Using the AUR

submitted 6 days ago by

Found two great posts on how to take some precautions when using the Arch User Repository. To whom it may concern.

How to review an AUR package - Bert Peters
https://bertptrs.nl/2026/01/30/how-to-review-an-aur-package.html

AUR Chaos malware: an analysis
What happened, and an investigation of the malware - mh4ckt3mh4ckt1c4s
https://www.mh4ckt3mh4ckt1c4s.xyz/blog/aur-chaos-malware-analysis/#conclusion

Hot Top New Old

MonkderVierte@lemmy.zip

6 days ago

Pacman hooks install to /usr/share/libalpm/hooks (and sometimes to /etc/pacman.d/hooks though that’s incorrect).

Incorrect, for the package i guess, because there are the users hooks?

emotional_soup_88@programming.dev

OP edited 6 days ago

Good question. I haven't used custom hooks myself, but I believe you are correct. The alpm (Arch Linux Package Management) hooks manual states:

Hooks are read from files located in the system hook directory /usr/share/libalpm/hooks, and additional custom directories specified in pacman.conf(5) (the default is /etc/pacman.d/hooks).

So I guess the blog post means to say, that hooks are not supposed to be added automatically at installation of a package.

Using the AUR

2 Comments