Manjaro and AUR
The forums search function reveals a lot of AUR issues. Several helpers like
pacaur and probably others exist but these are well known apps to the Manjaro community.
Post in the forum like these exposes the good, the bad and the ugly side of AUR
- What if a software is not found in the repos
- Djvubind : a good software and a bad package in AUR
- Add Software does not search AUR
- Pamac stopped searching AUR
- [Pamac] introducing our own AUR support
The above mentioned apps are invaluable helpers for the experienced Manjaro user but these helpers are not for new Manjaro Linux users. Do yourself a favour and leave the vast wild west in AUR until you are comfortable with your Manjaro Linux. Read up on the AUR on Manjaro Wiki and Arch Linux Wiki.
Manjaro system updates and AUR
When the Manjaro Team releases updates the updates has been tested on a limited number of systems. When the updates roll out to users it is rolled out to an infinite number of different combinations of hardware and software. The updates rolling out cannot take into account the vast number of applications which can be installed from AUR.
Thus a number of users will experience breakdowns when updating their systems. It is the nature and inevitable. So how do you ensure yourself?
- The continued function of your computer system is your responsibility and yours alone.
- Limit the number of apps you install from AUR.
- Know their requirements and dependencies.
- Verify before installing updates that they are compatible with your indispensable AUR apps and their dependencies.
- Keep your system tidy by removing obsolete apps and their dependencies.
Does AUR have an ugly side?
Indeed it does. The ugly side is rarely mentioned when the topics tagged with aur hits the forum. It seems like the possible benefit from AUR is glorified.
Quote from the Manjaro Wiki
Unfortunately, as a community maintained repository, using the AUR does still present potential risks and problems. Risks, such as, the AUR providing:
Multiple versions of the same packages.
Out of date packages.
Broken or only partially working packages.
Improperly configured packages which download unnecessary dependencies, or do not download necessary dependencies, or both.
Malicious packages (although extremely rare).
Quote from AUR homepage
DISCLAIMER: AUR packages are user produced content. Any use of the provided files is at your own risk.
Quote from Archlinux Wiki
Warning: Carefully check all files. Carefully check the PKGBUILD and any .install file for malicious commands. PKGBUILDs are bash scripts containing functions to be executed by makepkg: these functions can contain any valid commands or Bash syntax, so it is totally possible for a PKGBUILD to contain dangerous commands through malice or ignorance on the part of the author. Since makepkg uses fakeroot (and should never be run as root), there is some level of protection but you should never count on it. If in doubt, do not build the package and seek advice on the forums or mailing list.