AUR in Arch Linux is one of the most powerful features not available in any other Linux distributions. Earlier, when I published an article on how to install Arch Linux, many of you guys expressed your difficulties in finding packages. You say that Ubuntu's repositories have more than 60 thousand packages. On the other hand, Arch Linux has merely 12 thousand packages. AUR tries to fill this gap. Now, total packages in Arch Linux go beyond 90 thousand and it is constantly rising.
Before you begin make sure that you know how to use pacman - the package manager in Arch Linux. Learn about pacman here.
What is AUR (Arch User Repository)?
AUR is a little bit like PPAs. Using AUR you can install packages such as Google-Chrome, Spotify, Polybar, and Snap not available in the official repositories (Core, Extra, Community, Multilib repositories).
Instead of containing the package itself, AUR contains Package Build Files called PKGBUILDs
. These PKGBUILDs are nothing but small text files. They consist of directions on how to install the package - source
links, shasum/md5sum/sha256sum
, package dependencies, and other directions:
-
The
source
links are the URLs for your package's source code. They point to the original package developers' site. For example, in google-chrome's PKGBUILD, it points to https://dl.google.com/*, in polybar's PKGBUILD, it points to https://github.com/polybar/polybar/* -
The
shasum/md5sum/sha256sum
is used to make sure that the package downloaded on your computer matches with the package available on thesource
URLs.
Are packages from AUR in Arch Linux safe to use?
AUR packages are unofficial packages. Therefore, they are not fully vetted for security. However, they are still safe to use because:
-
Certain Arch Linux Administrators called
Trusted Users
periodically check these packages. -
makepkg
and AUR helpers internally use Pacman to install AUR packages. And Pacman never allows any package to replace/modify other packages' files. That is why AUR is better than PPAs.
At the same time, on your part, you also need to follow certain precautions:
-
Stick with the popular packages.
-
Search for your package in the AUR. Analyse all the information related to the package.
-
Focus on
Votes
,Popularity
,Comments
,Flagged Out of Date
, etc. for your package. For example, as of 10 Jan 2022, Google-Chrome has 2115 votes but the Brave browser has just 126 votes. -
Most important of all, make sure that the package is downloaded directly from the original package developer unmodified. For this, Read
PKGBUILDs
and/or*.install
files and match the source link and shasum/md5sum/sha256sum with their official values. If the official site does not provide the shasum or anything similar. Just download the package from the original developer's site and use the following command(s) to find it:
~$ sha256sum <your-downloaded-package>
~$ shasum <your-downloaded-package>
~$ sha1sum <your-downloaded-package>
~$ md5sum <your-downloaded-package>
If it is too much for you, just match the source
link, and use the AUR helpers like Yay to automate the above process. You would hardly be needing more than 10 AUR packages.
How to install packages from AUR in Arch Linux?
You can install AUR packages manually or using the AUR helpers. In both cases, first, install the dependencies:
~$ sudo pacman -S git base-devel
Now, I will try to explain using the example of Google-Chrome.
Installation of AUR packages (ex - Google-Chrome and Spotify) manually
Step 1: First, search for your package google-chrome
in AUR and copy the Git Clone URL
. Now, download the PKGBUILD file using the command:
~$ git clone https://aur.archlinux.org/google-chrome.git
Step 2: Now, enter into the new directory called google-chrome
using the cd command:
~$ cd google-chrome
Step 3: In this directory, you can find the PKGBUILD file. Read the file and make sure that source
and/or sha512sum is good. Now, install google-chrome using the makepkg
command:
~/google-chrome$ makepkg --syncdeps --install
Here, makepkg
is just a bash script. It reads the PKGBUILD, downloads the package using the given source
link, verifies it using the given sha512sum
, and then builds (compiles) it. The flag --syncdeps
causes pacman
to download and install the needed dependencies from the official repositories. Now, the package is built and ready to be installed. The flag --install
causes the pacman
to install the built package.
πNote 1: Similarly, to install Spotify, run the following commands:
~$ git clone https://aur.archlinux.org/spotify.git
~$ cd spotify
~/spotify$ makepkg --syncdeps --install
πNote 2: To uninstall any AUR package, just use the pacman
:
~$ sudo pacman -Rsun <your-package>
Installation of AUR packages using AUR helpers
AUR helpers, as the name suggests, help you in using AUR packages. Examples - Yay, Yaourt (dead), Pacaur, etc. They help in the following ways:
-
Search AUR packages.
-
Reading PKGBUILDs: Each time you install/update any package, many of them show you the PKGBUILDs.
-
Many of them tell you whether the package is out of date or not.
-
Many of them install AUR packages just like you install official packages. For ex,
yay -S google-chrome
will install google-chrome. -
Many AUR helpers integrate very well with pacman. For ex,
yay -Syu --combinedupgrade
will upgrade both AUR and Official packages.
In the next paras, I will be talking about an AUR Helper called Yay
in detail.
Installation of AUR helper Yay
Yay helper is one of the best AUR helpers. It uses all of the pacman flags like -S
, -Syu
, -Slq
, etc. in the same way. At the same time, It also has its own flags which are described below. It also reads the configuration file /etc/pacman.conf
. So all settings configured in this file are inherited by the yay as well.
Manjaro
To install yay in Manjaro, use the command:
~$ sudo pacman -S yay
Arch Linux and remaining Arch Linux based distributions
To install yay in Archlinux and other distributions based on it, follow the exact method you used in the installation of google-chrome
and spotify
mentioned above:
~$ git clone https://aur.archlinux.org/yay.git
~$ cd yay
~/yay$ makepkg --syncdeps --install
Search and install packages (ex - Google-Chrome and Spotify) using Yay
Follow these steps to install packages using yay.
Step 1: search for the package
You can search for any package even those from the official repositories. If a package's official repository version exists, yay will tell that. For google-chrome,
~$ yay google-chrome
will search for the string google-chrome
:
...
...
...
2 aur/google-chrome-dev 101.0.4929.5-1 (+645 2.85)
The popular and trusted web browser by Google (Dev Channel)
1 aur/google-chrome 99.0.4844.51-1 (+2115 22.01) (Installed)
The popular and trusted web browser by Google (Stable Channel)
==> Packages to install (eg: 1 2 3, 1-3 or ^4)
==>
Step 2: choose the package
Now, choose one of the numbers shown at the start of each package:
...
==> Packages to install (eg: 1 2 3, 1-3 or ^4)
==> 1
After choosing the 1st package you will get the following output:
...
[Aur:1] google-chrome-99.0.4844.51-1
...
Here,
[Aur:1] means 1 package from the AUR. With other AUR packages such as Anki, you might also get something like [Repo:28], [Repo Make:46], and [Aur Make:1]
. Their meanings are:
[Repo:28] means 28 dependencies from the official repositories.
[Repo Make:46] means 46 make dependencies from the official repositories. These make dependencies are used only once and that is for building the app. Later Yay gives you options to remove them after the building process is over.
[Aur Make:1] means 1 make dependency from the AUR, again only for building the app and Yay asks you to remove them later.
Step 3: decide whether to clean build or not
If you are installing the package for the first time, yay will not ask this question. Otherwise, yay will ask you "Packages to cleanBuild?
". This means whether you want to install the package completely fresh or not. Ans A
for Yes:
==> Packages to cleanBuild?
==> [N]one [A]ll [Ab]ort [I]nstalled [No]tInstalled or (1 2 3, 1-3, ^4)
==> A
As you can see from the following output, choosing A
deletes the old caches ~/.cache/yay/aur-package
directory recursively and then downloads new.
:: Deleting (1/1): /home/ajay/.cache/yay/google-chrome
:: (1/1) Downloaded PKGBUILD: google-chrome
Step 4: check the PKGBUILD file and install the package
Now, yay will ask you to show the Diffs
. It is the difference between the new and old PKGBUILDs. If you are installing the package for the first time or completely fresh, it will be the whole PKGBUILD. On the second and third times, you will see only the changed part. Always say yes i.e. A
.
==> Diffs to show?
==> [N]one [A]ll [Ab]ort [I]nstalled [No]tInstalled or (1 2 3, 1-3, ^4)
==> A
Now, Verify the source
and shasum
in PKGBUILDs as foretold. Now, follow your intuition and you are done.
πNote 1: Similarly, to install Spotify using yay, just search for it using yay spotify
and then select no. 3
for aur/spotify
(as of 11 March 2022), then cleanbuild -> see the diffs -> allow the installation by pressing y
.
π Note 2: You can also couple fzf
with yay to automate the AUR even further using the following command:
yay -Slq | fzf --preview-window=80% --preview 'cat <(yay -Si {1}) <(yay --getpkgbuild --print {1})' | xargs --no-run-if-empty --open-tty yay -S
Now, You can scroll up and down in the preview window to see the PKGBUILDs or hit enter on the chosen package to install that. One more thing to note is that the above fzf list includes "official packages" as well π.
Upgrade AUR and official Arch packages together by just yay
To upgrade all packages together, use the command:
~$ yay -Syu --combinedupgrade --devel
Here, because of yay's flag --combinedupgrade
, you will see a combined list of official and AUR packages that will beΒ upgraded instead of just the official ones. Then yay will show you only the difference between the new PKGBUILDs and old PKGBUILDs. After reviewing the PKGBUILDs, the upgrade will start.
And, the flag --devel
tells yay to upgrade the developmental packages such as *-git
as well.
Output (after removing unimportant lines):
core is up to date
extra is up to date
community is up to date
multilib is up to date
:: Searching databases for updates...
:: Searching AUR for updates...
:: Checking development packages...
-> Flagged Out Of Date AUR Packages: python-stringcase
:: 78 Packages to upgrade.
78 core/ca-certificates-mozilla 3.75-1 -> 3.76-1
77 core/curl 7.81.0-2 -> 7.81.0-3
76 core/dbus 1.12.20-1 -> 1.14.0-1
...
...
38 community/bat 0.19.0-2 -> 0.20.0-1
37 community/dunst 1.8.0-1 -> 1.8.1-1
...
...
...
1 aur/google-chrome 98.0.4758.102-1 -> 99.0.4844.51-1
==> Packages to exclude: (eg: "1 2 3", "1-3", "^4" or repo name)
==>
Just hit Enter key to update all packages, or enter some number as suggested in the output to exclude corresponding packages.
πNote: If you recall, I had installed yay manually. Because of this manual method, the list in the --combined upgrade
will not include yay itself. To include it, I recommend you "reinstall" yay using the yay itself. It will replace the existing yay binaries. At the same time, it will also create a directory ~/.cache/yay/yay
. So, now yay will be able to compare its old and new versions and include itself in the combined list.
Color and other configurations in yay using pacman.conf
yay reads pacman's configuration file /etc/pacman.conf
. To get colored yay output on your terminal (TTY), uncomment/include the color
line in the [options]
segment:
[options]
β¦
Color
β¦
Other useful options
are:
-
VerbosePkgLists
- columnwise output of name, size, and version as you can see in the following figure. -
CheckSpace
- pacman checks if your storage device has enough space before the installation. -
ParallelDownloads = 5
means 5 packages are downloaded at once instead of the default 1 package.
Conclusion
Thanks for reading this article. If you find any inadvertent errors or you have any confusion please let me know using the comment section given below.