stephenseo/AnotherAURHelper
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Update README.md

Browse source 
Add note about security.
This commit is contained in:
Stephen Seo 2024-04-04 11:30:19 +09:00
parent 6324df6f9b
commit d7f5eb1fe5
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
README.md
View file

@ -17,6 +17,18 @@ define hooks that are run when the package is installed.
# Things to know before using the helper # Things to know before using the helper
## Security
Apparently `makechrootpkg` (provided by `devtools` pkg and used by this script)
sources PKGBUILD files directly, meaning that if a malicious PKGBUILD is
attempted to be built, it may cause an RCE kind of exploit with the current
user. Thus, it is recommended to run this script in a container (like Docker or
LXC) so that even if a malicious PKGBUILD is sourced, it will only affect the
container. Though if you do set up a container, you may have to set up a
directory mount to access the built packages.
## Soft-lock due to multiple possible dependencies
Sometimes if a package prompts a user to select between alternate package Sometimes if a package prompts a user to select between alternate package
dependencies, makechrootpkg will fail to select one by default (it will dependencies, makechrootpkg will fail to select one by default (it will
constantly output "y" to stdin when a selection requires an integer). This constantly output "y" to stdin when a selection requires an integer). This