Responsible use of AUR

Be responsible in using the AUR

:warning: Remember, the AUR is neither officially supported by Arch nor by Manjaro. Using it is at your own risk and your own responsibility.

The AUR (Arch User Repository) is like a public library run by volunteers. The books are contributed by the readers and as such we respect both the volunteers and our fellow readers contributing their books for us to read. We all need to be responsible in our use of this repository.

We are guests allowed to use the library - so let’s behave like polite guests.

With the growing popularity of Arch based distributions - the AUR has become more popular that any Arch user could have ever imagined.

It is difficult to educate on responsible use of a free service - just picture that you were the provider and not aurweb Development Team.

While the AUR technically is just an organized collection of text files containing instructions on how to install certain software whether this is from source code or from binary packages - it contains functionality to search for keywords within package names and their description.

I cannot say what the original intention were - I was not there - but as a developer and former system administrator and small time hosting provider - I can appreciate how the Archlinux users have contributed to the overall ecosystem of Manjaro.

I want to appeal to you - my fellow Manjaro community members - and the anonymous Manjaro user reading this …

The in-house package manager shipped with Manjaro - Pamac - contains functionality which - when used without thinking - easily contributes to the overload of AUR - which just happened again - today 2021-10-13T22:00:00Z.

  • do not enable AUR unless you strictly need it
  • do not enable checking for updates to AUR packages
  • do not enable checking for updates to DEV packages

How useful this may be - it also constitutes a lot of useless traffic targeted the AUR search API.

Some time ago the Archlinux Team has considered it necessary to throttle requests to the search api because of user scripts used in conky flooded the search api.

Recently a topic was opened in Manjaro gitlab for Pamac requesting modifications to how Pamac used the search API to minimize the impact on the AUR service.

The incident of today - makes it clear that the AUR web search API is overloaded and I ask of you to consider how you are contributing to the impact on the AUR web.

We all benefit from the availability - so let’s not abuse it.

41 Likes

I have some questions.

If I disable checking updates for AUR, then how can I get my AUR software updated?

Will it be a bit helpful if I reduce my updates check frequency?

1 Like

I have applications installed using AUR scripts - and none of them requires a scheduled AUR check.

I am using applications like

  • postman
  • azuredatastudio
  • microsoft edge
  • microsoft sql-server

and probably some I have forgotten.

When I remember it or when the app itself makes me aware - I rebuild the application.

While it is sound and reasonable to keep your system up-to-date - it is not necessary to automatically check the repos with short intervals.

I have been touched by the update-fast-and-now virus and it took me a couple of years to recover.

My personal recommandation is to run a manual checkup once a week or so - that is sufficient - unless of course you know there is a specific issue that needs to be addressed.

6 Likes

It’s going to be hectic with the upcoming release of the Valve steam deck.

I don’t know how they are going to handle this.

3 Likes

Maybe the default Pamac setting could be changed to "once a day’, it is “every 6 hours” by default.
Maybe a specific AUR check setting could be added?
Maybe the default search should also be only in the repositories, instead of searching the AUR by default (clicking the AUR button would then trigger the search)?

I like the idea to try to responsibilize people, but let be real, most users would not even read it, let alone follow the guidelines. If measure were added directly in the application that would have a real impact.

//EDIT: I looked in Pamac console output, looks like the culprit is Pamac itself, flooding the AUR when auto suggesting things Add/remove software AUR problem - #22 by omano

11 Likes

I’m with you on this, but I also see the point made about the upcoming Steam Deck release if people use Pamac to do their updates and enable AUR. I think most will not even look at the base OS or desktop and just let it do it’s updates without manually interfering with them, but there will still be plenty of new users that will want to see what the underlying OS has to offer.

omano makes a good point. I adjust the AUR update check interval to 24 hours instead of 6 hours within a couple of hours after a fresh OS install. I think I may change this for every week since Manjaro itself usually only averages a big update about a week or so apart. For my purposes this seems a better choice.

2 Likes

Thank you I did not know it could be harmful. it on because some YouTube video recommend it. I’l be sure to turn it off again.

I think the biggest culprit is the search defaulting to searching aur in addition to searching the repos when aur is enabled, i guess that can slow down everything when thousands of users are searching for some software on repo.

1 Like

Changed update frequency to 24 hours, hope it helps somewhat.

4 Likes

I opened an issue https://gitlab.manjaro.org/applications/pamac/-/issues/1135 to me this is the biggest culprit, the multiple searches it sends to AUR when auto suggesting.

8 Likes

I found the topic absolutely randomly. Please consider share it by current news channels (for example matray at least). @philm

I found that ideas so important, so targerted that want to re-quote them:

Previously I did pamac update for several times a day like “updates addict”. So I was one of the that loaders also.
I can’t turn off updates completely and have feeling that one per week it is too rarely.
Please, consider to add an option of special options for AUR updates checking of around 3 days also or at least split it: so we can update every X hours main user repos and to check every week the AUR updates.

BTW, at least one other distro uses the pamac (Garuda). So I have a feeling that fixing default search in pamac to do not include AUR (to include by switch in GUI on package search page) will have a huge impact to unload AUR a way more that switching from daily updates checking to weekly.

3 Likes

What about a “manjaro-AUR” clone, syncing every 24 hours and pointig to it ?
Making clear it is third party (just a clone) and it is up to the users responsibility.
This is what manjaro is doing anyway, we have our own repos.

4 Likes

Its confirmed that aur maintainers have blocked pamac resulting in all the current issues. The guy replied on your issue.

1 Like

many Distributions use Pamac.
if i remember correctly, there was an idea of implementing some kind of Distro ID in Pamac to see where the load comes from.

1 Like

Will probably be a massive undertaking and would only be viable for new manjaro installs.

Not really. Pamac just sends a User-Agent header with each request. Instead of putting a hardcoded “pamac v11” (or whatever it is), it could determine the distro at runtime and set the user-agent string accordingly.

Nope. Just needs a pamac update.

2 Likes

This should be a great solution rather than the current status quo where other distros are sharing using pamac & getting the whole thing blocked by upstream.

Imho the even greater solution would be to just remove that auto-suggest nonsense completely…

-Enter search-term
-Click Search (or hit ENTER…)
-Do search query

But not on every stupid keystroke…
When you look for a package you normally have at least some vague idea what the name of that package could be.

15 Likes

Is it searches even on each key input???
Tried, yeah by hanging it looks like this.
Probably temporarily need to remove search-by-input-timeout feature and to leave by hitting Enter or GUI btn only (so by user direct request only, not by delay in user input).

So it looks like it is easy to unload the AUR: huge causes found.