, then please file a bug report.
  • Check the AUR for the package. If it is currently maintained, changes can be submitted in a comment for the maintainer's attention. If it is unmaintained, the package can be adopted and updated as required. Do not create duplicate packages.
  • Verify carefully that what you are uploading is correct. All contributors must read and adhere to the Arch packaging standards when writing PKGBUILDs. This is essential to the smooth running and general success of the AUR. Remember that you are not going to earn any credit or respect from your peers by wasting their time with a bad PKGBUILD.
  • Packages that contain binaries or that are very poorly written may be deleted without warning.
  • If you are unsure about the package (or the build/submission process) in any way, submit the PKGBUILD to the AUR mailing list or the AUR forum on the Arch forums for public review before adding it to the AUR.
  • Make sure the package is useful. Will anyone else want to use this package? Is it extremely specialized? If more than a few people would find this package useful, it is appropriate for submission.
  • The AUR and official repositories are intended for packages which install generally software and software-related content, including one or more of the following: executable(s); config file(s); online or offline documentation for specific software or the Arch Linux distribution as a whole; media intended to be used directly by software.
  • Gain some experience before submitting packages. Build a few packages to learn the process and then submit.
  • If you submit a package.tar.gz with a file named package in it you will get an error: "Could not change to directory /home/aur/unsupported/package/package". To resolve this, rename the file named package to something else; for example, package.rc. When it is installed in the pkg directory, you may rename it back to package.

Maintaining packages

  • If you maintain a package and want to update the PKGBUILD for your package just resubmit it.
  • Check for feedback and comments from other users and try to incorporate any improvements they suggest; consider it a learning process!
  • Please do not leave a comment containing the version number every time you update the package. This keeps the comment section usable for valuable content mentioned above. AUR helpers are suited better to check for updates.
  • Please do not just submit and forget about packages! It is the maintainer's job to maintain the package by checking for updates and improving the PKGBUILD.
  • If you do not want to continue to maintain the package for some reason, disown the package using the AUR web interface and/or post a message to the AUR Mailing List.

Other requests

  • Disownment requests and removal requests can be created by clicking on the "File Request" link under "Package actions" on the right hand side. This automatically sends a notification email to the current package maintainer and to the aur-requests mailing list for discussion. Trusted Users will then either accept or reject the request.
  • Disownment requests will be granted after two weeks if the current maintainer did not react.
  • Package merging has been implemented, users still have to resubmit a package under a new name and may request merging of the old version's comments and votes.
  • Removal requests require the following information:
    • Reason for deletion, at least a short note
      Notice: A package's comments does not sufficiently point out the reasons why a package is up for deletion. Because as soon as a TU takes action, the only place where such information can be obtained is the aur-requests mailing list.
    • Supporting details, like when a package is provided by another package, if you are the maintainer yourself, it is renamed and the original owner agreed, etc.
    • For merge requests: Name of the package base to merge into.

Removal requests can be disapproved, in which case you will likely be advised to disown the package for a future packager's reference.

Git repository

A Git repository of the AUR is available at git://pkgbuild.com/aur-mirror.git, and is generally updated at least once per day. If the repository's commit history is not needed, then cloning with the --depth=1 option will be much quicker:

$ git clone --depth=1 git://pkgbuild.com/aur-mirror.git

For more information, see the following: Git Web interface, forum thread.

AUR metadata

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements. See Help:Style for reference.Tango-edit-clear.png

Reason: This section was originally in a separate page, it may need adaptations to better fit into this article. (Discuss in Talk:Arch User Repository#)

In order to display information in the AUR web interface, the AUR's back-end code attempts to parse PKGBUILD files and salvage package name, version, and other information from it. PKGBUILDs are Bash scripts, and correctly parsing Bash scripts without executing them is a huge challenge, which is why makepkg is a Bash script itself: it includes the PKGBUILD of the package being built via the source directive. AUR metadata files were created to get rid of some hacks, used by AUR package maintainers to work around incorrect parsing in the web interface. See also FS#25210, FS#15043, and FS#16394.

How it works

By adding a metadata file called ".SRCINFO" to source tarballs to overwrite specific PKGBUILD fields. An outdated format of this file was described in the AUR 2.1.0 release announcement. .SRCINFO files are parsed line-by-line. The syntax for each line is key[_arch] = value. Exactly one space must be on each side of the equals sign, even for an empty value, and do not include quotes around the values.

The key is a field name, based on the names of the corresponding PKGBUILD Variables. Some field names may optionally be suffixed with an architecture name. Fields are grouped into sections, each headed by one of the following two field names:

  • pkgbase: This is required by AUR 3, otherwise the infamous “only lowercase letters are allowed” error is reported. (Pacman uses the first pkgname if pkgbase is omitted.) Repeat pkgname if unsure. There is only one pkgbase section. The field values from this section are inherited unless overridden in the pkgname sections that follow it. An empty field value in the pkgname section cancels the inheritance.
  • pkgname: There may be multiple pkgname sections.

The following field names are associated with a single value for the section:

  • epoch
  • pkgver: package version, may be formatted as [epoch:]pkgver if the epoch field is not given separately
  • pkgrel: release number of the package specific to Arch Linux
  • pkgdesc
  • url

The following field names may be repeated on multiple lines in a section to add multiple values:

  • license: in case of multiple licenses separate them by a space
  • groups

The following field names may be repeated, and also may optionally have an architecture suffix, separated from the field name by an underscore:

  • depends: dependencies, one per line
  • makedepends
  • checkdepends
  • optdepends
  • conflicts
  • provides
  • replaces
  • source

Fields with other names are ignored. Blank lines and comment lines beginning with a hash sign (#) are also ignored. Lines may be indented. This format closely matches the .PKGINFO format that is used for binary packages in pacman/libalpm.

AUR translation

See TRANSLATING in the AUR source tree for information about creating and maintaining translation of the AUR web interface.


What is the AUR?

The AUR (Arch User Repository) is a place where the Arch Linux community can upload PKGBUILDs of applications, libraries, etc., and share them with the entire community. Fellow users can then vote for their favorites to be moved into the community repository to be shared with Arch Linux users in binary form.

What kind of packages are permitted on the AUR?

The packages on the AUR are merely "build scripts", i.e. recipes to build binaries for pacman. For most cases, everything is permitted, subject to the abovementioned usefulness and scope guidelines, as long as you are in compliance with the licensing terms of the content. For other cases, where it is mentioned that "you may not link" to downloads, i.e. contents that are not redistributable, you may only use the file name itself as the source. This means and requires that users already have the restricted source in the build directory prior to building the package. When in doubt, ask.

How can I vote for packages in AUR?

Sign up on the AUR website to get a "Vote for this package" option while browsing packages. After signing up it is also possible to vote from the commandline with aurvoteAUR.

What is a Trusted User / TU?

A Trusted User, in short TU, is a person who is chosen to oversee AUR and the community repository. They are the ones who maintain popular PKGBUILDs in community, and overall keep the AUR running.

What is the difference between the Arch User Repository and the community repository?

The Arch User Repository is where all PKGBUILDs that users submit are stored, and must be built manually with makepkg. When PKGBUILDs receive enough community interest and the support of a TU, they are moved into the community repository (maintained by the TUs), where the binary packages can be installed with pacman.

How to get a PKGBUILD into the community repository?

Usually, at least 10 votes are required for something to move into community. However, if a TU wants to support a package, it will often be found in the repository.

Reaching the required minimum of votes is not the only requirement, there has to be a TU willing to maintain the package. TUs are not required to move a package into the community repository even if it has thousands of votes.

Usually when a very popular package stays in the AUR it is because:

  • Arch Linux already has another version of a package in the repositories
  • The package is AUR-centric (e.g. an AUR helper)
  • Its license prohibits redistribution

See also DeveloperWiki:Community repo candidates and Rules for Packages Entering the community Repo.

How do I make a PKGBUILD?

The best resource is the wiki page about creating packages. Remember to look in AUR before creating the PKGBUILD as to not duplicate efforts.

Foo in AUR is outdated; what do I do?

For starters, you can flag packages out-of-date. If it stays out-of-date for an extended period of time, the best thing to do is email the maintainer. If there is no response from the maintainer after two weeks, you can file an orphan request. When we are talking about a package which is flagged out of date for more than 3 months and is in general not updated for a long time, please add this in your orphan request.

In the meantime, you can try updating the package yourself by editing the PKGBUILD - sometimes updates do not require any changes to the build or package process, in which case simply updating the pkgver or source array is sufficient.

I have a PKGBUILD I would like to submit; can someone check it to see if there are any errors?

If you would like to have your PKGBUILD critiqued, post it on the aur-general mailing list to get feedback from the TUs and fellow AUR members. You could also get help from the IRC channel, #archlinux on irc.freenode.net. You can also use namcap to check your PKGBUILD and the resulting package for errors.

Foo in AUR does not compile when I run makepkg; what should I do?

You are probably missing something trivial.

  1. Run pacman -Syyu before compiling anything with makepkg as the problem may be that your system is not up-to-date.
  2. Ensure you have both "base" and "base-devel" groups installed.
  3. Try using the "-s" option with makepkg to check and install all the dependencies needed before starting the build process.

Be sure to first read the PKGBUILD and the comments on the AUR page of the package in question. The reason might not be trivial after all. Custom CFLAGS, LDFLAGS and MAKEFLAGS can cause failures. It is also possible that the PKGBUILD is broken for everyone. If you cannot figure it out on your own, just report it to the maintainer e.g. by posting the errors you are getting in the comments on the AUR page.

How can I speed up repeated build processes?

If you frequently compile code that uses gcc - say, a git or SVN package - you may find ccache, short for "compiler cache", useful.

How can I upload to AUR without using the web interface?

You can use an AUR helper like burp or aurupAUR, both are commandline programs.

What is the difference between foo and foo-git packages?

Many AUR packages are presented in regular ("stable") and development versions ("unstable"). A development package usually has a suffix such as "-cvs", "-svn", "-git", "-hg", "-bzr" or "-darcs". While development packages are not intended for regular use, they may offer new features or bugfixes. Because -git, -svn, -hg and -bzr package builds download the latest available source when you execute makepkg, a package version to track possible updates is not directly available for these. Likewise these package builds cannot perform an authenticity checksum for the same reason, instead it is relied on the maintainer(s) of the git repository.

See also Enhancing Arch Linux Stability#Avoid development packages.


Since release 4.0.0, aurweb uses Git repositories for AUR packages which means that the package submission process is a bit different. While aur.archlinux.org runs aurweb 3.5.1 until August 8th 2015, there is a setup of a 4.0.0 release candidate running under aur4.archlinux.org.

Current AUR maintainers are given a grace period between June 8th and July 8th to upload any package they already maintain to aur4.archlinux.org. After July 8th any package in the current AUR can be taken over by any maintainer and uploaded. On August 8th aur4.archlinux.org will become the new official AUR and will be moved to the aur subdomain.

Submitting packages to aur4.archlinux.org

Warning: Before attempting to submit a package you are expected to familiarize yourself with Arch packaging standards and all articles, mentioned at the bottom of it.

For write access to the AUR users need to have an SSH key. The contents of a public key ~/.ssh/foo.pub need to be copied to the user profile in My Account. It is recommended that you create a new key, rather than use an existing SSH key so that you could selectively revoke the SSH key should something happen.

The following command will create an SSH key named foo under ~/.ssh/:

$ ssh-keygen -C "aur" -f ~/.ssh/foo -b 4096

The next step is to edit ~/.ssh/config and add the following entry:

Host aur4.archlinux.org                                                         
  User aur                                                                      
  IdentityFile /home/user/.ssh/foo

In order to upload a package, simply clone the Git repository with the corresponding name:

$ git clone ssh://aur@aur4.archlinux.org/foobar.git

You can then add the source files to the local copy of the Git repository. When making changes to the repository, make sure you always include the PKGBUILD and .SRCINFO in the top-level directory. You can create .SRCINFO files using mksrcinfo, provided by pkgbuild-introspection.

In order to submit new versions of a package base to the AUR, commit the new PKGBUILD, .SRCINFO and possibly helper files (like install files) and run git push. For example, after adding the PKGBUILD to the newly created directory, you can run the following commands to create and submit the initial commit:

$ mksrcinfo
$ git commit -m 'Initial import'
$ git push origin master

To update a package, edit the PKGBUILD and run the following commands to track the changes in the AUR Git repository:

$ mksrcinfo
$ git commit -am 'Update to 1.0.0'
$ git push
Tip: If you forget to commit the .SRCINFO and add it in a later commit, the AUR will still reject your pushes because the .SRCINFO must exist for every commit. To solve this problem you can use git rebase or git filter-branch with the --tree-filter option.

Migration scripts

Several scripts exist to ease the transition:

  • aur2aur4 - Import packages from AUR3 to AUR4 by packages list or AUR user.
  • aur2git - A ruby gem to download and submit your existing packages.
  • bbidulock's script to migrate from a .backup directory with all packages.
  • aur4_import.sh splits a package from a git repository with multiple packages (adding/updating `.SRCINFO` for every commit)
  • aur4_make_submodule.sh replaces a package in a bigger git repository with an AUR 4 submodule
  • import-to-aur4 splits an existing git repository into multiple AUR 4 packages (all at once, also adding `.SRCINFO` for every commit)

Keep in mind all those scripts are unsupported and contributed by users!

See also