You are not logged in.
I use AUR and PKGBUILDs often and I'm wondering whether I should be using a separate user for building the packages?
Till now, I have assumed makepkg has all the security precautions in-built.
Offline
Not a Sysadmin issue: moving to AUR Issues...
Offline
technolog,
given that pkgbuilds are bash scripts, there are lots of POTENTIAL security issues.
an option to reduce the risks somewhat is indeed to build as a separate user.
building in a chroot further reduces the risks.
However , keep in mind that after building you will install the package as root.
IMO building as another user / in chroot only increases protection against errors / malicious statements in the PKGBUILD, but does nothing to protect against malicious code in the installed program.
Personally i build as my normal user, but check every PKGBUILD before i run makepkg on it.
I also verify the source urls, if i feel they are suspect i don't build it.
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
(A works at time B) && (time C > time B ) ≠ (A works at time C)
Offline
Personally i build as my normal user, but check every PKGBUILD before i run makepkg on it.
I also verify the source urls, if i feel they are suspect i don't build it.
Same here. I build with my own user.
There is this tutorial for building 32bit packages in 64bit environments which could probably be adapted to building 64bit packages in a chroot environment.
Claire is fine.
Problems? I have dysgraphia, so clear and concise please.
My public GPG key for package signing
My x86_64 package repository
Offline