Difference between revisions of "Talk:AUR helpers"

From ArchWiki
Jump to: navigation, search
m ((archived))
Line 1: Line 1:
 
Authors of each front end should post a short (2-3 line) description of their creation, along with a homepage link and an AUR link (where applicable). A link to a screenshot page would also be nice (if applicable).
 
Authors of each front end should post a short (2-3 line) description of their creation, along with a homepage link and an AUR link (where applicable). A link to a screenshot page would also be nice (if applicable).
 
== Comparison table removal ==
 
I see the comparison table has been removed, without any comment. The question I'm asking myself currently is "Do we really need to have it back?" The page looks fine as it is now. Spyhawk 13:03, 7 February 2013 (UTC)
 
 
== More relevant AUR comparison table ==
 
 
Here is a proposal for a shorter, and more relevant AUR comparison table.
 
 
* Removal of all columns featuring AUR features that are expected from any AUR helper (Handles Deps, AUR search, Handles Upgrades). Those are common to all AUR helper anyway.
 
* Added a Yes/No column for "Usage similar to pacman". This is indicative, and I believe the various "see man helper" are useless (a specific column could be added if necessary).
 
* Replaced the column "Usage" by a more descriptive "Specificity" column. Use it to highlight specific focus or strength of the helper.
 
 
=== Comparison Table ===
 
 
{| border="1" cellpadding="4" cellspacing="0"
 
! Name !! Written in !! Official Repo support !! Usage similar to pacman !! Shell Tab Completion !! Manually Parses PKGBUILD* || Multilingual !! Active Project !! Specificity
 
|-
 
! [[aura]]
 
| Haskell || {{Yes}} || {{No}} || Bash/zsh || {{Yes}} || {{Yes}} || {{Yes}} || Handle Backups, Downgrades
 
|-
 
! aurget
 
| Bash || {{No}} || {{Yes}} || Bash || {{No}} || {{No}} || {{Yes}} || -
 
|-
 
! aurora
 
| Python3 || {{No}} || {{No}} || {{No}} || {{No}}  || {{No}} || {{Yes}} || -
 
|-
 
! cower
 
| C|| {{No}} || {{No}} || Bash/zsh || {{Yes}} || {{No}} || {{Yes}} || Minimalist helper without automatic build support.
 
|-
 
! owl
 
| Dash || {{Yes}} || {{No}} || Bash || {{Yes}} || {{No}} || {{Yes}} || -
 
|-
 
! [[pacaur]]
 
| Bash/C || {{Yes}} || {{Yes}} || Bash || optional|| {{No}} || {{Yes}} || Minimize user interaction.
 
|-
 
! packer
 
| Bash || {{Yes}} || {{Yes}} || {{No}} || {{No}} || {{No}} || {{Yes}} || -
 
|-
 
! paktahn
 
| Lisp|| {{Yes}} || {{Yes}} || {{No}} || {{No}} || {{No}} || {{Yes}} || -
 
|-
 
! pbfetch
 
| Bash || {{Yes}} || {{Yes}} || {{No}} || {{No}} || {{No}} || {{Yes}} || -
 
|-
 
! PKGBUILDer
 
| Python3 || {{Yes}} ({{Ic|pb}} command) || {{No}} || {{No}} || {{No}} || {{Yes}} || {{Yes}} || -
 
|-
 
! spinach
 
| Bash || {{Yes}} || {{No}} || {{No}} || {{Yes}} || {{No}} || {{Yes}} || -
 
|-
 
! [[yaourt]]
 
| Bash/C || {{Yes}} || {{Yes}} || Bash/zsh/fish || {{No}} || {{Yes}} || {{Yes}} || Handle Backups, ABS support
 
|}
 
 
{{Note|Scripts that do not parse PKGBUILDs manually opt instead to execute them directly for their variables. This is not considered secure, but is generally more accurate than manual parsing.}}
 
 
Any other useful ideas? Spyhawk
 
 
:Removing redundant fields: Yes.
 
:Usage similar to pacman column: Yes. I'd argue aura is similar to pacman, though. Compared to say, cower or owl, it is.
 
:Usage column: Yes, this was totally useless.
 
:This revision is less cluttered, and thus easier to understand. I like it!
 
 
::2./ is actually a hard one. It depends on what is your definition of "similar". I'd say that helpers that install with a "-S" command are similar, but this is debatable. I guess this should be debated on the wiki Talk page.
 
::Another point I'd like to improve is the "manually parsed" column through a more general "secure" column... but how do you define that an helper is secure or not?
 
::Do you know any other people that would be interested in helping to improve this table? Spyhawk
 
 
::: I'd say:
 
:::helper --install package  # Not similar to pacman.
 
:::helper -S package  # Obviously the same as pacman.
 
:::helper -A package  # Similar enough, consider it has `-i` and `-s` too.
 
:::We could say a helper is secure if it tries to protect you from rogue PKGBUILDs. I saw one (can't remember which) that actually scanned for instances of the word sudo. I think it still sourced the PKGBUILD, but at least it tried. Obviously manually parsing the PKGBUILD (and the .install file?) would be the most secure.
 
:::As for people to help us... would the yaourt people care? I could see some of the upstarts (spinach, owl?) being cooperative. cower seems to be a powerhouse, so we should talk to them as well. packer has infrequent updates (looking at it's github network) and I don't know if they'd get back to us.
 
 
:::: The aur helper that scans the PKGBUILD is spinach, but it does manual parsing anyway. I've also seen that security feature, and implemented a very similar one in pacaur. Packer does source the PKGBUILD before asking for editing, so that's clearly insecure (unless using --preview, but that is not set by default). Pbfetch removes everything after build() before sourcing. I guess that would be considered secure too. I can't tell for yaourt, the code is too cryptic to me. Spyhawk
 
 
Here is an improved, but incomplete table:
 
 
{{note|'''Secure''' means that the AUR helper tries to protect from malicious PKGBUILD, using manual parsing or other means.}}
 
 
{| border="1" cellpadding="4" cellspacing="0"
 
! Name !! Written in !! Active Project !! Official Repo support !! Syntax similar to pacman !! Shell Tab Completion !! Secure !! Multilingual !! Specificity
 
|-
 
! [[aura]]
 
| Haskell || {{Yes}} || {{Yes}} || {{Yes}} || Bash/zsh || {{Yes}} || {{Yes}}  || Handle Backups, Downgrades
 
|-
 
! aurget
 
| Bash || {{Yes}} || {{No}} || {{Yes}} || Bash || ? || {{No}} || -
 
|-
 
! aurora
 
| Python3 || {{Yes}} || {{No}} || {{No}} || {{No}} || ?  || {{No}} || -
 
|-
 
! cower
 
| C || {{Yes}} || {{No}} || {{No}} || Bash/zsh || {{Yes}} || {{No}} || Minimalist helper without automatic build support.
 
|-
 
! owl
 
| Dash || {{Yes}} || {{Yes}} || {{No}} || Bash || {{Yes}} || {{No}} || -
 
|-
 
! [[pacaur]]
 
| Bash/C || {{Yes}} || {{Yes}} || {{Yes}} || Bash || {{Yes}} || {{No}} || Minimize user interaction.
 
|-
 
! packer
 
| Bash || {{Yes}} || {{Yes}} || {{Yes}} || {{No}} || {{No}} || {{No}} || -
 
|-
 
! paktahn
 
| Lisp || {{Yes}} || {{Yes}} || {{Yes}} || {{No}} || ? || {{No}} || -
 
|-
 
! pbfetch
 
| Bash || {{Yes}} || {{Yes}} || {{Yes}} || {{No}} || {{Yes}} || {{No}} || -
 
|-
 
! PKGBUILDer
 
| Python3 || {{Yes}} || {{Yes}} ({{Ic|pb}} command) || {{No}} || {{No}} || ? || {{Yes}} || -
 
|-
 
! spinach
 
| Bash || {{Yes}} || {{Yes}} || {{No}} || {{No}} || {{Yes}} || {{No}} || -
 
|-
 
! [[yaourt]]
 
| Bash/C || {{Yes}} || {{Yes}} || {{Yes}} || Bash/zsh/fish || {{No}} || {{Yes}} || Handle Backups, ABS support
 
|}
 
 
It's important that people looking at this know what "Secure" means, so I like that the note is at the top. Do you think a numbered rating system would work better than just Yes / No?
 
Also, the last time I checked, yaourt just shamelessly sources the PKGBUILD. -fosskers
 
: Maybe a rating system would be good, if objective. What would be the criteria to look at? Spyhawk 11:56, 5 February 2013 (UTC)
 

Revision as of 20:16, 18 March 2013

Authors of each front end should post a short (2-3 line) description of their creation, along with a homepage link and an AUR link (where applicable). A link to a screenshot page would also be nice (if applicable).