AnotherAURHelper/README.md

# Another AUR Helper (incomplete)

AUR is the Arch User Repository, where anyone can upload a PKGBUILD and
supplementary sources to allow others to build their own packages for use in the
Arch Linux distribution.

I made an incomplete AUR Helper in Python, and decided to put it in a public
repository. It's messy, and it requires a significant amount of set-up, but it
works for me. It always builds in a CHROOT, and it lets the user check the
PKGBUILD (by default) prior to building. There is no automatic dependency
management. That must be done in the config. An example config is provided.

# Things to know before using the helper

Sometimes if a package prompts a user to select between alternate package
dependencies, makechrootpkg will fail to select one by default (it will
constantly output "y" to stdin when a selection requires an integer). This
means you will need to check the logs as it is building a package to make sure
this kind of soft-lock doesn't happen. Use `tail -f LOG_FILE` for example. If
such a soft-lock happens, Ctrl-C the helper, and explicitly set a dependency in
the TOML config file in a "other\_deps" array for the package like so:

    [[entry]]
    name = "sway-git"
    aur_deps = [
        "wlroots-git",
        "swaybg-git"
    ]
    other_deps = [
        "mesa"
    ]

# Setting up the AUR Helper

The AUR Helper requires several things:

  - A CHROOT to build in.
  - A "checking GNUPG" directory that contains the GPG public keys that will be
    checked when building the PKGBUILD.
  - A "singing GNUPG" directory that contains the GPG private key that will sign
    the built packages and repository database.
  - SUDO privileges to be able to use `makechrootpkg`.
  - `/etc/pacman.conf` must be configured to use the custom repository's
    packages if `pacman -U` will not be used.

## Dependencies

The `devtools` package is required.

The `python-packaging` and `python-toml` packages are required for the Python
script to run.

## Create the CHROOT

Use `/usr/bin/mkarchroot` to create your CHROOT in a directory.

    mkarchroot $HOME/mychroot/root base base-devel ccache sccache cmake ninja

You must refer to the CHROOT as `$HOME/mychroot` if you used the same name as in
the previous example.

## Set up the GNUPG dirs

### Checking GNUPG

Just create the directory anywhere, and store it in the `config.toml`. You must
manually add public keys to it if a package requires checking source files with
GNUPG.

    GNUPGHOME=$HOME/myCheckingGNUPGDir gpg --recv-keys A_DEV_KEYS_FINGERPRINT

Note that gpg may not automatically create the GNUPGHOME directory.

### Signing GNUPG

You will need to set up a GPG public/private key pair. GNUPG always respects
the `GNUPGHOME` environment variable as the `.gnupg` dir, so set the variable
first, create the directory, then set up your keys. The keys will be used to
sign the packages you build and the custom repository that stores the package
metadata.

Set the `signing_gpg_key_fp` variable in the config to the output fingerprint
from of:

    GNUPGHOME=mySigningGNUPGDir gpg --fingerprint

Note that you must remove the spaces between each part of the fingerprint, like
in the example config.

Keep note of the password you store for this GNUPG key, as you will enter it
every time you use the Python script.

## Set up the config dir

See the `example_config.toml` for more configuration. It should be commented
enough for figuring out how to use it.

# Setting up the Repository

Create a directory for where you will store built packages and the repository.

The name of the repo must be similar to the `repo` specified in the config.

For example, if your repo's name is `MyAURRepo`, then `repo` should be set to
`.../MyAURRepo.db.tar`.

You must also create symlinks such that `MyAURRepo.db` points to
`MyAURRepo.db.tar` and `MyAURRepo.files` points to `MyAURRepo.files.tar`.

The Python script should automatically make a relative (not absolute) symlink to
`MyAURRepo.db.tar.sig` with the name `MyAURRepo.db.sig` after signing (which
should happen after each package is built and signed). Note the name doesn't
have to be `MyAURRepo`, but is based on the `repo` variable set in the config.

To use the repository, you can add an entry to your `/etc/pacman.conf` with the
following:

    [MyAURRepo]
    SigLevel = Required TrustAll
    Include = file:///home/MyAURRepoDirectory

Note that `SigLevel` is set expecting the `MyAURRepo.db` file to be signed (the
Python script usually signs the `.db` file after a package has been successfully
built).

# Making your system trust the new Repository

Export the public key from your `signingGPGDirectory`.

    GNUPGHOME=mySigningGNUPGDir gpg --export MySigningKeyName > $HOME/MySigningKey.pub

Use `pacman-key` to add and trust it.

    sudo pacman-key -a $HOME/MySigningKey.pub

First check that the name is unique:

    sudo pacman-key --finger MySigningKeyName

Then trust it:

    sudo pacman-key --lsign-key MySigningKeyName

After these steps, `pacman` should now trust the packages and repository signed
by the GPG key you set up.

# Using the AUR Helper

Typically, you will invoke:

    ./update.py --config my_config.toml

If you want to build in the CHROOT without updating the CHROOT, add the
`--no-update` flag.

If you want to check only specific packages in the list of packages in the
config use something like `-p <package-name>`. You can use `-p <package_name>`
multiple times if you want to check a handful of packages only.

If you want to not skip a package marked with `skip_branch_up_to_date` in the
config, then use `--no-skip <package-name>`, and the script will act as if
`skip_branch_up_to_date` was not specified for the named package.

When building, the script will not directly output to the terminal it is run in,
but rather appends to log files in the log directory specified in the config. To
see the output while building, you can use something like:

    tail -f $MY_LOG_DIR/google-chrome_stdout_2022-06-02_05-27-49_UTC

It may be helpful to periodically clear out the logs directory in between
invocations of the AUR Helper script.

It is recommended to use the script with a prepared config.

# Other Notes

By default, `makechrootpkg` does not verify integrity of files in the PKGBUILD.
Use the `makechrootpkg_noskipinteg.hook` to modify the `makechrootpkg` script to
not skip integrity checks.

The hook must be placed in `/etc/pacman.d/hooks/`.

Note that the hook only takes effect when `devtools` is updated. If you want to
activate the hook immediately, you can reinstall `devtools` with
`pacman -S devtools`.
Add AUR helper script, README, conf, and LICENSE 2022-06-02 06:02:07 +00:00			`# Another AUR Helper (incomplete)`

			`AUR is the Arch User Repository, where anyone can upload a PKGBUILD and`
			`supplementary sources to allow others to build their own packages for use in the`
			`Arch Linux distribution.`

			`I made an incomplete AUR Helper in Python, and decided to put it in a public`
			`repository. It's messy, and it requires a significant amount of set-up, but it`
			`works for me. It always builds in a CHROOT, and it lets the user check the`
			`PKGBUILD (by default) prior to building. There is no automatic dependency`
			`management. That must be done in the config. An example config is provided.`

Add note in README about possible soft-lock 2022-10-16 10:40:37 +00:00			`# Things to know before using the helper`

			`Sometimes if a package prompts a user to select between alternate package`
			`dependencies, makechrootpkg will fail to select one by default (it will`
Minor tweak to README.md 2022-10-17 02:32:55 +00:00			`constantly output "y" to stdin when a selection requires an integer). This`
			`means you will need to check the logs as it is building a package to make sure`
			this kind of soft-lock doesn't happen. Use `tail -f LOG_FILE` for example. If
Add note in README about possible soft-lock 2022-10-16 10:40:37 +00:00			`such a soft-lock happens, Ctrl-C the helper, and explicitly set a dependency in`
			`the TOML config file in a "other\_deps" array for the package like so:`

			`[[entry]]`
			`name = "sway-git"`
			`aur_deps = [`
			`"wlroots-git",`
			`"swaybg-git"`
			`]`
			`other_deps = [`
			`"mesa"`
			`]`

Add AUR helper script, README, conf, and LICENSE 2022-06-02 06:02:07 +00:00			`# Setting up the AUR Helper`

			`The AUR Helper requires several things:`

Update README.md 2022-06-02 06:24:25 +00:00			`- A CHROOT to build in.`
Add AUR helper script, README, conf, and LICENSE 2022-06-02 06:02:07 +00:00			`- A "checking GNUPG" directory that contains the GPG public keys that will be`
Update README.md 2022-06-02 06:24:25 +00:00			`checked when building the PKGBUILD.`
Add AUR helper script, README, conf, and LICENSE 2022-06-02 06:02:07 +00:00			`- A "singing GNUPG" directory that contains the GPG private key that will sign`
			`the built packages and repository database.`
Update README.md 2022-06-02 06:24:25 +00:00			- SUDO privileges to be able to use `makechrootpkg`.
			- `/etc/pacman.conf` must be configured to use the custom repository's
			packages if `pacman -U` will not be used.
Add AUR helper script, README, conf, and LICENSE 2022-06-02 06:02:07 +00:00
			`## Dependencies`

			The `devtools` package is required.

			The `python-packaging` and `python-toml` packages are required for the Python
			`script to run.`

			`## Create the CHROOT`

			Use `/usr/bin/mkarchroot` to create your CHROOT in a directory.

Update README.md 2022-06-04 08:28:13 +00:00			`mkarchroot $HOME/mychroot/root base base-devel ccache sccache cmake ninja`
Add AUR helper script, README, conf, and LICENSE 2022-06-02 06:02:07 +00:00
			You must refer to the CHROOT as `$HOME/mychroot` if you used the same name as in
			`the previous example.`

			`## Set up the GNUPG dirs`

			`### Checking GNUPG`

			Just create the directory anywhere, and store it in the `config.toml`. You must
			`manually add public keys to it if a package requires checking source files with`
			`GNUPG.`

			`GNUPGHOME=$HOME/myCheckingGNUPGDir gpg --recv-keys A_DEV_KEYS_FINGERPRINT`

Update README.md 2022-06-04 08:28:13 +00:00			`Note that gpg may not automatically create the GNUPGHOME directory.`

Add AUR helper script, README, conf, and LICENSE 2022-06-02 06:02:07 +00:00			`### Signing GNUPG`

Update README.md 2022-06-04 08:28:13 +00:00			`You will need to set up a GPG public/private key pair. GNUPG always respects`
			the `GNUPGHOME` environment variable as the `.gnupg` dir, so set the variable
			`first, create the directory, then set up your keys. The keys will be used to`
			`sign the packages you build and the custom repository that stores the package`
			`metadata.`
Add AUR helper script, README, conf, and LICENSE 2022-06-02 06:02:07 +00:00
			Set the `signing_gpg_key_fp` variable in the config to the output fingerprint
			`from of:`

			`GNUPGHOME=mySigningGNUPGDir gpg --fingerprint`

			`Note that you must remove the spaces between each part of the fingerprint, like`
			`in the example config.`

			`Keep note of the password you store for this GNUPG key, as you will enter it`
			`every time you use the Python script.`

			`## Set up the config dir`

			See the `example_config.toml` for more configuration. It should be commented
			`enough for figuring out how to use it.`

Update README.md 2022-06-02 06:15:15 +00:00			`# Setting up the Repository`

			`Create a directory for where you will store built packages and the repository.`

			The name of the repo must be similar to the `repo` specified in the config.

			For example, if your repo's name is `MyAURRepo`, then `repo` should be set to
			`.../MyAURRepo.db.tar`.

			You must also create symlinks such that `MyAURRepo.db` points to
Update README.md 2022-06-02 08:20:18 +00:00			`MyAURRepo.db.tar` and `MyAURRepo.files` points to `MyAURRepo.files.tar`.

			`The Python script should automatically make a relative (not absolute) symlink to`
			`MyAURRepo.db.tar.sig` with the name `MyAURRepo.db.sig` after signing (which
			`should happen after each package is built and signed). Note the name doesn't`
			have to be `MyAURRepo`, but is based on the `repo` variable set in the config.
Update README.md 2022-06-02 06:15:15 +00:00
			To use the repository, you can add an entry to your `/etc/pacman.conf` with the
			`following:`

			`[MyAURRepo]`
			`SigLevel = Required TrustAll`
			`Include = file:///home/MyAURRepoDirectory`

Update README.md 2022-06-02 06:27:20 +00:00			Note that `SigLevel` is set expecting the `MyAURRepo.db` file to be signed (the
			Python script usually signs the `.db` file after a package has been successfully
			`built).`
Update README.md 2022-06-02 06:15:15 +00:00
			`# Making your system trust the new Repository`

			Export the public key from your `signingGPGDirectory`.

			`GNUPGHOME=mySigningGNUPGDir gpg --export MySigningKeyName > $HOME/MySigningKey.pub`

			Use `pacman-key` to add and trust it.

			`sudo pacman-key -a $HOME/MySigningKey.pub`

			`First check that the name is unique:`

			`sudo pacman-key --finger MySigningKeyName`

			`Then trust it:`

			`sudo pacman-key --lsign-key MySigningKeyName`

			After these steps, `pacman` should now trust the packages and repository signed
			`by the GPG key you set up.`

Add AUR helper script, README, conf, and LICENSE 2022-06-02 06:02:07 +00:00			`# Using the AUR Helper`

			`Typically, you will invoke:`

			`./update.py --config my_config.toml`

			`If you want to build in the CHROOT without updating the CHROOT, add the`
			`--no-update` flag.

			`If you want to check only specific packages in the list of packages in the`
			config use something like `-p <package-name>`. You can use `-p <package_name>`
			`multiple times if you want to check a handful of packages only.`

			If you want to not skip a package marked with `skip_branch_up_to_date` in the
			config, then use `--no-skip <package-name>`, and the script will act as if
			`skip_branch_up_to_date` was not specified for the named package.

			`When building, the script will not directly output to the terminal it is run in,`
			`but rather appends to log files in the log directory specified in the config. To`
			`see the output while building, you can use something like:`

			`tail -f $MY_LOG_DIR/google-chrome_stdout_2022-06-02_05-27-49_UTC`

			`It may be helpful to periodically clear out the logs directory in between`
			`invocations of the AUR Helper script.`

			`It is recommended to use the script with a prepared config.`
Update README.md about makechrootpkg 2022-06-02 06:17:50 +00:00
			`# Other Notes`

			By default, `makechrootpkg` does not verify integrity of files in the PKGBUILD.
			Use the `makechrootpkg_noskipinteg.hook` to modify the `makechrootpkg` script to
			`not skip integrity checks.`

			The hook must be placed in `/etc/pacman.d/hooks/`.
Update README.md 2022-11-10 08:54:30 +00:00
			Note that the hook only takes effect when `devtools` is updated. If you want to
			activate the hook immediately, you can reinstall `devtools` with
			`pacman -S devtools`.