Comment by jdlyga
8 years ago
This is exactly what we've been preparing for. Don't use yaourt, and read those diffs. I know a lot of people don't do this, but it's important.
8 years ago
This is exactly what we've been preparing for. Don't use yaourt, and read those diffs. I know a lot of people don't do this, but it's important.
Yeah it's funny, my first thought was since I started using Arch, the most common thing I hear people say is that packages from AUR should be considered unsafe until you've read the PKGBUILD, at least. It's a good thing it gets brought up so much, unfortunately.
Even yaourt defaults to prompting you to read all the packages scripts and displays a red WARNING UNSAFE when the package is unmaintained as this one was.
It has options to configure it to do everything automatically, but you have to actively go in and set it so.
yaourt sources the PKGBUILD before it allows you to review it, which is why it is considered unsafe.
What would you recommend over yaourt?
I love yay[1]. It has few dependencies, integrates well with pacman, has a useful search function, and is incredibly easy to use. I recommend using the binary version (yay-bin[2]) available in the AUR since it doesn't require compilation and has the fewest dependencies of any AUR helper.
[1] https://github.com/Jguer/yay
[2] https://aur.archlinux.org/packages/yay-bin/
#!/bin/bash set -e
if [ -z "$1" ]; then echo "No package name specified."; exit; fi
mkdir -p $1
cd $1
wget -q "https://aur.archlinux.org/cgit/aur.git/snapshot/$1.tar.gz"
tar xzf $1.tar.gz
cd $1
makepkg -sf
read -n 1 -s -p "Press any key to continue..."
echo -e "\n"
sudo pacman -U --noconfirm --needed $1*pkg.tar.xz
Now _that's_ a package manager!
aurman. More choices can be found here https://wiki.archlinux.org/index.php/AUR_helpers
I like and use auracle. It's basically a rewrite / redo of cower, the core of pacaur, by the same developer. Pacaur was the most popular alternative to Yaourt, but is now discontinued.
cower from falconindy