[arch-general] First Time Using AUR
Gary Wright
wriggary at gmail.com
Wed Apr 14 12:53:45 EDT 2010
On Wed, 2010-04-14 at 08:16 -0500, Burlynn Corlew Jr (velcroshooz)
wrote:
> On Wed, Apr 14, 2010 at 8:12 AM, Carlos Mennens <carloswill at gmail.com>wrote:
>
> > I am getting ready to use my newly built Arch Linux system for the 1st
> > time and use AUR and read the Wiki but I have a question that I am not
> > clear on:
> >
> > Next choose an appropriate build directory. A build directory is
> > simply a directory where the package will be made or "built" and can
> > be any directory. Examples of commonly used directories are:
> >
> > ~/builds
> >
> > Now when I create the "~/builds" directory, does it matter if I do
> > this in a regular user's home directory or in 'roots'? It is not very
> > clear and I don't want to break anything or improperly build a package
> > from AUR.
> >
>
> I dont know if your using an aur helper or using makepkg alone, but i would
> use ~/builds in a users' directory. running makepkg as root is bad
> practice.
I don't see that anybody has touched on this, but the reason that
running makepkg as a regular user is best is because AUR pkgbuilds are
not checked for malicious code before being made available for download.
There is a great community of TUs and AUR users that will usually spot
bad pkgbuilds before anyone is affected, but it is ultimately the
end-user's obligation to check the pkgbuild/install scripts for bad
code. Having the build() func execute rm -rf / doesn't do quite as much
when you're a normal user. Root, however, can destroy a system that
way.
Hope that clears up our reasoning better than "its bad!"
Gary
More information about the arch-general
mailing list