Automated Arch-Linux User Repository package buildsystem built on Podman.
CAUTION: Automatically building AUR packages is inherently dangerous. You are de-facto granting the submitter arbitrary code execution on the build machine as well as the users system. For more information, consult the Arch Wiki.
In normal operation, no intervention should be required. See Configuration and Installation for Instruction on setup.
Builds can be manually triggered by systemctl start aurbuilder-package.service
.
This requires a aurbuilder-container.service
run to have completed beforehand.
The repository index can be force-updated with systemctl start aurbuilder-repo.service
.
[<repo name>]
Server = http://aurbuilder.example.com/
SigLevel = Optional TrustAll
To build, the exact name has to be added in a new line /etc/aurbuilder/packages
.
It will be included in the next run.
CAUTION: Packages removed from this list will NOT be automatically deleted. It is possible for old (possibly insecure) builds to linger around. Delete them manually for now.
General settings are stored in /etc/aurbuilder/config
.
yes/[no]
All packages will be rebuilt every run
Name and mail of the packager to be stored in the packages.
Format: Na Me <name@mail.com>
The name to be used for the package database.
This has to match with the repositories name in pacman.conf
.
aurbuilder is designed to be run on Arch Linux.
Use the PKGBUILD
in pkgbuild/
to install with makepkg -si
.
Enable the systemd timers to activate the automated builds:
systemctl enable aurbuilder-container.timer
and
systemctl enable aurbuilder-package.timer
.
To access the repository conveniently from remote hosts, a webserver is needed.
aurbuilder comes with a sensible default configuration in /usr/share/aurbuilder/nginx/aurbuilder.conf
.
It has to be included in a location
block:
# /etc/nginx/nginx.conf
http {
# ...
server {
# ...
location /mycoolrepo {
include /usr/share/aurbuilder/nginx/aurbuilder.conf;
}
}
}
aurbuilder is very bare-bones. There are several features and improvements that I plan to add to improve security and ease of use. I would strongly recommend against using aurbuilder in any mission critical capacity.
- Package and repo signing with GPG
- Better repo management, autodelete and cleanups
- Allow specifying a git repo instead of a pkgname for external/custom packages
- warn / protect from submitter changes and orphan packages
location | description |
---|---|
/srv/pkg |
Package output directory |
/etc/aurbuilder |
Configuration files |
/var/lib/aurbuilder |
Homedir of user (for podman storage) |
/usr/share/aurbuilder |
Container buildfiles and nginx config |
/usr/lib/aurbuilder |
Executables |
/usr/lib/systemd/system |
Systemd Unitfiles |
This project is licensed under the MIT License.
See file LICENSE
for details.