Arch Linux

flower

Member

Registered: 2018-07-07

Posts: 17

why no supported dependency manager for AUR?

hi,

i usually try to keep a clean system with as less as possible out-of-tree packages.

but sometimes i need a package from the AUR (eg monitorix, tor-browser-en and some some php modules).

i am not sure about the available aur-tools (i tried pacaur and aurman and prefer the latter). but i am afraid to use a package manager which is not official.

so this means the following:
- manual dependency management. this is annoying for packages which depends on other packages from the AUR (others work with makepkg -si)
- manual updates

so, what is the reason there is no official and supported tool for AUR?
i think its quite dangerous to use inofficial tools with that much power.

progandy

Member

Registered: 2012-05-17

Posts: 5,261

Re: why no supported dependency manager for AUR?

It is not any more dangerous than using PKGBUILDs from the AUR. They have exactly the same amount of power, namely full access as the user running it including creating and modifying packages that you will then install with root permissions.

---

| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

flower

Member

Registered: 2018-07-07

Posts: 17

Re: why no supported dependency manager for AUR?

It is not any more dangerous than using PKGBUILDs from the AUR. They have exactly the same amount of power, namely full access as the user running it including creating and modifying packages that you will then install with root permissions.

yes, that's true.
but they decide which dependencies to include. how to build and install them.

i would just *feel* better if such a basic and important task is handled by official tools.

mrunion

Member

From: Jonesborough, TN

Registered: 2007-01-26

Posts: 1,938

Website

Re: why no supported dependency manager for AUR?

makepkg is the official tool. If you want to use the AUR you either manually install all dependencies separately or use a helper that is at least recommended.

---

Matt

"It is very difficult to educate the educated."

loqs

Member

Registered: 2014-03-06

Posts: 18,044

Re: why no supported dependency manager for AUR?

but they decide which dependencies to include. how to build and install them.

The PKGBUILD controls the dependencies which you are expected to check for correctness.  You are expected to build the dependencies so you would control how they are built.
You are expected to install the dependencies so you control that as well.
Edit:
grammar to not is

Last edited by loqs (2018-07-13 17:32:26)

flower

Member

Registered: 2018-07-07

Posts: 17

Re: why no supported dependency manager for AUR?

but they decide which dependencies to include. how to build and install them.

The PKGBUILD controls the dependencies which you are expected to check for correctness.  You are expected to build the dependencies so you would control how they are built.
You are expected to install the dependencies so you control that as well.
Edit:
grammar to not is

well true. but with that logic i can just go LFS.
i use a package manager because i dont want to do manual dependency management.
checking is ok (and imho mandatory for something like AUR), but cloning any dep and build it (recursivly) is to much (at least for some packages)

loqs

Member

Registered: 2014-03-06

Posts: 18,044

Re: why no supported dependency manager for AUR?

If the tool is not stopping after each clone and letting you check the PKGBUILD before cloning the first dependency of that PKGBUILD or
before building that dependency then you would only have checked the PKGBUILD of your target package.

Alad

Wiki Admin/IRC Op

From: Bagelstan

Registered: 2014-05-04

Posts: 2,418

Website

Re: why no supported dependency manager for AUR?

namely full access as the user running it including creating and modifying packages that you will then install with root permissions.

Assuming you don't use sudo or makepkg -s.

If the tool is not stopping after each clone and letting you check the PKGBUILD before cloning the first dependency of that PKGBUILD or
before building that dependency then you would only have checked the PKGBUILD of your target package.

Why would it have to stop after each clone? Clone does not involve code execution, so you can just view all PKGBUILDs, .install files, etc. after retrieving them.

use a helper that is at least recommended.

Which doesn't exist. (inb4 wiki table, which "recommends" pacman wrappers: these are actively harmful both in removing the distinction between AUR and repos, and claiming to be pacman while doing arbitrary weird things).

---

Mods are just community members who have the occasionally necessary option to move threads around and edit posts. -- Trilby

loqs

Member

Registered: 2014-03-06

Posts: 18,044

Re: why no supported dependency manager for AUR?

Why would it have to stop after each clone? Clone does not involve code execution, so you can just view all PKGBUILDs, .install files, etc. after retrieving them.

So that the PKGBUILD post editing is used for dependency evaluation.

Alad

Wiki Admin/IRC Op

From: Bagelstan

Registered: 2014-05-04

Posts: 2,418

Website

Re: why no supported dependency manager for AUR?

So that the PKGBUILD post editing is used for dependency evaluation.

That's how yaourt does it, since 2008. Anyone else uses the RPC for dependency resolution since it's a far more robust approach and doesn't require endless prompting during the build process.

Last edited by Alad (2018-07-13 18:30:38)

---

Mods are just community members who have the occasionally necessary option to move threads around and edit posts. -- Trilby

flower

Member

Registered: 2018-07-07

Posts: 17

Re: why no supported dependency manager for AUR?

Which doesn't exist. (inb4 wiki table, which "recommends" pacman wrappers: these are actively harmful both in removing the distinction between AUR and repos, and claiming to be pacman while doing arbitrary weird things).

i guess this is the reason why there is no official aur-helper (my original question)?
i dont really like it, but i can understand that reasoning

loqs

Member

Registered: 2014-03-06

Posts: 18,044

Re: why no supported dependency manager for AUR?

That's how yaourt does it, since 2008. Anyone else uses the RPC for dependency resolution since it's a far more robust approach and doesn't require endless prompting during the build process.

How does that handle dependency change due to a PKGBUILD edit?

Alad

Wiki Admin/IRC Op

From: Bagelstan

Registered: 2014-05-04

Posts: 2,418

Website

Re: why no supported dependency manager for AUR?

How does that handle dependency change due to a PKGBUILD edit?

Why would it? If you want different dependencies, it's easy to keep a local fork or propose it to the maintainer. With everyone using git nowadays, you could even use git merge/rebase.

i guess this is the reason why there is no official aur-helper (my original question)?
i dont really like it, but i can understand that reasoning

No, because helpers which don't wrap pacman aren't official either. (well, cower was for one day!)

The reason, as linked on the top of the AUR helper wiki article:

https://bbs.archlinux.org/viewtopic.php … 10#p828310

edit: fixed link

Last edited by Alad (2018-07-13 18:42:13)

---

Mods are just community members who have the occasionally necessary option to move threads around and edit posts. -- Trilby

Trilby

Inspector Parrot

Registered: 2011-11-29

Posts: 30,330

Website

Re: why no supported dependency manager for AUR?

Most of what needs to be done to manage aur packages (beyond what git and makepkg already do) is fairly simple so that several of the tools that are written to help automate these tasks are themselves quite simple.  It should be trivially easy to read through and understand all the code of any aur tool you use; if it is not trivial to do so, I'd posit that you probably shouldn't use it anyways.

I use a 167 line python script (of which ~55 lines are just imports and customizable format strings for displaying output) that can search, check for updates, recursively download and sort dependencies into a list of the order in which they should be built, and has a handful of possible display/output formats.

Even at 167 lines, I periodically review the code and think it's a bit bloated for my tastes.

If you can review the code and understand what an aur tool is doing for you, then you should have no concerns about using it.

---

"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Lone_Wolf

Administrator

From: Netherlands, Europe

Registered: 2005-10-04

Posts: 12,926

Re: why no supported dependency manager for AUR?

There's a great alternative for aur helpers : put aur packages you built in your own custom local repository and add that repo to the bottom of your /etc/pacman.conf .

Mine currently holds 62 packages.

---

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

clean chroot building not flexible enough ?
Try clean chroot manager by graysky

flower

Member

Registered: 2018-07-07

Posts: 17

Re: why no supported dependency manager for AUR?

There's a great alternative for aur helpers : put aur packages you built in your own custom local repository and add that repo to the bottom of your /etc/pacman.conf .

Mine currently holds 62 packages.

thank you!

that sounds like a good solution and reminds me of gentoo overlays (which i am more used to). will look into it!

Alad

Wiki Admin/IRC Op

From: Bagelstan

Registered: 2014-05-04

Posts: 2,418

Website

Re: why no supported dependency manager for AUR?

There's a great alternative for aur helpers

What? It's an addition, not an alternative. A local repo alone won't solve AUR dependencies or retrieve new versions to be built.

Last edited by Alad (2018-07-14 17:05:29)

---

Mods are just community members who have the occasionally necessary option to move threads around and edit posts. -- Trilby

flower

Member

Registered: 2018-07-07

Posts: 17

Re: why no supported dependency manager for AUR?

There's a great alternative for aur helpers

What? It's an addition, not an alternative. A local repo alone won't solve AUR dependencies or retrieve new versions to be built.

that's true, but it is a way for me to keep package generation disctinct from my server which helps me a lot.

btw my original question wasn't meant as a complain for dependency management. i just wanted to understand the reason why there is nothing official and supported.

Alad

Wiki Admin/IRC Op

From: Bagelstan

Registered: 2014-05-04

Posts: 2,418

Website

Re: why no supported dependency manager for AUR?

that's true, but it is a way for me to keep package generation disctinct from my server which helps me a lot.

In that case, you might take a look at aurutils - after 2 years, it remains the only helper centered around local repos.

i just wanted to understand the reason why there is nothing official and supported.

Well, the helpers are supported by their respective authors (those that are still active anyway). Just don't file bugs on bugs.archlinux.org when something breaks using them.

Last edited by Alad (2018-07-14 17:35:36)

---

Mods are just community members who have the occasionally necessary option to move threads around and edit posts. -- Trilby

x33a

Forum Fellow

Registered: 2009-08-15

Posts: 4,587

Re: why no supported dependency manager for AUR?

Moving thread to "Arch Discussion".