Recently I have observed a trend where many of AUR packages are pointing towards GIT instead of hosting package binaries and executable. What this means is that if we install anything from AUR, the source code is downloaded from the GIT onto the computer, based on the version given in AUR, it is then complied on the computer and then it is installed. The issue is that this laborious and time consuming. Previously where udpates used to take a few minutes now take tens of minutes while compilation happens. This is similar to how Gentoo operates.
Typically well know packages that do this are linux lts kernel 6.12, 6.6, Octopi, etc. Previous that was not the case.
So my queries to folks in the know about this and have noticed this.
Why is this occurring?
Is it because Arch is cutting down on server infra due to cost constraints? Or is it because of some other reason?
Is it because an attempt was made a few months ago to infiltrate Arch systems by certain East Asian nations with corrupted chrome and other applications so to prevent this from occurring a shift to GIT was made?
This thread is because of an issue that I faced earlier in installing packages from AUR.
Well, I’m using the chaotic-aur just fine. I have never used the others (and would caution against Manjaro) so can’t comment on them. I know others here use some of them though.
Sorry I just don’t know what to say as this just seems dumb to me (I am not calling you that just what you are doing). You can hold back packages or compile yourself, why rely on a random aur package for something ;ike this? (I could be missing something sorry not trying to offend just cant figure out why)
A -bin package is viable, when the developer / official website supplies it.
The issue otherwise, is I could compile the package, inserting my own malicious code, host it on my own server or just GitHub, and the user would be none the wiser. You should treat binaries from non-official or un-trusted sources with a pretty high degree of scrutiny, if you don’t outright rule them out entirely.
In terms of resources for the AUR, it makes no difference if it’s a -bin or non-bin package. The files stored on the AUR are just recipes, PKBUILD files and sometimes some patches or desktop files and such, not binary files.
So with respect to the packages you’re referring to that don’t have a -bin version, you might check the developer’s sites, and see if a binary file is provided.
Add any extra repos you have including Cachy, Manjaro, Chaotic,etc… at the end of your repos after the ones your distro provided on install in Pacman.conf. like this.
[garuda]
Include = /etc/pacman.d/chaotic-mirrorlist
[core]
Include = /etc/pacman.d/mirrorlist
[extra]
Include = /etc/pacman.d/mirrorlist
[multilib]
Include = /etc/pacman.d/mirrorlist
[chaotic-aur]
Include = /etc/pacman.d/chaotic-mirrorlist
[herecura]
Server = https://repo.herecura.eu/$repo/$arch
[proaudio]
Server = https://arch.osamc.de/$repo/$arch
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs
[cachyos-znver4]
Include = /etc/pacman.d/cachyos-v4-mirrorlist
[cachyos-core-znver4]
Include = /etc/pacman.d/cachyos-v4-mirrorlist
[cachyos-extra-znver4]
Include = /etc/pacman.d/cachyos-v4-mirrorlist
[cachyos]
Include = /etc/pacman.d/cachyos-mirrorlist
[nemesis_repo]
SigLevel = Never
Server = https://erikdubois.github.io/$repo/$arch
Linux Kernel Hardened is available in Git which has both Linux Kernel LTS 6.12/6.6. I believe that it is available in binary format and not in source code or git-bin format. Only the latest LTS, i.e. 6.18.x hardened is available though in Arch AUR and not hardened LTS 6.12/6.6/6.1. Are there no such equivalent repos for non-hardened LTS kernels? The current ones in AUR are all -bin type.
One of the benefits of sticking to LTS is that as the computer hardware ages, there is no extra overhang in terms of new features and new hardware support. Once a Linux Kernel is installed only security fixes are required. Off course if a new kernel scheduler is introduced or a new LSM like AppArmor/SELinux/etc is introduced or new Linux Kernel features are introduced one misses out on those. Those are few. But I digress.
How do you manage to avoid the overlap of repos. For example I am sure libreoffice/firefox/vivaldi/etc are also hosted in the CachyOS/Manjaro/Chaotic repos. And when they are installed or updated it might lead to issues.
Forgive me @Archie1, I’m struggling to follow you here, but here’s what I’ve noted of the things you mentioned.
The official Arch Extra repository has the pre-compiled linux-hardened kernel, but as I think you noted, that’s not an LTS version.
The AUR has linux-hardened-lts version 6.18.17 (at the time of writing this). That’s a non-bin package, so it’ll require compiling, and at a glance, that seems to be normal for the AUR linux kernel packages.
The release files in the upstream repository ( anthraxx/linux-hardened ), contain no binaries I can see, it’s all un-compiled source.
If you want a pre-compiled kernel, I suspect your best bet, is to select one from the official Arch repo, or attempt one of those other repositories as some have suggested (can’t vouch for that myself though).
Not for those three. The CachyOS and Manjaro repos contain each distros own specialised packages (some of which are made available in the AUR).
The Chaotic repo contains builds of many AUR packages, but nothing from the Arch repos. For avoiding any potential conflicts, the Chaotic repo should be placed after the Arch repos in /etc/pacman.conf and the CachyOS/Manjaro repos placed above the Arch repos. The repo is placed above the Arch repos in /etc/pacman.conf.
repo is placed above the Arch repos in