M3TIOR/aura

A secure, multilingual package manager for Arch Linux and the AUR.

The Aura Package Manager

🇬🇧 🇯🇵 🇭🇷 🇸🇪 🇩🇪 🇪🇸 🇵🇹 🇫🇷 🇷🇺 🇮🇹 🇷🇸 🇳🇴 🇮🇩 🇨🇳 🇳🇱 🇹🇷 🇸🇦 🇺🇦 🇷🇴 🇻🇳 🇨🇿 🇰🇷

Welcome to the main repository for Aura, a secure, multilingual package manager for Arch Linux.

Check out The Aura Book for all knowledge and usage instructions!

If Aura has made your life easier, please consider buying me a coffee ☕ or supporting Aura through Github Sponsors . Your help goes a long way!

Table of Contents

• Aura
  • What is Aura?
  • The Aura Philosophy
    • Aura is Pacman
    • Arch is Arch - AUR is AUR
    • Secure Package Building
    • Downgradibility
    • Arch Linux for Everyone
    • Haskell
  • Installation
    • Prebuilt Binaries
    • Building from Source
  • Sample Usage
    • Installing Packages
    • Package Set Snapshots
    • Downgrading via the Package Cache
    • Searching the Pacman Log
    • Managing Orphan Packages
    • PKGBUILD Security Analysis
  • Configuration
  • Localisation
  • Credits
• The aur Haskell Library
• The aursec Tool

Aura

What is Aura?

Aura is a package manager for Arch Linux. Its original purpose is as an AUR helper, in that it automates the process of installing packages from the Arch User Repositories. It is, however, capable of much more.

The Aura Philosophy

Aura is Pacman

Aura doesn't just mimic pacman; it is pacman. All pacman operations and their sub-options are allowed. Some even hold special meaning in Aura as well.

Arch is Arch - AUR is AUR

-S yields pacman packages and only pacman packages. This agrees with the above. In Aura, the -A operation is introduced for obtaining AUR packages. -A comes with sub-options you're used to (-u, -s, -i, etc.).

Secure Package Building

PKGBUILDs from the AUR can contain anything. It's a user's responsibility to verify the contents of a PKGBUILD before building, but people can make mistakes and overlook details. Aura scans PKGBUILDs before building to detect bash misuse and other exploits. The -P command is also provided for scanning your own PKGBUILDs.

Also, while pre-build PKGBUILD editing is not default behaviour, this can be achieved with --hotedit.

Downgradibility

Aura allows you to downgrade individual packages to previous versions with -C. It also handles snapshots of your entire system, so that you can roll back whole sets of packages when problems arise. The option -B will save a package state, and -Br will restore a state you select. -Su and -Au also invoke a save automatically.

Arch Linux for Everyone

English is the dominant language of computing and the internet. That said, it's natural that some people are going to be more comfortable working in their native language. From the beginning, Aura has been built with multiple-language support in mind, making it very easy to add new ones.

Haskell

Aura is written in Haskell, which means easy development and beautiful code. Please feel free to use it as a Haskell reference. Aura code demonstrates:

• Parser combinators (megaparsec)
• CLI flag handling (optparse-applicative)
• Concurrency (scheduler)
• Shell interaction (typed-process)
• Pretty printing (prettyprinter)
• Logging (rio)
• Modern Haskell project architecture (config, CI, distribution)

Installation

Prebuilt Binaries

It is recommended to install the prebuilt binary of Aura:

git clone https://aur.archlinux.org/aura-bin.git
cd aura-bin
makepkg
sudo pacman -U <the-package-file-that-makepkg-produces>

Building from Source

You will need the Stack Tool for Haskell to compile Aura yourself. Then:

git clone https://github.com/fosskers/aura.git
cd aura
stack install -- aura

This may take a while to initially build all of Aura's dependencies. Once complete, your aura binary will be available in /home/YOU/.local/bin/.

Sample Usage

Full usage information can be found in Aura's man page.

Installing Packages

Command	Function
aura -A <package>	Install an AUR package.
aura -Au	Upgrade all installed AUR packages.
aura -Akuax	Author's favourite (upgrades, removes makedeps, shows PKGBUILD diffs, shows progress)
aura -Ai <package>	Look up information on an AUR package.
aura -As <regex>	Search the AUR via a regex.
aura -Ap <package>	Display a package's PKGBUILD.
aura -Ad <package>	List a package's dependencies.

Package Set Snapshots

Command	Function
aura -B	Store a JSON record of all installed packages.
aura -Br	Restore a saved record. Rolls back and uninstalls as necessary.
aura -Bc <n>	Delete all but the most recent n saved states.
aura -Bl	Show all saved package state filenames.

Downgrading via the Package Cache

Command	Function
aura -C <package>	Downgrade a package.
aura -Cs <regex>	Search the package cache for files that match a regex.
aura -Cc <n>	Delete all but the most recent n versions of each cached package.
aura -Cv	Delete all of the /var/cache/aura/vcs cache

Searching the Pacman Log

Command	Function
aura -L	View the Pacman log.
aura -Li <package>	View the install / upgrade history of a package.
aura -Ls <regex>	Search the Pacman log via a regex.

Managing Orphan Packages

Orphan packages are those whose install reason is marked as "As Dependency", but are not actually depended upon by any installed package.

Command	Function
aura -O	Display orphan packages.
aura -Oa <package>	Change a package's install reason to Explicitly installed.
aura -Oj	Uninstall all orphan packages.

PKGBUILD Security Analysis

As mentioned above, the -P commands can help us detect bash usage that conflicts with the AUR guidelines, as well as outright exploits.

Command	Function
aura -P <stdin>	Analyse a PKGBUILD piped from -Ap.
aura -Pf <file>	Analyse a PKGBUILD file.
aura -Pd <dir>	Analyse the PKGBUILD file found in a directory.
aura -Pa	Analyse all locally installed AUR packages.

Configuration

Aura looks for a configuration file at /etc/aura.conf, but won't break if one isn't present. A template config file can be found here and contains all instructions. If you install Aura via its AUR package, this file is added for you.

Localisation

As mentioned in the Philosophy above, adding new languages to Aura is quite easy. If you speak a language other than those available and would like it added to Aura, please see the Localisation section of The Aura Book.

Credits

Aura is sponsored by these wonderful people:

Aura has been translated by these generous people:

Language	Translators
Arabic	"Array in a Matrix"
Chinese	Kai Zhang
Croatian	Denis Kasak and "stranac"
Czech	Daniel Rosel
Dutch	Joris Blanken / Heimen Stoffels
Esperanto	Zachary "Ghosy" Matthews
French	Ma Jiehong and Fabien Dubosson
German	Lukas Niederbremer and Jonas Platte
Indonesian	"pak tua Greg"
Italian	Bob Valantin and Cristian Tentella
Japanese	Colin Woodbury and Onoue Takuro
Korean	"Nioden"
Norwegian	"chinatsun"
Polish	Chris Warrick, Michał Kurek
Portuguese	Henry Kupty, Thiago Perrotta, and Wagner Amaral
Romanian	"90", "benone"
Russian	Kyrylo Silin, Alexey Kotlyarov
Serbian	Filip Brcic
Spanish	Alejandro Gómez, Sergio Conde and Max Ferrer
Swedish	Fredrik Haikarainen and Daniel Beecham
Turkish	Cihan Alkan
Ukrainian	Andriy Cherniy
Vietnamese	"Kritiqual"

Aura's logo is thanks to the designer Cristiano Vitorino.

The aur Haskell Library

A library for accessing the AUR.

The aursec Tool

Performs a sweep of all PKGBUILDs on the AUR, looking for Bash misuse.