Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lock AUR dependencies #48

Closed
MadLittleMods opened this issue Feb 9, 2024 · 0 comments
Closed

Lock AUR dependencies #48

MadLittleMods opened this issue Feb 9, 2024 · 0 comments
Labels
has-acceptable-solution

Comments

@MadLittleMods
Copy link
Owner

MadLittleMods commented Feb 9, 2024
edited
Loading

Anyone can submit a package to the Arch User Repository (AUR) which means there is potential for malicious packages. Since Arch is a rolling release, when using pamac/pacman, everything updates to the latest version any time you install/remove something. It would be nice to lock some of those AUR dependencies down so they have less of a chance to change under my feet.

Find AUR packages

$ pacman --query --foreign

Find orphaned packages

https://wiki.manjaro.org/index.php/Pamac#Dealing_with_Orphaned_Packages

$ pamac list -o

Solution: Lock AUR dependencies

/etc/pacman.conf

# eric: Lock AUR packages so they don't update under our feet with something malicious
IgnorePkg    = bfg

Dev notes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
has-acceptable-solution
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MadLittleMods