[FAQ] What is the AUR?

The Arch User Repository (AUR) is a collection of user-submitted package description files ( PKGBUILD files). These description files can be used to create package archive files ( .pkg.tar.zst files).

These PKGBUILD files can be used by an AUR helper (e.g. yay , aurman , Pamac) or manually built using makepkg. The resulting package archive file can then be installed in the normal way.

All content on the AUR is uploaded by ordinary users and very little checking of their content is done - it is up to you to verify the content is safe to use.

The best (most detailed and accurate) source of information about the AUR is the Arch wiki page: https://wiki.archlinux.org/index.php/Arch_User_Repository

Please read it - especially the AUR FAQ section. There’s no need to repeat it all here. :wink:


Thanks @jonathon for the great FAQ posts! :trophy:

I started to think that we should move the FAQ articles to a more ”permanent” place where people can always find them easily.


Probably a good idea, but even the fact that there are searchable titles for those questions on forum - is already a big improvement :slight_smile:

1 Like

Would you mind if we put this to EndeavourOS wiki?


A small addition: AUR has “votes” and “popularity”. These can help judge whether a package is 1) properly maintained and 2) trustworthy within the limits of the AUR system.


In addition to this excellent post, I would like to submit my advice for inspecting the PKGBUILD files:

as well as this simple little script that just opens the web browser to the package page on aur.archlinux.org, so you can view the comments before installing:

xdg-open >/dev/null 2>&1 "https://aur.archlinux.org/packages/$1/"

Save it to somewhere in the $PATH, name it, for example, aur and chmod u+x aur. When want to look at the aur webpage, just use aur package-name, for example:

aur minecraft-launcher

and it will open https://aur.archlinux.org/packages/minecraft-launcher/ in your browser, which is quite useful, in my opinion.




Yes, this is certainly easy and logical. However, how many complete newbies do you think are going to think of doing that? :smiley:

then lets write a [FAQ] for that too :wink:


Also, I’d recommend anyone thinking of interacting with the AUR to try installing a couple packages manually first before moving onto a helper like yay or what have you. Not as daunting as it first seems and it’ll give you an appreciation of what’s happening in the background. Plus, as someone who has created packages before the PKGBUILD system is far easier to get around than say creating a .deb file so if you’re thinking of creating your own, you’ll realize it’s not that hard to get up and running.

i would like to know how to install packages manually … where to find instruction on it ? thx

Arch wiki has detailed instructions on how to build packages manually from the AUR (i.e. not using an AUR helper like yay). See the link posted by the OP.


why did you said "description files (PKGBUILD files) ? isn’t those files in AUR are packages ? or raw code ? description files as you have said, is actually an instruction list on how to go about installing the raw codes right ? so that it is build into a program to be installed ? i am sweating here… confused.

To understand what PKDBUILD files are, read: https://wiki.archlinux.org/index.php/PKGBUILD


A PKGBUILD is a shell script containing the build information required by Arch Linux packages.

Packages in Arch Linux are built using the makepkg utility. When makepkg is run, it searches for a PKGBUILD file in the current directory and follows the instructions therein to either compile or otherwise acquire the files to build a package archive ( pkgname.pkg.tar.xz ). The resulting package contains binary files and installation instructions, readily installable with pacman.

Should I generally tend to build from source compared to pre-compiled binaries because we don’t know what is complied by the package maintainer?

For example, I should trust “waterfox” compared to “waterfox-current-bin”?


As @jonathon already mentioned, the best source of information is in the links he listed.

But to (try to) answer your question, it is up to you which one you decide to trust, or trust at all.
Remember that AUR software is provided by anyone who knows how to do that. There is no guarantee that a particular AUR software item is malware free. That applies to both binary and source offerings.

The user (that means: you) is responsible for checking the AUR item. Blame nobody other if things go south.

Because of that, a general recommendation is to always prefer official Arch packages over (similar) AUR packages.

Having said all that, I believe most popular AUR offerings are quite safe to use. But again, better check for yourself.