I have a question that I should have studied before but its more urgent and confusing now with the malware.
I know in theory that EOS has two methods to download - one official Pacman and AUR is kinda on your own risk. OK. But… How can I tell where my download comes from? When its in the command line, how can I know eg when I install Office or Kitty how can I distinguish if its from pacman or AUR? (I installed these things by googling and copying commands)
Fortunately I have only installed these two things so far and then also CUPS and HPLIP for the printer.
I admit that I still havent fully understood how downloads work or how do I search for something if I dont know the exact name.
And then there are these things like themes, fonts, pictures on Github, KDE store and similar. Are these as risky as AUR? Should we avoid those too?
AUR packages require a special command line utility to be used to install them. pacman, the package manager of EndeavourOS and Arch, can install AUR packages, but it requires you to manually point the manager to a PKGBUILD file. AUR packages are, basically, scripts that pacman can execute to install a piece of software and its required dependencies.
If you want to search for a package (so program) that comes from a verifiable source, pacman -Ss <keyword_here> is the command to do so. You will get all the packages that contain that keyword in the name or description of the package. If you’re going to install something, at least try to understand the commands you’re running and what you’re installing.
Anything you download online carries a small risk of malware infection. It’s true on all OSes. Be careful from where you download things, be careful what links you go to and be careful of any instructions you receive in order to download a file or something else.
There are ways to check AUR packages that are installed, but I don’t know the exact syntax and I’m frankly too lazy to figure it out here. Basically, if you only used pacman to install things, you’re good.
everything that comes from arch/EOS will have the /extra before it. Official repos. Conversely/ AUR will the aur
yay -Ss redshift
aur/redshift-minimal 1.12-5 (+57 0.00)
Adjusts the color temperature of your screen according to your surroundings, with minimal dependencies.
extra/redshift 1.12-15 (149.0 KiB 915.0 KiB)
Adjusts the color temperature of your screen according to your surroundings.
2nd edit: if you mean physically where are the packages located, then I got no idea
if you use pacman -Syu then they are downloaded from official sources
if you mean AUR packages you will have to read the PKBUILD file and see where it list it’s source
