Lightweight AUR helper

mvtab · 2025-07-05 12:10:09

I wrote some AUR helper functions for .bashrc a while back and it kinda evolved into a more complex bash script that I wanted to share with you guys and, in the same time, ask a question.

https://github.com/mvtab/aurx is the repository, any kind of constructive feedback is welcome.
https://aur.archlinux.org/packages/aurx is the AUR package.

Now to the question: this is a simple bash script, that can be used directly, without needing really much. Does it make sense to make a PKGBUILD for this and upload it to AUR? And if yes, I guess I would just have to install the dependencies and copy the script, for example, in the user's ${HOME}/bin? Or what are the best practices for "installing" a bash script?

Last edited by mvtab (2025-07-12 17:30:30)

seth · 2025-07-05 14:30:32

Absolutely NOTHING pacman installs - aur or repo - has any business writing to /home or any $HOME ever. Never. Ever.

Almost 1000 LOC is maybe a bit much for a community contributions post, so yeah, adding an aur PGKBUILD that fetches from your github is probably the most sane apporach.

mvtab · 2025-07-05 14:37:09

So you mean just fetch and let it there for the user to move where he wants?

And I know, I got surprised myself at some point about how many LOC I have, but it's mostly because of error handling and infrastructure stuff. I am using the program daily and I'm mostly keeping it forward just for myself.

seth · 2025-07-05 14:45:45

Nono, The PKGBUILD installs the script, typically into /usr/bin (you could also go for an /opt path but I don't see why)
Wrong locations include /usr/local/bin and ANYTHING in /home. Never. Install. Anything. There.

Of course everybody is perfectly free to clone or just download the script into ~/bin or ~/.bin or whatever they've in their local $PATH but if you want to provide a package, it installs into the normal paths, ie. /usr/bin

mvtab · 2025-07-05 14:54:26

Alright, I did notice this mentioned in the documentations about AUR submissions but I see it's a very serious thing.
Thanks, note taken for general installations. I was just assuming ${HOME} because it's in user space and shouldn't be a problem.

Assuming that the same applies to internal script paths, what could I use then that doesn't require root privs? (/opt is normally restricted to root too, /tmp is not persistent)
I am calling makepkg under the hood and the script is not allowed to run as root with install/update at least.

I'll see how the packaging goes and update this thread with the AUR link eventually.

seth · 2025-07-05 15:16:14

makepkg builds the package, pacman installs it.
makepkg cannot run as UID0, pacman -U has to run as UID0

There's really no problem here … or do you mean where your AUR helper should build packages? (Not where to install your AUR helper)?
Ideally configurable, but typically in some tmpfs or $HOME (and then sth. like ~/.cache or ~/.local/share/aurx - there's no hard rule about this - I build in /tmp/AUR (but w/ bigger builds and little RAM that can get the user into trouble)

mvtab · 2025-07-05 15:22:17

Yup both paths (configs and build work directory) are configurable and currently defaulted to ${HOME}/.aurx/... I'll let them like this for now because I already changed these defaults one time and 3rd time would be chaotic.
Update uses /tmp as work directory and cleans up after.

I was just worrying this is not ok either
Thanks

And then if I do make a package, is it really ok to just dump the aurx bash script in for example /usr/bin? I know some rootkit hunters check specifically for scripts in bin paths and warn the user about them. Or should I compile the script to a binary? Is it worth the hassle?

Last edited by mvtab (2025-07-05 15:24:18)

seth · 2025-07-05 15:56:54

And then if I do make a package, is it really ok to just dump the aurx bash script in for example /usr/bin?

Yes.

I know some rootkit hunters check specifically for scripts in bin paths and warn the user about them.

Yes, and generally produce a humongous amount of false positives that renders them useless snake-oil.

file /usr/bin/* | grep "POSIX shell script"

mvtab · 2025-07-12 17:28:16

So, there we go: https://aur.archlinux.org/packages/aurx

Do not refrain from comments

EDIT:
I now notice someone else made an "aurx" in March this year (my GitHub repo is older), and actually had uploaded it to AUR. I did not see anything in the repo when I cloned it. Could this be a problem?

Last edited by mvtab (2025-07-12 17:47:51)

seth · 2025-07-12 19:47:21

I now notice someone else made an "aurx" in March this year (my GitHub repo is older), and actually had uploaded it to AUR.

What? Where?

mvtab · 2025-07-12 20:03:23

seth wrote:

What? Where?

https://aur.archlinux.org/cgit/aur.git/log/?h=aurx

the submitter probably orphaned the package or deleted it, I don't know. The gh repo is still there: https://github.com/carlyle-felix/aurx

Last edited by mvtab (2025-07-12 20:23:53)

seth · 2025-07-12 20:31:06

https://lists.archlinux.org/archives/li … CGJJFSFGZ/
Since it only existed for ~2 months there'll hopefully not be too many surprised users. ¯\_(ツ)_/¯

Arch Linux

#1 2025-07-05 12:10:09

Lightweight AUR helper

#2 2025-07-05 14:30:32

Re: Lightweight AUR helper

#3 2025-07-05 14:37:09

Re: Lightweight AUR helper

#4 2025-07-05 14:45:45

Re: Lightweight AUR helper

#5 2025-07-05 14:54:26

Re: Lightweight AUR helper

#6 2025-07-05 15:16:14

Re: Lightweight AUR helper

#7 2025-07-05 15:22:17

Re: Lightweight AUR helper

#8 2025-07-05 15:56:54

Re: Lightweight AUR helper

#9 2025-07-12 17:28:16

Re: Lightweight AUR helper

#10 2025-07-12 19:47:21

Re: Lightweight AUR helper

#11 2025-07-12 20:03:23

Re: Lightweight AUR helper

#12 2025-07-12 20:31:06

Re: Lightweight AUR helper

Board footer