[arch-general] First Time Using AUR
I am getting ready to use my newly built Arch Linux system for the 1st time and use AUR and read the Wiki but I have a question that I am not clear on: Next choose an appropriate build directory. A build directory is simply a directory where the package will be made or "built" and can be any directory. Examples of commonly used directories are: ~/builds Now when I create the "~/builds" directory, does it matter if I do this in a regular user's home directory or in 'roots'? It is not very clear and I don't want to break anything or improperly build a package from AUR.
On 04/14/2010 04:12 PM, Carlos Mennens wrote:
I am getting ready to use my newly built Arch Linux system for the 1st time and use AUR and read the Wiki but I have a question that I am not clear on:
Next choose an appropriate build directory. A build directory is simply a directory where the package will be made or "built" and can be any directory. Examples of commonly used directories are:
~/builds
Now when I create the "~/builds" directory, does it matter if I do this in a regular user's home directory or in 'roots'? It is not very clear and I don't want to break anything or improperly build a package from AUR.
No it don`t matter, where you create this dir. For easily building from AUR you can use yaourt.
On Wed, Apr 14, 2010 at 8:12 AM, Carlos Mennens <carloswill@gmail.com>wrote:
I am getting ready to use my newly built Arch Linux system for the 1st time and use AUR and read the Wiki but I have a question that I am not clear on:
Next choose an appropriate build directory. A build directory is simply a directory where the package will be made or "built" and can be any directory. Examples of commonly used directories are:
~/builds
Now when I create the "~/builds" directory, does it matter if I do this in a regular user's home directory or in 'roots'? It is not very clear and I don't want to break anything or improperly build a package from AUR.
I dont know if your using an aur helper or using makepkg alone, but i would use ~/builds in a users' directory. running makepkg as root is bad practice.
On Wed, 2010-04-14 at 08:16 -0500, Burlynn Corlew Jr (velcroshooz) wrote:
On Wed, Apr 14, 2010 at 8:12 AM, Carlos Mennens <carloswill@gmail.com>wrote:
I am getting ready to use my newly built Arch Linux system for the 1st time and use AUR and read the Wiki but I have a question that I am not clear on:
Next choose an appropriate build directory. A build directory is simply a directory where the package will be made or "built" and can be any directory. Examples of commonly used directories are:
~/builds
Now when I create the "~/builds" directory, does it matter if I do this in a regular user's home directory or in 'roots'? It is not very clear and I don't want to break anything or improperly build a package from AUR.
I dont know if your using an aur helper or using makepkg alone, but i would use ~/builds in a users' directory. running makepkg as root is bad practice.
I don't see that anybody has touched on this, but the reason that running makepkg as a regular user is best is because AUR pkgbuilds are not checked for malicious code before being made available for download. There is a great community of TUs and AUR users that will usually spot bad pkgbuilds before anyone is affected, but it is ultimately the end-user's obligation to check the pkgbuild/install scripts for bad code. Having the build() func execute rm -rf / doesn't do quite as much when you're a normal user. Root, however, can destroy a system that way. Hope that clears up our reasoning better than "its bad!" Gary
On Wed, Apr 14, 2010 at 10:53:45AM -0600, Gary Wright wrote:
On Wed, 2010-04-14 at 08:16 -0500, Burlynn Corlew Jr (velcroshooz) wrote:
On Wed, Apr 14, 2010 at 8:12 AM, Carlos Mennens <carloswill@gmail.com>wrote:
I am getting ready to use my newly built Arch Linux system for the 1st time and use AUR and read the Wiki but I have a question that I am not clear on:
Next choose an appropriate build directory. A build directory is simply a directory where the package will be made or "built" and can be any directory. Examples of commonly used directories are:
~/builds
Now when I create the "~/builds" directory, does it matter if I do this in a regular user's home directory or in 'roots'? It is not very clear and I don't want to break anything or improperly build a package from AUR.
I dont know if your using an aur helper or using makepkg alone, but i would use ~/builds in a users' directory. running makepkg as root is bad practice.
I don't see that anybody has touched on this, but the reason that running makepkg as a regular user is best is because AUR pkgbuilds are not checked for malicious code before being made available for download. There is a great community of TUs and AUR users that will usually spot bad pkgbuilds before anyone is affected, but it is ultimately the end-user's obligation to check the pkgbuild/install scripts for bad code. Having the build() func execute rm -rf / doesn't do quite as much when you're a normal user. Root, however, can destroy a system that way.
I disagree: this is not an adequate justification. Why not? Because suppose the package gets built ok. What are you going to do then? Install it with root privileges---which will lead to the install script's being run with root privileges, or alternatively to any binary the packager wants being installed setuid and owned by root. Your only protection against this is to trust the source (and the url from which it's downloaded) and trust/review the PKGBUILD and install scripts. You might as well do that before running makepkg, as after running makepkg but before running "sudo pacman -U newpackage.pkg.tar.gz". That's your only protection against anything malicious. The advantage of not building as root is in case something is broken in the PKGBUILD or Makefile, this puts up some additional protective barriers. A malicious maintainer would only need a bit of obfuscation and cleverness to bury his payload in the parts of the process that are run as root. Anyway, that's how I understand it. I've broken a few PKGBUILDs and Makefiles myself. For instance, you want to be sure your "make install" targets respect DESTDIR. If you leave that out, and run make install as a normal user, the step will fail and you'll just get an error about not having privileges (yet) to write to /usr/bin/whatever. If you run make install as root, though, the files will get written to /usr/bin/whatever, possibly overwriting what's there, and won't be tar'd up when $pkgdir is compressed. This is the kind of flimsy but helpful protection you get from running makepkg as a normal user. -- Jim Pryor profjim@jimpryor.net
On Wed, Apr 14, 2010 at 09:12:11AM -0400, Carlos Mennens wrote:
I am getting ready to use my newly built Arch Linux system for the 1st time and use AUR and read the Wiki but I have a question that I am not clear on:
Next choose an appropriate build directory. A build directory is simply a directory where the package will be made or "built" and can be any directory. Examples of commonly used directories are:
~/builds
Now when I create the "~/builds" directory, does it matter if I do this in a regular user's home directory or in 'roots'? It is not very clear and I don't want to break anything or improperly build a package from AUR.
Safer to do it in a place that regular users can write to, and to do all your makepkg-ing as a non-root user. You only need root privileges for the actual install step. You could do a makepkg followed by a sudo pacman -U packageyoumade-1.0.0-1-arch.pkg.tar.gz. Or you could do "makepkg -i" in the first place, then makepkg will try to install the package if it manages to build it successfully. (I think it will prompt you for a sudo password at the end for the actual installation. Though perhaps this is only in the makepkg wrapper I wrote on my own machines.) -- Jim Pryor profjim@jimpryor.net
On 14 April 2010 21:20, Jim Pryor <lists+arch-general@jimpryor.net> wrote:
Safer to do it in a place that regular users can write to, and to do all your makepkg-ing as a non-root user. You only need root privileges for the actual install step. You could do a makepkg followed by a sudo pacman -U packageyoumade-1.0.0-1-arch.pkg.tar.gz. Or you could do "makepkg -i" in the first place, then makepkg will try to install the package if it manages to build it successfully. (I think it will prompt you for a sudo password at the end for the actual installation. Though perhaps this is only in the makepkg wrapper I wrote on my own machines.)
It will just use sudo. And whether it prompts for a password is dependent on your sudo configuration. You can run makepkg -i anytime as long as you have a package built, it will automatically install the latest found in the build cache. -- GPG/PGP ID: B42DDCAD
On Wed, Apr 14, 2010 at 7:12 AM, Carlos Mennens <carloswill@gmail.com>wrote:
I am getting ready to use my newly built Arch Linux system for the 1st time and use AUR and read the Wiki but I have a question that I am not clear on:
Next choose an appropriate build directory. A build directory is simply a directory where the package will be made or "built" and can be any directory. Examples of commonly used directories are:
~/builds
Now when I create the "~/builds" directory, does it matter if I do this in a regular user's home directory or in 'roots'? It is not very clear and I don't want to break anything or improperly build a package from AUR.
I was creating a 2.6.34-rc3 kernel package and only sudoed when passing the newly created package to pacman. I belive all non root-full activity should be done without root. Ben
participants (7)
-
Benjamin Campbell
-
Burlynn Corlew Jr (velcroshooz)
-
Carlos Mennens
-
Gary Wright
-
Jim Pryor
-
Nick Stepa
-
Ray Rashif