Skip to main content
Topic: What repos? Still missing some packages... (Read 378 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

What repos? Still missing some packages...


- pan newsreader
- nedit
- gftp
- google-earth-pro
- seamonkey
- otter
- brave-browser
- sylpheed

I must be missing some repo(s); cleaned up, /etc/pacman.conf looks like this:
 
Code: [Select]
[system]
Include = /etc/pacman.d/mirrorlist

[world]
Include = /etc/pacman.d/mirrorlist

[galaxy]
Include = /etc/pacman.d/mirrorlist

######### user added lines ##################################
# as per https://wiki.artixlinux.org/Main/Repositories
[universe]
Server = https://universe.artixlinux.org/$arch
Server = https://mirror1.artixlinux.org/universe/$arch
Server = https://mirror.pascalpuffke.de/artix-universe/$arch
Server = https://artixlinux.qontinuum.space:4443/universe/os/$arch
Server = https://mirror.alphvino.com/artix-universe/$arch

#_______________________________________________________
# as per https://dev.to/nabbisen/artix-linux-add-arch-linux-repos-extra-community-35ab
Server = https://mirror1.cl.netactuate.com/artix/universe/$arch
Server = https://ftp.crifo.org/artix-universe/$arch
Server = https://artix.sakamoto.pl/universe/$arch

[extra]
Include = /etc/pacman.d/mirrorlist-arch

[community]
Include = /etc/pacman.d/mirrorlist-arch
#############################################################


Who, has loved us more?

Re: What repos? Still missing some packages...

Reply #1
- pan newsreader > aur
- nedit > aur
- gftp > aur, chaotic-aur
- google-earth-pro > aur, chaotic-aur
- seamonkey > aur
- otter > aur, chaotic-aur
- brave-browser > aur, chaotic-aur
- sylpheed > caur, haotic-aur

Re: What repos? Still missing some packages...

Reply #2
- pan newsreader > aur
- nedit > aur
- gftp > aur, chaotic-aur
- google-earth-pro > aur, chaotic-aur
- seamonkey > aur
- otter > aur, chaotic-aur
- brave-browser > aur, chaotic-aur
- sylpheed > caur, haotic-aur

Thank you. This kind of raises the bar:

"Warning: Any unofficial repository (Including arch repositories and AUR) is not supported by Artix Linux. Use them at your own risk. Packages in these repository get update at a different rate than the official repositories and may break your system. If you have any problem with your system after installing packages from these repositories, you will have to solve it yourself. If you need help, you can ask in the forum, but don't demand any help from the developers."

I need these packages to make meaningful use of my computer but enabling AUR (Arch Users Repo?) I have to cast my systems' fate to the wind. Hmmmm, not very inviting. With this warning I would have no choice but to keep an image of my updated Artix installation without AUR packages (to backlevel to in case the fan starts rattling and smelling bad) and another one of the last operational partition with AUR packages; desktop and laptop that's 4 isos.

I'm OK with giving it a try awaiting hopefully not too distant inclusion of these in the Artix repos, in light of multiple guidance fragments about HOW to do this I'd be looking for the simplest yet inclusive procedure.

How about this, is this all that's needed to enable AUR repos?
Code: [Select]
All Arch repositories are disabled by default. To enable them install artix-archlinux-support
 

Is editing into /etc/pacman.conf also required?
Code: [Select]
Your enabled repos in /etc/pacman.conf can, for example, look like this: 
...
# Arch
 [extra]
 Include = /etc/pacman.d/mirrorlist-arch


Is this not done automatically, do I have to do it periodically if I want correct AUR lists?
Code: [Select]
If you need or want a more recent mirrolist, you can get a more up to date version on their github.

 wget https://github.com/archlinux/svntogit-packages/raw/packages/pacman-mirrorlist/trunk/mirrorlist -O /etc/pacman.d/mirrorlist-arch

Sorry if I sound paranoid, I actually am because that's where security BEGINS. Nor do I have much faith in keyrings for the simple reason that if the word trust figures in your terminology then the only thing that is certain is that your dictionary is NOT a security dictionary.
 
Who, has loved us more?

Re: What repos? Still missing some packages...

Reply #3
The Aur is only really as dangerous as the PKGBUILD's from the packages you install from it.
If you care about security you have to review the PKGBUILD before you build the package AND each time you update it.

But to review the PKGBUILD you need to be able to to read it and fully understand what it is is doing.
Based on your other questions you are not capable of doing this atm but you could probably learn.

So the honest answer is no you should not use the AUR if security is paramount.

What you should do is find alternatives to the programs you list which are available in the Artix repo's or at least the Arch repo's. Other than google-earth-pro I can't see that being too difficult.

Of course plenty of people use the AUR without ever reviewing the PKGBUILD's, or being capable of doing so, without ever having any actual issue with security. But it's not a good idea if security is your top priority.

Re: What repos? Still missing some packages...

Reply #4
You don't have to "enable" the AUR, but you do need to do a few things and read up on it a little:
https://wiki.archlinux.org/title/Arch_User_Repository
You'll only need the Arch repos if there is some dependency for one of your packages that can't be found in the Artix repos. An AUR helper will make things simple but it's best to first become familiar with manual installation using makepkg so you understand the process. If you install an AUR helper later that's fine, it shouldl still update the packages you installed using makepkg, or even another AUR helper, if you wanted to try a few of them.

 

Re: What repos? Still missing some packages...

Reply #5
Well I've maneged to conFuse myself again by thinking that AUR was just another package repo, it seems like more of a source and packaging shop whereas just archwhatever would be the arch repo for packages not in Artix repos. I used to compile from source without problems when it was still a simple matter of configure, make and make-install but there are few of those left.  I certainly would not be able to fish malicious code out of build scripts!

BUT, I had these extra packages up and running on my original Artix system without ever having built a package myself. So I'm not sure what has changed or what the workaround might be. One of many reasons I use Sylpheed for example (beyond the option of plain eml files) is that I can point all the involved Sylpheed links in all distro system homes to a single remote folder and this just runs like clockwork with Sylpheed but few other mailers.

As for security I am a fan of it but mostly academically, I know full well that anyone connected today is providing a STREAMING COLONOSCOPY to the snooping scum of the earth like it or not, the only question being which ones exactly. My answer to that is to simply keep sensitive and open data off he computer. I do employ some rudimentay principles like no identifiable user names and two-yard passwords but really don't believe in keyrings, kwallets or clouds, three of the stupidest security non-features I have ever come across :-)

Addendum:
=========
I just found my 2021 post "pacman repos for some other programs?"  Seems I did manage to install many if not all of them back then.






Who, has loved us more?