Is AUR reliable?

Support AUR
1

Hi all

I’m a total noob in the Arch based system and i was just wondering about the AUR repos
Here a single exemple:
(trying to install ripperx is a similar exemple)
On other distros i liked times to times to open an openbox-session with fbpanel, so i tried to install fbpanel and here the result:

[bozzoh@bozzoh ~]$ pacman -Ss fbpanel
[bozzoh@bozzoh ~]$ trizen -Ss fbpanel
aur/fbpanel 7.0-2 [4+] [0.00%] [6 Jan 2018]
    NetWM compliant desktop panel
aur/fbpanel-git 44.478754b-2 [6+] [0.00%] [10 Feb 2017]
    NetWM compliant desktop panel (git)
[bozzoh@bozzoh ~]$ trizen -S fbpanel
:: Cloning AUR package: fbpanel

--------------------------------------------------------------------------------
:: Content of /tmp/trizen-bozzoh/fbpanel/PKGBUILD
--------------------------------------------------------------------------------

# $Id: PKGBUILD 266875 2017-11-15 14:29:11Z foutrelis $
# Maintainer: Sergej Pupykin <pupykin.s+arch@gmail.com>
# Maintainer: Jeff Mickey <jeff@archlinux.org>
# Contributor: Torin Daniel <torindan@gmail.com>
# Contributor: Diep Pham Van <imeo@favadi.com>

pkgname=fbpanel
pkgver=7.0
pkgrel=2
pkgdesc="NetWM compliant desktop panel"
arch=('x86_64')
url="https://github.com/aanatoly/fbpanel"
depends=('gtk2')
makedepends=('python2')
license=('GPL')
source=("$pkgname-$pkgver.tar.gz::https://github.com/aanatoly/fbpanel/archive/$pkgver.tar.gz")
md5sums=('8a15ac4e0f23a72b9d6be5151df712e5')

prepare() {
  cd "$srcdir/$pkgname-$pkgver"
  sed -i 's|python|python2|' configure .config/{repl.py,help,tar.py}
}

build() {
  cd "$srcdir/$pkgname-$pkgver"
  ./configure --libexecdir /usr/lib/fbpanel --prefix /usr --mandir /usr/share/man/man1
  make
}

package() {
  cd "$srcdir/$pkgname-$pkgver"
  make DESTDIR="$pkgdir/" install
}

=>> Edit fbpanel/PKGBUILD? [y/N]: n

Repository      : AUR
Name            : fbpanel
Version         : 7.0-2
Maintainer      : E5ten
URL             : https://github.com/aanatoly/fbpanel
AUR URL         : https://aur.archlinux.org/packages.php?ID=475721
License         : GPL
Votes           : 4
Popularity      : 0%
Installed       : No
Out Of Date     : No
Depends On      : gtk2
Make Deps       : python2
Check Deps      : None
Optional Deps   : None
Provides        : None
Conflicts With  : None
Replaces        : None
Package Base    : fbpanel
Last Update     : Sat Jan  6 14:40:27 2018
Description     : NetWM compliant desktop panel

==> Création du paquet fbpanel 7.0-2 (sam. 16 oct. 2021 10:59:17)
==> Vérification des dépendances pour l’exécution…
==> Vérification des dépendances pour la compilation…
==> Récupération des sources…
  -> Téléchargement de fbpanel-7.0.tar.gz…
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   121  100   121    0     0    316      0 --:--:-- --:--:-- --:--:--   315
100 3658k    0 3658k    0     0  1927k      0 --:--:--  0:00:01 --:--:-- 3925k
==> Validation des fichiers source avec md5sums…
    fbpanel-7.0.tar.gz ... Réussite
==> Extraction des sources…
  -> Extraction de fbpanel-7.0.tar.gz avec bsdtar
==> Lancement de prepare()…
==> Lancement de build()…
Traceback (most recent call last):
  File "./configure", line 502, in <module>
    main()
  File "./configure", line 489, in main
    resolve()
  File ".config/options.py", line 64, in resolve
    if opt('sound') is None and pkg_exists('alsa', '--atleast-version=1.0.10'):
  File "./configure", line 297, in pkg_exists
    return sp.call(cmd) == 0
  File "/usr/lib/python2.7/subprocess.py", line 172, in call
    return Popen(*popenargs, **kwargs).wait()
  File "/usr/lib/python2.7/subprocess.py", line 394, in __init__
    errread, errwrite)
  File "/usr/lib/python2.7/subprocess.py", line 1047, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory
==> ERREUR : Une erreur s’est produite dans build().
    Abandon…
:: Unable to build fbpanel - makepkg exited with code: 4
=>> Try again? [y/N]: n
=>> Exit now? [Y/n]: y

[bozzoh@bozzoh ~]$ trizen -S fbpanel-git
:: Cloning AUR package: fbpanel-git

--------------------------------------------------------------------------------
:: Content of /tmp/trizen-bozzoh/fbpanel-git/PKGBUILD
--------------------------------------------------------------------------------

gitname=fbpanel
pkgname="$gitname-git"
pkgver=44.478754b
pkgrel=2
pkgdesc="NetWM compliant desktop panel (git)"
license=(GPL)
arch=(i686 x86_64)
provides=('fbpanel' 'fbpanel-svn')
conflicts=('fbpanel' 'fbpanel-svn')
depends=('gtk2' 'python2')
makedepends=('automake' 'autoconf')
url="https://github.com/aanatoly/$gitname"
source=("git+$url.git")
sha512sums=('SKIP')

pkgver() {
    cd "${srcdir}/${gitname}"
    local ver="$(git rev-list --count HEAD).$(git rev-parse --short HEAD)"
    printf "%s" "${ver//-/.}"
}

prepare() {
    cd "${srcdir}/${gitname}"
    sed -i 's|/usr/bin/python$|/usr/bin/python2|' configure
    ./configure --prefix=/usr --libexecdir=/usr/lib --mandir=/usr/share/man/man1
    echo "LDFLAGSX += -lX11 -lm" >>config.mk
    sed -i 's|/usr/bin/python$|/usr/bin/python2|' repl.py
}
build(){
    cd "${srcdir}/${gitname}"
    ionice -c 3 nice -n 19 make
}
package(){
    cd "${srcdir}/${gitname}"
    make DESTDIR="$pkgdir/" install

    # Add forgotten localization files
    cd po
    for mofile in *.mo;do
        install -Dm755 "$mofile" "$pkgdir/usr/share/fbpanel/locale/${mofile%%_*}/LC_MESSAGES/fbpanel.mo"
    done
}

=>> Edit fbpanel-git/PKGBUILD? [y/N]: n

Repository      : AUR
Name            : fbpanel-git
Version         : 44.478754b-2
Maintainer      : yar
URL             : https://github.com/aanatoly/fbpanel
AUR URL         : https://aur.archlinux.org/packages.php?ID=382808
License         : GPL
Votes           : 6
Popularity      : 0%
Installed       : No
Out Of Date     : No
Depends On      : gtk2
                  python2
Make Deps       : automake
                  autoconf
Check Deps      : None
Optional Deps   : None
Provides        : fbpanel
                  fbpanel-svn
Conflicts With  : fbpanel
                  fbpanel-svn
Replaces        : None
Package Base    : fbpanel-git
Last Update     : Fri Feb 10 23:59:28 2017
Description     : NetWM compliant desktop panel (git)

==> Création du paquet fbpanel-git 44.478754b-2 (sam. 16 oct. 2021 10:59:55)
==> Vérification des dépendances pour l’exécution…
==> Vérification des dépendances pour la compilation…
==> Installation des dépendances manquantes…
[sudo] Mot de passe de bozzoh : 
résolution des dépendances…
recherche des conflits entre paquets…

Paquets (3) m4-1.4.19-1  autoconf-2.71-1  automake-1.16.4-1

Taille totale du téléchargement :  1,48 MiB
Taille totale installée :          4,26 MiB

:: Procéder à l’installation ? [O/n] o
:: Récupération des paquets…
 autoconf-2.71-1-any               645,2 KiB  1881 KiB/s 00:00 [##################################] 100%
 automake-1.16.4-1-any             611,7 KiB  4,09 MiB/s 00:00 [##################################] 100%
 m4-1.4.19-1-x86_64                258,3 KiB  3,60 MiB/s 00:00 [##################################] 100%
 Total (3/3)                      1515,2 KiB  2,38 MiB/s 00:01 [##################################] 100%
(3/3) vérification des clés dans le trousseau                  [##################################] 100%
(3/3) vérification de l’intégrité des paquets                  [##################################] 100%
(3/3) chargement des fichiers des paquets                      [##################################] 100%
(3/3) analyse des conflits entre fichiers                      [##################################] 100%
(3/3) vérification de l’espace disque disponible               [##################################] 100%
:: Traitement des changements du paquet…
(1/3) installation de automake                                 [##################################] 100%
(2/3) installation de m4                                       [##################################] 100%
(3/3) installation de autoconf                                 [##################################] 100%
:: Exécution des crochets (« hooks ») de post-transaction…
(1/2) Arming ConditionNeedsUpdate...
(2/2) Updating the info directory file...
==> Récupération des sources…
  -> Clonage du dépôt fbpanel git…
Clonage dans le dépôt nu '/tmp/trizen-bozzoh/fbpanel-git/fbpanel'
remote: Enumerating objects: 1176, done.
remote: Total 1176 (delta 0), reused 0 (delta 0), pack-reused 1176
Réception d'objets: 100% (1176/1176), 3.76 Mio | 494.00 Kio/s, fait.
Résolution des deltas: 100% (560/560), fait.
==> Validation des fichiers source avec sha512sums…
    fbpanel ... Ignoré
==> Extraction des sources…
  -> Création d’une copie de travail du dépot fbpanel git…
Clonage dans 'fbpanel'...
fait.
==> Lancement de prepare()…
Traceback (most recent call last):
  File "./configure", line 502, in <module>
    main()
  File "./configure", line 489, in main
    resolve()
  File ".config/options.py", line 64, in resolve
    if opt('sound') is None and pkg_exists('alsa', '--atleast-version=1.0.10'):
  File "./configure", line 297, in pkg_exists
    return sp.call(cmd) == 0
  File "/usr/lib/python2.7/subprocess.py", line 172, in call
    return Popen(*popenargs, **kwargs).wait()
  File "/usr/lib/python2.7/subprocess.py", line 394, in __init__
    errread, errwrite)
  File "/usr/lib/python2.7/subprocess.py", line 1047, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory
==> ERREUR : Une erreur s’est produite dans prepare().
    Abandon…
:: Unable to build fbpanel-git - makepkg exited with code: 4
=>> Try again? [y/N]: n
=>> Exit now? [Y/n]: y

[bozzoh@bozzoh ~]$

Nothing dramatic nothing life or death sentence, but i’m just wondering about AUR, maybe fbpanel is built with EOL libraries i don’t know and i don’t understand the error root, and i completely understand this kind of little stuff are nor maintened nothing wrong with that, but is the AUR a safe repo?
I mean what we can find in AUR are correctly maintened ?
Or simply safe or secure ?

I guess it’s just a noob question, but can we totally trust in AUR ?

2

DISCLAIMER: AUR packages are user produced content. Any use of the provided files is at your own risk.https://aur.archlinux.org

As everything within this repo is build scripts - which either fetches sources or binaries - then compile and pack- or repack into a package - then installing the package - you should check what the said files do before you decide what to do.

Some build scripts is orphans or the maintainer has not yet had time to update the script - in any case you are entirely on your own.

Whether to trust or not any given script is entirely up to you.

If you want to use build scripts from AUR you should be able to solve potential issues on or with your system.

Despite the fact that Manjaro provides an inhouse Package Manager which has AUR support you should follow this advise

You should become familiar with the manual build process in order to be prepared to troubleshoot problems. - Arch User Repository - Manjaro

Python 2.7 was EOL January 1. 2020 - almost 2 years ago.

1 Like
3

Did you know that the forum has a search engine? This question has been asked (and answered) a gazillion times before… :arrow_down:

https://forum.manjaro.org/search?q=AUR%20category:113

4

It’s noted

1 Like
5

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.